DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-05 01:25:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: fix error response to NTS-KE request

Browse Source 
When the request has an unrecognized critical record before the
NEXT_PROTOCOL and AEAD_ALGORITHM records, respond with error 0
(unrecognized critical record) instead of 1 (bad request).

When the request has multiple NEXT_PROTOCOL or AEAD_ALGORITHM records,
respond with error 1 (bad request).
This commit is contained in:
Miroslav Lichvar
2020-07-23 15:46:57 +02:00
parent cc20ead3dc
commit 72bf3d26eb
2 changed files with 41 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
test/unit/nts_ke_server.c
View File

@@ -50,7 +50,7 @@ prepare_request(NKSN_Instance session, int valid)
if (valid)
index = -1;
else
index = random() % 7;
index = random() % 9;
DEBUG_LOG("index=%d", index);
NKSN_BeginMessage(session);
@@ -61,30 +61,34 @@ prepare_request(NKSN_Instance session, int valid)
if (index != 0) {
memset(data, NKE_NEXT_PROTOCOL_NTPV4 + 1, sizeof (data));
data[0] = htons(NKE_NEXT_PROTOCOL_NTPV4);
if (index == 1)
data[0] = htons(NKE_NEXT_PROTOCOL_NTPV4 + random() % 10 + 1);
else
data[0] = htons(NKE_NEXT_PROTOCOL_NTPV4);
if (index == 2)
length = 0;
else if (index == 2)
length = 3 + random() % 15 * 2;
else
length = 2 + random() % 16 * 2;
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_NEXT_PROTOCOL, data, length));
}
if (index != 3) {
if (index == 4)
data[0] = htons(AEAD_AES_SIV_CMAC_256 + random() % 10 + 1);
else
data[0] = htons(AEAD_AES_SIV_CMAC_256);
if (index == 3)
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_NEXT_PROTOCOL, data, length));
if (index != 4) {
data[0] = htons(AEAD_AES_SIV_CMAC_256);
if (index == 5)
length = 0;
else if (index == 6)
length = 3 + random() % 15 * 2;
else
length = 2 + random() % 16 * 2;
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_AEAD_ALGORITHM, data, length));
}
if (index == 6) {
if (index == 7)
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_AEAD_ALGORITHM, data, length));
if (index == 8) {
length = random() % (sizeof (data) + 1);
TEST_CHECK(NKSN_AddRecord(session, 1, 1000 + random() % 1000, data, length));
}