DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-07 02:45:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: add server support for authentication with AES-128-GCM-SIV

Browse Source 
Keep a server SIV instance for each available algorithm.

Select AES-128-GCM-SIV if requested by NTS-KE client as the first
supported algorithm.

Instead of encoding the AEAD ID in the cookie, select the algorithm
according to the length of decrypted keys. (This can work as a long as
all supported algorithms use keys with different lengths.)
This commit is contained in:
Miroslav Lichvar
2022-10-11 14:36:14 +02:00
parent cc706b50b9
commit 790a336eb2
4 changed files with 63 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/unit/nts_ke_server.c
View File

@@ -75,7 +75,8 @@ prepare_request(NKSN_Instance session, int valid)
TEST_CHECK(NKSN_AddRecord(session, 1, NKE_RECORD_NEXT_PROTOCOL, data, length));
if (index != 4) {
data[0] = htons(AEAD_AES_SIV_CMAC_256);
data[0] = htons(random() % 2 && SIV_GetKeyLength(AEAD_AES_128_GCM_SIV) > 0 ?
AEAD_AES_128_GCM_SIV : AEAD_AES_SIV_CMAC_256);
if (index == 5)
length = 0;
else if (index == 6)