chrony/test/simulation/105-ntpauth - chrony - Git at Google

 #!/usr/bin/env bash

 . ./test.common

 test_start "NTP authentication"

 server_conf="keyfile tmp/server.keys"
 client_conf="keyfile tmp/client.keys"

 cat > tmp/server.keys <<-EOF
 1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 EOF

 cat > tmp/client.keys <<-EOF
 1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
 EOF

 keys=4

 types="MD5"
 check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512"
 check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256"

 for type in $types; do
 	keys=$[$keys + 1]
 	case $type in
 		AES128)	length=16;;
 		AES256)	length=32;;
 		*)	length=$[$RANDOM % 32 + 1];;
 	esac

 	key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \
 		head -c $[$length * 2]))
 	echo "$key" >> tmp/server.keys
 	echo "$key" >> tmp/client.keys
 done

 for version in 3 4; do
 	for key in $(seq $keys); do
 		client_server_options="version $version key $key"
 		run_test || test_fail
 		check_chronyd_exit || test_fail
 		check_source_selection || test_fail
 		check_packet_interval || test_fail
 		check_sync || test_fail
 	done
 done

 server_conf=""

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the server doesn't know the key
 check_sync && test_fail
 check_packet_interval || test_fail

 server_conf="keyfile tmp/server.keys"
 client_conf=""

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the client doesn't know the key
 check_sync && test_fail
 check_packet_interval || test_fail

 client_conf="keyfile tmp/client.keys"
 clients=2
 peers=2
 max_sync_time=500
 base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"

 for versions in "3 3" "3 4" "4 3" "4 4"; do
 	for key in 1 $keys; do
 		client_lpeer_options="version ${versions% *} key $key"
 		client_rpeer_options="version ${versions#* } key $key"
 		run_test || test_fail
 		check_chronyd_exit || test_fail
 		check_sync || test_fail
 	done
 done

 client_lpeer_options="key 1"
 client_rpeer_options="key 2"

 run_test || test_fail
 check_chronyd_exit || test_fail
 # This check must fail as the peers are using different keys"
 check_sync && test_fail

 test_pass
	#!/usr/bin/env bash

	. ./test.common

	test_start "NTP authentication"

	server_conf="keyfile tmp/server.keys"
	client_conf="keyfile tmp/client.keys"

	cat > tmp/server.keys <<-EOF
	1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	EOF

	cat > tmp/client.keys <<-EOF
	1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
	4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
	EOF

	keys=4

	types="MD5"
	check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512"
	check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256"

	for type in $types; do
	keys=$[$keys + 1]
	case $type in
	AES128) length=16;;
	AES256) length=32;;
	*) length=$[$RANDOM % 32 + 1];;
	esac

	key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null \| \
	head -c $[$length * 2]))
	echo "$key" >> tmp/server.keys
	echo "$key" >> tmp/client.keys
	done

	for version in 3 4; do
	for key in $(seq $keys); do
	client_server_options="version $version key $key"
	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	check_source_selection \|\| test_fail
	check_packet_interval \|\| test_fail
	check_sync \|\| test_fail
	done
	done

	server_conf=""

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the server doesn't know the key
	check_sync && test_fail
	check_packet_interval \|\| test_fail

	server_conf="keyfile tmp/server.keys"
	client_conf=""

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the client doesn't know the key
	check_sync && test_fail
	check_packet_interval \|\| test_fail

	client_conf="keyfile tmp/client.keys"
	clients=2
	peers=2
	max_sync_time=500
	base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"

	for versions in "3 3" "3 4" "4 3" "4 4"; do
	for key in 1 $keys; do
	client_lpeer_options="version ${versions% *} key $key"
	client_rpeer_options="version ${versions#* } key $key"
	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	check_sync \|\| test_fail
	done
	done

	client_lpeer_options="key 1"
	client_rpeer_options="key 2"

	run_test \|\| test_fail
	check_chronyd_exit \|\| test_fail
	# This check must fail as the peers are using different keys"
	check_sync && test_fail

	test_pass