Пример #1
0
int
generate_pkt (
	struct pkt *x_pkt,
	const struct timeval *tv_xmt,
	int key_id,
	struct key *pkt_key
	)
{
	l_fp xmt;
	int pkt_len = LEN_PKT_NOMAC;
	memset(x_pkt, 0, sizeof(struct pkt));
	TVTOTS(tv_xmt, &xmt);
	HTONL_FP(&xmt, &(x_pkt->xmt));
	x_pkt->stratum = STRATUM_TO_PKT(STRATUM_UNSPEC);
	x_pkt->ppoll = 8;
	/* FIXME! Modus broadcast + adr. check -> bdr. pkt */
	set_li_vn_mode(x_pkt, LEAP_NOTINSYNC, 4, 3);
	if (pkt_key != NULL) {
		int mac_size = 20; /* max room for MAC */
		x_pkt->exten[0] = htonl(key_id);
		mac_size = make_mac((char *)x_pkt, pkt_len, mac_size, pkt_key, (char *)&x_pkt->exten[1]);
		if (mac_size)
			pkt_len += mac_size + 4;
	}
	return pkt_len;
}
Пример #2
0
void
test_MakeSHA1Mac(void)
{
#ifdef OPENSSL

	const char* PKT_DATA = "abcdefgh0123";
	const int PKT_LEN = strlen(PKT_DATA);
	const char* EXPECTED_DIGEST =
		"\x17\xaa\x82\x97\xc7\x17\x13\x6a\x9b\xa9"
		"\x63\x85\xb4\xce\xbe\x94\xa0\x97\x16\x1d";
	char actual[SHA1_LENGTH];

	struct key sha1;
	sha1.next = NULL;
	sha1.key_id = 20;
	sha1.key_len = 7;
	memcpy(&sha1.key_seq, "sha1seq", sha1.key_len);
	memcpy(&sha1.type, "SHA1", 5);

	TEST_ASSERT_EQUAL(SHA1_LENGTH,
			  make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));

	TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
	
#else
	
	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
	
#endif	/* OPENSSL */
}
Пример #3
0
void
test_MakeCMac(void)
{
#ifdef OPENSSL

	const char* PKT_DATA = "abcdefgh0123";
	const int PKT_LEN = strlen(PKT_DATA);
	const char* EXPECTED_DIGEST =
		"\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"
		"\x38\x5d\x29\x80\xfe\x51\xb9\x6b";
	char actual[CMAC_LENGTH];

	struct key cmac;
	cmac.next = NULL;
	cmac.key_id = 30;
	cmac.key_len = CMAC_LENGTH;
	memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len);
	memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);

	TEST_ASSERT_EQUAL(CMAC_LENGTH,
		    make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));

	TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
	
#else
	
	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
	
#endif	/* OPENSSL */
}
Пример #4
0
void test_PacketSizeNotMultipleOfFourBytes(void) {
	const char* PKT_DATA = "123456";
	const int PKT_LEN = 6;
	char actual[MD5_LENGTH];

	struct key md5;
	md5.next = NULL;
	md5.key_id = 10;
	md5.key_len = 6;
	memcpy(&md5.key_seq, "md5seq", md5.key_len);
	memcpy(&md5.type, "MD5", 4);

	TEST_ASSERT_EQUAL(0, make_mac((char*)PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
}
Пример #5
0
void test_CorrectAuthenticatedPacketSHA1(void) {
	PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno");
	TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

	int pkt_len = LEN_PKT_NOMAC;

	// Prepare the packet.
	testpkt.exten[0] = htonl(20);
	int mac_len = make_mac((char*)&testpkt, pkt_len,
						   MAX_MAC_LEN, key_ptr,
						   (char*)&testpkt.exten[1]);

	pkt_len += 4 + mac_len;

	TEST_ASSERT_EQUAL(pkt_len,
			  process_pkt(&testpkt, &testsock, pkt_len,
						  MODE_SERVER, &testspkt, "UnitTest"));
}
Пример #6
0
void test_AuthenticatedPacketUnknownKey(void) {
	// Activate authentication option
	PrepareAuthenticationTestMD5(30, 9, "123456789");
	TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
	
	// Prepare the packet. Observe that the Key-ID expected is 30,
	// but the packet has a key id of 50.
	int pkt_len = LEN_PKT_NOMAC;

	testpkt.exten[0] = htonl(50);
	int mac_len = make_mac((char*)&testpkt, pkt_len,
						   MAX_MD5_LEN, key_ptr,
						   (char*)&testpkt.exten[1]);
	pkt_len += 4 + mac_len;

	TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
			  process_pkt(&testpkt, &testsock, pkt_len,
						  MODE_SERVER, &testspkt, "UnitTest"));
}
Пример #7
0
void test_MakeMd5Mac(void) {

	const char* PKT_DATA = "abcdefgh0123";
	const int PKT_LEN = strlen(PKT_DATA);
	const char* EXPECTED_DIGEST =
		"\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";
	char actual[MD5_LENGTH];

	struct key md5;
	md5.next = NULL;
	md5.key_id = 10;
	md5.key_len = 6;
	memcpy(&md5.key_seq, "md5seq", md5.key_len);
	memcpy(&md5.type, "MD5", 4);

	TEST_ASSERT_EQUAL(MD5_LENGTH,
			  make_mac((char*)PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));

	TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
}
Пример #8
0
void
test_CorrectAuthenticatedPacketMD5(void)
{
	PrepareAuthenticationTestMD5(10, 15, "123456789abcdef");
	TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

	int pkt_len = LEN_PKT_NOMAC;

	/* Prepare the packet. */
	testpkt.exten[0] = htonl(10);
	int mac_len = make_mac(&testpkt, pkt_len,
			       MAX_MD5_LEN, key_ptr,
			       &testpkt.exten[1]);

	pkt_len += 4 + mac_len;

	TEST_ASSERT_EQUAL(pkt_len,
			  process_pkt(&testpkt, &testsock, pkt_len,
				      MODE_SERVER, &testspkt, "UnitTest"));
}
Пример #9
0
void
test_GenerateAuthenticatedPacket(void)
{
	static const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_MD5_LEN;
	
	struct key	testkey;
	struct pkt	testpkt;
	struct timeval	xmt;
	l_fp		expected_xmt, actual_xmt;
	char 		expected_mac[MAX_MD5_LEN];
	
	testkey.next = NULL;
	testkey.key_id = 30;
	testkey.key_len = 9;
	memcpy(testkey.key_seq, "123456789", testkey.key_len);
	strlcpy(testkey.typen, "MD5", sizeof(testkey.typen));
	testkey.typei = keytype_from_text(testkey.typen, NULL);

	GETTIMEOFDAY(&xmt, NULL);
	xmt.tv_sec += JAN_1970;

	TEST_ASSERT_EQUAL(EXPECTED_PKTLEN,
			  generate_pkt(&testpkt, &xmt, testkey.key_id, &testkey));

	TEST_ASSERT_EQUAL(LEAP_NOTINSYNC, PKT_LEAP(testpkt.li_vn_mode));
	TEST_ASSERT_EQUAL(NTP_VERSION, PKT_VERSION(testpkt.li_vn_mode));
	TEST_ASSERT_EQUAL(MODE_CLIENT, PKT_MODE(testpkt.li_vn_mode));

	TEST_ASSERT_EQUAL(STRATUM_UNSPEC, PKT_TO_STRATUM(testpkt.stratum));
	TEST_ASSERT_EQUAL(8, testpkt.ppoll);

	TVTOTS(&xmt, &expected_xmt);
	NTOHL_FP(&testpkt.xmt, &actual_xmt);
	TEST_ASSERT_TRUE(LfpEquality(expected_xmt, actual_xmt));

	TEST_ASSERT_EQUAL(testkey.key_id, ntohl(testpkt.exten[0]));
	
	TEST_ASSERT_EQUAL(MAX_MD5_LEN - 4, /* Remove the key_id, only keep the mac. */
			  make_mac(&testpkt, LEN_PKT_NOMAC, MAX_MD5_LEN-4, &testkey, expected_mac));
	TEST_ASSERT_EQUAL_MEMORY(expected_mac, (char*)&testpkt.exten[1], MAX_MD5_LEN -4);
}
Пример #10
0
void test_AuthenticatedPacketInvalid(void) {
	// Activate authentication option
	PrepareAuthenticationTestMD5(50, 9, "123456789");
	TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
	
	// Prepare the packet.
	int pkt_len = LEN_PKT_NOMAC;

	testpkt.exten[0] = htonl(50);
	int mac_len = make_mac((char*)&testpkt, pkt_len,
						   MAX_MD5_LEN, key_ptr,
						   (char*)&testpkt.exten[1]);

	pkt_len += 4 + mac_len;

	// Now, alter the MAC so it becomes invalid.
	testpkt.exten[1] += 1;

	TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
			  process_pkt(&testpkt, &testsock, pkt_len,
						  MODE_SERVER, &testspkt, "UnitTest"));
}
Пример #11
0
int
generate_pkt (
	struct pkt *x_pkt,
	const struct timeval *tv_xmt,
	int key_id,
	struct key *pkt_key
	)
{
	l_fp	xmt_fp;
	int	pkt_len;
	int	mac_size;

	pkt_len = LEN_PKT_NOMAC;
	ZERO(*x_pkt);
	TVTOTS(tv_xmt, &xmt_fp);
	HTONL_FP(&xmt_fp, &x_pkt->xmt);
	x_pkt->stratum = STRATUM_TO_PKT(STRATUM_UNSPEC);
	x_pkt->ppoll = 8;
	/* FIXME! Modus broadcast + adr. check -> bdr. pkt */
	set_li_vn_mode(x_pkt, LEAP_NOTINSYNC, ntpver, 3);
	if (debug > 0) {
		printf("generate_pkt: key_id %d, key pointer %p\n", key_id, pkt_key);
	}
	if (pkt_key != NULL) {
		x_pkt->exten[0] = htonl(key_id);
		mac_size = make_mac(x_pkt, pkt_len, MAX_MDG_LEN,
				    pkt_key, (char *)&x_pkt->exten[1]);
		if (mac_size > 0)
			pkt_len += mac_size + KEY_MAC_LEN;
#ifdef DEBUG
		if (debug > 0) {
			printf("generate_pkt: mac_size is %d\n", mac_size);
		}
#endif

	}
	return pkt_len;
}
Пример #12
0
TEST_F(mainTest, GenerateAuthenticatedPacket) {
	key testkey;
	testkey.next = NULL;
	testkey.key_id = 30;
	testkey.key_len = 9;
	memcpy(testkey.key_seq, "123456789", testkey.key_len);
	memcpy(testkey.type, "MD5", 3);

	pkt testpkt;

	timeval xmt;
	GETTIMEOFDAY(&xmt, NULL);
	xmt.tv_sec += JAN_1970;

	const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_MD5_LEN;

	EXPECT_EQ(EXPECTED_PKTLEN,
			  generate_pkt(&testpkt, &xmt, testkey.key_id, &testkey));

	EXPECT_EQ(LEAP_NOTINSYNC, PKT_LEAP(testpkt.li_vn_mode));
	EXPECT_EQ(NTP_VERSION, PKT_VERSION(testpkt.li_vn_mode));
	EXPECT_EQ(MODE_CLIENT, PKT_MODE(testpkt.li_vn_mode));

	EXPECT_EQ(STRATUM_UNSPEC, PKT_TO_STRATUM(testpkt.stratum));
	EXPECT_EQ(8, testpkt.ppoll);

	l_fp expected_xmt, actual_xmt;
	TVTOTS(&xmt, &expected_xmt);
	NTOHL_FP(&testpkt.xmt, &actual_xmt);
	EXPECT_TRUE(LfpEquality(expected_xmt, actual_xmt));

	EXPECT_EQ(testkey.key_id, ntohl(testpkt.exten[0]));
	
	char expected_mac[MAX_MD5_LEN];
	ASSERT_EQ(MAX_MD5_LEN - 4, // Remove the key_id, only keep the mac.
			  make_mac((char*)&testpkt, LEN_PKT_NOMAC, MAX_MD5_LEN, &testkey, expected_mac));
	EXPECT_TRUE(memcmp(expected_mac, (char*)&testpkt.exten[1], MAX_MD5_LEN -4) == 0);
}
Пример #13
0
int main(int argc, char **argv)
{
  int result, index;
  char *bptr, *tptr;
  char *app;
  int i, j, c;
  struct getap_state *gs;

  index = 0;
  app = argv[0];
  i = j = 1;

  tptr = "tgtap%d";
  bptr = "/proc/%d/hw/ioreg/ten_Gbe_v2";

  gs = malloc(sizeof(struct getap_state));
  if(gs == NULL){
    fprintf(stderr, "%s: unable to allocate %d bytes\n", app, sizeof(struct getap_state));
    return EX_USAGE;
  }

  gs->s_address_name[0] = '\0';
  gs->s_gateway_name[0] = '\0';
  gs->s_mac_name[0] = '\0';
  gs->s_port = 0;

  gs->s_verbose = 1;
  gs->s_testing = 0;

  while (i < argc) {
    if (argv[i][0] == '-') {
      c = argv[i][j];
      switch (c) {
        case 'h' :
          usage(app);
          return EX_OK;
        case 'v' :
          gs->s_verbose++;
          j++;
          break;
        case 'T' :
          gs->s_testing++;
          j++;
          break;
        case 'a' :
        case 'g' :
        case 'm' :
        case 'p' :
        case 'n' :
        case 't' : 
        case 'b' : 
          j++;
          if (argv[i][j] == '\0') {
            j = 0;
            i++;
          }
          if (i >= argc) {
            fprintf(stderr, "%s: -%c needs a parameter\n", app, c);
            return EX_USAGE;
          }

          switch(c){
            case 'a' :
              strncpy(gs->s_address_name, argv[i] + j, IP_BUFFER - 1);
              gs->s_address_name[IP_BUFFER - 1] = '\0';
              break;
            case 'g' :
              strncpy(gs->s_gateway_name, argv[i] + j, IP_BUFFER - 1);
              gs->s_gateway_name[IP_BUFFER - 1] = '\0';
              break;
            case 'm' :
              strncpy(gs->s_mac_name, argv[i] + j, MAC_BUFFER - 1);
              gs->s_mac_name[MAC_BUFFER - 1] = '\0';
            case 'p' :
              gs->s_port = atoi(argv[i] + j);
              break;
            case 'n' :
              index = atoi(argv[i] + j);
              break;
            case 't' :
              tptr = NULL;
              strncpy(gs->s_tap_name, argv[i] + j, NAME_BUFFER - 1);
              gs->s_tap_name[NAME_BUFFER - 1] = '\0';
              break;
            case 'b' :
              bptr = NULL;
              strncpy(gs->s_borph_name, argv[i] + j, NAME_BUFFER - 1);
              gs->s_borph_name[NAME_BUFFER - 1] = '\0';
              break;
          }

          i++;
          j = 1;
          break;

        case '\0':
          j = 1;
          i++;
          break;
        default:
          fprintf(stderr, "%s: unknown option -%c\n", app, argv[i][j]);
          return EX_USAGE;
      }
    } else {
      fprintf(stderr, "%s: bad argument %s\n", app, argv[i]);
      return EX_USAGE;
    }
  }

  if(tptr){
    result = snprintf(gs->s_tap_name, NAME_BUFFER - 1, tptr, index); 
    if((result < 0) || (result >= NAME_BUFFER)){
      fprintf(stderr, "unable to expand %s: Value too long\n", tptr);
      return EX_USAGE;
    }
  }
  if(bptr){
    result = snprintf(gs->s_borph_name, NAME_BUFFER - 1, bptr, getpid()); 
    if((result < 0) || (result >= NAME_BUFFER)){
      fprintf(stderr, "unable to expand %s: Value too long\n", bptr);
      return EX_USAGE;
    }
  }
  if(gs->s_address_name[0] == '\0'){
    fprintf(stderr, "%s: need an ip address\n", app);
    return EX_OSERR;
  }

  if(gs->s_gateway_name[0] == '\0'){
    /* risky, gateware may not like it */
    strncpy(gs->s_gateway_name, gs->s_address_name, IP_BUFFER);
  }

  if(gs->s_mac_name[0] == '\0'){
    make_mac(gs);
  }

  if(gs->s_verbose){
    printf("%s: tap interface name: %s\n", app, gs->s_tap_name);
    printf("%s: borph file: %s\n", app, gs->s_borph_name);
    printf("%s: %s file interface \n", app, gs->s_testing ? "testing" : "borph");
    printf("%s: ip address %s\n", app, gs->s_address_name);
    printf("%s: mac address %s\n", app, gs->s_mac_name);
  }

  gs->s_tfd = tap_open(gs->s_tap_name);
  if(gs->s_tfd < 0){
    fprintf(stderr, "%s: unable to set up tap device %s: %s\n", app, gs->s_tap_name, strerror(errno));
    return EX_OSERR;
  }

  if(setup_borph(gs) < 0){
    fprintf(stderr, "%s: unable to initialise borph register file %s: %s\n", app, gs->s_borph_name, strerror(errno));
    return EX_OSERR;
  }

  if(setup_tap(gs)){
    fprintf(stderr, "%s: unable to configure tap device %s\n", app, gs->s_tap_name);
    return EX_OSERR;
  }

  printf("%s: my arp table index %d\n", app, gs->s_index);

  if(gs->s_verbose){
    printf("%s: my network: 0x%08x\n", app, gs->s_network_binary);
  }

  run = 1;

  /* signal stuff */

  mainloop(gs);

  tap_close(gs->s_tfd);
  close(gs->s_bfd);

  return EX_OK;
}