blob: 950313849b97846b6d1905cf31b36ea02d2dd3bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/bin/bash
. ./test.common
test_start "NTP authentication"
server_conf="keyfile tmp/server.keys"
client_conf="keyfile tmp/client.keys"
cat > tmp/server.keys <<-EOF
1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
EOF
cat > tmp/client.keys <<-EOF
1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
EOF
keys=4
types="MD5"
check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512"
check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256"
for type in $types; do
keys=$[$keys + 1]
case $type in
AES128) length=16;;
AES256) length=32;;
*) length=$[$RANDOM % 32 + 1];;
esac
key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \
head -c $[$length * 2]))
echo "$key" >> tmp/server.keys
echo "$key" >> tmp/client.keys
done
for version in 3 4; do
for key in $(seq $keys); do
client_server_options="version $version key $key"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_packet_interval || test_fail
check_sync || test_fail
done
done
server_conf=""
run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the server doesn't know the key
check_sync && test_fail
check_packet_interval || test_fail
server_conf="keyfile tmp/server.keys"
client_conf=""
run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the client doesn't know the key
check_sync && test_fail
check_packet_interval || test_fail
client_conf="keyfile tmp/client.keys"
clients=2
peers=2
max_sync_time=500
base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"
for versions in "3 3" "3 4" "4 3" "4 4"; do
for key in 1 $keys; do
client_lpeer_options="version ${versions% *} key $key"
client_rpeer_options="version ${versions#* } key $key"
run_test || test_fail
check_chronyd_exit || test_fail
check_sync || test_fail
done
done
client_lpeer_options="key 1"
client_rpeer_options="key 2"
run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the peers are using different keys"
check_sync && test_fail
test_pass
|