ntske-test

ntske-test is a tool for testing servers that implement the Key Establishment protocol of the Network Time Security (NTS) authentication mechanism.

If has a conformance mode to test the server in various corner cases of the protocol and a performance mode to measure how many sessions per second the server can handle. A simple fuzzer can be enabled in the performance mode.

Requirements

• C compiler

• make

• pkg-config

• gnutls (with development files)

Usage

ntske-test MODE [OPTION]... HOST

Modes:
        -c              Test conformance
        -b              Test performance

Options:
        -f              Fuzz requests in performance test
        -p PORT         Set server NTS-KE port (4460)
        -t THREADS      Set number of threads for performance test (8)
        -m MILLISECONDS Set minimum random delay inserted between I/O (0)
        -M MILLISECONDS Set maximum random delay inserted between I/O (10)
        -d              Print debug messages
        -h              Print this help message

Example

$ ./ntske-test -c nts.example.net
Testing server nts.example.net (10.1.1.123:4460)

TLSv1.3 connection                      (16+848)        PASS
Rejection of TLSv1.2 connection         (16+848)        FAIL
ALPN "ntske/1"                          (16+848)        PASS
Rejection of unknown ALPN               (16+0)          PASS
Minimal valid request                   (16+848)        PASS
Number of cookies                       (16+848)        PASS
Missing NEXT_PROTOCOL record            (10+10)         PASS
Missing AEAD_ALGORITHM record           (10+10)         PASS
Multiple NEXT_PROTOCOL records          (22+848)        FAIL
Multiple AEAD_ALGORITHM records         (22+848)        FAIL
Missing NEXT_PROTOCOL value             (14+10)         PASS
Missing AEAD_ALGORITHM value            (14+10)         PASS
Multiple NEXT_PROTOCOL values           (34+848)        PASS
Multiple AEAD_ALGORITHM values          (34+848)        PASS
Unknown NEXT_PROTOCOL value             (16+10)         FAIL
Unknown AEAD_ALGORITHM value            (16+10)         FAIL
Unknown SERVER_NEGOTIATION              (30+848)        PASS
Unknown PORT_NEGOTIATION                (22+848)        PASS
Unknown critical record                 (30+10)         FAIL
Unknown non-critical record             (30+848)        PASS
Missing END_OF_MESSAGE                  (12+0)          PASS
Slow request                            (52+848)        PASS
Long request                            (1024+848)      PASS
Very long request (not required)        (17244+0)       -

$ ./ntske-test -b nts.example.net -t 256
Testing server nts.example.net (10.1.1.123:4460)

3096 successful sessions/sec, 0 failed sessions, max 133 concurrent sessions
3318 successful sessions/sec, 0 failed sessions, max 151 concurrent sessions
3305 successful sessions/sec, 0 failed sessions, max 147 concurrent sessions
3300 successful sessions/sec, 0 failed sessions, max 140 concurrent sessions
3314 successful sessions/sec, 0 failed sessions, max 148 concurrent sessions
3300 successful sessions/sec, 0 failed sessions, max 147 concurrent sessions

Author

Miroslav Lichvar <mlichvar@redhat.com>

License

GPLv2