nts: add support for multiple sets of trusted certificates

Modify the session, NTS-KE, and NTS-NTP code to support multiple sets of trusted certificates and identify the sets by a 32-bit ID.
2025-12-05 19:25:07 -05:00 · 2021-02-18 16:53:36 +01:00
parent f650b8c515
commit 6615bb1b78
14 changed files with 72 additions and 36 deletions
--- a/test/unit/ntp_auth.c
+++ b/test/unit/ntp_auth.c
@@ -177,7 +177,7 @@ test_unit(void)
        can_auth_res = can_auth_req;
        break;
      case 2:
-        inst = NAU_CreateNtsInstance(&nts_addr, "test", 0);
+        inst = NAU_CreateNtsInstance(&nts_addr, "test", 0, 0);
        TEST_CHECK(NAU_IsAuthEnabled(inst));
        TEST_CHECK(NAU_GetSuggestedNtpVersion(inst) == 4);
        mode = NTP_AUTH_NTS;
--- a/test/unit/nts_ke_client.c
+++ b/test/unit/nts_ke_client.c
@@ -120,7 +120,7 @@ test_unit(void)
  SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
  addr.port = 0;

-  inst = NKC_CreateInstance(&addr, "test");
+  inst = NKC_CreateInstance(&addr, "test", 0);
  TEST_CHECK(inst);

  for (i = 0; i < 10000; i++) {
--- a/test/unit/nts_ke_session.c
+++ b/test/unit/nts_ke_session.c
@@ -165,12 +165,14 @@ test_unit(void)
  NKSN_Credentials client_cred, server_cred;
  const char *cert, *key;
  int sock_fds[2], i;
+  uint32_t cert_id;

  LCL_Initialise();
  TST_RegisterDummyDrivers();

  cert = "nts_ke.crt";
  key = "nts_ke.key";
+  cert_id = 0;

  for (i = 0; i < 50; i++) {
    SCH_Initialise();
@@ -179,7 +181,7 @@ test_unit(void)
    client = NKSN_CreateInstance(0, "test", handle_response, NULL);

    server_cred = NKSN_CreateServerCertCredentials(&cert, &key, 1);
-    client_cred = NKSN_CreateClientCertCredentials(&cert, 1);
+    client_cred = NKSN_CreateClientCertCredentials(&cert, &cert_id, 1, 0);

    TEST_CHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds) == 0);
    TEST_CHECK(fcntl(sock_fds[0], F_SETFL, O_NONBLOCK) == 0);
--- a/test/unit/nts_ntp_client.c
+++ b/test/unit/nts_ntp_client.c
@@ -27,7 +27,7 @@
 #include "ntp.h"
 #include "nts_ke_client.h"

-#define NKC_CreateInstance(address, name) Malloc(1)
+#define NKC_CreateInstance(address, name, cert_set) Malloc(1)
 #define NKC_DestroyInstance(inst) Free(inst)
 #define NKC_Start(inst) (random() % 2)
 #define NKC_IsActive(inst) (random() % 2)
@@ -227,7 +227,7 @@ test_unit(void)
  SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
  addr.port = 0;

-  inst = NNC_CreateInstance(&addr, "test", 0);
+  inst = NNC_CreateInstance(&addr, "test", 0, 0);
  TEST_CHECK(inst);

  for (i = 0; i < 100000; i++) {