[Git][NTPsec/ntpsec][master] 7 commits: Tweaks to NTS
Hal Murray
gitlab at mg.gitlab.com
Tue Mar 12 01:29:18 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
052c2c2b by Hal Murray at 2019-03-11T04:26:30Z
Tweaks to NTS
- - - - -
abed3954 by Hal Murray at 2019-03-11T04:26:30Z
Fixup doc for mintls/maxtls
- - - - -
62198a64 by Hal Murray at 2019-03-11T04:26:30Z
Add nts aean to parser - not used yet
- - - - -
ec93db71 by Hal Murray at 2019-03-11T08:44:39Z
Fix aean => aead (typo)
- - - - -
a252e294 by Hal Murray at 2019-03-11T09:46:22Z
NTS: Send AEAD request.
Change aead from uint16t to int16_t so we can used -1 for unknown.
- - - - -
74bdc28c by Hal Murray at 2019-03-12T01:10:45Z
Achim Gratz's fix for Clock variables for DCF77
Subject: Re: Clock variables for DCF77
From: Achim Gratz via devel <devel at ntpsec.org>
Date: Mon, 11 Mar 2019 21:28:17 +0100
To: devel at ntpsec.org
- - - - -
33bbb480 by Hal Murray at 2019-03-12T01:12:25Z
Updates to devel/TODO-NTS
Mostly, add lib_strbuf to thread-safe for msyslog
- - - - -
13 changed files:
- devel/TODO-NTS
- docs/includes/auth-commands.adoc
- include/nts.h
- include/nts2.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/nts.c
- ntpd/nts_client.c
- ntpd/nts_cookie.c
- ntpd/nts_extens.c
- ntpd/nts_server.c
- ntpd/refclock_generic.c
Changes:
=====================================
devel/TODO-NTS
=====================================
@@ -1,6 +1,5 @@
multithread msyslog
-
-Ratchet for new cookie key
+ libntp/lib_strbuf.c too
documentation:
HOWTO on NTS
@@ -12,15 +11,15 @@ Startup with bad time
? thread per instance on NTS-KE server
Password for certificate's private key and cookie keys file.
- Need to get it it before daemon mode.
+ Need to get it before daemon mode.
-------
-Save cookie to disk for restart without asking NTS-KE server
-
security level
client certificates
Pool/cluster mode
+ ?? Ratchet for new cookie key
+
=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -52,16 +52,16 @@ The options are as follows:
default root certificates.
+enable+::
- Enable NTS-KE server. The default.
+ Enable NTS-KE server.
+ When enabled, _cert_ and _key_ are required.
+disable+::
Disable NTS-KE server.
+mintls+ _string_::
Set the lowest allowable TLS version to negotiate. Will be useful in
- the wake of a TLS compromise. Reasonable values are _"TLS1.2"_ and
- _"TLS1.3"_ if your system supports it (those string quotes need to
- be part of the literal in the configuration file). 1.3 was first supported in
+ the wake of a TLS compromise. Reasonable values are _TLS1.2_ and
+ _TLS1.3_ if your system supports it. 1.3 was first supported in
OpenSSL version 1.1.1.
+maxtls+ _string_::
=====================================
include/nts.h
=====================================
@@ -23,19 +23,21 @@
#define NTS_UID_MAX_LENGTH 64
-/* Client side configuration data for an NTS association */
-/* part of peer struct */
+/* Client side configuration data for an NTS association
+ * All are optional.
+ * part of peer struct */
struct ntscfg_t {
- char *server; /* if NULL, use the peer itself (normal case) */
- char *ca; /* if NULL, use the site default (normal case) */
- char *cert; /* if NULL, use the site default (normal case) */
+ char *server; /* desired server; default is same as NTS-KE server */
+ char *ca; /* root/trusted certificates */
+ char *cert; /* client certificate */
+ char *aead; /* AEAD algorithms on wire */
uint32_t expire;
};
/* Client-side state per connection to server */
struct ntsclient_t {
/* wire connection */
- int aead; /* AEAD algorithm used on wire */
+ int16_t aead; /* AEAD algorithm used on wire */
int keylen;
uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN];
/* UID of last request sent - RFC 5.3 */
@@ -66,10 +68,11 @@ struct ntsconfig_t {
const char * maxtls; /* maximum TLS version allowed */
const char *tlsciphers; /* allowed TLS 1.2 ciphers */
const char *tlsciphersuites;/* allowed TLS 1.3 ciphersuites */
- const char *cert; /* server certificate key */
- const char *key; /* server private key */
- const char *KI; /* K/I for making cookies */
+ const char *cert; /* file holding server certificate key */
+ const char *key; /* file holding server private key */
+ const char *KI; /* file holding K/I for making cookies */
const char *ca; /* root cert dir/file */
+ const char *aead; /* AEAD algorithms on wire */
};
=====================================
include/nts2.h
=====================================
@@ -20,14 +20,16 @@ void nts_log_ssl_error(void);
bool nts_load_ciphers(SSL_CTX *ctx);
bool nts_load_versions(SSL_CTX *ctx);
-int nts_get_key_length(int aead);
-bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen);
+int nts_get_key_length(int16_t aead);
+int16_t nts_string_to_aead(const char* text);
+
+bool nts_make_keys(SSL *ssl, int16_t aead, uint8_t *c2s, uint8_t *s2c, int keylen);
int nts_make_cookie(uint8_t *cookie,
- uint16_t aead,
+ int16_t aead,
uint8_t *c2s, uint8_t *s2c, int keylen);
bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
- uint16_t *aead,
+ int16_t *aead,
uint8_t *c2s, uint8_t *s2c, int *keylen);
#define NO_OLD_VERSIONS SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1
=====================================
ntpd/keyword-gen.c
=====================================
@@ -23,6 +23,7 @@ struct key_tok {
struct key_tok ntp_keywords[] = {
{ "...", T_Ellipsis, FOLLBY_TOKEN },
+{ "aead", T_Aead, FOLLBY_STRING },
{ "allpeers", T_Allpeers, FOLLBY_TOKEN },
{ "bias", T_Bias, FOLLBY_TOKEN },
{ "baud", T_Baud, FOLLBY_TOKEN },
=====================================
ntpd/ntp_config.c
=====================================
@@ -653,6 +653,10 @@ create_peer_node(
my_node->ctl.nts_cfg.expire = option->value.u;
break;
+ case T_Aead:
+ my_node->ctl.nts_cfg.aead = option->value.s;
+ break;
+
case T_Ca:
my_node->ctl.nts_cfg.ca = option->value.s;
break;
@@ -1993,6 +1997,10 @@ config_nts(
INSIST(0);
break;
+ case T_Aead:
+ ntsconfig.aead = estrdup(nts->value.s);
+ break;
+
case T_Ca:
ntsconfig.ca = estrdup(nts->value.s);
break;
=====================================
ntpd/ntp_parser.y
=====================================
@@ -50,6 +50,7 @@
}
/* Terminals (do not appear left of colon) */
+%token <Integer> T_Aead
%token <Integer> T_Age
%token <Integer> T_All
%token <Integer> T_Allan
@@ -1132,7 +1133,8 @@ nts_option
;
nts_string_option_keyword
- : T_Ca
+ : T_Aead
+ | T_Ca
| T_Cert
| T_Key
| T_Tlsciphers
=====================================
ntpd/nts.c
=====================================
@@ -31,13 +31,26 @@ struct ntsconfig_t ntsconfig = {
.cert = NULL,
.key = NULL,
.KI = NULL,
- .ca = NULL
+ .ca = NULL,
+ .aead = NULL
};
/*****************************************************/
+/* Translate text to AEAD code. -1 for none/error */
+int16_t nts_string_to_aead(const char* text) {
+ if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_256"))
+ return AEAD_AES_SIV_CMAC_256;
+ else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+ return AEAD_AES_SIV_CMAC_384;
+ else if (0 == strcmp( text, "IANA_AEAD_AES_SIV_CMAC_384"))
+ return AEAD_AES_SIV_CMAC_512;
+ else
+ return -1;
+}
+
void nts_log_ssl_error(void) {
char buff[256];
int err = ERR_get_error();
=====================================
ntpd/nts_client.c
=====================================
@@ -141,8 +141,10 @@ bool nts_probe(struct peer * peer) {
/* We are using AEAD_AES_SIV_CMAC_xxx, from RFC 5297
* key length depends upon which key is selected */
peer->nts_state.keylen = nts_get_key_length(peer->nts_state.aead);
- if (0 == peer->nts_state.keylen)
- goto bail; /* unknown AEAD algorithm */
+ if (0 == peer->nts_state.keylen) {
+ msyslog(LOG_ERR, "NTSc: Unknown AEAD code: %d", peer->nts_state.aead);
+ goto bail;
+ }
nts_make_keys(ssl,
peer->nts_state.aead,
peer->nts_state.c2s,
@@ -286,7 +288,7 @@ bool check_certificate(struct peer* peer, SSL *ssl) {
return true;
}
-bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
+bool nts_make_keys(SSL *ssl, int16_t aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
// char *label = "EXPORTER-network-time-security/1";
// Subject: [Ntp] [NTS4NTP] info for NTS developers
// From: Martin Langer <mart.langer at ostfalia.de>
@@ -318,7 +320,8 @@ bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen) {
bool nts_client_send_request(struct peer* peer, SSL *ssl) {
uint8_t buff[1000];
int used, transferred;
- struct BufCtl_t buf;
+ struct BufCtl_t buf;
+ int16_t aead = -1;
UNUSED_ARG(peer);
@@ -328,9 +331,15 @@ bool nts_client_send_request(struct peer* peer, SSL *ssl) {
/* 4.1.2 Next Protocol, 0 for NTP */
ke_append_record_uint16(&buf, NTS_CRITICAL+nts_next_protocol_negotiation, 0);
- /* 4.1.5 AEAD Algorithm List
- * AEAD_AES_SIV_CMAC_256 is the only one for now */ // FIXME
- ke_append_record_uint16(&buf, nts_algorithm_negotiation, AEAD_AES_SIV_CMAC_256);
+ /* 4.1.5 AEAD Algorithm List */
+ // FIXME should be : separated list
+ if ((-1 == aead) && (NULL != peer->cfg.nts_cfg.aead))
+ aead = nts_string_to_aead(peer->cfg.nts_cfg.aead);
+ if ((-1 == aead) && (NULL != ntsconfig.aead))
+ aead = nts_string_to_aead(ntsconfig.aead);
+ if (-1 == aead)
+ aead = AEAD_AES_SIV_CMAC_256;
+ ke_append_record_uint16(&buf, nts_algorithm_negotiation, aead);
/* 4.1.1: End, Critical */
ke_append_record_null(&buf, NTS_CRITICAL+nts_end_of_message);
@@ -374,7 +383,7 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
while (buf.left > 0) {
uint16_t type, data;
bool critical = false;
- int length;
+ int length, keylength;
type = ke_next_record(&buf, &length);
if (NTS_CRITICAL & type) {
@@ -400,9 +409,13 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
break;
case nts_algorithm_negotiation:
data = next_uint16(&buf);
- if ((sizeof(data) != length) || (data != AEAD_AES_SIV_CMAC_256)) {
- msyslog(LOG_ERR, "NTSc: AN-Wrong length or bad data: %d, %d",
- length, data);
+ if (sizeof(data) != length) {
+ msyslog(LOG_ERR, "NTSc: AN-Wrong length: %d", length);
+ return false;
+ }
+ keylength = nts_get_key_length(data);
+ if (0 == keylength) {
+ msyslog(LOG_ERR, "NTSc: AN-Unsupported AEAN type: %d", data);
return false;
}
peer->nts_state.aead = data;
@@ -461,8 +474,8 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
return false;
}
- msyslog(LOG_ERR, "NTSc: Got %d cookies, length %d.",
- peer->nts_state.count, peer->nts_state.cookielen);
+ msyslog(LOG_ERR, "NTSc: Got %d cookies, length %d, aead=%d.",
+ peer->nts_state.count, peer->nts_state.cookielen, peer->nts_state.aead);
return true;
}
=====================================
ntpd/nts_cookie.c
=====================================
@@ -73,7 +73,10 @@ bool nts_write_cookie_keys(void);
/* This determines which algorithm we use.
* Valid choices are 32, 48, and 64
* making this a variable rather than #define
- * opens up the opportunity to pick one at run time. */
+ * opens up the opportunity to pick one at run time.
+ * The default (below) is 32/AEAD_AES_SIV_CMAC_256
+ * You can change that by editing the keys file.
+ */
int K_length = AEAD_AES_SIV_CMAC_256_KEYLEN;
uint8_t K[NTS_MAX_KEYLEN], K2[NTS_MAX_KEYLEN];
uint32_t I, I2;
@@ -232,7 +235,7 @@ bool nts_write_cookie_keys(void) {
/* returns actual length */
int nts_make_cookie(uint8_t *cookie,
- uint16_t aead,
+ int16_t aead,
uint8_t *c2s, uint8_t *s2c, int keylen) {
uint8_t plaintext[NTS_MAX_COOKIELEN];
uint8_t *nonce;
@@ -312,7 +315,7 @@ int nts_make_cookie(uint8_t *cookie,
/* can't decrypt in place - that would trash the unauthenticated packet */
bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
- uint16_t *aead,
+ int16_t *aead,
uint8_t *c2s, uint8_t *s2c, int *keylen) {
uint8_t *finger;
=====================================
ntpd/nts_extens.c
=====================================
@@ -124,7 +124,7 @@ int extens_client_send(struct peer *peer, struct pkt *xpkt) {
bool extens_server_recv(struct ntspacket_t *ntspacket, uint8_t *pkt, int lng) {
struct BufCtl_t buf;
- uint16_t aead;
+ int16_t aead;
int noncelen, cmaclen;
bool sawcookie, sawAEEF;
=====================================
ntpd/nts_server.c
=====================================
@@ -182,7 +182,12 @@ return NULL;
}
bool nts_ke_request(SSL *ssl) {
- uint8_t buff[1024]; /* RFC 4. */
+ /* buff is used for both read and write.
+ * RFC 4: servers must accept 1024
+ * cookies can be 104, 136, or 168 for IANA_AEAD_AES_SIV_CMAC_xxx
+ * 8*168 fits comfortably into 2K.
+ */
+ uint8_t buff[2048];
int bytes_read, bytes_written;
uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN];
uint8_t cookie[NTS_MAX_COOKIELEN];
@@ -303,7 +308,7 @@ int create_listener(int port, int family) {
}
/* returns key length, 0 if unknown arg */
-int nts_get_key_length(int aead) {
+int nts_get_key_length(int16_t aead) {
switch (aead) {
case IANA_AEAD_AES_SIV_CMAC_256:
return AEAD_AES_SIV_CMAC_256_KEYLEN;
@@ -312,7 +317,6 @@ int nts_get_key_length(int aead) {
case IANA_AEAD_AES_SIV_CMAC_512:
return AEAD_AES_SIV_CMAC_512_KEYLEN;
default:
- msyslog(LOG_ERR, "NTS: Strange AEAD code: %d", aead);
return 0;
}
}
=====================================
ntpd/refclock_generic.c
=====================================
@@ -3187,13 +3187,13 @@ parse_control(
tt = ap(start, LEN_STATES, tt,
"; running time: %s\"", l_mktime(sum));
- add_var(&out->kv_list, 32, RO);
+ tt = add_var(&out->kv_list, 32, RO);
snprintf(tt, 32, "refclock_id=\"%s\"", parse->parse_type->cl_id);
- add_var(&out->kv_list, 80, RO);
+ tt = add_var(&out->kv_list, 80, RO);
snprintf(tt, 80, "refclock_iomode=\"%s\"", parse->binding->bd_description);
- add_var(&out->kv_list, 128, RO);
+ tt = add_var(&out->kv_list, 128, RO);
snprintf(tt, 128, "refclock_driver_version=\"%s\"", VERSION);
{
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e784a032f5fa1f16dba24ff40cd4cba2dd29ef95...33bbb4805eb67ee3adfbd13c31dc07384f1bd7dd
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e784a032f5fa1f16dba24ff40cd4cba2dd29ef95...33bbb4805eb67ee3adfbd13c31dc07384f1bd7dd
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190312/f5470ede/attachment-0001.html>
More information about the vc
mailing list