From de4ecc72d19418151d7760bced9c39da100f01ab Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 9 Jul 2020 13:14:55 +0200 Subject: [PATCH] nts: don't assume field position in NNA_DecryptAuthEF() Modify NNA_DecryptAuthEF() to not assume that the authenticator is the last extension field in the packet as some extension fields specified in future may need to be placed after the authenticator. The caller of the function is supposed to verify the position. --- nts_ntp_auth.c | 2 +- nts_ntp_server.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c index 2ff6d0d..86cd7cd 100644 --- a/nts_ntp_auth.c +++ b/nts_ntp_auth.c @@ -167,7 +167,7 @@ NNA_DecryptAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv, in *plaintext_length = ciphertext_length - siv_tag_length; - if (!SIV_Decrypt(siv, nonce, nonce_length, packet, info->length - ef_body_length - 4, + if (!SIV_Decrypt(siv, nonce, nonce_length, packet, ef_start, ciphertext, ciphertext_length, plaintext, *plaintext_length)) { DEBUG_LOG("SIV decrypt failed"); return 0; diff --git a/nts_ntp_server.c b/nts_ntp_server.c index f4df796..c0d3e06 100644 --- a/nts_ntp_server.c +++ b/nts_ntp_server.c @@ -135,6 +135,11 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod) cookie_length = ef_body_length; break; case NTP_EF_NTS_AUTH_AND_EEF: + if (parsed + ef_length != info->length) { + DEBUG_LOG("Auth not last EF"); + return 0; + } + auth_start = parsed; has_auth = 1; break;