nts: allow missing SIV support

When compiled with NTS support, don't require a SIV cipher to be always supported (e.g. due to a different version of a library used for building). Handle this case with a fatal message instead of crash. Also, check the support early in the client unit test to prevent a hang.
2020-06-03 11:03:00 +02:00 · 2020-06-03 11:03:00 +02:00 · cf10ce1b68
commit cf10ce1b68
parent 15dc83420d
3 changed files with 9 additions and 2 deletions
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@ -433,8 +433,11 @@ generate_key(int index)
    assert(0);

  UTI_GetRandomBytesUrandom(server_keys[index].key, key_length);
-  if (!SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length))
-    assert(0);
+
+  if (!server_keys[index].siv ||
+      !SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) {
+    LOG_FATAL("Could not set SIV key");
+  }

  UTI_GetRandomBytes(&server_keys[index].id, sizeof (server_keys[index].id));

--- a/nts_ntp_server.c
+++ b/nts_ntp_server.c
@ -67,6 +67,8 @@ NNS_Initialise(void)

  server = Malloc(sizeof (struct NtsServer));
  server->siv = SIV_CreateInstance(SERVER_SIV);
+  if (!server->siv)
+    LOG_FATAL("Could not initialise SIV cipher");
 }

 /* ================================================== */
--- a/test/unit/nts_ntp_client.c
+++ b/test/unit/nts_ntp_client.c
@ -200,6 +200,8 @@ test_unit(void)
  IPAddr ip_addr;
  int i, j, prev_num_cookies, valid;

+  TEST_CHECK(SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256) > 0);
+
  SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
  addr.port = 0;