faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: improve NTS unit tests

Browse source
This commit is contained in:
Miroslav Lichvar 2020-08-13 14:27:13 +02:00
parent 1aa4827b3b
commit 18d9243eb9
2 changed files with 59 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
test/unit/nts_ke_session.c
View file

@ -53,22 +53,34 @@ send_message(NKSN_Instance inst)
NKSN_BeginMessage(inst);
TEST_CHECK(check_message_format(&inst->message, 0));
TEST_CHECK(!check_message_format(&inst->message, 1));
TEST_CHECK(!NKSN_AddRecord(inst, 0, 1, record, NKE_MAX_MESSAGE_LENGTH - 4 + 1));
TEST_CHECK(check_message_format(&inst->message, 0));
TEST_CHECK(!check_message_format(&inst->message, 1));
for (i = 0; i < records; i++) {
TEST_CHECK(NKSN_AddRecord(inst, critical, type_start + i, record, record_length));
TEST_CHECK(!NKSN_AddRecord(inst, 0, 1, &record,
NKE_MAX_MESSAGE_LENGTH - inst->message.length - 4 + 1));
TEST_CHECK(check_message_format(&inst->message, 0));
TEST_CHECK(!check_message_format(&inst->message, 1));
}
TEST_CHECK(NKSN_EndMessage(inst));
TEST_CHECK(check_message_format(&inst->message, 0));
TEST_CHECK(check_message_format(&inst->message, 1));
}
static void
verify_message(NKSN_Instance inst)
{
unsigned char buffer[NKE_MAX_MESSAGE_LENGTH];
int i, c, t, length, buffer_length;
int i, c, t, length, buffer_length, msg_length, prev_parsed;
NKE_Key c2s, s2c;
for (i = 0; i < records; i++) {
@ -76,6 +88,9 @@ verify_message(NKSN_Instance inst)
buffer_length = random() % (record_length + 1);
assert(buffer_length <= sizeof (buffer));
prev_parsed = inst->message.parsed;
msg_length = inst->message.length;
TEST_CHECK(NKSN_GetRecord(inst, &c, &t, &length, buffer, buffer_length));
TEST_CHECK(c == critical);
TEST_CHECK(t == type_start + i);
@ -83,6 +98,20 @@ verify_message(NKSN_Instance inst)
TEST_CHECK(memcmp(record, buffer, buffer_length) == 0);
if (buffer_length < record_length)
TEST_CHECK(buffer[buffer_length] == 0);
inst->message.length = inst->message.parsed - 1;
inst->message.parsed = prev_parsed;
TEST_CHECK(!get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length));
TEST_CHECK(inst->message.parsed == prev_parsed);
inst->message.length = msg_length;
if (msg_length < 0x8000) {
inst->message.data[prev_parsed + 2] ^= 0x80;
TEST_CHECK(!get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length));
TEST_CHECK(inst->message.parsed == prev_parsed);
inst->message.data[prev_parsed + 2] ^= 0x80;
}
TEST_CHECK(get_record(&inst->message, NULL, NULL, NULL, buffer, buffer_length));
TEST_CHECK(inst->message.parsed > prev_parsed);
}
TEST_CHECK(!NKSN_GetRecord(inst, &critical, &t, &length, buffer, sizeof (buffer)));

39
test/unit/nts_ntp_client.c
View file

@ -60,6 +60,8 @@ get_nts_data(NKC_Instance inst, NKE_Context *context,
*num_cookies = random() % max_cookies + 1;
for (i = 0; i < *num_cookies; i++) {
cookies[i].length = random() % (sizeof (cookies[i].cookie) + 1);
if (random() % 4 != 0)
cookies[i].length = cookies[i].length / 4 * 4;
memset(cookies[i].cookie, random(), cookies[i].length);
}
@ -82,6 +84,8 @@ get_request(NNC_Instance inst)
info.version = 4;
info.mode = MODE_CLIENT;
info.length = random() % (sizeof (packet) + 1);
if (random() % 4 != 0)
info.length = info.length / 4 * 4;
if (inst->num_cookies > 0 && random() % 2) {
inst->num_cookies = 0;
@ -127,9 +131,9 @@ get_request(NNC_Instance inst)
static void
prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, int valid, int nak)
{
unsigned char cookie[508], plaintext[512], nonce[512];
int nonce_length, cookie_length, plaintext_length, min_auth_length;
int index, auth_start;
unsigned char cookie[508], plaintext[528], nonce[512];
int nonce_length, ef_length, cookie_length, plaintext_length, min_auth_length;
int i, index, auth_start;
SIV_Instance siv;
memset(packet, 0, sizeof (*packet));
@ -142,7 +146,7 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in
if (valid)
index = -1;
else
index = random() % (nak ? 2 : 6);
index = random() % (nak ? 2 : 8);
DEBUG_LOG("index=%d nak=%d", index, nak);
@ -171,16 +175,29 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in
DEBUG_LOG("nonce_length=%d cookie_length=%d min_auth_length=%d",
nonce_length, cookie_length, min_auth_length);
UTI_GetRandomBytes(nonce, nonce_length);
UTI_GetRandomBytes(cookie, cookie_length);
if (cookie_length >= 12 && cookie_length <= 32 && random() % 2 == 0)
TEST_CHECK(NEF_AddField(packet, info, NTP_EF_NTS_COOKIE, cookie, cookie_length));
plaintext_length = 0;
if (index != 3)
TEST_CHECK(NEF_SetField(plaintext, sizeof (plaintext), 0, NTP_EF_NTS_COOKIE,
cookie, cookie_length, &plaintext_length));
if (index != 3) {
for (i = random() % ((sizeof (plaintext) - 16) / (cookie_length + 4)); i >= 0; i--) {
TEST_CHECK(NEF_SetField(plaintext, sizeof (plaintext), plaintext_length,
NTP_EF_NTS_COOKIE, cookie,
i == 0 ? cookie_length : random() % (cookie_length + 1) / 4 * 4,
&ef_length));
plaintext_length += ef_length;
}
}
auth_start = info->length;
if (index != 4) {
if (index == 5) {
assert(plaintext_length + 16 <= sizeof (plaintext));
memset(plaintext + plaintext_length, 0, 16);
plaintext_length += 16;
}
siv = SIV_CreateInstance(inst->context.algorithm);
TEST_CHECK(siv);
TEST_CHECK(SIV_SetKey(siv, inst->context.s2c.key, inst->context.s2c.length));
@ -189,8 +206,10 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in
min_auth_length));
SIV_DestroyInstance(siv);
}
if (index == 5)
if (index == 6)
((unsigned char *)packet)[auth_start + 8]++;
if (index == 7)
TEST_CHECK(NEF_AddField(packet, info, 0x7000, inst->uniq_id, sizeof (inst->uniq_id)));
}
void
@ -238,7 +257,7 @@ test_unit(void)
if (valid) {
TEST_CHECK(NNC_CheckResponseAuth(inst, &packet, &info));
TEST_CHECK(inst->num_cookies == MIN(NTS_MAX_COOKIES, prev_num_cookies + 1));
TEST_CHECK(inst->num_cookies >= MIN(NTS_MAX_COOKIES, prev_num_cookies + 1));
TEST_CHECK(inst->ok_response);
}