adcf073484
Add a context structure for the algorithm and keys established by NTS-KE. Modify the client to save the context and reset the SIV key to the C2S/S2C key before each request/response instead of keeping two SIV instances. This will make it easier for the server to support different algorithms and allow the client to save the context with cookies to disk.
175 lines
4.9 KiB
C
175 lines
4.9 KiB
C
/*
|
|
**********************************************************************
|
|
* Copyright (C) Miroslav Lichvar 2020
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of version 2 of the GNU General Public License as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*
|
|
**********************************************************************
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include "test.h"
|
|
|
|
#ifdef FEAT_NTS
|
|
|
|
#include <local.h>
|
|
#include <sched.h>
|
|
|
|
#include <nts_ntp_server.c>
|
|
|
|
static void
|
|
prepare_request(NTP_Packet *packet, NTP_PacketInfo *info, int valid, int nak)
|
|
{
|
|
unsigned char uniq_id[NTS_MIN_UNIQ_ID_LENGTH], nonce[NTS_MIN_UNPADDED_NONCE_LENGTH];
|
|
SIV_Instance siv;
|
|
NKE_Context context;
|
|
NKE_Cookie cookie;
|
|
int i, index, cookie_start, auth_start;
|
|
|
|
context.algorithm = SERVER_SIV;
|
|
context.c2s.length = SIV_GetKeyLength(context.algorithm);
|
|
UTI_GetRandomBytes(&context.c2s.key, context.c2s.length);
|
|
context.s2c.length = SIV_GetKeyLength(context.algorithm);
|
|
UTI_GetRandomBytes(&context.s2c.key, context.s2c.length);
|
|
|
|
TEST_CHECK(NKS_GenerateCookie(&context, &cookie));
|
|
|
|
UTI_GetRandomBytes(uniq_id, sizeof (uniq_id));
|
|
UTI_GetRandomBytes(nonce, sizeof (nonce));
|
|
|
|
memset(packet, 0, sizeof (*packet));
|
|
packet->lvm = NTP_LVM(0, 4, MODE_CLIENT);
|
|
memset(info, 0, sizeof (*info));
|
|
info->version = 4;
|
|
info->mode = MODE_CLIENT;
|
|
info->length = NTP_HEADER_LENGTH;
|
|
|
|
if (valid)
|
|
index = -1;
|
|
else
|
|
index = random() % 3;
|
|
|
|
DEBUG_LOG("valid=%d nak=%d index=%d", valid, nak, index);
|
|
|
|
if (index != 0)
|
|
TEST_CHECK(NEF_AddField(packet, info, NTP_EF_NTS_UNIQUE_IDENTIFIER,
|
|
uniq_id, sizeof (uniq_id)));
|
|
|
|
cookie_start = info->length;
|
|
|
|
if (index != 1)
|
|
TEST_CHECK(NEF_AddField(packet, info, NTP_EF_NTS_COOKIE,
|
|
cookie.cookie, cookie.length));
|
|
|
|
for (i = random() % 4; i > 0; i--)
|
|
TEST_CHECK(NEF_AddField(packet, info, NTP_EF_NTS_COOKIE_PLACEHOLDER,
|
|
cookie.cookie, cookie.length));
|
|
|
|
auth_start = info->length;
|
|
|
|
if (index != 2) {
|
|
siv = SIV_CreateInstance(context.algorithm);
|
|
TEST_CHECK(SIV_SetKey(siv, context.c2s.key, context.c2s.length));
|
|
TEST_CHECK(NNA_GenerateAuthEF(packet, info, siv, nonce, sizeof (nonce),
|
|
(const unsigned char *)"", 0, 0));
|
|
SIV_DestroyInstance(siv);
|
|
}
|
|
|
|
if (nak)
|
|
((unsigned char *)packet)[(index == 2 ? cookie_start :
|
|
(index == 1 ? auth_start :
|
|
(random() % 2 ? cookie_start : auth_start))) +
|
|
4 + random() % 16]++;
|
|
}
|
|
|
|
static void
|
|
init_response(NTP_Packet *packet, NTP_PacketInfo *info)
|
|
{
|
|
memset(packet, 0, sizeof (*packet));
|
|
packet->lvm = NTP_LVM(0, 4, MODE_SERVER);
|
|
memset(info, 0, sizeof (*info));
|
|
info->version = 4;
|
|
info->mode = MODE_SERVER;
|
|
info->length = NTP_HEADER_LENGTH;
|
|
}
|
|
|
|
void
|
|
test_unit(void)
|
|
{
|
|
NTP_PacketInfo req_info, res_info;
|
|
NTP_Packet request, response;
|
|
int i, valid, nak;
|
|
uint32_t kod;
|
|
|
|
char conf[][100] = {
|
|
"ntsport 0",
|
|
"ntsprocesses 0",
|
|
"ntsserverkey nts_ke.key",
|
|
"ntsservercert nts_ke.crt",
|
|
};
|
|
|
|
CNF_Initialise(0, 0);
|
|
for (i = 0; i < sizeof conf / sizeof conf[0]; i++)
|
|
CNF_ParseLine(NULL, i + 1, conf[i]);
|
|
|
|
LCL_Initialise();
|
|
TST_RegisterDummyDrivers();
|
|
SCH_Initialise();
|
|
NKS_Initialise(0);
|
|
NNS_Initialise();
|
|
|
|
for (i = 0; i < 50000; i++) {
|
|
valid = random() % 2;
|
|
nak = random() % 2;
|
|
prepare_request(&request, &req_info, valid, nak);
|
|
|
|
TEST_CHECK(NNS_CheckRequestAuth(&request, &req_info, &kod) == (valid && !nak));
|
|
|
|
if (valid && !nak) {
|
|
TEST_CHECK(kod == 0);
|
|
TEST_CHECK(server->num_cookies > 0);
|
|
|
|
init_response(&response, &res_info);
|
|
TEST_CHECK(NNS_GenerateResponseAuth(&request, &req_info, &response, &res_info, kod));
|
|
|
|
TEST_CHECK(res_info.ext_fields == 2);
|
|
TEST_CHECK(server->num_cookies == 0);
|
|
} else if (valid && nak) {
|
|
TEST_CHECK(kod == NTP_KOD_NTS_NAK);
|
|
TEST_CHECK(server->num_cookies == 0);
|
|
|
|
init_response(&response, &res_info);
|
|
TEST_CHECK(NNS_GenerateResponseAuth(&request, &req_info, &response, &res_info, kod));
|
|
|
|
TEST_CHECK(res_info.ext_fields == 1);
|
|
TEST_CHECK(server->num_cookies == 0);
|
|
} else {
|
|
TEST_CHECK(kod == 0);
|
|
TEST_CHECK(server->num_cookies == 0);
|
|
}
|
|
}
|
|
|
|
NNS_Finalise();
|
|
NKS_Finalise();
|
|
SCH_Finalise();
|
|
LCL_Finalise();
|
|
CNF_Finalise();
|
|
}
|
|
#else
|
|
void
|
|
test_unit(void)
|
|
{
|
|
TEST_REQUIRE(0);
|
|
}
|
|
#endif
|