[Git][NTPsec/ntpsec][master] Revert "ntp.ntpc: Fix issue where mac wrapper stops before sending a NUL, '\0'"
Richard Laager (@rlaager)
gitlab at mg.gitlab.com
Mon Apr 25 04:48:56 UTC 2022
Richard Laager pushed to branch master at NTPsec / ntpsec
Commits:
a7ab3cba by Richard Laager at 2022-04-24T23:48:15-05:00
Revert "ntp.ntpc: Fix issue where mac wrapper stops before sending a NUL, '\0'"
This is failing on FreeBSD.
This reverts commit 2bd0054d74a87d0574ff20b9a824ee3bb9269f3e.
- - - - -
3 changed files:
- pylib/ntpc.py
- pylib/packet.py
- tests/pylib/test_packet.py
Changes:
=====================================
pylib/ntpc.py
=====================================
@@ -76,14 +76,14 @@ def checkname(name):
def mac(data, key, name):
"""Compute HMAC or CMAC from data, key, and algorithm name."""
resultlen = ctypes.c_size_t()
- result = (ctypes.c_ubyte * 64)()
+ result = (ctypes.c_char * 64)()
result.value = b'\0' * 64
_ntpc.do_mac.restype = None
_ntpc.do_mac(ntp.poly.polybytes(name),
ntp.poly.polybytes(data), len(data),
ntp.poly.polybytes(key), len(key),
ctypes.byref(result), ctypes.byref(resultlen))
- return (resultlen.value, bytearray(result))
+ return result.value
def setprogname(in_string):
=====================================
pylib/packet.py
=====================================
@@ -1746,9 +1746,9 @@ class Authenticator:
'Create the authentication payload to send'
if not ntp.ntpc.checkname(keytype):
return False
- rlen, mac2 = ntp.ntpc.mac(payload, passwd, keytype)
- mac2 = mac2[:min(len(passwd),MAX_BARE_MAC_LENGTH)]
- if not (mac2 and len(mac2) in (16, 20)):
+ mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
+ ntp.poly.polybytes(passwd), keytype)
+ if not mac2 or len(mac2) == 0:
return b''
return struct.pack("!I", keyid) + mac2
@@ -1772,11 +1772,9 @@ class Authenticator:
(keytype, passwd) = self.passwords[keyid]
if not ntp.ntpc.checkname(keytype):
return False
- len2, mac2 = ntp.ntpc.mac(payload, passwd, keytype)
- mac2 = mac2[:min(len2,MAX_BARE_MAC_LENGTH)] # clip to current standard
- mac2 = bytes(mac2)
- len2 = len(mac2)
- if not mac2 or len2 != len(mac):
+ mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
+ ntp.poly.polybytes(passwd), keytype)
+ if not mac2:
return False
# typically preferred to avoid timing attacks client-side (in theory)
try:
=====================================
tests/pylib/test_packet.py
=====================================
@@ -2115,19 +2115,6 @@ class TestAuthenticator(unittest.TestCase):
self.assertEqual(cls.verify_mac(ntp.poly.polybytes(
ntp.util.hexstr2octets(bad_pkt)), packet_end=48, mac_begin=48), False)
- def test_nul_trunc(self):
- k_type = "aria-128"
- key = ntp.util.hexstr2octets("74a98aedbd555de8016bc61bd3030a5e")
- sample = ntp.util.hexstr2octets("240100eb000000000000005050505300" + \
- "e60c1ccd1a87cb02e60c1cc930725000" + \
- "e60c1cdc4fc6d5bde60c1cdc4fd93178" + \
- "0000006eb30b6d000cdb7aee4a5e15a1" + \
- "607ba83d")
- len2, mac = ntp.ntpc.mac(ntp.poly.polybytes(sample[:48]),
- ntp.poly.polybytes(key), k_type)
- mac1 = ntp.poly.polybytes(sample[52:])
- mac2 = mac[:len2]
- self.assertEqual([len(mac1), mac1], [len(mac2), mac2], 'nulltrunc')
if __name__ == "__main__":
unittest.main()
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/a7ab3cba7abebedfec35a0b95dc60c88b7135755
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/a7ab3cba7abebedfec35a0b95dc60c88b7135755
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20220425/e4383d1a/attachment-0001.htm>
More information about the vc
mailing list