From 5a39074e01a654570d3b581ae5feda9f010fd8f2 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 19 Oct 2022 14:57:16 +0200 Subject: [PATCH] nts: fix number of extension fields after failed encryption If the authenticator SIV encryption fails (e.g. due to wrong nonce length), decrement the number of extension fields to keep the packet info consistent. --- nts_ntp_auth.c | 1 + test/unit/nts_ntp_auth.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c index 2f502bb..b92c406 100644 --- a/nts_ntp_auth.c +++ b/nts_ntp_auth.c @@ -115,6 +115,7 @@ NNA_GenerateAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv, plaintext, plaintext_length, ciphertext, ciphertext_length)) { DEBUG_LOG("SIV encrypt failed"); info->length = assoc_length; + info->ext_fields--; return 0; } diff --git a/test/unit/nts_ntp_auth.c b/test/unit/nts_ntp_auth.c index 207ebeb..c3a7432 100644 --- a/test/unit/nts_ntp_auth.c +++ b/test/unit/nts_ntp_auth.c @@ -87,11 +87,13 @@ test_unit(void) r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMinNonceLength(siv) - 1, plaintext, plaintext_length, 0); TEST_CHECK(!r); + TEST_CHECK(info.ext_fields == 0); } if (SIV_GetMaxNonceLength(siv) <= sizeof (nonce)) { r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMaxNonceLength(siv) - 1, plaintext, plaintext_length, 0); TEST_CHECK(!r); + TEST_CHECK(info.ext_fields == 0); } r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, nonce_length, plaintext, plaintext_length, sizeof (packet) - info.length + 1);