[Git][NTPsec/ntpsec][master] 5 commits: Minor fixes to comments
Hal Murray
gitlab at mg.gitlab.com
Wed Mar 20 00:04:10 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
e805c527 by Hal Murray at 2019-03-19T03:36:56Z
Minor fixes to comments
- - - - -
d5144807 by Hal Murray at 2019-03-19T03:36:56Z
Log strange packets
but not too many - don't want DDoS exposure
- - - - -
18fce690 by Hal Murray at 2019-03-19T03:40:50Z
NTS: Add aead options to select crypto used on wire
- - - - -
e731f399 by Hal Murray at 2019-03-19T11:32:47Z
Ian's MR !982 as updated/rebased by me.
I changed things in this area. It seemed easier to fix it
than bounce it back to Ian.
- - - - -
7f27de5d by Hal Murray at 2019-03-19T11:35:43Z
Add FIXME comment where some cleanup is needed.
The code works fine, but a few constants need explaining.
- - - - -
9 changed files:
- docs/includes/auth-commands.adoc
- include/nts.h
- ntpd/ntp_parser.y
- ntpd/ntp_proto.c
- ntpd/nts.c
- ntpd/nts_client.c
- ntpd/nts_extens.c
- ntpd/nts_server.c
- tests/ntpd/nts.c
Changes:
=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -79,6 +79,15 @@ The options are as follows:
An OpenSSL ciphersuite list to configure the allowed ciphersuites for
TLS 1.3. A single NULL cipher disables encryption and use of certificates.
++aead+ _string_::
+ Specify the crypto algorithm to be used on the wire. The choices
+ come from RFC 5297. The only options supported are AES_SIV_CMAC_256,
+ AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot is dual use.
+ It is the server default if the remote client doesn't request a
+ valid choice and it is also the preference passed to the
+ remote client if the server command doesn't specify a preference.
+ The default is AES_SIV_CMAC_256.
+
The following options of the +server+ command configure NTS.
+nts+::
@@ -123,4 +132,22 @@ The following options of the +server+ command configure NTS.
NTS-KE server certificate, overriding the site default. Do not use
any other CA.
++aead+ _string_::
+ Specify the prefered crypto algorithm to be used on the wire.
+ The only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and
+ AES_SIV_CMAC_512. The server may ignore the request. See the _aead_
+ option above.
+
+
+The same _aead_ algorithms are also used to encrypt cookies.
+ The default is AES_SIV_CMAC_256. There is no config file option to
+ change it, but you can change it by editing the saved cookie key
+ file, probably /var/lib/ntp/nts-keys. Adjust the _L:_ slot to be
+ 48 or 64 and adjust the _I:_ slots to have the right number of bytes.
+ Then restart the server. (All old cookies held by clients will be
+ rejected so their next 8 NTP requests will be ignored. They should
+ recover by retrying NTS-KE to get fresh cookies.)
+
+
+
// end
=====================================
include/nts.h
=====================================
@@ -91,15 +91,6 @@ struct ntsconfig_t {
* but that's all we use. */
#define AEAD_CMAC_LNG 16
-/* We are using AEAD_AES_SIV_CMAC_256, from RFC 5297 */
-#define IANA_AEAD_AES_SIV_CMAC_256 15
-#define IANA_AEAD_AES_SIV_CMAC_384 16
-#define IANA_AEAD_AES_SIV_CMAC_512 17
-#define AEAD_AES_SIV_CMAC_256_KEYLEN 32
-#define AEAD_AES_SIV_CMAC_384_KEYLEN 48
-#define AEAD_AES_SIV_CMAC_512_KEYLEN 64
-#define NO_AEAD 0xffff
-
/* NTS protocol constants */
#define NTS_CRITICAL 0x8000
@@ -120,6 +111,7 @@ enum nts_errors_type {
};
enum aead_ciphers {
+#define NO_AEAD 0xffff
AEAD_AES_128_GCM = 1,
AEAD_AES_256_GCM = 2,
AEAD_AES_128_CCM = 3,
@@ -140,6 +132,9 @@ enum aead_ciphers {
AEAD_AES_SIV_CMAC_256 = 15, /* RFC 5297 */
AEAD_AES_SIV_CMAC_384 = 16, /* These 3 are the ones we use */
AEAD_AES_SIV_CMAC_512 = 17,
+#define AEAD_AES_SIV_CMAC_256_KEYLEN 32
+#define AEAD_AES_SIV_CMAC_384_KEYLEN 48
+#define AEAD_AES_SIV_CMAC_512_KEYLEN 64
AEAD_AES_128_CCM_8 = 18,
AEAD_AES_256_CCM_8 = 19,
=====================================
ntpd/ntp_parser.y
=====================================
@@ -477,6 +477,8 @@ option_string
{ $$ = create_attr_sval($1, $2); }
| T_Cert T_String
{ $$ = create_attr_sval($1, $2); }
+ | T_Aead T_String
+ { $$ = create_attr_sval($1, $2); }
;
option_double_keyword
=====================================
ntpd/ntp_proto.c
=====================================
@@ -162,7 +162,7 @@ static void peer_xmit (struct peer *);
static int peer_unfit (struct peer *);
static double root_distance (struct peer *);
static void restart_nts_ke (struct peer *);
-
+static void maybe_log_junk (struct recvbuf *rbuf);
void
set_sys_leap(unsigned char new_sys_leap) {
@@ -707,6 +707,7 @@ receive(
&& !extens_server_recv(&rbufp->ntspacket,
rbufp->recv_buffer, rbufp->recv_length)) {
stat_count.sys_declined++;
+ maybe_log_junk(rbufp);
break;
}
handle_fastxmit(rbufp, restrict_mask, auth);
@@ -721,6 +722,7 @@ receive(
&& (!rbufp->extens_present || !extens_client_recv(peer,
rbufp->recv_buffer, rbufp->recv_length))) {
stat_count.sys_declined++;
+ maybe_log_junk(rbufp);
break;
}
handle_procpkt(rbufp, peer);
@@ -2843,3 +2845,24 @@ proto_clr_stats(void)
stat_count.sys_kodsent = 0;
}
+
+/* limit logging so bad guys can't DDoS us by sending crap
+ * log first 100 and 10/hour
+ */
+
+void maybe_log_junk(struct recvbuf *rbufp) {
+ static unsigned int noise_try = 0;
+ noise_try++;
+ if ((noise_try>100) && (((noise_try-90)*3600/current_time) < 10))
+ return;
+ msyslog(LOG_INFO,
+ "JUNK: M%d V%d 0/%2x%2x%2x%2x 48/%2x%2x%2x%2x from %s, lng=%ld",
+ PKT_MODE(rbufp->pkt.li_vn_mode), PKT_VERSION(rbufp->pkt.li_vn_mode),
+ rbufp->recv_buffer[0], rbufp->recv_buffer[1],
+ rbufp->recv_buffer[2], rbufp->recv_buffer[3],
+ rbufp->recv_buffer[48+0], rbufp->recv_buffer[48+1],
+ rbufp->recv_buffer[48+2], rbufp->recv_buffer[48+3],
+ sockporttoa(&rbufp->recv_srcadr),
+ (long)rbufp->recv_length);
+}
+
=====================================
ntpd/nts.c
=====================================
@@ -84,26 +84,28 @@ int nts_translate_version(const char *arg) {
return -1;
}
-/* Translate text to AEAD code. -1 for none/error */
+/* Translate text to AEAD code. NO_AEAD for none/error */
uint16_t nts_string_to_aead(const char* text) {
- if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_256"))
+ if (false)
+ {}
+ else if (0 == strcmp(text, "AES_SIV_CMAC_256"))
return AEAD_AES_SIV_CMAC_256;
- else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+ else if (0 == strcmp(text, "AES_SIV_CMAC_384"))
return AEAD_AES_SIV_CMAC_384;
- else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+ else if (0 == strcmp(text, "AES_SIV_CMAC_512"))
return AEAD_AES_SIV_CMAC_512;
else
- return -1;
+ return NO_AEAD;
}
/* returns key length, 0 if unknown arg */
int nts_get_key_length(uint16_t aead) {
switch (aead) {
- case IANA_AEAD_AES_SIV_CMAC_256:
+ case AEAD_AES_SIV_CMAC_256:
return AEAD_AES_SIV_CMAC_256_KEYLEN;
- case IANA_AEAD_AES_SIV_CMAC_384:
+ case AEAD_AES_SIV_CMAC_384:
return AEAD_AES_SIV_CMAC_384_KEYLEN;
- case IANA_AEAD_AES_SIV_CMAC_512:
+ case AEAD_AES_SIV_CMAC_512:
return AEAD_AES_SIV_CMAC_512_KEYLEN;
default:
return 0;
=====================================
ntpd/nts_client.c
=====================================
@@ -37,7 +37,7 @@ static SSL_CTX *client_ctx = NULL;
static sockaddr_u sockaddr;
static bool addrOK;
-// Fedora 29: 0x1010101fL 1.1.1a
+// Fedora 29: 0x1010102fL 1.1.1b
// Fedora 28: 0x1010009fL 1.1.0i
// Debian 9: 0x101000afL 1.1.0j
// Debian 8: 0x1000114fL 1.0.1t
@@ -311,6 +311,7 @@ bool nts_make_keys(SSL *ssl, uint16_t aead, uint8_t *c2s, uint8_t *s2c, int keyl
// https://mailarchive.ietf.org/arch/msg/ntp/nkc-9n6XOPt5Glgi_ueLvuD9EfY
// bug in OpenSSL 1.1.1a
const char *label = "EXPORTER-nts/1";
+ // FIXME, first 2 bytes, next protocol ID (0)
unsigned char context[5] = {0x00, 0x00, 0x00, 0x0f, 0x00};
context[2] = (aead >> 8) & 0xFF;
context[3] = aead & 0xFF;
@@ -338,8 +339,6 @@ bool nts_client_send_request(struct peer* peer, SSL *ssl) {
struct BufCtl_t buf;
uint16_t aead = NO_AEAD;
- UNUSED_ARG(peer);
-
buf.next = buff;
buf.left = sizeof(buff);
@@ -348,6 +347,7 @@ bool nts_client_send_request(struct peer* peer, SSL *ssl) {
/* 4.1.5 AEAD Algorithm List */
// FIXME should be : separated list
+
if ((NO_AEAD == aead) && (NULL != peer->cfg.nts_cfg.aead))
aead = nts_string_to_aead(peer->cfg.nts_cfg.aead);
if ((NO_AEAD == aead) && (NULL != ntsconfig.aead))
@@ -467,7 +467,6 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
msyslog(LOG_ERR, "NTSc: EOM not at end: %d", buf.left);
return false;
}
- // FIXME check for no more
break;
default:
msyslog(LOG_ERR, "NTSc: received strange type: T=%d, C=%d, L=%d",
=====================================
ntpd/nts_extens.c
=====================================
@@ -23,7 +23,7 @@
#include "nts.h"
#include "nts2.h"
-// FIXME Duplicated in nts_cookie
+// FIXME duplicated in nts_cookie
#define NONCE_LENGTH 16
#define CMAC_LENGTH 16
@@ -79,7 +79,6 @@ int extens_client_send(struct peer *peer, struct pkt *xpkt) {
peer->nts_state.cookies[idx], peer->nts_state.cookielen);
peer->nts_state.readIdx = peer->nts_state.readIdx % NTS_MAX_COOKIES;
peer->nts_state.count--;
- // FIXME - what to do if out of cookies
// Need more cookies?
for (int i=peer->nts_state.count+1; i<NTS_MAX_COOKIES; i++) {
=====================================
ntpd/nts_server.c
=====================================
@@ -25,6 +25,7 @@
static int create_listener(int port, int family);
static void* nts_ke_listener(void*);
static bool nts_ke_request(SSL *ssl);
+static bool nts_ke_do_receive(SSL *ssl, int *aead);
static SSL_CTX *server_ctx = NULL;
@@ -164,29 +165,25 @@ return NULL;
}
bool nts_ke_request(SSL *ssl) {
- /* buff is used for both read and write.
- * RFC 4: servers must accept 1024
- * cookies can be 104, 136, or 168 for IANA_AEAD_AES_SIV_CMAC_xxx
- * 8*104 fits in 1K. With 168, we only get 5.
+ /* Our cookies can be 104, 136, or 168 for AES_SIV_CMAC_xxx
* 8*168 fits comfortably into 2K.
*/
uint8_t buff[2048];
- int bytes_read, bytes_written;
+ int bytes_written;
uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN];
uint8_t cookie[NTS_MAX_COOKIELEN];
int aead, keylen, cookielen;
struct BufCtl_t buf;
int used;
- bytes_read = SSL_read(ssl, buff, sizeof(buff));
- if (0 >= bytes_read) {
- msyslog(LOG_INFO, "NTSs: SSL_read error: %s", strerror(errno));
- nts_log_ssl_error();
+ aead = NO_AEAD;
+ if (!nts_ke_do_receive(ssl, &aead))
return false;
- }
- // FIXME Ignore request for now
- aead = IANA_AEAD_AES_SIV_CMAC_256;
+ if ((NO_AEAD == aead) && (NULL != ntsconfig.aead))
+ aead = nts_string_to_aead(ntsconfig.aead);
+ if (NO_AEAD == aead)
+ aead = AEAD_AES_SIV_CMAC_256; /* default */
buf.next = buff;
buf.left = sizeof(buff);
@@ -297,5 +294,84 @@ int create_listener(int port, int family) {
return sock;
}
+bool nts_ke_do_receive(SSL *ssl, int *aead) {
+ /* RFC 4: servers must accept 1024 */
+ uint8_t buff[1024];
+ int bytes_read;
+ struct BufCtl_t buf;
+
+ bytes_read = SSL_read(ssl, buff, sizeof(buff));
+ if (0 >= bytes_read) {
+ msyslog(LOG_INFO, "NTSs: SSL_read error: %s", strerror(errno));
+ nts_log_ssl_error();
+ return false;
+ }
+
+ buf.next = buff;
+ buf.left = bytes_read;
+ while (buf.left > 0) {
+ uint16_t type, data;
+ int length;
+ bool critical = false;
+
+ type = ke_next_record(&buf, &length);
+ if (NTS_CRITICAL & type) {
+ critical = true;
+ type &= ~NTS_CRITICAL;
+ }
+ if (0) // Handy for debugging but very verbose
+ msyslog(LOG_ERR, "NTSs: Record: T=%d, L=%d, C=%d", type, length, critical);
+ switch (type) {
+ case nts_error:
+ data = next_uint16(&buf);
+ if (sizeof(data) != length)
+ msyslog(LOG_ERR, "NTSs: wrong length on error: %d", length);
+ msyslog(LOG_ERR, "NTSs: error: %d", data);
+ return false;
+ case nts_next_protocol_negotiation:
+ data = next_uint16(&buf);
+ if ((sizeof(data) != length) || (data != 0)) {
+ msyslog(LOG_ERR, "NTSs: NPN-Wrong length or bad data: %d, %d",
+ length, data);
+ return false;
+ }
+ break;
+ case nts_algorithm_negotiation:
+ for (int i=0; i<length; i+=sizeof(uint16_t)) {
+ data = next_uint16(&buf);
+ if (0 == nts_get_key_length(data)) {
+ if (0) /* for debugging */
+ msyslog(LOG_ERR, "NTSs: AN-Unsupported AEAN type: %d", data);
+ continue; /* ignore types we don't support */
+ }
+ if (*aead != NO_AEAD)
+ continue; /* already got one */
+ *aead = data; /* take this one */
+ }
+ break;
+ case nts_end_of_message:
+ if ((0 != length) || !critical) {
+ msyslog(LOG_ERR, "NTSs: EOM-Wrong length or not Critical: %d, %d",
+ length, critical);
+ return false;
+ }
+ if (0 != buf.left) {
+ msyslog(LOG_ERR, "NTSs: EOM not at end: %d", buf.left);
+ return false;
+ }
+ break;
+ default:
+ msyslog(LOG_ERR, "NTSs: received strange type: T=%d, C=%d, L=%d",
+ type, critical, length);
+ if (critical) return false;
+ buf.next += length;
+ buf.left -= length;
+ break;
+ } /* case */
+ } /* while */
+
+ return true;
+
+}
/* end */
=====================================
tests/ntpd/nts.c
=====================================
@@ -14,6 +14,37 @@ TEST_SETUP(nts) {}
TEST_TEAR_DOWN(nts) {}
+TEST(nts, nts_translate_version) {
+ TEST_ASSERT_EQUAL_INT32(nts_translate_version(NULL), 0);
+ TEST_ASSERT_EQUAL_INT32(nts_translate_version("TLS1.2"), TLS1_2_VERSION);
+#ifdef TLS1_3_VERSION
+ TEST_ASSERT_EQUAL_INT32(nts_translate_version("TLS1.3"), TLS1_3_VERSION);
+#else
+ TEST_ASSERT_EQUAL_INT32(nts_translate_version("TLS1.3"), -1);
+#endif
+ TEST_ASSERT_EQUAL_INT32(nts_translate_version("blah"), -1);
+}
+
+TEST(nts, nts_string_to_aead) {
+ TEST_ASSERT_EQUAL_INT16(nts_string_to_aead("AEAD_AES_SIV_CMAC_256"),
+ AEAD_AES_SIV_CMAC_256);
+ TEST_ASSERT_EQUAL_INT16(nts_string_to_aead("AEAD_AES_SIV_CMAC_384"),
+ AEAD_AES_SIV_CMAC_384);
+ TEST_ASSERT_EQUAL_INT16(nts_string_to_aead("AEAD_AES_SIV_CMAC_512"),
+ AEAD_AES_SIV_CMAC_512);
+ TEST_ASSERT_EQUAL_INT16(nts_string_to_aead("blah"), NO_AEAD);
+}
+
+TEST(nts, nts_get_key_length) {
+ TEST_ASSERT_EQUAL_INT32(nts_get_key_length(AEAD_AES_SIV_CMAC_256),
+ AEAD_AES_SIV_CMAC_256_KEYLEN);
+ TEST_ASSERT_EQUAL_INT32(nts_get_key_length(AEAD_AES_SIV_CMAC_384),
+ AEAD_AES_SIV_CMAC_384_KEYLEN);
+ TEST_ASSERT_EQUAL_INT32(nts_get_key_length(AEAD_AES_SIV_CMAC_512),
+ AEAD_AES_SIV_CMAC_512_KEYLEN);
+ TEST_ASSERT_EQUAL_INT32(nts_get_key_length(-23), 0);
+}
+
TEST(nts, ke_append_record_null) {
// Setup
uint8_t buf[128];
@@ -92,6 +123,110 @@ TEST(nts, ke_append_record_bytes) {
TEST_ASSERT_EQUAL_INT(cursor.left, 0);
}
+TEST(nts, ex_append_record_null) {
+ // Setup
+ uint8_t buf[16];
+ BufCtl cursor;
+ cursor.next = buf;
+ cursor.left = 16;
+ // Run test
+ ex_append_record_null(&cursor, 0xFADE);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[0], 0xFA);
+ TEST_ASSERT_EQUAL_UINT8(buf[1], 0xDE);
+ TEST_ASSERT_EQUAL_UINT8(buf[2], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[2]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 14);
+}
+
+TEST(nts, ex_append_record_uint16) {
+ // Setup
+ uint8_t buf[16];
+ BufCtl cursor;
+ cursor.next = buf;
+ cursor.left = 16;
+ // Run test
+ ex_append_record_uint16(&cursor, 0xFADE, 0x1234);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[0], 0xFA);
+ TEST_ASSERT_EQUAL_UINT8(buf[1], 0xDE);
+ TEST_ASSERT_EQUAL_UINT8(buf[2], 0x12);
+ TEST_ASSERT_EQUAL_UINT8(buf[3], 0x34);
+ TEST_ASSERT_EQUAL_UINT8(buf[4], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[4]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 12);
+ // Test no change
+ // Setup
+ cursor.left = 0;
+ // Run test
+ ke_append_record_uint16(&cursor, 0xCAFE, 0x1234);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[4], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[4]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 0);
+}
+
+TEST(nts, ex_append_record_bytes) {
+ // Test change
+ // Setup
+ uint8_t buf[16] = {0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0};
+ BufCtl cursor;
+ cursor.next = buf;
+ cursor.left = 16;
+ uint8_t data[6] = {0, 1, 2, 3, 4, 5};
+ // Run test
+ ex_append_record_bytes(&cursor, 0xCAFE, data, 6);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[0], 0xCA);
+ TEST_ASSERT_EQUAL_UINT8(buf[1], 0xFE);
+ TEST_ASSERT_EQUAL_UINT8(buf[2], 0);
+ TEST_ASSERT_EQUAL_UINT8(buf[3], 1);
+ TEST_ASSERT_EQUAL_UINT8(buf[4], 2);
+ TEST_ASSERT_EQUAL_UINT8(buf[5], 3);
+ TEST_ASSERT_EQUAL_UINT8(buf[6], 4);
+ TEST_ASSERT_EQUAL_UINT8(buf[7], 5);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[8]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 8);
+ // Test no change
+ // Setup
+ cursor.left = 0;
+ // Run test
+ ex_append_record_bytes(&cursor, 0xCAFE, data, 6);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[8], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[8]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 0);
+}
+
+TEST(nts, ex_append_header) {
+ // Test change
+ // Setup
+ uint8_t buf[16];
+ BufCtl cursor;
+ cursor.next = buf;
+ cursor.left = 16;
+ // Run test
+ ex_append_header(&cursor, 0xFADE, 0x1234);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[0], 0xFA);
+ TEST_ASSERT_EQUAL_UINT8(buf[1], 0xDE);
+ TEST_ASSERT_EQUAL_UINT8(buf[2], 0x12);
+ TEST_ASSERT_EQUAL_UINT8(buf[3], 0x34);
+ TEST_ASSERT_EQUAL_UINT8(buf[4], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[4]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 12);
+ // Test no change
+ // Setup
+ cursor.left = 0;
+ // Run test
+ ex_append_header(&cursor, 0xFEED, 0xABCD);
+ // Check
+ TEST_ASSERT_EQUAL_UINT8(buf[4], 0);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[4]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 0);
+}
+
TEST(nts, append_header) {
// Test change
// Setup
@@ -195,6 +330,24 @@ TEST(nts, ke_next_record) {
TEST_ASSERT_EQUAL_INT(cursor.left, 12);
}
+TEST(nts, ex_next_record) {
+ // Setup
+ uint8_t buf[16] = {0xFA, 0xCE, 0, 4, 0xFF, 0xEE, 0xDD, 0xCC,
+ 0, 0, 0, 0, 0, 0, 0, 0};
+ BufCtl cursor;
+ cursor.next = buf;
+ cursor.left = 16;
+ int length;
+ uint16_t type;
+ // Run test
+ type = ex_next_record(&cursor, &length);
+ // Check
+ TEST_ASSERT_EQUAL_INT(length, 4);
+ TEST_ASSERT_EQUAL_INT(type, 0xFACE);
+ TEST_ASSERT_POINTERS_EQUAL(cursor.next, &buf[4]);
+ TEST_ASSERT_EQUAL_INT(cursor.left, 12);
+}
+
TEST(nts, next_uint16) {
// Setup
uint8_t buf[16] = {0xFA, 0xCE, 0, 4, 0xFF, 0xEE, 0xDD, 0xCC,
@@ -247,13 +400,21 @@ bool extens_init (void) { return true; }
TEST_GROUP_RUNNER(nts) {
+ RUN_TEST_CASE(nts, nts_translate_version);
+ RUN_TEST_CASE(nts, nts_string_to_aead);
+ RUN_TEST_CASE(nts, nts_get_key_length);
RUN_TEST_CASE(nts, ke_append_record_null);
RUN_TEST_CASE(nts, ke_append_record_uint16);
RUN_TEST_CASE(nts, ke_append_record_bytes);
+ RUN_TEST_CASE(nts, ex_append_record_null);
+ RUN_TEST_CASE(nts, ex_append_record_uint16);
+ RUN_TEST_CASE(nts, ex_append_record_bytes);
+ RUN_TEST_CASE(nts, ex_append_header);
RUN_TEST_CASE(nts, append_header);
RUN_TEST_CASE(nts, append_uint16);
RUN_TEST_CASE(nts, append_bytes);
RUN_TEST_CASE(nts, ke_next_record);
+ RUN_TEST_CASE(nts, ex_next_record);
RUN_TEST_CASE(nts, next_uint16);
RUN_TEST_CASE(nts, next_bytes);
}
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/3b1e503e525f94318a67372275771a804beb4e82...7f27de5d619c2ec606f7d5de1aa2bf2bf98afc31
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/3b1e503e525f94318a67372275771a804beb4e82...7f27de5d619c2ec606f7d5de1aa2bf2bf98afc31
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190320/c5a5b09a/attachment-0001.html>
More information about the vc
mailing list