faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
chrony/test/unit/nts_ke_server.c
Miroslav Lichvar adcf073484 nts: refactor NTS context 
Add a context structure for the algorithm and keys established by
NTS-KE. Modify the client to save the context and reset the SIV key to
the C2S/S2C key before each request/response instead of keeping two SIV
instances.

This will make it easier for the server to support different algorithms
and allow the client to save the context with cookies to disk.
2020-04-09 16:57:31 +02:00

225 lines
5.7 KiB
C
Raw Blame History

/*
**********************************************************************
* Copyright (C) Miroslav Lichvar 2020
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
**********************************************************************
*/
#include <config.h>
#include "test.h"
#ifdef FEAT_NTS
#include <local.h>
#include <nts_ke_session.h>
#include <util.h>
#define NKSN_GetKeys get_keys
static int
get_keys(NKSN_Instance session, SIV_Algorithm siv, NKE_Key *c2s, NKE_Key *s2c)
{
c2s->length = SIV_GetKeyLength(siv);
UTI_GetRandomBytes(c2s->key, c2s->length);
s2c->length = SIV_GetKeyLength(siv);
UTI_GetRandomBytes(s2c->key, s2c->length);
return 1;
}
#include <nts_ke_server.c>
static void
prepare_request(NKSN_Instance session, int valid)
{
uint16_t data[16];
int index, length;
if (valid)
index = -1;
else
index = random() % 7;
DEBUG_LOG("index=%d", index);
NKSN_BeginMessage(session);
memset(data, 0, sizeof (data));
length = 2;
assert(sizeof (data[0]) == 2);
if (index != 0) {
memset(data, NKE_NEXT_PROTOCOL_NTPV4 + 1, sizeof (data));
if (index == 1)
data[0] = htons(NKE_NEXT_PROTOCOL_NTPV4 + random() % 10 + 1);
else
data[0] = htons(NKE_NEXT_PROTOCOL_NTPV4);
if (index == 2)
length = 3 + random() % 15 * 2;
else
length = 2 + random() % 16 * 2;
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_NEXT_PROTOCOL, data, length));
}
if (index != 3) {
if (index == 4)
data[0] = htons(AEAD_AES_SIV_CMAC_256 + random() % 10 + 1);
else
data[0] = htons(AEAD_AES_SIV_CMAC_256);
if (index == 5)
length = 3 + random() % 15 * 2;
else
length = 2 + random() % 16 * 2;
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_AEAD_ALGORITHM, data, length));
}
if (index == 6) {
length = random() % (sizeof (data) + 1);
TEST_CHECK(NKSN_AddRecord(session, 1, 1000 + random() % 1000, data, length));
}
if (random() % 2) {
const char server[] = "127.0.0.1";
TEST_CHECK(NKSN_AddRecord(session, 0, NKE_RECORD_NTPV4_SERVER_NEGOTIATION,
server, sizeof (server) - 1));
}
if (random() % 2) {
data[0] = htons(123);
TEST_CHECK(NKSN_AddRecord(session, 0, NKE_RECORD_NTPV4_PORT_NEGOTIATION, data, length));
}
if (random() % 2) {
length = random() % (sizeof (data) + 1);
TEST_CHECK(NKSN_AddRecord(session, 0, 1000 + random() % 1000, data, length));
}
TEST_CHECK(NKSN_EndMessage(session));
}
static void
process_response(NKSN_Instance session, int valid)
{
int records, errors, critical, type, length;
for (records = errors = 0; ; records++) {
if (!NKSN_GetRecord(session, &critical, &type, &length, NULL, 0))
break;
if (type == NKE_RECORD_ERROR)
errors++;
}
if (valid) {
TEST_CHECK(records >= 2);
} else {
TEST_CHECK(records == 1);
TEST_CHECK(errors == 1);
}
}
void
test_unit(void)
{
NKSN_Instance session;
NKE_Context context, context2;
NKE_Cookie cookie;
int i, valid, l;
uint32_t sum, sum2;
char conf[][100] = {
"ntscachedir .",
"ntsport 0",
"ntsprocesses 0",
"ntsserverkey nts_ke.key",
"ntsservercert nts_ke.crt",
};
CNF_Initialise(0, 0);
for (i = 0; i < sizeof conf / sizeof conf[0]; i++)
CNF_ParseLine(NULL, i + 1, conf[i]);
LCL_Initialise();
TST_RegisterDummyDrivers();
SCH_Initialise();
unlink("ntskeys");
NKS_Initialise(0);
session = NKSN_CreateInstance(1, NULL, handle_message, NULL);
for (i = 0; i < 10000; i++) {
valid = random() % 2;
prepare_request(session, valid);
TEST_CHECK(process_request(session));
process_response(session, valid);
}
for (i = 0; i < 10000; i++) {
context.algorithm = AEAD_AES_SIV_CMAC_256;
get_keys(session, context.algorithm, &context.c2s, &context.s2c);
memset(&cookie, 0, sizeof (cookie));
TEST_CHECK(NKS_GenerateCookie(&context, &cookie));
TEST_CHECK(NKS_DecodeCookie(&cookie, &context2));
TEST_CHECK(context.algorithm == context2.algorithm);
TEST_CHECK(context.c2s.length == context2.c2s.length);
TEST_CHECK(context.s2c.length == context2.s2c.length);
TEST_CHECK(memcmp(context.c2s.key, context2.c2s.key, context.c2s.length) == 0);
TEST_CHECK(memcmp(context.s2c.key, context2.s2c.key, context.s2c.length) == 0);
if (random() % 4) {
cookie.cookie[random() % (cookie.length)]++;
} else if (random() % 4) {
generate_key(current_server_key);
} else {
l = cookie.length;
while (l == cookie.length)
cookie.length = random() % (sizeof (cookie.cookie) + 1);
}
TEST_CHECK(!NKS_DecodeCookie(&cookie, &context2));
}
unlink("ntskeys");
save_keys();
for (i = 0, sum = 0; i < MAX_SERVER_KEYS; i++) {
sum += server_keys[i].id + server_keys[i].key[0];
generate_key(i);
}
load_keys();
TEST_CHECK(unlink("ntskeys") == 0);
for (i = 0, sum2 = 0; i < MAX_SERVER_KEYS; i++) {
sum2 += server_keys[i].id + server_keys[i].key[0];
}
TEST_CHECK(sum == sum2);
NKSN_DestroyInstance(session);
NKS_Finalise();
TEST_CHECK(unlink("ntskeys") == 0);
SCH_Finalise();
LCL_Finalise();
CNF_Finalise();
}
#else
void
test_unit(void)
{
TEST_REQUIRE(0);
}
#endif
Reference in a new issue View git blame Copy permalink