From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 14 Nov 2024 12:43:22 +0000 (+0100)
Subject: test: improve nts_ntp_auth test
X-Git-Tag: 4.7-pre1~72
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9856bf2d5f2380719abae9cac438dfd026a0aad3;p=thirdparty%2Fchrony.git

test: improve nts_ntp_auth test
---

diff --git a/test/unit/nts_ntp_auth.c b/test/unit/nts_ntp_auth.c
index c3a74322..02027542 100644
--- a/test/unit/nts_ntp_auth.c
+++ b/test/unit/nts_ntp_auth.c
@@ -39,6 +39,18 @@ test_unit(void)
   int i, j, r, packet_length, nonce_length, key_length;
   int plaintext_length, plaintext2_length, min_ef_length;
 
+  TEST_CHECK(get_padding_length(0) == 0);
+  TEST_CHECK(get_padding_length(1) == 3);
+  TEST_CHECK(get_padding_length(2) == 2);
+  TEST_CHECK(get_padding_length(3) == 1);
+  TEST_CHECK(get_padding_length(4) == 0);
+  TEST_CHECK(get_padded_length(0) == 0);
+  TEST_CHECK(get_padded_length(1) == 4);
+  TEST_CHECK(get_padded_length(2) == 4);
+  TEST_CHECK(get_padded_length(3) == 4);
+  TEST_CHECK(get_padded_length(4) == 4);
+  TEST_CHECK(get_padded_length(5) == 8);
+
   for (algo = 1; algo < 100; algo++) {
     siv = SIV_CreateInstance(algo);
     if (!siv) {
@@ -102,20 +114,37 @@ test_unit(void)
       r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, nonce_length, plaintext,
                              plaintext_length, min_ef_length);
       TEST_CHECK(r);
+      TEST_CHECK(info.ext_fields == 1);
       TEST_CHECK(info.length - packet_length >= min_ef_length);
+      TEST_CHECK(info.length - packet_length == get_padded_length(min_ef_length) ||
+                 info.length - packet_length == 4 + 4 +
+                 get_padded_length(MAX(MIN(16, SIV_GetMaxNonceLength(siv)), nonce_length)) +
+                 get_padded_length(plaintext_length) + SIV_GetTagLength(siv));
 
       r = NNA_DecryptAuthEF(&packet, &info, siv, packet_length, plaintext2,
                             -1, &plaintext2_length);
       TEST_CHECK(!r);
 
+      if (random() % 2) {
+        for (j = 0; j < get_padding_length(nonce_length); j++)
+          ((unsigned char *)&packet)[packet_length + 4 + 4 + nonce_length + j]++;
+        for (j = packet_length + 4 + 4 + get_padded_length(nonce_length) +
+             plaintext_length + SIV_GetTagLength(siv); j < sizeof (packet); j++)
+          ((unsigned char *)&packet)[j]++;
+      }
+
       r = NNA_DecryptAuthEF(&packet, &info, siv, packet_length, plaintext2,
                             sizeof (plaintext2), &plaintext2_length);
       TEST_CHECK(r);
       TEST_CHECK(plaintext_length == plaintext2_length);
       TEST_CHECK(memcmp(plaintext, plaintext2, plaintext_length) == 0);
 
-      j = random() % (packet_length + plaintext_length +
-                      nonce_length + SIV_GetTagLength(siv) + 8) / 4 * 4;
+      if (random() % 2) {
+        j = random() % (packet_length + 4 + 4 + nonce_length);
+      } else {
+        j = packet_length + 4 + 4 + get_padded_length(nonce_length);
+        j += random() % (plaintext_length + SIV_GetTagLength(siv));
+      }
       ((unsigned char *)&packet)[j]++;
       r = NNA_DecryptAuthEF(&packet, &info, siv, packet_length, plaintext2,
                             sizeof (plaintext2), &plaintext2_length);