[Git][NTPsec/ntpsec][master] 7 commits: Tweaks to NTS

Hal Murray gitlab at mg.gitlab.com
Tue Mar 12 01:29:18 UTC 2019



Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
052c2c2b by Hal Murray at 2019-03-11T04:26:30Z
Tweaks to NTS

- - - - -
abed3954 by Hal Murray at 2019-03-11T04:26:30Z
Fixup doc for mintls/maxtls

- - - - -
62198a64 by Hal Murray at 2019-03-11T04:26:30Z
Add nts aean to parser - not used yet

- - - - -
ec93db71 by Hal Murray at 2019-03-11T08:44:39Z
Fix aean => aead (typo)

- - - - -
a252e294 by Hal Murray at 2019-03-11T09:46:22Z
NTS: Send AEAD request.

Change aead from uint16t to int16_t so we can used -1 for unknown.

- - - - -
74bdc28c by Hal Murray at 2019-03-12T01:10:45Z
Achim Gratz's fix for Clock variables for DCF77

Subject: Re: Clock variables for DCF77
From: Achim Gratz via devel <devel at ntpsec.org>
Date: Mon, 11 Mar 2019 21:28:17 +0100
To: devel at ntpsec.org

- - - - -
33bbb480 by Hal Murray at 2019-03-12T01:12:25Z
Updates to devel/TODO-NTS

Mostly, add lib_strbuf to thread-safe for msyslog

- - - - -


13 changed files:

- devel/TODO-NTS
- docs/includes/auth-commands.adoc
- include/nts.h
- include/nts2.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/nts.c
- ntpd/nts_client.c
- ntpd/nts_cookie.c
- ntpd/nts_extens.c
- ntpd/nts_server.c
- ntpd/refclock_generic.c


Changes:

=====================================
devel/TODO-NTS
=====================================
@@ -1,6 +1,5 @@
 multithread msyslog
-
-Ratchet for new cookie key
+  libntp/lib_strbuf.c too
 
 documentation:
   HOWTO on NTS
@@ -12,15 +11,15 @@ Startup with bad time
 ? thread per instance on NTS-KE server
 
 Password for certificate's private key and cookie keys file.
-  Need to get it it before daemon mode.
+  Need to get it before daemon mode.
 
 -------
 
-Save cookie to disk for restart without asking NTS-KE server
-
 security level
 
 client certificates
 
 Pool/cluster mode
+  ??  Ratchet for new cookie key
+
 


=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -52,16 +52,16 @@ The options are as follows:
   default root certificates.
 
 +enable+::
-  Enable NTS-KE server. The default.
+  Enable NTS-KE server.
+  When enabled, _cert_ and _key_ are required.
 
 +disable+::
   Disable NTS-KE server.
 
 +mintls+ _string_::
   Set the lowest allowable TLS version to negotiate. Will be useful in
-  the wake of a TLS compromise.  Reasonable values are _"TLS1.2"_ and
-  _"TLS1.3"_ if your system supports it (those string quotes need to
-  be part of the literal in the configuration file).  1.3 was first supported in
+  the wake of a TLS compromise.  Reasonable values are _TLS1.2_ and
+  _TLS1.3_ if your system supports it.  1.3 was first supported in
   OpenSSL version 1.1.1.
 
 +maxtls+ _string_::


=====================================
include/nts.h
=====================================
@@ -23,19 +23,21 @@
 #define NTS_UID_MAX_LENGTH	64
 
 
-/* Client side configuration data for an NTS association */
-/* part of peer struct */
+/* Client side configuration data for an NTS association
+ * All are optional.
+ * part of peer struct */
 struct ntscfg_t {
-    char *server;	/* if NULL, use the peer itself (normal case) */
-    char *ca;		/* if NULL, use the site default (normal case) */
-    char *cert;		/* if NULL, use the site default (normal case) */
+    char *server;	/* desired server; default is same as NTS-KE server */
+    char *ca;		/* root/trusted certificates */
+    char *cert;		/* client certificate  */
+    char *aead;		/* AEAD algorithms on wire */
     uint32_t expire;
 };
 
 /* Client-side state per connection to server */
 struct ntsclient_t {
     /* wire connection */
-    int aead;   /* AEAD algorithm used on wire */
+    int16_t aead;   /* AEAD algorithm used on wire */
     int keylen;
     uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN];
     /* UID of last request sent - RFC 5.3 */
@@ -66,10 +68,11 @@ struct ntsconfig_t {
     const char * maxtls;	/* maximum TLS version allowed */
     const char *tlsciphers;	/* allowed TLS 1.2 ciphers */
     const char *tlsciphersuites;/* allowed TLS 1.3 ciphersuites */
-    const char *cert;		/* server certificate key */
-    const char *key;		/* server private key */
-    const char *KI;		/* K/I for making cookies */
+    const char *cert;		/* file holding server certificate key */
+    const char *key;		/* file holding server private key */
+    const char *KI;		/* file holding K/I for making cookies */
     const char *ca;		/* root cert dir/file */
+    const char *aead;		/* AEAD algorithms on wire */
 };
 
 


=====================================
include/nts2.h
=====================================
@@ -20,14 +20,16 @@ void nts_log_ssl_error(void);
 bool nts_load_ciphers(SSL_CTX *ctx);
 bool nts_load_versions(SSL_CTX *ctx);
 
-int nts_get_key_length(int aead);
-bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen);
+int nts_get_key_length(int16_t aead);
+int16_t nts_string_to_aead(const char* text);
+
+bool nts_make_keys(SSL *ssl, int16_t aead, uint8_t *c2s, uint8_t *s2c, int keylen);
 
 int nts_make_cookie(uint8_t *cookie,
-  uint16_t aead,
+  int16_t aead,
   uint8_t *c2s, uint8_t *s2c, int keylen);
 bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
-  uint16_t *aead,
+  int16_t *aead,
   uint8_t *c2s, uint8_t *s2c, int *keylen);
 
 #define NO_OLD_VERSIONS SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1


=====================================
ntpd/keyword-gen.c
=====================================
@@ -23,6 +23,7 @@ struct key_tok {
 
 struct key_tok ntp_keywords[] = {
 { "...",		T_Ellipsis,		FOLLBY_TOKEN },
+{ "aead",		T_Aead,			FOLLBY_STRING },
 { "allpeers",		T_Allpeers,		FOLLBY_TOKEN },
 { "bias",		T_Bias,			FOLLBY_TOKEN },
 { "baud",		T_Baud,			FOLLBY_TOKEN },


=====================================
ntpd/ntp_config.c
=====================================
@@ -653,6 +653,10 @@ create_peer_node(
 		    my_node->ctl.nts_cfg.expire = option->value.u;
 		    break;
 
+		case T_Aead:
+		    my_node->ctl.nts_cfg.aead = option->value.s;
+		    break;
+
 		case T_Ca:
 		    my_node->ctl.nts_cfg.ca = option->value.s;
 		    break;
@@ -1993,6 +1997,10 @@ config_nts(
 			INSIST(0);
 			break;
 
+		case T_Aead:
+			ntsconfig.aead = estrdup(nts->value.s);
+			break;
+
 		case T_Ca:
 			ntsconfig.ca = estrdup(nts->value.s);
 			break;


=====================================
ntpd/ntp_parser.y
=====================================
@@ -50,6 +50,7 @@
 }
 
 /* Terminals (do not appear left of colon) */
+%token	<Integer>	T_Aead
 %token	<Integer>	T_Age
 %token	<Integer>	T_All
 %token	<Integer>	T_Allan
@@ -1132,7 +1133,8 @@ nts_option
 	;
 
 nts_string_option_keyword
-	:	T_Ca
+	:	T_Aead
+	|	T_Ca
 	|	T_Cert
 	|	T_Key
 	|	T_Tlsciphers


=====================================
ntpd/nts.c
=====================================
@@ -31,13 +31,26 @@ struct ntsconfig_t ntsconfig = {
   .cert = NULL,
   .key = NULL,
   .KI = NULL,
-  .ca = NULL
+  .ca = NULL,
+  .aead = NULL
 };
 
 
 
 /*****************************************************/
 
+/* Translate text to AEAD code.  -1 for none/error */
+int16_t nts_string_to_aead(const char* text) {
+  if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_256"))
+      return AEAD_AES_SIV_CMAC_256;
+  else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+      return AEAD_AES_SIV_CMAC_384;
+  else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+      return AEAD_AES_SIV_CMAC_512;
+  else
+      return -1;
+}
+
 void nts_log_ssl_error(void) {
   char buff[256];
   int err = ERR_get_error();


=====================================
ntpd/nts_client.c
=====================================
@@ -141,8 +141,10 @@ bool nts_probe(struct peer * peer) {
   /* We are using AEAD_AES_SIV_CMAC_xxx, from RFC 5297
    * key length depends upon which key is selected */
   peer->nts_state.keylen = nts_get_key_length(peer->nts_state.aead);
-  if (0 == peer->nts_state.keylen)
-    goto bail;		/* unknown AEAD algorithm */
+  if (0 == peer->nts_state.keylen) {
+    msyslog(LOG_ERR, "NTSc: Unknown AEAD code: %d", peer->nts_state.aead);
+    goto bail;
+  }
   nts_make_keys(ssl,
     peer->nts_state.aead,
     peer->nts_state.c2s,
@@ -286,7 +288,7 @@ bool check_certificate(struct peer* peer, SSL *ssl) {
   return true;
 }
 
-bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
+bool nts_make_keys(SSL *ssl, int16_t aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
   // char *label = "EXPORTER-network-time-security/1";
   // Subject: [Ntp] [NTS4NTP] info for NTS developers
   // From: Martin Langer <mart.langer at ostfalia.de>
@@ -318,7 +320,8 @@ bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
 bool nts_client_send_request(struct peer* peer, SSL *ssl) {
   uint8_t buff[1000];
   int     used, transferred;
-  struct BufCtl_t buf;
+  struct  BufCtl_t buf;
+  int16_t aead = -1;
 
   UNUSED_ARG(peer);
 
@@ -328,9 +331,15 @@ bool nts_client_send_request(struct peer* peer, SSL *ssl) {
   /* 4.1.2 Next Protocol, 0 for NTP */
   ke_append_record_uint16(&buf, NTS_CRITICAL+nts_next_protocol_negotiation, 0);
 
-  /* 4.1.5 AEAD Algorithm List
-   * AEAD_AES_SIV_CMAC_256 is the only one for now */  // FIXME
-  ke_append_record_uint16(&buf, nts_algorithm_negotiation, AEAD_AES_SIV_CMAC_256);
+  /* 4.1.5 AEAD Algorithm List */
+  // FIXME should be : separated list
+  if ((-1 == aead) && (NULL != peer->cfg.nts_cfg.aead))
+    aead = nts_string_to_aead(peer->cfg.nts_cfg.aead);
+  if ((-1 == aead) && (NULL != ntsconfig.aead))
+    aead = nts_string_to_aead(ntsconfig.aead);
+  if (-1 == aead)
+    aead = AEAD_AES_SIV_CMAC_256;
+  ke_append_record_uint16(&buf, nts_algorithm_negotiation, aead);
 
   /* 4.1.1: End, Critical */
   ke_append_record_null(&buf, NTS_CRITICAL+nts_end_of_message);
@@ -374,7 +383,7 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
   while (buf.left > 0) {
     uint16_t type, data;
     bool critical = false;
-    int length;
+    int length, keylength;
 
     type = ke_next_record(&buf, &length);
     if (NTS_CRITICAL & type) {
@@ -400,9 +409,13 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
         break;
       case nts_algorithm_negotiation:
         data = next_uint16(&buf);
-        if ((sizeof(data) != length) || (data != AEAD_AES_SIV_CMAC_256)) {
-          msyslog(LOG_ERR, "NTSc: AN-Wrong length or bad data: %d, %d",
-              length, data);
+        if (sizeof(data) != length) {
+          msyslog(LOG_ERR, "NTSc: AN-Wrong length: %d", length);
+          return false;
+        }
+        keylength = nts_get_key_length(data);
+        if (0 == keylength) {
+          msyslog(LOG_ERR, "NTSc: AN-Unsupported AEAN type: %d", data);
           return false;
         }
         peer->nts_state.aead = data;
@@ -461,8 +474,8 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
     return false;
   }
 
-  msyslog(LOG_ERR, "NTSc: Got %d cookies, length %d.",
-    peer->nts_state.count, peer->nts_state.cookielen);
+  msyslog(LOG_ERR, "NTSc: Got %d cookies, length %d, aead=%d.",
+    peer->nts_state.count, peer->nts_state.cookielen, peer->nts_state.aead);
   return true;
 }
 


=====================================
ntpd/nts_cookie.c
=====================================
@@ -73,7 +73,10 @@ bool nts_write_cookie_keys(void);
 /* This determines which algorithm we use.
  * Valid choices are 32, 48, and 64
  * making this a variable rather than #define
- * opens up the opportunity to pick one at run time. */
+ * opens up the opportunity to pick one at run time.
+ * The default (below) is 32/AEAD_AES_SIV_CMAC_256
+ * You can change that by editing the keys file.
+ */
 int K_length = AEAD_AES_SIV_CMAC_256_KEYLEN;
 uint8_t K[NTS_MAX_KEYLEN], K2[NTS_MAX_KEYLEN];
 uint32_t I, I2;
@@ -232,7 +235,7 @@ bool nts_write_cookie_keys(void) {
 
 /* returns actual length */
 int nts_make_cookie(uint8_t *cookie,
-  uint16_t aead,
+  int16_t aead,
   uint8_t *c2s, uint8_t *s2c, int keylen) {
   uint8_t plaintext[NTS_MAX_COOKIELEN];
   uint8_t *nonce;
@@ -312,7 +315,7 @@ int nts_make_cookie(uint8_t *cookie,
 
 /* can't decrypt in place - that would trash the unauthenticated packet */
 bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
-  uint16_t *aead,
+  int16_t *aead,
   uint8_t *c2s, uint8_t *s2c, int *keylen) {
 
   uint8_t *finger;


=====================================
ntpd/nts_extens.c
=====================================
@@ -124,7 +124,7 @@ int extens_client_send(struct peer *peer, struct pkt *xpkt) {
 
 bool extens_server_recv(struct ntspacket_t *ntspacket, uint8_t *pkt, int lng) {
   struct BufCtl_t buf;
-  uint16_t aead;
+  int16_t aead;
   int noncelen, cmaclen;
   bool sawcookie, sawAEEF;
 


=====================================
ntpd/nts_server.c
=====================================
@@ -182,7 +182,12 @@ return NULL;
 }
 
 bool nts_ke_request(SSL *ssl) {
-    uint8_t buff[1024];  /* RFC 4. */
+    /* buff is used for both read and write.
+     * RFC 4: servers must accept 1024
+     * cookies can be 104, 136, or 168 for IANA_AEAD_AES_SIV_CMAC_xxx
+     * 8*168 fits comfortably into 2K.
+     */
+    uint8_t buff[2048];
     int bytes_read, bytes_written;
     uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN];
     uint8_t cookie[NTS_MAX_COOKIELEN];
@@ -303,7 +308,7 @@ int create_listener(int port, int family) {
 }
 
 /* returns key length, 0 if unknown arg */
-int nts_get_key_length(int aead) {
+int nts_get_key_length(int16_t aead) {
   switch (aead) {
     case IANA_AEAD_AES_SIV_CMAC_256:
       return AEAD_AES_SIV_CMAC_256_KEYLEN;
@@ -312,7 +317,6 @@ int nts_get_key_length(int aead) {
     case IANA_AEAD_AES_SIV_CMAC_512:
       return AEAD_AES_SIV_CMAC_512_KEYLEN;
     default:
-      msyslog(LOG_ERR, "NTS: Strange AEAD code: %d", aead);
       return 0;
   }
 }


=====================================
ntpd/refclock_generic.c
=====================================
@@ -3187,13 +3187,13 @@ parse_control(
 		tt = ap(start, LEN_STATES, tt,
 		    "; running time: %s\"", l_mktime(sum));
 
-		add_var(&out->kv_list, 32, RO);
+		tt = add_var(&out->kv_list, 32, RO);
 		snprintf(tt, 32,  "refclock_id=\"%s\"", parse->parse_type->cl_id);
 
-		add_var(&out->kv_list, 80, RO);
+		tt = add_var(&out->kv_list, 80, RO);
 		snprintf(tt, 80,  "refclock_iomode=\"%s\"", parse->binding->bd_description);
 
-		add_var(&out->kv_list, 128, RO);
+		tt = add_var(&out->kv_list, 128, RO);
 		snprintf(tt, 128, "refclock_driver_version=\"%s\"", VERSION);
 
 		{



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e784a032f5fa1f16dba24ff40cd4cba2dd29ef95...33bbb4805eb67ee3adfbd13c31dc07384f1bd7dd

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e784a032f5fa1f16dba24ff40cd4cba2dd29ef95...33bbb4805eb67ee3adfbd13c31dc07384f1bd7dd
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190312/f5470ede/attachment-0001.html>


More information about the vc mailing list