test/simulation/139-nts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

#!/bin/bash

. ./test.common

test_start "NTP authentication with NTS"

check_config_h 'FEAT_NTS 1' || test_skip
certtool --help &> /dev/null || test_skip

export CLKNETSIM_START_DATE=$(date -d 'Jan  1 00:00:00 UTC 2010' +'%s')

cat > tmp/cert.cfg <<EOF
cn = "node1.net1.clk"
serial = 001
activation_date = "2010-01-01 00:00:00 UTC"
expiration_date = "2010-01-02 00:00:00 UTC"
#dns_name = "node1.net1.clk"
signing_key
encryption_key
EOF

certtool --generate-privkey --key-type=ed25519 --outfile tmp/server.key &> tmp/log.certtool
certtool --generate-self-signed --load-privkey tmp/server.key \
	--template tmp/cert.cfg --outfile tmp/server.crt &>> tmp/log.certtool

max_sync_time=400
dns=1
server_conf="
ntsserverkey tmp/server.key
ntsservercert tmp/server.crt
ntsprocesses 0
ntsrotate 66
ntsdumpdir tmp
"
client_server_options="minpoll 6 maxpoll 6 nts"
client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt
logdir tmp
log rawmeasurements"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail

check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail
check_file_messages "	2	1	.*	4460	" 260 300 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
rm -f tmp/measurements.log

client_conf+="
ntsrefresh 120
ntsdumpdir tmp"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail

check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages "	2	1	.*	4460	" 350 390 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log

export CLKNETSIM_START_DATE=$(date -d 'Jan  1 00:00:00 UTC 2010 + 40000 sec' +'%s')

server_conf+="
ntsrotate 100000"
client_conf+="
ntsrefresh 39500"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail

check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages "	2	1	.*	4460	" 6 10 log.packets || test_fail
check_file_messages "^9\.......e+03	2	1	.*	4460	" 6 10 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log

client_conf="
nosystemcert"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail

check_file_messages "	2	1	.*	123	" 0 0 log.packets || test_fail
check_file_messages "	2	1	.*	4460	" 10 20 log.packets || test_fail

export CLKNETSIM_START_DATE=$(date -d 'Jan  2 00:00:01 UTC 2010' +'%s')

client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail

check_file_messages "	2	1	.*	123	" 0 0 log.packets || test_fail
check_file_messages "	2	1	.*	4460	" 10 20 log.packets || test_fail
check_log_messages "expired certificate" 4 4 || test_fail

client_conf+="
nocerttimecheck 1"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail

export CLKNETSIM_START_DATE=$(date -d 'Jan  1 00:00:00 UTC 2010' +'%s')

server_conf="
ntsserverkey tmp/server.key
ntsservercert tmp/server.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp
ntsntpserver 192.168.123.2"
client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt
ntsrefresh 500"
client_server_conf="server node1.net1.clk $client_server_options"

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail

check_file_messages "	2	1	.*	4460	" 50 100 log.packets || test_fail
check_file_messages "	2	2	.*	4460	" 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 6 8 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 6 8 || test_fail

servers=2

run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail

check_file_messages "	3	1	.*	4460	" 100 150 log.packets || test_fail
check_file_messages "	3	2	.*	4460	" 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail

server_conf+="
ntsratelimit interval 12 burst 1 leak 4"

client_chronyd_options="-d -d"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail

check_file_messages "	3	1	.*	4460	1	0	2" 25 50 log.packets || test_fail
check_file_messages "	3	2	.*	4460	" 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail

test_pass