Browse code

auth: prevent side-channel (timing) attack on UAS auth

Stefan Sayer authored on 15/04/2014 10:16:49
Showing 1 changed files
... ...
@@ -48,4 +48,34 @@ FCTMF_SUITE_BGN(test_auth) {
48 48
       fct_chk( !UACAuth::checkNonce(nonce));
49 49
     } FCT_TEST_END();
50 50
 
51
+    FCT_TEST_BGN(t_cmp_len) {
52
+      string s1 = "1234secret";
53
+      string s2 = "1234s3ecret";
54
+      fct_chk( !UACAuth::tc_isequal(s1,s2) );
55
+    } FCT_TEST_END();
56
+
57
+    FCT_TEST_BGN(t_cmp_eq) {
58
+      string s1 = "1234secret";
59
+      string s2 = "1234secret";
60
+      fct_chk( UACAuth::tc_isequal(s1,s2) );
61
+    } FCT_TEST_END();
62
+
63
+
64
+    FCT_TEST_BGN(t_cmp_empty) {
65
+      fct_chk( UACAuth::tc_isequal("","") );
66
+    } FCT_TEST_END();
67
+
68
+    FCT_TEST_BGN(t_cmp_uneq) {
69
+      fct_chk( !UACAuth::tc_isequal("1234secret","2134secret") );
70
+    } FCT_TEST_END();
71
+
72
+    FCT_TEST_BGN(t_cmp_uneq_chr) {
73
+      fct_chk( !UACAuth::tc_isequal("1234secret","2134secret", 10) );
74
+    } FCT_TEST_END();
75
+
76
+    FCT_TEST_BGN(t_cmp_eq_charptr) {
77
+      fct_chk( UACAuth::tc_isequal("1234secret","1234secret", 10) );
78
+    } FCT_TEST_END();
79
+
80
+
51 81
 } FCTMF_SUITE_END();
Browse code

tests: fix tests (auth etc)

Stefan Sayer authored on 17/02/2014 16:08:12
Showing 1 changed files
... ...
@@ -12,37 +12,40 @@ FCTMF_SUITE_BGN(test_auth) {
12 12
     FCT_TEST_BGN(nonce_gen) {
13 13
 
14 14
       string secret = "1234secret";
15
-      string nonce = UACAuth::calcNonce(secret);
15
+      string nonce = UACAuth::calcNonce();
16 16
       //      DBG("nonce '%s'\n", nonce.c_str());    
17
-      fct_chk( UACAuth::checkNonce(nonce, secret));
17
+      fct_chk( UACAuth::checkNonce(nonce));
18 18
     } FCT_TEST_END();
19 19
 
20 20
     FCT_TEST_BGN(nonce_wrong_secret) {
21 21
       string secret = "1234secret";
22
-      string nonce = UACAuth::calcNonce(secret);
23
-      fct_chk( !UACAuth::checkNonce(nonce, secret+"asd"));
22
+      UACAuth::setServerSecret(secret);
23
+      string nonce = UACAuth::calcNonce();
24
+
25
+      UACAuth::setServerSecret(secret+"asd");
26
+      fct_chk( !UACAuth::checkNonce(nonce));
24 27
     } FCT_TEST_END();
25 28
 
26 29
     FCT_TEST_BGN(nonce_wrong_nonce) {
27 30
       string secret = "1234secret";
28
-      string nonce = UACAuth::calcNonce(secret);
31
+      string nonce = UACAuth::calcNonce();
29 32
       nonce[0]=0;
30 33
       nonce[1]=0;
31
-      fct_chk( !UACAuth::checkNonce(nonce, secret));
34
+      fct_chk( !UACAuth::checkNonce(nonce));
32 35
     } FCT_TEST_END();
33 36
 
34 37
     FCT_TEST_BGN(nonce_wrong_nonce) {
35 38
       string secret = "1234secret";
36
-      string nonce = UACAuth::calcNonce(secret);
39
+      string nonce = UACAuth::calcNonce();
37 40
       nonce+="hallo";
38
-      fct_chk( !UACAuth::checkNonce(nonce, secret));
41
+      fct_chk( !UACAuth::checkNonce(nonce));
39 42
     } FCT_TEST_END();
40 43
 
41 44
     FCT_TEST_BGN(nonce_wrong_nonce2) {
42 45
       string secret = "1234secret";
43
-      string nonce = UACAuth::calcNonce(secret);
46
+      string nonce = UACAuth::calcNonce();
44 47
       nonce[nonce.size()-1]=nonce[nonce.size()-2];
45
-      fct_chk( !UACAuth::checkNonce(nonce, secret));
48
+      fct_chk( !UACAuth::checkNonce(nonce));
46 49
     } FCT_TEST_END();
47 50
 
48 51
 } FCTMF_SUITE_END();
Browse code

uac_auth: added UAS authentication of requests (internal API)

Stefan Sayer authored on 01/08/2013 15:54:16
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,48 @@
1
+#include "fct.h"
2
+
3
+#include "log.h"
4
+
5
+#include "AmSipHeaders.h"
6
+#include "AmSipMsg.h"
7
+#include "AmUtils.h"
8
+#include "plug-in/uac_auth/UACAuth.h"
9
+
10
+FCTMF_SUITE_BGN(test_auth) {
11
+
12
+    FCT_TEST_BGN(nonce_gen) {
13
+
14
+      string secret = "1234secret";
15
+      string nonce = UACAuth::calcNonce(secret);
16
+      //      DBG("nonce '%s'\n", nonce.c_str());    
17
+      fct_chk( UACAuth::checkNonce(nonce, secret));
18
+    } FCT_TEST_END();
19
+
20
+    FCT_TEST_BGN(nonce_wrong_secret) {
21
+      string secret = "1234secret";
22
+      string nonce = UACAuth::calcNonce(secret);
23
+      fct_chk( !UACAuth::checkNonce(nonce, secret+"asd"));
24
+    } FCT_TEST_END();
25
+
26
+    FCT_TEST_BGN(nonce_wrong_nonce) {
27
+      string secret = "1234secret";
28
+      string nonce = UACAuth::calcNonce(secret);
29
+      nonce[0]=0;
30
+      nonce[1]=0;
31
+      fct_chk( !UACAuth::checkNonce(nonce, secret));
32
+    } FCT_TEST_END();
33
+
34
+    FCT_TEST_BGN(nonce_wrong_nonce) {
35
+      string secret = "1234secret";
36
+      string nonce = UACAuth::calcNonce(secret);
37
+      nonce+="hallo";
38
+      fct_chk( !UACAuth::checkNonce(nonce, secret));
39
+    } FCT_TEST_END();
40
+
41
+    FCT_TEST_BGN(nonce_wrong_nonce2) {
42
+      string secret = "1234secret";
43
+      string nonce = UACAuth::calcNonce(secret);
44
+      nonce[nonce.size()-1]=nonce[nonce.size()-2];
45
+      fct_chk( !UACAuth::checkNonce(nonce, secret));
46
+    } FCT_TEST_END();
47
+
48
+} FCTMF_SUITE_END();