[Git][NTPsec/ntpsec][21D11-news] 2 commits: contrib: revise keygone even more.

James Browning (@jamesb_fe80) gitlab at mg.gitlab.com
Thu May 20 18:53:51 UTC 2021



James Browning pushed to branch 21D11-news at NTPsec / ntpsec


Commits:
6909192d by James Browning at 2021-05-14T03:01:34-07:00
contrib: revise keygone even more.


- - - - -
3d7a5ef3 by James Browning at 2021-05-20T18:53:46+00:00
NEWS: add entries and grammar lint. 21E-May17

- - - - -


4 changed files:

- NEWS.adoc
- contrib/keygone-body.adoc
- contrib/keygone.adoc
- contrib/keygone.py


Changes:

=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,20 @@ on user-visible changes.
 
 == Repository Head ==
 
+Update ntpkeygen, keygone and docs to reflect updated keyfile issues.
+
+Print protostats since start of execution for 'ntpq -c sysstats'
+
+Add dextral peers mode in ntpq and ntpmon.
+
+Drop NTPv1 as the support was not RFC compliant, maybe v2 except mode 6 next.
+
+Fix argument P for ntpd parsing fixed and ntpdate improvements.
+
+Fix crash for raw ntpq readvar.
+
+Add processor usage to NTS-KE logging except on NetBSD.
+
 Remove --build-epoch and replace it with arbitrary --build-desc text.
 Passing '--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)' restores the previous
 default extended version.
@@ -20,14 +34,14 @@ The build epoch has been replaced with a hardcoded timestamp which will be
 manually updated every nine years or so (approx 512w).  This makes the
 binaries reproducible by default.
 
-Compare versions of ntp.ntpc and libntpc printing a warning is
+Compare versions of ntp.ntpc and libntpc printing a warning if
 mismatched. Fix libntpc install path if using it.
 
-Reduce maxclocks to 5 to reduce the NTP pool load.
+Reduce maxclocks default to 5 to reduce the NTP pool load.
 
 Print LIBDIR during ./waf configure.
 
-Documentation, new GPG key, and miscellaneous cleanups.
+Add documentation, new GPG key, and other cleanups.
 
 == 2020-10-06: 1.2.0 ==
 


=====================================
contrib/keygone-body.adoc
=====================================
@@ -38,7 +38,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
   delete algorithm (repeatable) or "everything"
 
 +-f+ FILE, +--file+ FILE::
-  Output to a file
+  Output to a file defaults to "ntp.keygone"
 
 +-s+ LINK, +--link+ LINK::
   create a symlink (requires file)
@@ -56,7 +56,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
   gap between subsequent groups (default 0)
 
 +-t+, +--text+::
-  generate text keys (base-95 default)
+  generate text keys (base-92 default)
 
 +-x+, +--hex+::
   generate hexadecimal keys (lowercase base-16)
@@ -121,11 +121,11 @@ Following any headers the keys are entered one per line in the
 format:
 
 [options="header"]
-|====================================================================
+|====
 |Field	| Meaning
 |keyno	| Positive integer in the range 1-65,535
 |type	| Type of key (md5, sha224, aes-128 etc).
 |key	| the actual key, printable ASCII or hex
-|====================================================================
+|====
 
 // end


=====================================
contrib/keygone.adoc
=====================================
@@ -2,13 +2,13 @@
 include::include-html.ad[]
 
 [cols="10%,90%",frame="none",grid="none",style="verse"]
-|==============================
+|====
 |image:pic/alice23.gif[]|
 {millshome}pictures.html[from 'Alice's Adventures in Wonderland', Lewis Carroll]
 
 Alice holds the key.
 
-|==============================
+|====
 
 == Manual Pages
 
@@ -30,11 +30,47 @@ include::keygone-body.adoc[]
 
 // The end of "Cryptographic Data Files" runs into this following text.
 
-image:pic/sx5.gif[]
-
-Figure 1. Typical Symmetric Key File
-
-Figure 1 shows a typical symmetric keys file used by the reference
+.Figure 1. Atypical Symmetric Key File
+----
+# ntpkey_taos.lan.1620985116
+# Fri May 14 09:38:36 2021
+    1         aes-128   Sn0mdtd)-[ecHF}w
+    2        aria-128   EaN>^b3-_2dHX+,\
+    3    camellia-128   o$cO.]TFU{(DE>s,
+    4             sm4   F)jK&L at bU%$Qz at zu
+    5          sha224   bJbF:)G0Ngtcs.t}A&]d
+    6        sha3-224   qav0OY<9w,TK=0TQjkBQ
+    7      blake2s256   q?&^(FNn at a'CrFbHiWKC
+    8          sha256   l4h.|47};\ZgbzpyQF%(
+    9        sha3-256   .LiSr(UX+v(J*ZUcNA}5
+   10          sha384   *s$HZ<+0n*(8(@AiJJ})
+   11        sha3-384   ^wJy$c'_NlB{-%*:.Pt;
+   12      blake2b512   &1e[cY`vch(-pSVY^ZQ7
+   13          sha512   VjijOAk at C%_ZIhQht>Pg
+   14        sha3-512   =:+ at xwSf:cn>Mcq1TaBJ
+   15         aes-128   e40122f7db128d0714c97947dfd9312c
+   16        aria-128   4d29f0c699b1cd8244be71ee85cc20f0
+   17    camellia-128   cd6588cc4278f430c7ab57ac06015a19
+   18         aes-192   cc2da35450866eebd37375b646bc5384412125f00cab94e8
+   19        aria-192   b0a28c291e248608545d621fef564c2ab7907d72db9b1bc5
+   20    camellia-192   e2235a1a30378872b7a28fa28114c717beaee78f163740fd
+   21         aes-256   4872fd4649019190ccb9600cf0d7d6e21068531eafc80d5d377aa5be7edb6c57
+   22        aria-256   327f630491b008f11578177f8cff0f853a159e099ac2be83e5b7a09d59022452
+   23    camellia-256   a6b0258e17c018b8acf91f04092a61907a91c97bc54096147f2c6a6df6f16774
+   24             sm4   c2ae033683fe1188f34454eab1e09f67
+   25          sha224   271c511127c68f0c520aade3c3ca691352c9c55bcc62676b553f33b6
+   26        sha3-224   67b843a209849715a56faafd2ad8bc3db434563184bbf6af81818474
+   27      blake2s256   7e8f97644f4cb8e8041e0d12a260aee16b124cece3c541f44647ce487718f4be
+   28          sha256   5f60aa9ab115f0f85ec881f08d6f55b9f0ee2f6ad5643a2ef2f4a3e1807eadd5
+   29        sha3-256   0dc5183aba8a233c858492428c3c4560654c376edcec7d10d4a2153810c57fb8
+   30          sha384   adaa8221ba060a578536ef46c3534da0f672f8463671b2d2681cbedf5727a2ec
+   31        sha3-384   519939e44a2e99b1a5c77ba34a8c7e313dcd8262de7f8211265fcb15baa49268
+   32      blake2b512   434ee92506ba32a9ce7fea6796ab191a91f75f3adb061e6ce997fa916b23ebcf
+   33          sha512   7b37b67ab3fb6bc962295b91fff79a3a6b91aff3739e7aaeba9afcd194f876c2
+   34        sha3-512   9a2a59ad41ac993d3501f0001f36efdfee049635ba4624660e14194fe0e45657
+----
+
+Figure 1 shows an atypical symmetric keys file used by the reference
 implementation. Each line of the file contains three fields, first
 keyno an integer between 1 and 65535, inclusive, representing the
 key identifier used in the `server` configuration commands. Next


=====================================
contrib/keygone.py
=====================================
@@ -24,42 +24,42 @@ import stat
 import sys
 
 list_md_bad = [
-    [16, 'md5'],
+    [16, 16, 'md5'],
 
-    [20, 'sha1'],
-    [20, 'rmd160']
+    [20, 16, 'sha1'],
+    [20, 16, 'rmd160']
 ]
 list_md_good = [
-    [16, 'sm4'],
+    [16, 16, 'sm4'],
 
-    [28, 'sha224'],
-    [28, 'sha3-224'],
+    [28, 16, 'sha224'],
+    [28, 16, 'sha3-224'],
 
-    [32, 'blake2s256'],
-    [32, 'sha256'],
-    [32, 'sha3-256'],
+    [32, 16, 'blake2s256'],
+    [32, 16, 'sha256'],
+    [32, 16, 'sha3-256'],
 
-    [48, 'sha384'],
-    [48, 'sha3-384'],
+    [48, 16, 'sha384'],
+    [48, 16, 'sha3-384'],
 
-    [64, 'blake2b512'],
-    [64, 'sha512'],
-    [64, 'sha3-512']
+    [64, 16, 'blake2b512'],
+    [64, 16, 'sha512'],
+    [64, 16,  'sha3-512']
 ]
 list_cmac_bad = [
 ]
 list_cmac_good = [
-    [16, 'aes-128'],
-    [16, 'aria-128'],
-    [16, 'camellia-128'],
+    [16, 16, 'aes-128'],
+    [16, 16, 'aria-128'],
+    [16, 16, 'camellia-128'],
 
-    [24, 'aes-192'],
-    [24, 'aria-192'],
-    [24, 'camellia-192'],
+    [24, 24, 'aes-192'],
+    [24, 24, 'aria-192'],
+    [24, 24, 'camellia-192'],
 
-    [32, 'aes-256'],
-    [32, 'aria-256'],
-    [32, 'camellia-256'],
+    [32, 32, 'aes-256'],
+    [32, 32, 'aria-256'],
+    [32, 32, 'camellia-256'],
 ]
 
 
@@ -76,7 +76,7 @@ class KeyGone():
         'Return a string containing the generated keys.'
         _ = ''
         for row in self.backing:
-            _ += '%d\t%s\t%s\n' % (row, *self.backing[row])
+            _ += '%5d\t%13s\t%s\n' % (row, *self.backing[row])
         return _
 
     def to_file(self, oname: str):
@@ -93,14 +93,19 @@ class KeyGone():
             os.remove(link)    # The symlink() line below matters
         os.symlink(oname, link)
 
-    def add(self, algor: str, keys: int, length: int, hexed: bool = False):
+    def add(self, algo: list, keys: int, hexed: bool = False):
         'Generate a slew of new keys according to specs.'
+        length, mlength, algor = algo
+        newlength = min(length, 32 if hexed else 20)  # Yuck, hardcoded magic
+        if mlength > newlength:
+            sys.stderr.write('"%s" excluded because minimum length %d exceeds truncation %d\n' % (algor, mlength, newlength))
+            return
         for _ in range(keys):
-            self.backing[self.index] = [algor, self.gen_key(length, hexed)]
+            self.backing[self.index] = [algor, self._gen_key(newlength, hexed)]
             self.index += 1
         self.index += self.gap
 
-    def gen_key(self, length: int, hexed: bool) -> str:
+    def _gen_key(self, length: int, hexed: bool) -> str:
         'Generate a single key.'
         if hexed:
             return secrets.token_hex(length)
@@ -135,7 +140,8 @@ if __name__ == '__main__':
                         help='delete algorithm (repeatable) or "everything"')
     parser.add_argument('-a', '--add', nargs='+',
                         help='delete algorithm (repeatable) or "everything"')
-    parser.add_argument('-f', '--file', help='Output to a file')
+    parser.add_argument('-f', '--file', help='Output to a file defaults to "ntp.keygone"',
+                        default='ntp.keygone')
     parser.add_argument(
         '-s', '--link', help='create a symlink (requires file)')
     parser.add_argument('-c', '--console', action='store_true',
@@ -154,8 +160,8 @@ if __name__ == '__main__':
     if args.list:
         list_algos()
     kg = KeyGone(args.initial, args.gap)
-    set_cur = set(map(lambda x: x[1], list_cmac_good + list_md_good))
-    set_all = set(map(lambda x: x[1], list_cmac_bad + list_md_bad))
+    set_cur = set(map(lambda x: x[2], list_cmac_good + list_md_good))
+    set_all = set(map(lambda x: x[2], list_cmac_bad + list_md_bad))
     set_all.update(set_cur)
     if isinstance(args.delete, str):
         args.delete = [args.delete]
@@ -203,8 +209,8 @@ if __name__ == '__main__':
     if fail:
         sys.exit(1)
     for algo in algos:
-        if algo[1] in set_cur:
-            kg.add(algo[1], args.number, algo[0], args.fmt)
+        if algo[2] in set_cur:
+            kg.add(algo, args.number, args.fmt)
     if args.file is not None:
         if args.link is not None:
             kg.do_link(args.file, args.link)



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/967a1beedca23922ee6fbfb705609efab50b42e3...3d7a5ef3414630ba141de425a6eba33b43b0d847

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/967a1beedca23922ee6fbfb705609efab50b42e3...3d7a5ef3414630ba141de425a6eba33b43b0d847
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20210520/8a164837/attachment-0001.htm>


More information about the vc mailing list