| #!/usr/bin/env bash |
| |
| . ./test.common |
| |
| test_start "NTP authentication" |
| |
| server_conf="keyfile tmp/server.keys" |
| client_conf="keyfile tmp/client.keys" |
| |
| cat > tmp/server.keys <<-EOF |
| 1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E |
| 2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E |
| 3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E |
| 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E |
| EOF |
| |
| cat > tmp/client.keys <<-EOF |
| 1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ |
| 2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ |
| 3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ |
| 4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E |
| EOF |
| |
| keys=4 |
| |
| types="MD5" |
| check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512" |
| check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256" |
| |
| for type in $types; do |
| keys=$[$keys + 1] |
| case $type in |
| AES128) length=16;; |
| AES256) length=32;; |
| *) length=$[$RANDOM % 32 + 1];; |
| esac |
| |
| key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \ |
| head -c $[$length * 2])) |
| echo "$key" >> tmp/server.keys |
| echo "$key" >> tmp/client.keys |
| done |
| |
| for version in 3 4; do |
| for key in $(seq $keys); do |
| client_server_options="version $version key $key" |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_packet_interval || test_fail |
| check_sync || test_fail |
| done |
| done |
| |
| server_conf="" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| # This check must fail as the server doesn't know the key |
| check_sync && test_fail |
| check_packet_interval || test_fail |
| |
| server_conf="keyfile tmp/server.keys" |
| client_conf="" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| # This check must fail as the client doesn't know the key |
| check_sync && test_fail |
| check_packet_interval || test_fail |
| |
| client_conf="keyfile tmp/client.keys" |
| clients=2 |
| peers=2 |
| max_sync_time=500 |
| base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))" |
| |
| for versions in "3 3" "3 4" "4 3" "4 4"; do |
| for key in 1 $keys; do |
| client_lpeer_options="version ${versions% *} key $key" |
| client_rpeer_options="version ${versions#* } key $key" |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_sync || test_fail |
| done |
| done |
| |
| client_lpeer_options="key 1" |
| client_rpeer_options="key 2" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| # This check must fail as the peers are using different keys" |
| check_sync && test_fail |
| |
| test_pass |