diff --git a/nts_ke.h b/nts_ke.h index 55cf47e..15ae3f5 100644 --- a/nts_ke.h +++ b/nts_ke.h @@ -65,6 +65,12 @@ typedef struct { unsigned char key[NKE_MAX_KEY_LENGTH]; } NKE_Key; +typedef struct { + SIV_Algorithm algorithm; + NKE_Key c2s; + NKE_Key s2c; +} NKE_Context; + typedef struct { int length; unsigned char cookie[NKE_MAX_COOKIE_LENGTH]; diff --git a/nts_ke_client.c b/nts_ke_client.c index 517b06c..58c3f31 100644 --- a/nts_ke_client.c +++ b/nts_ke_client.c @@ -49,8 +49,7 @@ struct NKC_Instance_Record { int got_response; int resolving_name; - SIV_Algorithm siv_algorithm; - NKE_Key c2s, s2c; + NKE_Context context; NKE_Cookie cookies[NKE_MAX_COOKIES]; int num_cookies; char server_name[NKE_MAX_RECORD_BODY_LENGTH + 1]; @@ -156,7 +155,7 @@ process_response(NKC_Instance inst) break; } aead_algorithm = AEAD_AES_SIV_CMAC_256; - inst->siv_algorithm = aead_algorithm; + inst->context.algorithm = aead_algorithm; break; case NKE_RECORD_ERROR: if (length == 2) @@ -237,7 +236,8 @@ handle_message(void *arg) return 0; } - if (!NKSN_GetKeys(inst->session, inst->siv_algorithm, &inst->c2s, &inst->s2c)) + if (!NKSN_GetKeys(inst->session, inst->context.algorithm, + &inst->context.c2s, &inst->context.s2c)) return 0; if (inst->server_name[0] != '\0') { @@ -371,8 +371,7 @@ NKC_IsActive(NKC_Instance inst) /* ================================================== */ int -NKC_GetNtsData(NKC_Instance inst, - SIV_Algorithm *siv_algorithm, NKE_Key *c2s, NKE_Key *s2c, +NKC_GetNtsData(NKC_Instance inst, NKE_Context *context, NKE_Cookie *cookies, int *num_cookies, int max_cookies, IPSockAddr *ntp_address) { @@ -381,9 +380,7 @@ NKC_GetNtsData(NKC_Instance inst, if (!inst->got_response || inst->resolving_name) return 0; - *siv_algorithm = inst->siv_algorithm; - *c2s = inst->c2s; - *s2c = inst->s2c; + *context = inst->context; for (i = 0; i < inst->num_cookies && i < max_cookies; i++) cookies[i] = inst->cookies[i]; diff --git a/nts_ke_client.h b/nts_ke_client.h index 7622252..b800ac2 100644 --- a/nts_ke_client.h +++ b/nts_ke_client.h @@ -50,8 +50,7 @@ extern int NKC_Start(NKC_Instance inst); extern int NKC_IsActive(NKC_Instance inst); /* Get the NTS data if the session was successful */ -extern int NKC_GetNtsData(NKC_Instance inst, - SIV_Algorithm *siv_algorithm, NKE_Key *c2s, NKE_Key *s2c, +extern int NKC_GetNtsData(NKC_Instance inst, NKE_Context *context, NKE_Cookie *cookies, int *num_cookies, int max_cookies, IPSockAddr *ntp_address); diff --git a/nts_ke_server.c b/nts_ke_server.c index 3093ee0..522aaaa 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -293,8 +293,8 @@ helper_signal(int x) static int prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_algorithm) { + NKE_Context context; NKE_Cookie cookie; - NKE_Key c2s, s2c; uint16_t datum; int i; @@ -329,11 +329,13 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a return 0; } - if (!NKSN_GetKeys(session, aead_algorithm, &c2s, &s2c)) + context.algorithm = aead_algorithm; + + if (!NKSN_GetKeys(session, aead_algorithm, &context.c2s, &context.s2c)) return 0; for (i = 0; i < NKE_MAX_COOKIES; i++) { - if (!NKS_GenerateCookie(&c2s, &s2c, &cookie)) + if (!NKS_GenerateCookie(&context, &cookie)) return 0; if (!NKSN_AddRecord(session, 0, NKE_RECORD_COOKIE, cookie.cookie, cookie.length)) return 0; @@ -679,7 +681,7 @@ NKS_Finalise(void) /* A server cookie consists of key ID, nonce, and encrypted C2S+S2C keys */ int -NKS_GenerateCookie(NKE_Key *c2s, NKE_Key *s2c, NKE_Cookie *cookie) +NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie) { unsigned char plaintext[2 * NKE_MAX_KEY_LENGTH], *ciphertext; int plaintext_length, tag_length; @@ -691,8 +693,14 @@ NKS_GenerateCookie(NKE_Key *c2s, NKE_Key *s2c, NKE_Cookie *cookie) return 0; } - if (c2s->length < 0 || c2s->length > NKE_MAX_KEY_LENGTH || - s2c->length < 0 || s2c->length > NKE_MAX_KEY_LENGTH) { + /* The algorithm is hardcoded for now */ + if (context->algorithm != AEAD_AES_SIV_CMAC_256) { + DEBUG_LOG("Unexpected SIV algorithm"); + return 0; + } + + if (context->c2s.length < 0 || context->c2s.length > NKE_MAX_KEY_LENGTH || + context->s2c.length < 0 || context->s2c.length > NKE_MAX_KEY_LENGTH) { DEBUG_LOG("Invalid key length"); return 0; } @@ -705,10 +713,10 @@ NKS_GenerateCookie(NKE_Key *c2s, NKE_Key *s2c, NKE_Cookie *cookie) header->key_id = key->id; UTI_GetRandomBytes(header->nonce, sizeof (header->nonce)); - plaintext_length = c2s->length + s2c->length; + plaintext_length = context->c2s.length + context->s2c.length; assert(plaintext_length <= sizeof (plaintext)); - memcpy(plaintext, c2s->key, c2s->length); - memcpy(plaintext + c2s->length, s2c->key, s2c->length); + memcpy(plaintext, context->c2s.key, context->c2s.length); + memcpy(plaintext + context->c2s.length, context->s2c.key, context->s2c.length); tag_length = SIV_GetTagLength(key->siv); cookie->length = sizeof (*header) + plaintext_length + tag_length; @@ -729,7 +737,7 @@ NKS_GenerateCookie(NKE_Key *c2s, NKE_Key *s2c, NKE_Cookie *cookie) /* ================================================== */ int -NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Key *c2s, NKE_Key *s2c) +NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Context *context) { unsigned char plaintext[2 * NKE_MAX_KEY_LENGTH], *ciphertext; int ciphertext_length, plaintext_length, tag_length; @@ -776,12 +784,14 @@ NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Key *c2s, NKE_Key *s2c) return 0; } - c2s->length = plaintext_length / 2; - s2c->length = plaintext_length / 2; - assert(c2s->length <= sizeof (c2s->key)); + context->algorithm = AEAD_AES_SIV_CMAC_256; - memcpy(c2s->key, plaintext, c2s->length); - memcpy(s2c->key, plaintext + c2s->length, s2c->length); + context->c2s.length = plaintext_length / 2; + context->s2c.length = plaintext_length / 2; + assert(context->c2s.length <= sizeof (context->c2s.key)); + + memcpy(context->c2s.key, plaintext, context->c2s.length); + memcpy(context->s2c.key, plaintext + context->c2s.length, context->s2c.length); return 1; } diff --git a/nts_ke_server.h b/nts_ke_server.h index 558dd11..77b00c3 100644 --- a/nts_ke_server.h +++ b/nts_ke_server.h @@ -33,10 +33,10 @@ extern void NKS_Initialise(int scfilter_level); extern void NKS_Finalise(void); -/* Generate a new NTS cookie containing the C2S and S2C keys */ -extern int NKS_GenerateCookie(NKE_Key *c2s, NKE_Key *s2c, NKE_Cookie *cookie); +/* Generate an NTS cookie with a given context */ +extern int NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie); -/* Validate a cookie and extract the C2S and S2C keys */ -extern int NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Key *c2s, NKE_Key *s2c); +/* Validate a cookie and decode the context */ +extern int NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Context *context); #endif diff --git a/nts_ntp_client.c b/nts_ntp_client.c index 291ec69..60b5caf 100644 --- a/nts_ntp_client.c +++ b/nts_ntp_client.c @@ -49,13 +49,14 @@ struct NNC_Instance_Record { const IPSockAddr *ntp_address; IPSockAddr nts_address; char *name; - SIV_Instance siv_c2s; - SIV_Instance siv_s2c; NKC_Instance nke; + SIV_Instance siv; int nke_attempts; double next_nke_attempt; double last_nke_success; + + NKE_Context context; NKE_Cookie cookies[NTS_MAX_COOKIES]; int num_cookies; int cookie_index; @@ -73,6 +74,8 @@ reset_instance(NNC_Instance inst) inst->nke_attempts = 0; inst->next_nke_attempt = 0.0; inst->last_nke_success = 0.0; + + memset(&inst->context, 0, sizeof (inst->context)); inst->num_cookies = 0; inst->cookie_index = 0; inst->nak_response = 0; @@ -93,8 +96,7 @@ NNC_CreateInstance(IPSockAddr *nts_address, const char *name, const IPSockAddr * inst->ntp_address = ntp_address; inst->nts_address = *nts_address; inst->name = name ? Strdup(name) : NULL; - inst->siv_c2s = NULL; - inst->siv_s2c = NULL; + inst->siv = NULL; inst->nke = NULL; reset_instance(inst); @@ -109,10 +111,8 @@ NNC_DestroyInstance(NNC_Instance inst) { if (inst->nke) NKC_DestroyInstance(inst->nke); - if (inst->siv_c2s) - SIV_DestroyInstance(inst->siv_c2s); - if (inst->siv_s2c) - SIV_DestroyInstance(inst->siv_s2c); + if (inst->siv) + SIV_DestroyInstance(inst->siv); Free(inst->name); Free(inst); @@ -187,8 +187,6 @@ static int get_nke_data(NNC_Instance inst) { NTP_Remote_Address ntp_address; - SIV_Algorithm siv; - NKE_Key c2s, s2c; double now; int got_data; @@ -223,7 +221,7 @@ get_nke_data(NNC_Instance inst) if (NKC_IsActive(inst->nke)) return 0; - got_data = NKC_GetNtsData(inst->nke, &siv, &c2s, &s2c, + got_data = NKC_GetNtsData(inst->nke, &inst->context, inst->cookies, &inst->num_cookies, NTS_MAX_COOKIES, &ntp_address); @@ -240,17 +238,12 @@ get_nke_data(NNC_Instance inst) inst->cookie_index = 0; - if (inst->siv_c2s) - SIV_DestroyInstance(inst->siv_c2s); - if (inst->siv_s2c) - SIV_DestroyInstance(inst->siv_s2c); + if (inst->siv) + SIV_DestroyInstance(inst->siv); - inst->siv_c2s = SIV_CreateInstance(siv); - inst->siv_s2c = SIV_CreateInstance(siv); + inst->siv = SIV_CreateInstance(inst->context.algorithm); - if (!inst->siv_c2s || !inst->siv_s2c || - !SIV_SetKey(inst->siv_c2s, c2s.key, c2s.length) || - !SIV_SetKey(inst->siv_s2c, s2c.key, s2c.length)) { + if (!inst->siv) { DEBUG_LOG("Could not initialise SIV"); inst->num_cookies = 0; return 0; @@ -273,6 +266,11 @@ NNC_PrepareForAuth(NNC_Instance inst) return 0; } + if (!SIV_SetKey(inst->siv, inst->context.c2s.key, inst->context.c2s.length)) { + DEBUG_LOG("Could not set SIV key"); + return 0; + } + UTI_GetRandomBytes(&inst->uniq_id, sizeof (inst->uniq_id)); UTI_GetRandomBytes(&inst->nonce, sizeof (inst->nonce)); @@ -289,7 +287,7 @@ NNC_GenerateRequestAuth(NNC_Instance inst, NTP_Packet *packet, int i, req_cookies; void *ef_body; - if (inst->num_cookies == 0 || !inst->siv_c2s) + if (inst->num_cookies == 0 || !inst->siv) return 0; if (info->mode != MODE_CLIENT) @@ -314,7 +312,7 @@ NNC_GenerateRequestAuth(NNC_Instance inst, NTP_Packet *packet, memset(ef_body, 0, cookie->length); } - if (!NNA_GenerateAuthEF(packet, info, inst->siv_c2s, inst->nonce, sizeof (inst->nonce), + if (!NNA_GenerateAuthEF(packet, info, inst->siv, inst->nonce, sizeof (inst->nonce), (const unsigned char *)"", 0, NTP_MAX_V4_MAC_LENGTH + 4)) return 0; @@ -384,8 +382,11 @@ NNC_CheckResponseAuth(NNC_Instance inst, NTP_Packet *packet, if (inst->ok_response) return 0; - if (!inst->siv_s2c) + if (!inst->siv || + !SIV_SetKey(inst->siv, inst->context.s2c.key, inst->context.s2c.length)) { + DEBUG_LOG("Could not set SIV key"); return 0; + } for (parsed = NTP_HEADER_LENGTH; parsed < info->length; parsed += ef_length) { if (!NEF_ParseField(packet, info->length, parsed, @@ -410,7 +411,7 @@ NNC_CheckResponseAuth(NNC_Instance inst, NTP_Packet *packet, return 0; } - if (!NNA_DecryptAuthEF(packet, info, inst->siv_s2c, parsed, + if (!NNA_DecryptAuthEF(packet, info, inst->siv, parsed, plaintext, sizeof (plaintext), &plaintext_length)) return 0; diff --git a/nts_ntp_server.c b/nts_ntp_server.c index ecdaa5b..6718c5a 100644 --- a/nts_ntp_server.c +++ b/nts_ntp_server.c @@ -41,6 +41,8 @@ #include "siv.h" #include "util.h" +#define SERVER_SIV AEAD_AES_SIV_CMAC_256 + struct NtsServer { SIV_Instance siv; unsigned char nonce[NTS_MIN_UNPADDED_NONCE_LENGTH]; @@ -64,7 +66,7 @@ NNS_Initialise(void) } server = Malloc(sizeof (struct NtsServer)); - server->siv = SIV_CreateInstance(AEAD_AES_SIV_CMAC_256); + server->siv = SIV_CreateInstance(SERVER_SIV); } /* ================================================== */ @@ -88,8 +90,8 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod) int ef_type, ef_body_length, ef_length, has_uniq_id = 0, has_auth = 0, has_cookie = 0; int i, plaintext_length, parsed, requested_cookies, cookie_length = -1, auth_start = 0; unsigned char plaintext[NTP_MAX_EXTENSIONS_LENGTH]; + NKE_Context context; NKE_Cookie cookie; - NKE_Key c2s, s2c; void *ef_body; if (!server) @@ -144,12 +146,17 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod) return 0; } - if (!NKS_DecodeCookie(&cookie, &c2s, &s2c)) { + if (!NKS_DecodeCookie(&cookie, &context)) { *kod = NTP_KOD_NTS_NAK; return 0; } - if (!SIV_SetKey(server->siv, c2s.key, c2s.length)) { + if (context.algorithm != SERVER_SIV) { + DEBUG_LOG("Unexpected SIV"); + return 0; + } + + if (!SIV_SetKey(server->siv, context.c2s.key, context.c2s.length)) { DEBUG_LOG("Could not set C2S key"); return 0; } @@ -178,7 +185,7 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod) } } - if (!SIV_SetKey(server->siv, s2c.key, s2c.length)) { + if (!SIV_SetKey(server->siv, context.s2c.key, context.s2c.length)) { DEBUG_LOG("Could not set S2C key"); return 0; } @@ -187,7 +194,7 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod) server->num_cookies = MIN(NTS_MAX_COOKIES, requested_cookies); for (i = 0; i < server->num_cookies; i++) - if (!NKS_GenerateCookie(&c2s, &s2c, &server->cookies[i])) + if (!NKS_GenerateCookie(&context, &server->cookies[i])) return 0; return 1; diff --git a/test/unit/nts_ke_server.c b/test/unit/nts_ke_server.c index d1628d6..0ca35eb 100644 --- a/test/unit/nts_ke_server.c +++ b/test/unit/nts_ke_server.c @@ -132,8 +132,8 @@ void test_unit(void) { NKSN_Instance session; + NKE_Context context, context2; NKE_Cookie cookie; - NKE_Key c2s, s2c, c2s2, s2c2; int i, valid, l; uint32_t sum, sum2; @@ -167,14 +167,16 @@ test_unit(void) for (i = 0; i < 10000; i++) { - get_keys(session, AEAD_AES_SIV_CMAC_256, &c2s, &s2c); + context.algorithm = AEAD_AES_SIV_CMAC_256; + get_keys(session, context.algorithm, &context.c2s, &context.s2c); memset(&cookie, 0, sizeof (cookie)); - TEST_CHECK(NKS_GenerateCookie(&c2s, &s2c, &cookie)); - TEST_CHECK(NKS_DecodeCookie(&cookie, &c2s2, &s2c2)); - TEST_CHECK(c2s.length == c2s2.length); - TEST_CHECK(s2c.length == s2c2.length); - TEST_CHECK(memcmp(c2s.key, c2s2.key, c2s.length) == 0); - TEST_CHECK(memcmp(s2c.key, s2c2.key, s2c.length) == 0); + TEST_CHECK(NKS_GenerateCookie(&context, &cookie)); + TEST_CHECK(NKS_DecodeCookie(&cookie, &context2)); + TEST_CHECK(context.algorithm == context2.algorithm); + TEST_CHECK(context.c2s.length == context2.c2s.length); + TEST_CHECK(context.s2c.length == context2.s2c.length); + TEST_CHECK(memcmp(context.c2s.key, context2.c2s.key, context.c2s.length) == 0); + TEST_CHECK(memcmp(context.s2c.key, context2.s2c.key, context.s2c.length) == 0); if (random() % 4) { cookie.cookie[random() % (cookie.length)]++; @@ -185,7 +187,7 @@ test_unit(void) while (l == cookie.length) cookie.length = random() % (sizeof (cookie.cookie) + 1); } - TEST_CHECK(!NKS_DecodeCookie(&cookie, &c2s2, &s2c2)); + TEST_CHECK(!NKS_DecodeCookie(&cookie, &context2)); } unlink("ntskeys"); diff --git a/test/unit/nts_ntp_client.c b/test/unit/nts_ntp_client.c index 2503c2f..ad76fc8 100644 --- a/test/unit/nts_ntp_client.c +++ b/test/unit/nts_ntp_client.c @@ -32,27 +32,29 @@ #define NKC_Start(inst) (random() % 2) #define NKC_IsActive(inst) (random() % 2) -static int get_nts_data(NKC_Instance inst, SIV_Algorithm *siv_algorithm, NKE_Key *c2s, NKE_Key *s2c, - NKE_Cookie *cookies, int *num_cookies, int max_cookies, IPSockAddr *ntp_address); +static int get_nts_data(NKC_Instance inst, NKE_Context *context, + NKE_Cookie *cookies, int *num_cookies, int max_cookies, + IPSockAddr *ntp_address); #define NKC_GetNtsData get_nts_data #include static int -get_nts_data(NKC_Instance inst, SIV_Algorithm *siv_algorithm, NKE_Key *c2s, NKE_Key *s2c, - NKE_Cookie *cookies, int *num_cookies, int max_cookies, IPSockAddr *ntp_address) +get_nts_data(NKC_Instance inst, NKE_Context *context, + NKE_Cookie *cookies, int *num_cookies, int max_cookies, + IPSockAddr *ntp_address) { int i; if (random() % 2) return 0; - *siv_algorithm = AEAD_AES_SIV_CMAC_256; + context->algorithm = AEAD_AES_SIV_CMAC_256; - c2s->length = SIV_GetKeyLength(*siv_algorithm); - UTI_GetRandomBytes(c2s->key, c2s->length); - s2c->length = SIV_GetKeyLength(*siv_algorithm); - UTI_GetRandomBytes(s2c->key, s2c->length); + context->c2s.length = SIV_GetKeyLength(context->algorithm); + UTI_GetRandomBytes(context->c2s.key, context->c2s.length); + context->s2c.length = SIV_GetKeyLength(context->algorithm); + UTI_GetRandomBytes(context->s2c.key, context->s2c.length); *num_cookies = random() % max_cookies + 1; for (i = 0; i < *num_cookies; i++) { @@ -89,8 +91,7 @@ get_request(NNC_Instance inst) } TEST_CHECK(inst->num_cookies > 0); - TEST_CHECK(inst->siv_c2s); - TEST_CHECK(inst->siv_s2c); + TEST_CHECK(inst->siv); memcpy(nonce, inst->nonce, sizeof (nonce)); memcpy(uniq_id, inst->uniq_id, sizeof (uniq_id)); @@ -103,7 +104,7 @@ get_request(NNC_Instance inst) (inst->cookies[inst->cookie_index].length + 4)); expected_length = info.length + 4 + sizeof (inst->uniq_id) + req_cookies * (4 + inst->cookies[inst->cookie_index].length) + - 4 + 4 + sizeof (inst->nonce) + SIV_GetTagLength(inst->siv_c2s); + 4 + 4 + sizeof (inst->nonce) + SIV_GetTagLength(inst->siv); DEBUG_LOG("length=%d cookie_length=%d expected_length=%d", info.length, inst->cookies[inst->cookie_index].length, expected_length); @@ -126,6 +127,7 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in unsigned char cookie[508], plaintext[512], nonce[512]; int nonce_length, cookie_length, plaintext_length, min_auth_length; int index, auth_start; + SIV_Instance siv; memset(packet, 0, sizeof (*packet)); packet->lvm = NTP_LVM(0, 4, MODE_SERVER); @@ -175,10 +177,15 @@ prepare_response(NNC_Instance inst, NTP_Packet *packet, NTP_PacketInfo *info, in TEST_CHECK(NEF_SetField(plaintext, sizeof (plaintext), 0, NTP_EF_NTS_COOKIE, cookie, cookie_length, &plaintext_length)); auth_start = info->length; - if (index != 4) - TEST_CHECK(NNA_GenerateAuthEF(packet, info, inst->siv_s2c, + if (index != 4) { + siv = SIV_CreateInstance(inst->context.algorithm); + TEST_CHECK(siv); + TEST_CHECK(SIV_SetKey(siv, inst->context.s2c.key, inst->context.s2c.length)); + TEST_CHECK(NNA_GenerateAuthEF(packet, info, siv, nonce, nonce_length, plaintext, plaintext_length, min_auth_length)); + SIV_DestroyInstance(siv); + } if (index == 5) ((unsigned char *)packet)[auth_start + 8]++; } diff --git a/test/unit/nts_ntp_server.c b/test/unit/nts_ntp_server.c index c6369ec..1f38854 100644 --- a/test/unit/nts_ntp_server.c +++ b/test/unit/nts_ntp_server.c @@ -32,17 +32,18 @@ static void prepare_request(NTP_Packet *packet, NTP_PacketInfo *info, int valid, int nak) { unsigned char uniq_id[NTS_MIN_UNIQ_ID_LENGTH], nonce[NTS_MIN_UNPADDED_NONCE_LENGTH]; - NKE_Key c2s, s2c; SIV_Instance siv; + NKE_Context context; NKE_Cookie cookie; int i, index, cookie_start, auth_start; - c2s.length = SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256); - UTI_GetRandomBytes(&c2s.key, c2s.length); - s2c.length = SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256); - UTI_GetRandomBytes(&s2c.key, s2c.length); + context.algorithm = SERVER_SIV; + context.c2s.length = SIV_GetKeyLength(context.algorithm); + UTI_GetRandomBytes(&context.c2s.key, context.c2s.length); + context.s2c.length = SIV_GetKeyLength(context.algorithm); + UTI_GetRandomBytes(&context.s2c.key, context.s2c.length); - TEST_CHECK(NKS_GenerateCookie(&c2s, &s2c, &cookie)); + TEST_CHECK(NKS_GenerateCookie(&context, &cookie)); UTI_GetRandomBytes(uniq_id, sizeof (uniq_id)); UTI_GetRandomBytes(nonce, sizeof (nonce)); @@ -78,8 +79,8 @@ prepare_request(NTP_Packet *packet, NTP_PacketInfo *info, int valid, int nak) auth_start = info->length; if (index != 2) { - siv = SIV_CreateInstance(AEAD_AES_SIV_CMAC_256); - TEST_CHECK(SIV_SetKey(siv, c2s.key, c2s.length)); + siv = SIV_CreateInstance(context.algorithm); + TEST_CHECK(SIV_SetKey(siv, context.c2s.key, context.c2s.length)); TEST_CHECK(NNA_GenerateAuthEF(packet, info, siv, nonce, sizeof (nonce), (const unsigned char *)"", 0, 0)); SIV_DestroyInstance(siv);