[Git][NTPsec/ntpsec][master] Namespace policing,
Eric S. Raymond
gitlab at mg.gitlab.com
Wed Feb 13 00:46:18 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
4025067e by Eric S. Raymond at 2019-02-13T00:45:50Z
Namespace policing,
- - - - -
4 changed files:
- include/nts.h
- ntpd/nts_client.c
- ntpd/nts_server.c
- tests/ntpd/nts_lib.c
Changes:
=====================================
include/nts.h
=====================================
@@ -55,16 +55,16 @@ struct ntsconfig_t {
/* NTS protocol constants */
-#define CRITICAL 0x8000
-enum record_type {
- end_of_message = 0, /* CRITICAL */
- next_protocol_negotiation = 1, /* CRITICAL */
- error = 2, /* CRITICAL */
- warning = 3,
- algorithm_negotiation = 4,
- new_cookie = 5,
- server_negotiation = 6,
- port_negotiation = 7
+#define NTS_CRITICAL 0x8000
+enum nts_record_type {
+ nts_end_of_message = 0, /* CRITICAL */
+ nts_next_protocol_negotiation = 1, /* CRITICAL */
+ nts_error = 2, /* CRITICAL */
+ nts_warning = 3,
+ nts_algorithm_negotiation = 4,
+ nts_new_cookie = 5,
+ nts_server_negotiation = 6,
+ nts_port_negotiation = 7
};
enum errors_type {
=====================================
ntpd/nts_client.c
=====================================
@@ -170,14 +170,14 @@ bool nts_probe(struct peer * peer) {
buf.left = sizeof(buff);
/* 4.1.2 Next Protocol, 0 for NTP */
- nts_append_record_uint16(&buf, CRITICAL+next_protocol_negotiation, 0);
+ nts_append_record_uint16(&buf, NTS_CRITICAL+nts_next_protocol_negotiation, 0);
/* 4.1.5 AEAD Algorithm List
* AEAD_AES_SIV_CMAC_256 is the only one for now */
- nts_append_record_uint16(&buf, algorithm_negotiation, AEAD_AES_SIV_CMAC_256);
+ nts_append_record_uint16(&buf, nts_algorithm_negotiation, AEAD_AES_SIV_CMAC_256);
/* 4.1.1: End, Critical */
- nts_append_record_null(&buf, CRITICAL+end_of_message);
+ nts_append_record_null(&buf, NTS_CRITICAL+nts_end_of_message);
used = sizeof(buff)-buf.left;
transfered = SSL_write(ssl, buff, used);
@@ -309,20 +309,20 @@ bool process_recv_data(struct peer* peer, SSL *ssl) {
int length;
type = nts_next_record(&buf, &length);
- if (CRITICAL & type) {
+ if (NTS_CRITICAL & type) {
critical = true;
- type &= ~CRITICAL;
+ type &= ~NTS_CRITICAL;
}
if (0) // Handy for debugging but very verbose
msyslog(LOG_ERR, "NTSc: Record: T=%d, L=%d, C=%d", type, length, critical);
switch (type) {
- case error:
+ case nts_error:
data = nts_next_uint16(&buf);
if (sizeof(data) != length)
msyslog(LOG_ERR, "NTSc: wrong length on error: %d", length);
msyslog(LOG_ERR, "NTSc: error: %d", data);
return false;
- case next_protocol_negotiation:
+ case nts_next_protocol_negotiation:
data = nts_next_uint16(&buf);
if ((sizeof(data) != length) || (data != 0)) {
msyslog(LOG_ERR, "NTSc: NPN-Wrong length or bad data: %d, %d",
@@ -330,7 +330,7 @@ bool process_recv_data(struct peer* peer, SSL *ssl) {
return false;
}
break;
- case algorithm_negotiation:
+ case nts_algorithm_negotiation:
data = nts_next_uint16(&buf);
if ((sizeof(data) != length) || (data != AEAD_AES_SIV_CMAC_256)) {
msyslog(LOG_ERR, "NTSc: AN-Wrong length or bad data: %d, %d",
@@ -339,7 +339,7 @@ bool process_recv_data(struct peer* peer, SSL *ssl) {
}
peer->nts_state.aead = data;
break;
- case new_cookie:
+ case nts_new_cookie:
if (NTS_COOKIELEN < length) {
msyslog(LOG_ERR, "NTSc: NC cookie too big: %d", length);
return false;
@@ -361,7 +361,7 @@ bool process_recv_data(struct peer* peer, SSL *ssl) {
peer->nts_state.next_cookie++;
peer->nts_state.cookie_count++;
break;
- case end_of_message:
+ case nts_end_of_message:
if ((0 != length) || !critical) {
msyslog(LOG_ERR, "NTSc: EOM-Wrong length or not Critical: %d, %d",
length, critical);
=====================================
ntpd/nts_server.c
=====================================
@@ -149,17 +149,17 @@ void nts_ke_request(SSL *ssl) {
nts_make_keys(ssl, c2s, s2c, keylen);
/* 4.1.2 Next Protocol, 0 for NTP */
- nts_append_record_uint16(&buf, CRITICAL+next_protocol_negotiation, 0);
+ nts_append_record_uint16(&buf, NTS_CRITICAL+nts_next_protocol_negotiation, 0);
/* 4.1.5 AEAD Algorithm List */
- nts_append_record_uint16(&buf, algorithm_negotiation, aead);
+ nts_append_record_uint16(&buf, nts_algorithm_negotiation, aead);
for (int i=0; i<NTS_MAX_COOKIES; i++) {
cookielen = make_cookie(cookie, aead, c2s, s2c, keylen);
- nts_append_record_bytes(&buf, new_cookie, cookie, cookielen);
+ nts_append_record_bytes(&buf, nts_new_cookie, cookie, cookielen);
}
/* 4.1.1: End, Critical */
- nts_append_record_null(&buf, CRITICAL+end_of_message);
+ nts_append_record_null(&buf, NTS_CRITICAL+nts_end_of_message);
used = sizeof(buff)-buf.left;
bytes_written = SSL_write(ssl, buff, used);
=====================================
tests/ntpd/nts_lib.c
=====================================
@@ -42,7 +42,7 @@ TEST(nts_lib, record_decode_null) {
}
TEST(nts_lib, record_decode_u16) {
- uint8_t expected[6] = {0, port_negotiation, 0, 2, 0, 123};
+ uint8_t expected[6] = {0, nts_port_negotiation, 0, 2, 0, 123};
record_bits *record;
int lints[1];
@@ -66,7 +66,7 @@ TEST(nts_lib, record_decode_u16) {
memcpy(lints, record->body, 2);
TEST_ASSERT_FALSE(record->critical);
- TEST_ASSERT_EQUAL_INT16(port_negotiation, record->record_type);
+ TEST_ASSERT_EQUAL_INT16(nts_port_negotiation, record->record_type);
TEST_ASSERT_EQUAL_INT16(2, record->body_length);
TEST_ASSERT_NOT_NULL(record->body);
@@ -78,7 +78,7 @@ TEST(nts_lib, record_decode_u16) {
}
TEST(nts_lib, record_decode_u16s) {
- uint8_t expected[8] = {0, algorithm_negotiation, 0, 4,
+ uint8_t expected[8] = {0, nts_algorithm_negotiation, 0, 4,
0, AEAD_AES_SIV_CMAC_512, 0, AEAD_CHACHA20_POLY1305};
record_bits *record;
int lints[2];
@@ -107,7 +107,7 @@ TEST(nts_lib, record_decode_u16s) {
}
TEST_ASSERT_FALSE(record->critical);
- TEST_ASSERT_EQUAL_INT16(algorithm_negotiation, record->record_type);
+ TEST_ASSERT_EQUAL_INT16(nts_algorithm_negotiation, record->record_type);
TEST_ASSERT_EQUAL_INT16(4, record->body_length);
TEST_ASSERT_NOT_NULL(record->body);
@@ -122,7 +122,7 @@ TEST(nts_lib, record_decode_u16s) {
TEST(nts_lib, record_decode_text) {
record_bits *record;
const char *expserv = "asus.internal.jamesb192.com";
- uint8_t expected[31] = {0, server_negotiation,
+ uint8_t expected[31] = {0, nts_server_negotiation,
0, 27,
'a', 's', 'u', 's', '.', 'i', 'n', 't', 'e',
'r', 'n', 'a', 'l', '.', 'j', 'a', 'm', 'e',
@@ -144,7 +144,7 @@ TEST(nts_lib, record_decode_text) {
nts_record_parse(record);
TEST_ASSERT_FALSE(record->critical);
- TEST_ASSERT_EQUAL_INT16(server_negotiation, record->record_type);
+ TEST_ASSERT_EQUAL_INT16(nts_server_negotiation, record->record_type);
TEST_ASSERT_EQUAL_INT16(27, record->body_length);
TEST_ASSERT_NOT_NULL(record->body);
@@ -156,7 +156,7 @@ TEST(nts_lib, record_decode_text) {
}
TEST(nts_lib, record_encode_null) {
- uint8_t expected[4] = {0x80, end_of_message, 0, 0};
+ uint8_t expected[4] = {0x80, nts_end_of_message, 0, 0};
record_bits *record;
record = calloc(1, sizeof(record_bits));
@@ -166,7 +166,7 @@ TEST(nts_lib, record_encode_null) {
}
record->critical = true;
record->body_length = 0;
- record->record_type = end_of_message;
+ record->record_type = nts_end_of_message;
nts_record_form(record);
@@ -178,7 +178,7 @@ TEST(nts_lib, record_encode_null) {
}
TEST(nts_lib, record_encode_u16) {
- uint8_t expected[6] = {0, port_negotiation, 0, 2, 0, 123};
+ uint8_t expected[6] = {0, nts_port_negotiation, 0, 2, 0, 123};
uint16_t exp_port = htons(123);
record_bits *record;
@@ -189,7 +189,7 @@ TEST(nts_lib, record_encode_u16) {
}
record->critical = false;
record->body_length = 2;
- record->record_type = port_negotiation;
+ record->record_type = nts_port_negotiation;
record->body = malloc(2);
if (NULL == record->body) {
TEST_FAIL_MESSAGE("body malloc");
@@ -207,7 +207,7 @@ TEST(nts_lib, record_encode_u16) {
}
TEST(nts_lib, record_encode_u16s) {
- uint8_t expected[8] = {0, algorithm_negotiation, 0, 4, 0, 2, 0, 4};
+ uint8_t expected[8] = {0, nts_algorithm_negotiation, 0, 4, 0, 2, 0, 4};
uint16_t exp_algos[2] = {htons(2), htons(4)};
record_bits *record;
@@ -218,7 +218,7 @@ TEST(nts_lib, record_encode_u16s) {
}
record->critical = false;
record->body_length = 4;
- record->record_type = algorithm_negotiation;
+ record->record_type = nts_algorithm_negotiation;
record->body = malloc(4);
if (NULL == record->body) {
TEST_FAIL_MESSAGE("body malloc");
@@ -237,7 +237,7 @@ TEST(nts_lib, record_encode_u16s) {
TEST(nts_lib, record_encode_text) {
const char *expserv = "asus.internal.jamesb192.com";
- uint8_t expected[31] = { 0, server_negotiation,
+ uint8_t expected[31] = { 0, nts_server_negotiation,
0, 27,
'a', 's', 'u', 's', '.', 'i', 'n', 't', 'e',
'r', 'n', 'a', 'l', '.', 'j', 'a', 'm', 'e',
@@ -252,7 +252,7 @@ TEST(nts_lib, record_encode_text) {
}
record->critical = false;
record->body_length = 27;
- record->record_type = server_negotiation;
+ record->record_type = nts_server_negotiation;
record->body = malloc(27);
if (NULL == record->body) {
TEST_FAIL_MESSAGE("body calloc");
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/4025067e241c496deb5a279cb987448e12f231b5
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/4025067e241c496deb5a279cb987448e12f231b5
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190213/f960a228/attachment-0001.html>
More information about the vc
mailing list