for parts not merging as-is
James Browning
jamesb.fe80 at gmail.com
Sat Feb 9 13:05:15 UTC 2019
On 2/9/19, Hal Murray via devel <devel at ntpsec.org> wrote:
>>> IANA maintains one. That's what we use on the wire. It's started in
>>> RFC 5116. RFC 5297 covers the case we want. The magic number is 15.
>
>> I don't want magic numbnbers in config files.
>
> Then please write some code that translates "AEAD_AES_SIV_CMAC_256" to 15.
>
> Since we don't have any implementations for alternatives, things like that
> are
> on the bottom of my list.
>
>> And more optins in the cipher and ciphersuite strings. Lot's more.
>
> The API for that is text. Simple for me.
I guess this is not what you were looking for.
>From 3c832defb91223a9d71334792296706329aface3 Mon Sep 17 00:00:00 2001
From: James Browning <JamesB.fe80 at gmail.com>
Date: Sat, 9 Feb 2019 03:51:23 -0800
Subject: [PATCH] parse AEAD cipher suite strings
---
include/ntpd.h | 1 +
ntpd/nts.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++
tests/common/tests_main.c | 1 +
tests/ntpd/nts.c | 60 ++++++++++++++++++++++++++++++++++++++
tests/wscript | 3 +-
5 files changed, 138 insertions(+), 1 deletion(-)
create mode 100644 tests/ntpd/nts.c
diff --git a/include/ntpd.h b/include/ntpd.h
index fb82201..2aac72a 100644
--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -428,5 +428,6 @@ int nts_client_ke_verify(struct ntscfg_t *, struct
ntsstate_t *);
int nts_daily(struct ntscfg_t *);
int nts_validate(struct ntscfg_t *, struct ntsstate_t *, struct parsed_pkt *);
int nts_decorate(struct ntscfg_t *, struct ntsstate_t *, uint32_t *, size_t);
+int nts_aead_proto_text_parse(const char *in, uint16_t *array[]);
#endif /* GUARD_NTPD_H */
diff --git a/ntpd/nts.c b/ntpd/nts.c
index 6cc3f48..b42fa11 100644
--- a/ntpd/nts.c
+++ b/ntpd/nts.c
@@ -112,4 +112,78 @@ int nts_decorate(struct ntscfg_t *cfg, struct
ntsstate_t *state,
return 0;
}
+const char *IANA_AEAD_ALGOS[] = {
+ "", // Placeholding not a real entry
+
+ "AEAD_AES_128_GCM",
+ "AEAD_AES_256_GCM",
+ "AEAD_AES_128_CCM",
+ "AEAD_AES_256_CCM",
+
+ "AEAD_AES_128_GCM_8",
+ "AEAD_AES_256_GCM_8",
+ "AEAD_AES_128_GCM_12",
+ "AEAD_AES_256_GCM_12",
+
+ "AEAD_AES_128_CCM_SHORT",
+ "AEAD_AES_256_CCM_SHORT",
+ "AEAD_AES_128_CCM_SHORT_8",
+ "AEAD_AES_256_CCM_SHORT_8",
+ "AEAD_AES_128_CCM_SHORT_12",
+ "AEAD_AES_256_CCM_SHORT_12",
+
+ "AEAD_AES_SIV_CMAC_256",
+ "AEAD_AES_SIV_CMAC_384",
+ "AEAD_AES_SIV_CMAC_512",
+
+ "AEAD_AES_128_CCM_8",
+ "AEAD_AES_256_CCM_8",
+
+ "AEAD_AES_128_OCB_TAGLEN128",
+ "AEAD_AES_128_OCB_TAGLEN96",
+ "AEAD_AES_128_OCB_TAGLEN64",
+ "AEAD_AES_192_OCB_TAGLEN128",
+ "AEAD_AES_192_OCB_TAGLEN96",
+ "AEAD_AES_192_OCB_TAGLEN64",
+ "AEAD_AES_256_OCB_TAGLEN128",
+ "AEAD_AES_256_OCB_TAGLEN96",
+ "AEAD_AES_256_OCB_TAGLEN64",
+
+ "AEAD_CHACHA20_POLY1305"
+};
+
+/* should parse a list of AEAD protocols in text and turn it into an array.
+ *
+ * Returns -1 on failure or a bitvector(30) on success.
+ */
+int nts_aead_proto_text_parse(const char *in, uint16_t *array[]) {
+ // copied and butchered from man
+ char *pointer, *token, *clune = calloc(1+strlen(in), 1);
+ if(NULL==clune) {
+ return -1;
+ }
+ char *splitter = malloc(2);
+ if(NULL==splitter) {
+ free(clune);
+ return -1;
+ }
+ strcpy(splitter, ":");
+ int vector=0;
+ strcpy(clune, in);
+ vector = 0;
+
+ for (int loop1 = 0; ;clune = NULL) {
+ token = strtok_r(clune, splitter, &pointer);
+ for(int loop2=29;loop2>0;loop2--) {
+ if(0 == strcmp(token, IANA_AEAD_ALGOS[loop2])) {
+ vector |= 1<<loop2;
+ array[loop1++]=loop2;
+ break;
+ }
+ }
+ }
+ free(clune);
+ free(splitter);
+ return vector;
+}
/* end */
diff --git a/tests/common/tests_main.c b/tests/common/tests_main.c
index 3f4da1d..8de5cc7 100644
--- a/tests/common/tests_main.c
+++ b/tests/common/tests_main.c
@@ -73,6 +73,7 @@ static void RunAllTests(void)
RUN_TEST_GROUP(leapsec);
RUN_TEST_GROUP(hackrestrict);
RUN_TEST_GROUP(recvbuff);
+ RUN_TEST_GROUP(nts);
RUN_TEST_GROUP(nts_lib);
#endif
diff --git a/tests/ntpd/nts.c b/tests/ntpd/nts.c
new file mode 100644
index 0000000..9594996
--- /dev/null
+++ b/tests/ntpd/nts.c
@@ -0,0 +1,60 @@
+#include "ntpd.h"
+#include "unity.h"
+#include "unity_fixture.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#undef malloc
+#undef calloc
+#undef free
+
+TEST_GROUP(nts);
+
+TEST_SETUP(nts) {}
+
+TEST_TEAR_DOWN(nts) {}
+
+TEST(nts, aead_parse) {
+ uint16_t vier[5];
+ int outcode, results[][] = {
+ {29},
+ {1,2,3,4},
+ {5,6,7,8},
+ {9,10,11},
+ {12,13,14}
+ };
+ outcode = nts_aead_proto_text_parse("AEAD_CHACHA20_POLY1305", &vier);
+ TEST_ASSERT_EQUAL_MEMORY(results[0], vier, 1);
+ TEST_ASSERT_EQUAL_INT32(0x08000000, outcode);
+
+ outcode =
nts_aead_proto_text_parse("AEAD_AES_128_GCM:AEAD_AES_256_GCM:AEAD_AES_128_CCM:AEAD_AES_256_CCM",
&vier);
+ TEST_ASSERT_EQUAL_MEMORY(results[1], vier, 4);
+ TEST_ASSERT_EQUAL_INT32(0x0000001e, outcode);
+
+ outcode =
nts_aead_proto_text_parse("AEAD_AES_128_GCM_8:AEAD_AES_256_GCM_8:AEAD_AES_128_GCM_12:AEAD_AES_256_GCM_12",
&vier);
+ TEST_ASSERT_EQUAL_MEMORY(results[2], vier, 4);
+ TEST_ASSERT_EQUAL_INT32(0x000001e0, outcode);
+/*
+ outcode = nts_aead_proto_text_parse("", &vier);
+ TEST_ASSERT_EQUAL_MEMORY(results[], vier, );
+ TEST_ASSERT_EQUAL_INT32(0x08000000, outcode);
+
+
+ "AEAD_AES_128_CCM_SHORT:AEAD_AES_256_CCM_SHORT:AEAD_AES_128_CCM_SHORT_8",
+ "AEAD_AES_256_CCM_SHORT_8:AEAD_AES_128_CCM_SHORT_12:AEAD_AES_256_CCM_SHORT_12",
+
+ "AEAD_AES_SIV_CMAC_256:AEAD_AES_SIV_CMAC_384:AEAD_AES_SIV_CMAC_512",
+
+ "AEAD_AES_128_CCM_8:AEAD_AES_256_CCM_8",
+
+ "AEAD_AES_128_OCB_TAGLEN128:AEAD_AES_128_OCB_TAGLEN96:AEAD_AES_128_OCB_TAGLEN64",
+ "AEAD_AES_192_OCB_TAGLEN128:AEAD_AES_192_OCB_TAGLEN96:AEAD_AES_192_OCB_TAGLEN64",
+ "AEAD_AES_256_OCB_TAGLEN128:AEAD_AES_256_OCB_TAGLEN96:AEAD_AES_256_OCB_TAGLEN64",
+*/
+}
+
+TEST_GROUP_RUNNER(nts) {
+ RUN_TEST_CASE(nts, aead_parse);
+}
+// end
diff --git a/tests/wscript b/tests/wscript
index 30d8eea..390844e 100644
--- a/tests/wscript
+++ b/tests/wscript
@@ -101,7 +101,8 @@ def build(ctx):
"ntpd/leapsec.c",
"ntpd/restrict.c",
"ntpd/recvbuff.c",
- "ntpd/nts_lib.c"
+ "ntpd/nts.c",
+ "ntpd/nts_lib.c",
] + common_source
ctx.ntp_test(
--
2.7.4
More information about the devel
mailing list