[Git][NTPsec/ntpsec][21D11-news] 2 commits: contrib: revise keygone even more.
James Browning (@jamesb_fe80)
gitlab at mg.gitlab.com
Thu May 20 18:53:51 UTC 2021
James Browning pushed to branch 21D11-news at NTPsec / ntpsec
Commits:
6909192d by James Browning at 2021-05-14T03:01:34-07:00
contrib: revise keygone even more.
- - - - -
3d7a5ef3 by James Browning at 2021-05-20T18:53:46+00:00
NEWS: add entries and grammar lint. 21E-May17
- - - - -
4 changed files:
- NEWS.adoc
- contrib/keygone-body.adoc
- contrib/keygone.adoc
- contrib/keygone.py
Changes:
=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,20 @@ on user-visible changes.
== Repository Head ==
+Update ntpkeygen, keygone and docs to reflect updated keyfile issues.
+
+Print protostats since start of execution for 'ntpq -c sysstats'
+
+Add dextral peers mode in ntpq and ntpmon.
+
+Drop NTPv1 as the support was not RFC compliant, maybe v2 except mode 6 next.
+
+Fix argument P for ntpd parsing fixed and ntpdate improvements.
+
+Fix crash for raw ntpq readvar.
+
+Add processor usage to NTS-KE logging except on NetBSD.
+
Remove --build-epoch and replace it with arbitrary --build-desc text.
Passing '--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)' restores the previous
default extended version.
@@ -20,14 +34,14 @@ The build epoch has been replaced with a hardcoded timestamp which will be
manually updated every nine years or so (approx 512w). This makes the
binaries reproducible by default.
-Compare versions of ntp.ntpc and libntpc printing a warning is
+Compare versions of ntp.ntpc and libntpc printing a warning if
mismatched. Fix libntpc install path if using it.
-Reduce maxclocks to 5 to reduce the NTP pool load.
+Reduce maxclocks default to 5 to reduce the NTP pool load.
Print LIBDIR during ./waf configure.
-Documentation, new GPG key, and miscellaneous cleanups.
+Add documentation, new GPG key, and other cleanups.
== 2020-10-06: 1.2.0 ==
=====================================
contrib/keygone-body.adoc
=====================================
@@ -38,7 +38,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
delete algorithm (repeatable) or "everything"
+-f+ FILE, +--file+ FILE::
- Output to a file
+ Output to a file defaults to "ntp.keygone"
+-s+ LINK, +--link+ LINK::
create a symlink (requires file)
@@ -56,7 +56,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
gap between subsequent groups (default 0)
+-t+, +--text+::
- generate text keys (base-95 default)
+ generate text keys (base-92 default)
+-x+, +--hex+::
generate hexadecimal keys (lowercase base-16)
@@ -121,11 +121,11 @@ Following any headers the keys are entered one per line in the
format:
[options="header"]
-|====================================================================
+|====
|Field | Meaning
|keyno | Positive integer in the range 1-65,535
|type | Type of key (md5, sha224, aes-128 etc).
|key | the actual key, printable ASCII or hex
-|====================================================================
+|====
// end
=====================================
contrib/keygone.adoc
=====================================
@@ -2,13 +2,13 @@
include::include-html.ad[]
[cols="10%,90%",frame="none",grid="none",style="verse"]
-|==============================
+|====
|image:pic/alice23.gif[]|
{millshome}pictures.html[from 'Alice's Adventures in Wonderland', Lewis Carroll]
Alice holds the key.
-|==============================
+|====
== Manual Pages
@@ -30,11 +30,47 @@ include::keygone-body.adoc[]
// The end of "Cryptographic Data Files" runs into this following text.
-image:pic/sx5.gif[]
-
-Figure 1. Typical Symmetric Key File
-
-Figure 1 shows a typical symmetric keys file used by the reference
+.Figure 1. Atypical Symmetric Key File
+----
+# ntpkey_taos.lan.1620985116
+# Fri May 14 09:38:36 2021
+ 1 aes-128 Sn0mdtd)-[ecHF}w
+ 2 aria-128 EaN>^b3-_2dHX+,\
+ 3 camellia-128 o$cO.]TFU{(DE>s,
+ 4 sm4 F)jK&L at bU%$Qz at zu
+ 5 sha224 bJbF:)G0Ngtcs.t}A&]d
+ 6 sha3-224 qav0OY<9w,TK=0TQjkBQ
+ 7 blake2s256 q?&^(FNn at a'CrFbHiWKC
+ 8 sha256 l4h.|47};\ZgbzpyQF%(
+ 9 sha3-256 .LiSr(UX+v(J*ZUcNA}5
+ 10 sha384 *s$HZ<+0n*(8(@AiJJ})
+ 11 sha3-384 ^wJy$c'_NlB{-%*:.Pt;
+ 12 blake2b512 &1e[cY`vch(-pSVY^ZQ7
+ 13 sha512 VjijOAk at C%_ZIhQht>Pg
+ 14 sha3-512 =:+ at xwSf:cn>Mcq1TaBJ
+ 15 aes-128 e40122f7db128d0714c97947dfd9312c
+ 16 aria-128 4d29f0c699b1cd8244be71ee85cc20f0
+ 17 camellia-128 cd6588cc4278f430c7ab57ac06015a19
+ 18 aes-192 cc2da35450866eebd37375b646bc5384412125f00cab94e8
+ 19 aria-192 b0a28c291e248608545d621fef564c2ab7907d72db9b1bc5
+ 20 camellia-192 e2235a1a30378872b7a28fa28114c717beaee78f163740fd
+ 21 aes-256 4872fd4649019190ccb9600cf0d7d6e21068531eafc80d5d377aa5be7edb6c57
+ 22 aria-256 327f630491b008f11578177f8cff0f853a159e099ac2be83e5b7a09d59022452
+ 23 camellia-256 a6b0258e17c018b8acf91f04092a61907a91c97bc54096147f2c6a6df6f16774
+ 24 sm4 c2ae033683fe1188f34454eab1e09f67
+ 25 sha224 271c511127c68f0c520aade3c3ca691352c9c55bcc62676b553f33b6
+ 26 sha3-224 67b843a209849715a56faafd2ad8bc3db434563184bbf6af81818474
+ 27 blake2s256 7e8f97644f4cb8e8041e0d12a260aee16b124cece3c541f44647ce487718f4be
+ 28 sha256 5f60aa9ab115f0f85ec881f08d6f55b9f0ee2f6ad5643a2ef2f4a3e1807eadd5
+ 29 sha3-256 0dc5183aba8a233c858492428c3c4560654c376edcec7d10d4a2153810c57fb8
+ 30 sha384 adaa8221ba060a578536ef46c3534da0f672f8463671b2d2681cbedf5727a2ec
+ 31 sha3-384 519939e44a2e99b1a5c77ba34a8c7e313dcd8262de7f8211265fcb15baa49268
+ 32 blake2b512 434ee92506ba32a9ce7fea6796ab191a91f75f3adb061e6ce997fa916b23ebcf
+ 33 sha512 7b37b67ab3fb6bc962295b91fff79a3a6b91aff3739e7aaeba9afcd194f876c2
+ 34 sha3-512 9a2a59ad41ac993d3501f0001f36efdfee049635ba4624660e14194fe0e45657
+----
+
+Figure 1 shows an atypical symmetric keys file used by the reference
implementation. Each line of the file contains three fields, first
keyno an integer between 1 and 65535, inclusive, representing the
key identifier used in the `server` configuration commands. Next
=====================================
contrib/keygone.py
=====================================
@@ -24,42 +24,42 @@ import stat
import sys
list_md_bad = [
- [16, 'md5'],
+ [16, 16, 'md5'],
- [20, 'sha1'],
- [20, 'rmd160']
+ [20, 16, 'sha1'],
+ [20, 16, 'rmd160']
]
list_md_good = [
- [16, 'sm4'],
+ [16, 16, 'sm4'],
- [28, 'sha224'],
- [28, 'sha3-224'],
+ [28, 16, 'sha224'],
+ [28, 16, 'sha3-224'],
- [32, 'blake2s256'],
- [32, 'sha256'],
- [32, 'sha3-256'],
+ [32, 16, 'blake2s256'],
+ [32, 16, 'sha256'],
+ [32, 16, 'sha3-256'],
- [48, 'sha384'],
- [48, 'sha3-384'],
+ [48, 16, 'sha384'],
+ [48, 16, 'sha3-384'],
- [64, 'blake2b512'],
- [64, 'sha512'],
- [64, 'sha3-512']
+ [64, 16, 'blake2b512'],
+ [64, 16, 'sha512'],
+ [64, 16, 'sha3-512']
]
list_cmac_bad = [
]
list_cmac_good = [
- [16, 'aes-128'],
- [16, 'aria-128'],
- [16, 'camellia-128'],
+ [16, 16, 'aes-128'],
+ [16, 16, 'aria-128'],
+ [16, 16, 'camellia-128'],
- [24, 'aes-192'],
- [24, 'aria-192'],
- [24, 'camellia-192'],
+ [24, 24, 'aes-192'],
+ [24, 24, 'aria-192'],
+ [24, 24, 'camellia-192'],
- [32, 'aes-256'],
- [32, 'aria-256'],
- [32, 'camellia-256'],
+ [32, 32, 'aes-256'],
+ [32, 32, 'aria-256'],
+ [32, 32, 'camellia-256'],
]
@@ -76,7 +76,7 @@ class KeyGone():
'Return a string containing the generated keys.'
_ = ''
for row in self.backing:
- _ += '%d\t%s\t%s\n' % (row, *self.backing[row])
+ _ += '%5d\t%13s\t%s\n' % (row, *self.backing[row])
return _
def to_file(self, oname: str):
@@ -93,14 +93,19 @@ class KeyGone():
os.remove(link) # The symlink() line below matters
os.symlink(oname, link)
- def add(self, algor: str, keys: int, length: int, hexed: bool = False):
+ def add(self, algo: list, keys: int, hexed: bool = False):
'Generate a slew of new keys according to specs.'
+ length, mlength, algor = algo
+ newlength = min(length, 32 if hexed else 20) # Yuck, hardcoded magic
+ if mlength > newlength:
+ sys.stderr.write('"%s" excluded because minimum length %d exceeds truncation %d\n' % (algor, mlength, newlength))
+ return
for _ in range(keys):
- self.backing[self.index] = [algor, self.gen_key(length, hexed)]
+ self.backing[self.index] = [algor, self._gen_key(newlength, hexed)]
self.index += 1
self.index += self.gap
- def gen_key(self, length: int, hexed: bool) -> str:
+ def _gen_key(self, length: int, hexed: bool) -> str:
'Generate a single key.'
if hexed:
return secrets.token_hex(length)
@@ -135,7 +140,8 @@ if __name__ == '__main__':
help='delete algorithm (repeatable) or "everything"')
parser.add_argument('-a', '--add', nargs='+',
help='delete algorithm (repeatable) or "everything"')
- parser.add_argument('-f', '--file', help='Output to a file')
+ parser.add_argument('-f', '--file', help='Output to a file defaults to "ntp.keygone"',
+ default='ntp.keygone')
parser.add_argument(
'-s', '--link', help='create a symlink (requires file)')
parser.add_argument('-c', '--console', action='store_true',
@@ -154,8 +160,8 @@ if __name__ == '__main__':
if args.list:
list_algos()
kg = KeyGone(args.initial, args.gap)
- set_cur = set(map(lambda x: x[1], list_cmac_good + list_md_good))
- set_all = set(map(lambda x: x[1], list_cmac_bad + list_md_bad))
+ set_cur = set(map(lambda x: x[2], list_cmac_good + list_md_good))
+ set_all = set(map(lambda x: x[2], list_cmac_bad + list_md_bad))
set_all.update(set_cur)
if isinstance(args.delete, str):
args.delete = [args.delete]
@@ -203,8 +209,8 @@ if __name__ == '__main__':
if fail:
sys.exit(1)
for algo in algos:
- if algo[1] in set_cur:
- kg.add(algo[1], args.number, algo[0], args.fmt)
+ if algo[2] in set_cur:
+ kg.add(algo, args.number, args.fmt)
if args.file is not None:
if args.link is not None:
kg.do_link(args.file, args.link)
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/967a1beedca23922ee6fbfb705609efab50b42e3...3d7a5ef3414630ba141de425a6eba33b43b0d847
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/967a1beedca23922ee6fbfb705609efab50b42e3...3d7a5ef3414630ba141de425a6eba33b43b0d847
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20210520/8a164837/attachment-0001.htm>
More information about the vc
mailing list