nts: don't assume field position in NNA_DecryptAuthEF()

Modify NNA_DecryptAuthEF() to not assume that the authenticator is the
last extension field in the packet as some extension fields specified in
future may need to be placed after the authenticator. The caller of the
function is supposed to verify the position.

diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c
index 2ff6d0d03ee7cc67a074b85489ef84e75050a322..86cd7cdbd86cbce736e69b01f9b9e5ed96a1e707 100644 (file)
--- a/nts_ntp_auth.c
+++ b/nts_ntp_auth.c
@@ -167,7 +167,7 @@ NNA_DecryptAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv, in
 
   *plaintext_length = ciphertext_length - siv_tag_length;
 
-  if (!SIV_Decrypt(siv, nonce, nonce_length, packet, info->length - ef_body_length - 4,
+  if (!SIV_Decrypt(siv, nonce, nonce_length, packet, ef_start,
                    ciphertext, ciphertext_length, plaintext, *plaintext_length)) {
     DEBUG_LOG("SIV decrypt failed");
     return 0;

diff --git a/nts_ntp_server.c b/nts_ntp_server.c
index f4df796b8bfca3dfa7a5d88ed8fa2d68292369ef..c0d3e06e4408e4482803154ab51c84721068cffb 100644 (file)
--- a/nts_ntp_server.c
+++ b/nts_ntp_server.c
@@ -135,6 +135,11 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod)
         cookie_length = ef_body_length;
         break;
       case NTP_EF_NTS_AUTH_AND_EEF:
+        if (parsed + ef_length != info->length) {
+          DEBUG_LOG("Auth not last EF");
+          return 0;
+        }
+
         auth_start = parsed;
         has_auth = 1;
         break;