diff --git a/test/unit/nts_ke_session.c b/test/unit/nts_ke_session.c index b907593..adcade6 100644 --- a/test/unit/nts_ke_session.c +++ b/test/unit/nts_ke_session.c @@ -53,22 +53,34 @@ send_message(NKSN_Instance inst) NKSN_BeginMessage(inst); + TEST_CHECK(check_message_format(&inst->message, 0)); + TEST_CHECK(!check_message_format(&inst->message, 1)); + TEST_CHECK(!NKSN_AddRecord(inst, 0, 1, record, NKE_MAX_MESSAGE_LENGTH - 4 + 1)); + TEST_CHECK(check_message_format(&inst->message, 0)); + TEST_CHECK(!check_message_format(&inst->message, 1)); + for (i = 0; i < records; i++) { TEST_CHECK(NKSN_AddRecord(inst, critical, type_start + i, record, record_length)); TEST_CHECK(!NKSN_AddRecord(inst, 0, 1, &record, NKE_MAX_MESSAGE_LENGTH - inst->message.length - 4 + 1)); + + TEST_CHECK(check_message_format(&inst->message, 0)); + TEST_CHECK(!check_message_format(&inst->message, 1)); } TEST_CHECK(NKSN_EndMessage(inst)); + + TEST_CHECK(check_message_format(&inst->message, 0)); + TEST_CHECK(check_message_format(&inst->message, 1)); } static void verify_message(NKSN_Instance inst) { unsigned char buffer[NKE_MAX_MESSAGE_LENGTH]; - int i, c, t, length, buffer_length; + int i, c, t, length, buffer_length, msg_length, prev_parsed; NKE_Key c2s, s2c; for (i = 0; i < records; i++) { @@ -76,6 +88,9 @@ verify_message(NKSN_Instance inst) buffer_length = random() % (record_length + 1); assert(buffer_length <= sizeof (buffer)); + prev_parsed = inst->message.parsed; + msg_length = inst->message.length; + TEST_CHECK(NKSN_GetRecord(inst, &c, &t, &length, buffer, buffer_length)); TEST_CHECK(c == critical); TEST_CHECK(t == type_start + i); @@ -83,6 +98,20 @@ verify_message(NKSN_Instance inst) TEST_CHECK(memcmp(record, buffer, buffer_length) == 0); if (buffer_length < record_length) TEST_CHECK(buffer[buffer_length] == 0); + + inst->message.length = inst->message.parsed - 1; + inst->message.parsed = prev_parsed; + TEST_CHECK(!get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length)); + TEST_CHECK(inst->message.parsed == prev_parsed); + inst->message.length = msg_length; + if (msg_length < 0x8000) { + inst->message.data[prev_parsed + 2] ^= 0x80; + TEST_CHECK(!get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length)); + TEST_CHECK(inst->message.parsed == prev_parsed); + inst->message.data[prev_parsed + 2] ^= 0x80; + } + TEST_CHECK(get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length)); + TEST_CHECK(inst->message.parsed > prev_parsed); } TEST_CHECK(!NKSN_GetRecord(inst, &critical, &t, &length, buffer, sizeof (buffer))); diff --git a/test/unit/nts_ntp_client.c b/test/unit/nts_ntp_client.c index f5e7546..f6e3e05 100644 --- a/test/unit/nts_ntp_client.c +++ b/test/unit/nts_ntp_client.c @@ -60,6 +60,8 @@ get_nts_data(NKC_Instance inst, NKE_Context *context, *num_cookies = random() % max_cookies + 1; for (i = 0; i < *num_cookies; i++) { cookies[i].length = random() % (sizeof (cookies[i].cookie) + 1); + if (random() % 4 != 0) + cookies[i].length = cookies[i].length / 4 * 4; memset(cookies[i].cookie, random(), cookies[i].length); } @@ -82,6 +84,8 @@ get_request(NNC_Instance inst) info.version = 4; info.mode = MODE_CLIENT; info.length = random() % (sizeof (packet) + 1); + if (random() % 4 != 0) + info.length = info.length / 4 * 4; if (inst->num_cookies > 0 && random() % 2) { inst->num_cookies = 0; @@ -127,9 +131,9 @@ get_request(NNC_Instance inst) static void prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, int valid, int nak) { - unsigned char cookie[508], plaintext[512], nonce[512]; - int nonce_length, cookie_length, plaintext_length, min_auth_length; - int index, auth_start; + unsigned char cookie[508], plaintext[528], nonce[512]; + int nonce_length, ef_length, cookie_length, plaintext_length, min_auth_length; + int i, index, auth_start; SIV_Instance siv; memset(packet, 0, sizeof (*packet)); @@ -142,7 +146,7 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in if (valid) index = -1; else - index = random() % (nak ? 2 : 6); + index = random() % (nak ? 2 : 8); DEBUG_LOG("index=%d nak=%d", index, nak); @@ -171,16 +175,29 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in DEBUG_LOG("nonce_length=%d cookie_length=%d min_auth_length=%d", nonce_length, cookie_length, min_auth_length); - UTI_GetRandomBytes(nonce, nonce_length); UTI_GetRandomBytes(cookie, cookie_length); + if (cookie_length >= 12 && cookie_length <= 32 && random() % 2 == 0) + TEST_CHECK(NEF_AddField(packet, info, NTP_EF_NTS_COOKIE, cookie, cookie_length)); + plaintext_length = 0; - if (index != 3) - TEST_CHECK(NEF_SetField(plaintext, sizeof (plaintext), 0, NTP_EF_NTS_COOKIE, - cookie, cookie_length, &plaintext_length)); + if (index != 3) { + for (i = random() % ((sizeof (plaintext) - 16) / (cookie_length + 4)); i >= 0; i--) { + TEST_CHECK(NEF_SetField(plaintext, sizeof (plaintext), plaintext_length, + NTP_EF_NTS_COOKIE, cookie, + i == 0 ? cookie_length : random() % (cookie_length + 1) / 4 * 4, + &ef_length)); + plaintext_length += ef_length; + } + } auth_start = info->length; if (index != 4) { + if (index == 5) { + assert(plaintext_length + 16 <= sizeof (plaintext)); + memset(plaintext + plaintext_length, 0, 16); + plaintext_length += 16; + } siv = SIV_CreateInstance(inst->context.algorithm); TEST_CHECK(siv); TEST_CHECK(SIV_SetKey(siv, inst->context.s2c.key, inst->context.s2c.length)); @@ -189,8 +206,10 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in min_auth_length)); SIV_DestroyInstance(siv); } - if (index == 5) + if (index == 6) ((unsigned char *)packet)[auth_start + 8]++; + if (index == 7) + TEST_CHECK(NEF_AddField(packet, info, 0x7000, inst->uniq_id, sizeof (inst->uniq_id))); } void @@ -238,7 +257,7 @@ test_unit(void) if (valid) { TEST_CHECK(NNC_CheckResponseAuth(inst, &packet, &info)); - TEST_CHECK(inst->num_cookies == MIN(NTS_MAX_COOKIES, prev_num_cookies + 1)); + TEST_CHECK(inst->num_cookies >= MIN(NTS_MAX_COOKIES, prev_num_cookies + 1)); TEST_CHECK(inst->ok_response); }