CMAC authentication

Hal Murray hmurray at
Wed Jun 13 10:43:34 UTC 2018

Context is

I just pushed the code to add CMAC authentication.

There may be some very old systems with versions of OpenSSL/libcrypt that 
don't support CMACs.  I haven't conditionalized any of the code.  Be alert to 
errors about a missing openssl/cmac.h

gitlab said my pipeline passed.

If somebody finds a system without it, we get to decide if we should require 
CMAC support in libcrypto, or add the ifdefs to build on systems without it.

I haven't tested authentication with ntpq.

The documentation probably needs more work.  (It needed it before my changes.)

I want to work on some of the auth tests to actually read a keys file.


The general idea is to use AES CMAC rather than message digests for 
authentication.  The code will work with any encryption algorithm with a CBC 
mode that is supported by your local libcrypt.

The new tag in the keys file is "AES" which is short for AES-128.  (The 
key-reading code adds the "-CBC".)

It works with ntp classic 4.2.8p11.  It doesn't work with 4.2.8p10 which is 
shipping with Raspian/Debian for the Pi.  They use AES128CMAC in the keys 
file, so I accept that too.

A big part of the work was removing the cache of the most recent key lookup.  
The old key-lookup code left results in global variables and picked them up 
later on.  The code now passes around a pointer to a struct with all the data 
for a key.  That part of the code would probably work with multiple threads.

The normal case where a cache would help is a server replying to an 
authenticated request.  The new code just passes around the pointer which is 
also a flag indicating the need for authentication.

CMAC keys have to be the right length.  (digest keys can be any length.)  For 
AES-128, that's 128 bits or 16 bytes.  The key-reading code truncates or pads 
if necessary.  ntpkeygen has been updated to make 2 batches of AES keys, one 
with 16 bytes of text and the second with 16 bytes encoded as hex.

These are my opinions.  I hate spam.

More information about the devel mailing list