chrony_3_3/test/simulation/105-ntpauth - chrony - Git at Google

 #!/bin/bash

 . ./test.common

 test_start "NTP authentication"

 server_conf="keyfile tmp/server.keys"
 client_conf="keyfile tmp/client.keys"

 cat > tmp/server.keys <<-EOF
 1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 EOF

 cat > tmp/client.keys <<-EOF
 1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 EOF

 keys=4

 if grep -q 'FEAT_SECHASH 1' ../../config.h; then
 	hashes="MD5 SHA1 SHA256 SHA384 SHA512"
 else
 	hashes="MD5"
 fi

 for hash in $hashes; do
 	keys=$[$keys + 1]
 	key=$(echo $keys $hash HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \
 		head -c $[$RANDOM % 64 * 2 + 2]))
 	echo "$key" >> tmp/server.keys
 	echo "$key" >> tmp/client.keys
 done

 for version in 3 4; do
 	for key in $(seq $keys); do
 		client_server_options="version $version key $key"
 		run_test || test_fail
 		check_chronyd_exit || test_fail
 		check_source_selection || test_fail
 		check_packet_interval || test_fail
 		check_sync || test_fail
 	done
 done

 server_conf=""

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the server doesn't know the key
 check_sync && test_fail
 check_packet_interval || test_fail

 server_conf="keyfile tmp/server.keys"
 client_conf=""

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the client doesn't know the key
 check_sync && test_fail
 check_packet_interval || test_fail

 client_conf="keyfile tmp/client.keys"
 clients=2
 peers=2
 max_sync_time=500
 base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"
 client_lpeer_options="key 1"
 client_rpeer_options="key 1"

 run_test || test_fail
 check_chronyd_exit || test_fail
 check_sync || test_fail

 client_rpeer_options="key 2"

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the peers are using different keys"
 check_sync && test_fail

 test_pass
	#!/bin/bash

	. ./test.common

	test_start "NTP authentication"

	server_conf="keyfile tmp/server.keys"
	client_conf="keyfile tmp/client.keys"

	cat > tmp/server.keys <<-EOF
	1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	EOF

	cat > tmp/client.keys <<-EOF
	1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	EOF

	keys=4

	if grep -q 'FEAT_SECHASH 1' ../../config.h; then
	hashes="MD5 SHA1 SHA256 SHA384 SHA512"
	else
	hashes="MD5"
	fi

	for hash in $hashes; do
	keys=$[$keys + 1]
	key=$(echo $keys $hash HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null \| \
	head -c $[$RANDOM % 64 * 2 + 2]))
	echo "$key" >> tmp/server.keys
	echo "$key" >> tmp/client.keys
	done

	for version in 3 4; do
	for key in $(seq $keys); do
	client_server_options="version $version key $key"
	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	check_source_selection \|\| test_fail
	check_packet_interval \|\| test_fail
	check_sync \|\| test_fail
	done
	done

	server_conf=""

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the server doesn't know the key
	check_sync && test_fail
	check_packet_interval \|\| test_fail

	server_conf="keyfile tmp/server.keys"
	client_conf=""

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the client doesn't know the key
	check_sync && test_fail
	check_packet_interval \|\| test_fail

	client_conf="keyfile tmp/client.keys"
	clients=2
	peers=2
	max_sync_time=500
	base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"
	client_lpeer_options="key 1"
	client_rpeer_options="key 1"

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	check_sync \|\| test_fail

	client_rpeer_options="key 2"

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the peers are using different keys"
	check_sync && test_fail

	test_pass