[Git][NTPsec/ntpsec][master] Revert "ntp.ntpc: Fix issue where mac wrapper stops before sending a NUL, '\0'"

Richard Laager (@rlaager) gitlab at mg.gitlab.com
Mon Apr 25 04:48:56 UTC 2022



Richard Laager pushed to branch master at NTPsec / ntpsec


Commits:
a7ab3cba by Richard Laager at 2022-04-24T23:48:15-05:00
Revert "ntp.ntpc: Fix issue where mac wrapper stops before sending a NUL, '\0'"

This is failing on FreeBSD.

This reverts commit 2bd0054d74a87d0574ff20b9a824ee3bb9269f3e.

- - - - -


3 changed files:

- pylib/ntpc.py
- pylib/packet.py
- tests/pylib/test_packet.py


Changes:

=====================================
pylib/ntpc.py
=====================================
@@ -76,14 +76,14 @@ def checkname(name):
 def mac(data, key, name):
     """Compute HMAC or CMAC from data, key, and algorithm name."""
     resultlen = ctypes.c_size_t()
-    result = (ctypes.c_ubyte * 64)()
+    result = (ctypes.c_char * 64)()
     result.value = b'\0' * 64
     _ntpc.do_mac.restype = None
     _ntpc.do_mac(ntp.poly.polybytes(name),
                  ntp.poly.polybytes(data), len(data),
                  ntp.poly.polybytes(key), len(key),
                  ctypes.byref(result), ctypes.byref(resultlen))
-    return (resultlen.value, bytearray(result))
+    return result.value
 
 
 def setprogname(in_string):


=====================================
pylib/packet.py
=====================================
@@ -1746,9 +1746,9 @@ class Authenticator:
         'Create the authentication payload to send'
         if not ntp.ntpc.checkname(keytype):
             return False
-        rlen, mac2 = ntp.ntpc.mac(payload, passwd, keytype)
-        mac2 = mac2[:min(len(passwd),MAX_BARE_MAC_LENGTH)]
-        if not (mac2 and len(mac2) in (16, 20)):
+        mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
+                            ntp.poly.polybytes(passwd), keytype)
+        if not mac2 or len(mac2) == 0:
             return b''
         return struct.pack("!I", keyid) + mac2
 
@@ -1772,11 +1772,9 @@ class Authenticator:
         (keytype, passwd) = self.passwords[keyid]
         if not ntp.ntpc.checkname(keytype):
             return False
-        len2, mac2 = ntp.ntpc.mac(payload, passwd, keytype)
-        mac2 = mac2[:min(len2,MAX_BARE_MAC_LENGTH)] # clip to current standard
-        mac2 = bytes(mac2)
-        len2 = len(mac2)
-        if not mac2 or len2 != len(mac):
+        mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
+                            ntp.poly.polybytes(passwd), keytype)
+        if not mac2:
             return False
         # typically preferred to avoid timing attacks client-side (in theory)
         try:


=====================================
tests/pylib/test_packet.py
=====================================
@@ -2115,19 +2115,6 @@ class TestAuthenticator(unittest.TestCase):
         self.assertEqual(cls.verify_mac(ntp.poly.polybytes(
             ntp.util.hexstr2octets(bad_pkt)), packet_end=48, mac_begin=48), False)
 
-    def test_nul_trunc(self):
-        k_type = "aria-128"
-        key = ntp.util.hexstr2octets("74a98aedbd555de8016bc61bd3030a5e")
-        sample = ntp.util.hexstr2octets("240100eb000000000000005050505300" + \
-            "e60c1ccd1a87cb02e60c1cc930725000" + \
-            "e60c1cdc4fc6d5bde60c1cdc4fd93178" + \
-            "0000006eb30b6d000cdb7aee4a5e15a1" + \
-            "607ba83d")
-        len2, mac = ntp.ntpc.mac(ntp.poly.polybytes(sample[:48]),
-                            ntp.poly.polybytes(key), k_type)
-        mac1 = ntp.poly.polybytes(sample[52:])
-        mac2 = mac[:len2]
-        self.assertEqual([len(mac1), mac1], [len(mac2), mac2], 'nulltrunc')
 
 if __name__ == "__main__":
     unittest.main()



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/a7ab3cba7abebedfec35a0b95dc60c88b7135755

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/a7ab3cba7abebedfec35a0b95dc60c88b7135755
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20220425/e4383d1a/attachment-0001.htm>


More information about the vc mailing list