[Git][NTPsec/ntpsec][master] More detailed description of authentication.

Eric S. Raymond gitlab at mg.gitlab.com
Tue Nov 1 14:06:00 UTC 2016

Eric S. Raymond pushed to branch master at NTPsec / ntpsec

7915df14 by Eric S. Raymond at 2016-11-01T10:05:43-04:00
More detailed description of authentication.

- - - - -

1 changed file:

- docs/mode6.txt


--- a/docs/mode6.txt
+++ b/docs/mode6.txt
@@ -19,6 +19,7 @@ include::includes/hand.txt[]
 * link:#packet[Mode 6 packet structure]
 * link:#varlists[Variable-Value Lists]
 * link:#requests[Mode 6 Requests]
+* link:#authentication[Authentication]
@@ -86,10 +87,6 @@ padded to a 4-octet boundary.  Responses may be multiple UDP packets;
 they may arrive out of order, and the client is responsible for
 reassembling the payloads.
-Some requests require authentication.  This is accomplished by
-shipping a trailer consisting of a key dentifier and an MD5 digest of
-the header and payload generated with that identifier.
 == Variable-Value Lists ==
@@ -384,6 +381,26 @@ containing one string-valued variable, "nonce". The value need not by
 interpreted by the client, only replayed as part of a following MRU-list
+== Authentication ==
+Authenticated requests require a MAC (message authentication code)
+trailer following the payload data, if any. Such requests must be
+padded to an 8-octet boundary, with those bytes not included in the
+header count field.
+The contents of the MAC trailer consists of:
+1. The 32-bit identifier of the signing key in network byte order.
+2. A cryptographic hash of the following octet spans, in order.
+First, the password entered to use the signing key, then the request
+header fields, then the payload.
+The cryptographic hash is normally MD5, but if ntpd is built with
+OpenSSL support it is possible to select any of the hash types supported
+by that library on a per-key basis.

View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7915df14873c125307f1e08a0508fe817b98a15c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20161101/2362fc41/attachment.html>

More information about the vc mailing list