[Git][NTPsec/ntpsec][master] 13 commits: Update TODO-NTS
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Mon Dec 4 14:44:26 UTC 2023
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
62ee9a8b by Hal Murray at 2023-12-04T01:52:47-08:00
Update TODO-NTS
- - - - -
6a08498f by Hal Murray at 2023-12-04T01:52:47-08:00
Minor cleanup to ntp_filegen, fix Coverity 356204
- - - - -
4e21ea3e by Hal Murray at 2023-12-04T01:52:47-08:00
Hack around const bug in OpenSSL API
cast discards ‘const’ warning from SSL_CTX_set1_groups_list()
https://github.com/openssl/openssl/issues/22535
- - - - -
4cc149a3 by Hal Murray at 2023-12-04T01:55:00-08:00
Add DES and DES3 to list
- - - - -
07231d10 by Hal Murray at 2023-12-04T01:57:14-08:00
Add attic/cipher-find.c
- - - - -
eea06b57 by Hal Murray at 2023-12-04T01:58:08-08:00
log curves used by nts ecdhcurves
- - - - -
ed48d5c4 by Hal Murray at 2023-12-04T02:00:20-08:00
Tweak comment to refer to RFC 9327
- - - - -
08e27afa by Hal Murray at 2023-12-04T02:14:56-08:00
Drop T_Tlsciphers from ntp_parser.y
It wasn't in keyword-gen.c or used by ntp_config.c
or in any of the documentation
- - - - -
42523439 by Hal Murray at 2023-12-04T02:20:56-08:00
Add support for nts tlsecdhcurves to ntp_config
Interesting that nobody had tried it yet.
(It crashed on an ASSERT fail when I tested it.)
- - - - -
1b91d73e by Hal Murray at 2023-12-04T02:28:54-08:00
Add SHA-1 as an alias for SHA1
NIST uses SHA-1 but OpenSSL's crypto package uses SHA1.
- - - - -
f71580d4 by Hal Murray at 2023-12-04T02:51:47-08:00
Add doc for mssntpinfo
- - - - -
05d655cf by Hal Murray at 2023-12-04T02:57:28-08:00
Doc tweaks, mostly for shared keys
- - - - -
1c79d66b by Hal Murray at 2023-12-04T06:40:43-08:00
Update NEWS
- - - - -
17 changed files:
- NEWS.adoc
- + attic/cipher-find.c
- attic/digest-find.c
- attic/wscript
- devel/TODO-NTS
- docs/includes/auth-commands.adoc
- docs/includes/mon-commands.adoc
- docs/includes/ntp.keys-body.adoc
- docs/includes/ntpq-body.adoc
- docs/includes/peerfmt.adoc
- include/ntp_control.h
- include/ntp_filegen.h
- ntpclients/ntpq.py
- ntpd/ntp_config.c
- ntpd/ntp_filegen.c
- ntpd/ntp_parser.y
- ntpd/nts.c
Changes:
=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,15 @@ on user-visible changes.
## Repository Head
+* We think we have fixed ms-sntp but we can't test it.
+ If you can test it, please let us know if it does/doesn't work.
+
+* ntpd and ntpq both treat SHA-1 as an alias for SHA1
+ NIST uses SHA-1. The crypto package from OpenSSL uses SHA1.
+
+* There are now log files with hourly statistics for NTS and
+ NTS-KE traffic: filegen ntsstats and filegen ntskestats,
+
* Update ntpsnmpd to use python built-in to get uname information. NTPsec/ntpsec#791
* Update license file names for REUSE compliance.
=====================================
attic/cipher-find.c
=====================================
@@ -0,0 +1,113 @@
+/*
+ * digest.c - Hack to test various digest types.
+ *
+ * Fedora mentions blake2b and friends. They are in the man page
+ * and header files, but not available via OBJ_sn2n so I assume they
+ * are not interesting and dropped them to reduce clutter.
+ *
+ * If the type column is blank, the OpenSSL package doesn't know
+ * about that digest, maybe because it isn't spelled correctly.
+ *
+ * If the type column is non-blank but the length column is empty,
+ * the library recognizes the type but doesn't support it.
+ *
+ * If the length column is filled in, that's the length of the digest.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/objects.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+#define UNUSED_ARG(arg) ((void)(arg))
+
+const char* ciphers[] = {
+ "AES-128", "AES-192", "AES-256",
+ "DES", "DES3",
+ "ARIA-128", "CAMELLIA-128",
+ NULL };
+
+unsigned char packet[100];
+int
+main (
+ int argc,
+ char *argv[]
+ )
+{
+ UNUSED_ARG(argc);
+ UNUSED_ARG(argv);
+
+#if OPENSSL_VERSION_NUMBER > 0x20000000L
+ EVP_MAC *mac;
+ EVP_MAC_CTX *ctx;
+
+ unsigned int versionNumber = OPENSSL_VERSION_NUMBER;
+ const char *versionText = OPENSSL_VERSION_TEXT;
+ printf("OpenSSL Version is %x, %s\n", versionNumber, versionText);
+
+#if OPENSSL_VERSION_NUMBER > 0x20000000L
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS|OPENSSL_INIT_LOAD_CRYPTO_STRINGS|OPENSSL_INIT_ADD_ALL_CIPHERS|OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+#else
+ OpenSSL_add_all_ciphers();
+#endif
+
+ mac = EVP_MAC_fetch(NULL, "cmac", NULL);
+ if (NULL == mac) {
+ printf("Barf, no mac\n");
+ exit(1);
+ }
+ ctx = EVP_MAC_CTX_new(mac);
+ if (NULL == ctx) {
+ printf("Barf, no ctx\n");
+ exit(2);
+ }
+
+
+ printf(" name keylen maclen\n");
+ for (int i = 0; NULL != ciphers[i]; i++) {
+ unsigned char key[256];
+ char name[100];
+ EVP_CIPHER *cipher;
+ OSSL_PARAM params[2];
+ unsigned int keylen;
+ unsigned int maclen = 0;
+ memset(key, 0, sizeof(key));
+ /* Grump: strlcpy/strlcat don't exist on some systems. */
+ strncpy(name, ciphers[i], sizeof(name)-5);
+ strcat(name, "-CBC");
+ name[sizeof(name)-1] = 0;
+ cipher = EVP_CIPHER_fetch(NULL, name, NULL);
+ if (NULL == cipher) {
+ printf("%16s (no cipher)\n", name);
+ continue;
+ }
+ keylen = EVP_CIPHER_get_key_length(cipher);
+ EVP_CIPHER_free(cipher);
+
+ params[0] = OSSL_PARAM_construct_utf8_string("cipher", name, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ if (0 == EVP_MAC_CTX_set_params(ctx, params)) {
+ printf("%16s (params didn't work)\n", name);
+ continue;
+ }
+
+ /* need to kick it */
+ if (0 == EVP_MAC_init(ctx, key, keylen-3+i, NULL)) {
+ unsigned long err = ERR_get_error();
+ char * str = ERR_error_string(err, NULL);
+ printf("EVP_MAC_init() failed: %s.\n", str);
+ continue;
+ }
+
+
+ maclen = EVP_MAC_CTX_get_mac_size(ctx);
+ printf("%16s %6u %6u\n", name, keylen, maclen);
+ }
+#endif /* OPENSSL_VERSION_NUMBER */
+
+ return 0;
+}
=====================================
attic/digest-find.c
=====================================
@@ -40,6 +40,7 @@ const char* digests[] = {
"RMD160", "RIPEMD160",
"MDC2", "GOST", "DSS1",
"ChaCha20", "Poly1305",
+ "DES", "DES3",
NULL };
unsigned char packet[100];
=====================================
attic/wscript
=====================================
@@ -1,7 +1,8 @@
def build(ctx):
util = [ 'sht',
- 'digest-find', 'clocks', "random",
- 'digest-timing', 'cmac-timing',
+ 'digest-find', 'cipher-find',
+ 'clocks', "random",
+ 'digest-timing', 'cmac-timing', 'exp-timing',
'backwards']
if not ctx.env.DISABLE_NTS:
=====================================
devel/TODO-NTS
=====================================
@@ -1,30 +1,22 @@
-BUGS:
- timeout on client connect too long (system default)
- Is 3 seconds timeout OK? (both client and server)
-
-nts_log_ssl_error() No SSL param ??
- ERR_error_string_n
-
-Hourly logging?
- ntpq get totals vs recent
-
-documentation:
+Documentation:
HOWTO on certificates
glossary: https://letsencrypt.org/docs/glossary/
Startup with bad time
+ Time needs to be close-enough for certificates to work.
+ That's days, not seconds.
+ CMOS/RTC clock is good enough. Until it breaks.
+ Raspberry Pis don't have them.
+ We could disable time checking on certificates for startup.
+ No good start-from-scratch alternative yet.
+ IETF-NTPWG working on RoughTime -- 2023-Dec.
+
+OSCP ??
-? thread per instance on NTS-KE server
+Thread per instance on NTS-KE server
+ When we need it.
Password for certificate's private key and cookie keys file.
Need to get it before daemon mode.
--------
-
-security level
-
-client certificates
-
-Pool/cluster mode
- ?? Ratchet for new cookie key
=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -16,7 +16,7 @@ The following declarations control MAC authentication:
[[trustedkey]]+trustedkey+ _key..._ ::
Specifies the key identifiers which are trusted for the purposes of
- authenticating peers with symmetric key cryptography, as well as keys
+ authenticating servers with symmetric key cryptography, as well as keys
used by the {ntpqman} program.
Multiple keys on the same line should be separated by spaces.
Key ranges can be specified as (first ... last). The spaces around
@@ -24,9 +24,9 @@ The following declarations control MAC authentication:
and trusted keys can also be specified on the command line.
The MAC authentication procedures require that both the local and remote
-servers share the same key and key identifier for this purpose,
-although different keys can be used with different servers.
-The _key_ arguments are 32-bit unsigned integers with values from 1 to
-65,535.
+servers share the same key id, key type, and key text.
+The easiest way to do this is to copy the whole line.
+Different keys should be used for each server-client pair.
+The _key_id_ arguments are integers with values from 1 to 65,535.
// end
=====================================
docs/includes/mon-commands.adoc
=====================================
@@ -392,7 +392,7 @@ Note that this command can be sent from the
number, and a 2-digit month.
|+year+ |One generation file element is generated per year.
The filename suffix consists of a dot and a 4 digit year number.
-|+age+$$ |This type of file generation sets changes to a new element of
+|+age+ |This type of file generation sets changes to a new element of
the file set every 24 hours of server operation. The filename
suffix consists of a dot, the letter _a_, and an 8-digit number.
This number is taken to be the number of seconds the server is
=====================================
docs/includes/ntp.keys-body.adoc
=====================================
@@ -31,24 +31,23 @@ You can get a list from `openssl list -digest-algorithms` or
(As of Jan 2018, they lie. Be sure to try it. {ntpdman} will
print an error on startup if a selected type isn't supported.)
-The following types are widely supported:
------
- md5, sha1, ripemd160, sha224, sha256, sha384, sha512
- aes-128, aes-192, aes-256
------
+AES-128 is recommended by RFC 8573. Most modern CPUs have hardware
+support.
+
+Only the +-CBC+ cipher modes are useful.
+The +-CBC+ is appended to the `type` internally. Do not include it in `type`.
-Only the +-cbc+ cipher modes are useful.
-The +-cbc+ is appended to the `type` internally. Do not include it in `type`.
+AES is an alias for AES-128.
-AES is an abbreviation for aes-128.
+SHA-1 is an alias for SHA1. (NIST uses SHA-1. OpenSSL uses SHA1.)
Note that MD5 was deprecated by RFC 8573 in June of 2019.
-+AES-128+ is currently preferred. The code still supports
-MD5 for backwards compatibility.
++AES-128+ is currently preferred. Most modern CPUs have hardware
+support. Our code still supports MD5 for backwards compatibility.
FIPS 140-2, FIPS 180-4, and/or FIPS 202 may restrict your choices.
If it matters to you, check with your lawyer. (Let us know if you
-find a good reference.)
+find a good reference.) In particular, they don't allow MD5.
The `key` may be printable ASCII excluding "#" or hex encoded.
Keys longer than 20 characters are assumed to be hex. The max
=====================================
docs/includes/ntpq-body.adoc
=====================================
@@ -435,6 +435,11 @@ displayed.
packets can get flagged for inclusion in exception statistics in more
than one way, for example by having both a bad length and an old version.
++mssntpinfo+::
+ Display a summary of the MS-SNTP traffic to a Samba server. This
+ won't work unless the server you are looking at was built with the
+ --enable-mssntp option.
+
+ntsinfo+::
Display a summary of the NTS state, including
both the the NTS client and NTS server components. Note that
=====================================
docs/includes/peerfmt.adoc
=====================================
@@ -5,13 +5,14 @@
|+tally+ |
single-character code indicating current value of the +select+ field
of the link:decode.html#peer[peer status word]
-|+remote+ |host name (or IP number) of peer
+|+remote+ |host name (or IP address) of server
|+refid+ |association ID or link:decode.html#kiss[kiss code]
|+st+ |stratum
|+t+ |
-+u+: unicast or manycast client,
-+l+: local (reference clock), +s+: symmetric (peer), server, +B+:
-broadcast server, 1-8 NTS unicast with this number of cookies stored.
+ +u+: server (u for unicast),
+ +l+: local (reference clock),
+ +p+: Pool name,
+ 1-8 NTS server with this number of cookies stored.
|+when+ |sec/min/hr since last received packet
|+poll+ |poll interval (log~2~ s)
|+reach+ |reach shift register (octal)
@@ -20,6 +21,11 @@ broadcast server, 1-8 NTS unicast with this number of cookies stored.
|+jitter+ |jitter
|=======================================================================
+The +t+ column has strange encodings due to historical use by old code. If you are looking at an old server, you might also see:
+ +s+: symmetric (peer), server,
+ +B+: broadcast server,
+
+
The tally code is one of the following:
[width="80%",cols="10%,90%"]
|==================================================
=====================================
include/ntp_control.h
=====================================
@@ -1,8 +1,9 @@
/*
* ntp_control.h - definitions related to NTP mode 6 control messages
*
- * mode 6 messages are defined in:
- * https://datatracker.ietf.org/doc/draft-ietf-ntp-mode-6-cmds/
+ * mode 6 messages are defined in RFC 9327
+ * Control Messages Protocol for Use with Network Time Protocol Version 4
+ * https://www.rfc-editor.org/rfc/rfc9327.pdf
*
*/
#ifndef GUARD_NTP_CONTROL_H
=====================================
include/ntp_filegen.h
=====================================
@@ -14,13 +14,14 @@
* supported file generation types
*/
+/* FIXME: should be an enum */
#define FILEGEN_NONE 255 /* no generations - use plain file name */
#define FILEGEN_PID 1 /* one filegen per process incarnation */
#define FILEGEN_DAY 2 /* one filegen per day */
#define FILEGEN_WEEK 3 /* one filegen per week */
#define FILEGEN_MONTH 4 /* one filegen per month */
#define FILEGEN_YEAR 5 /* one filegen per year */
-#define FILEGEN_AGE 6 /* change filegen each FG_AGE_SECS */
+#define FILEGEN_AGE 6 /* one filegen per day of uptime */
/*
* supported file generation flags
=====================================
ntpclients/ntpq.py
=====================================
@@ -853,6 +853,8 @@ usage: ntpversion [version number]
self.say("Keytype: %s\n" % self.session.keytype)
elif line.upper() in ['AES', 'AES128CMAC']:
self.session.keytype = 'AES-128'
+ elif line.upper() in ['SHA-1']:
+ self.session.keytype = 'SHA1'
elif not ntp.ntpc.checkname(line.upper()):
self.warn("Keytype %s is not supported by openSSL or ntpq.\n" % line)
else:
=====================================
ntpd/ntp_config.c
=====================================
@@ -1974,6 +1974,10 @@ config_nts(
case T_Tlsciphersuites:
ntsconfig.tlsciphersuites = estrdup(nts->value.s);
break;
+
+ case T_Tlsecdhcurves:
+ ntsconfig.tlsecdhcurves = estrdup(nts->value.s);
+ break;
#endif
}
}
=====================================
ntpd/ntp_filegen.c
=====================================
@@ -133,10 +133,8 @@ filegen_open(
break;
case FILEGEN_PID:
- gen->id_lo = getpid();
- gen->id_hi = 0;
snprintf(suffix, suflen, "%c#%lld",
- SUFFIX_SEP, (long long)gen->id_lo);
+ SUFFIX_SEP, (long long)getpid());
break;
case FILEGEN_DAY:
@@ -348,8 +346,7 @@ filegen_setup(
break;
case FILEGEN_AGE:
- current = (gen->id_lo <= (long)current_time) &&
- (gen->id_hi > (long)current_time);
+ current = true;
break;
case FILEGEN_DAY:
=====================================
ntpd/ntp_parser.y
=====================================
@@ -211,7 +211,6 @@
%token <Integer> T_Time2
%token <Integer> T_Timer
%token <Integer> T_Tinker
-%token <Integer> T_Tlsciphers
%token <Integer> T_Tlsciphersuites
%token <Integer> T_Tlsecdhcurves
%token <Integer> T_Tos
@@ -1144,7 +1143,6 @@ nts_string_option_keyword
| T_Cert
| T_Cookie
| T_Key
- | T_Tlsciphers
| T_Tlsciphersuites
| T_Tlsecdhcurves
| T_Maxtls
=====================================
ntpd/nts.c
=====================================
@@ -209,12 +209,16 @@ bool nts_load_ecdhcurves(SSL_CTX *ctx) {
* We could make a dummy SSL, read the list, then free it.
*/
if (NULL != ntsconfig.tlsecdhcurves) {
- if (1 != SSL_CTX_set1_groups_list(ctx, ntsconfig.tlsecdhcurves)) {
+ /* FIXME -- const bug in OpenSSL */
+ char *copy = estrdup(ntsconfig.tlsecdhcurves);
+ if (1 != SSL_CTX_set1_groups_list(ctx, copy)) {
msyslog(LOG_ERR, "NTS: troubles setting ecdhcurves.");
+ free(copy);
return false;
} else {
- msyslog(LOG_INFO, "NTS: set ecdhcurves.");
+ msyslog(LOG_INFO, "NTS: set ecdhcurves %s.", ntsconfig.tlsecdhcurves);
}
+ free(copy);
}
return true;
}
@@ -310,6 +314,7 @@ int nts_ssl_write(SSL *ssl, uint8_t *buff, int buff_length) {
return bytes_written;
}
+/* Each thread has it's own queue of errors */
void nts_log_ssl_error(void) {
char buff[256];
int err = ERR_get_error();
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/59e305105186dfd59491abc45f0971b92fb9437d...1c79d66b43a5befb62a2795ba8746533ea1ed542
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/59e305105186dfd59491abc45f0971b92fb9437d...1c79d66b43a5befb62a2795ba8746533ea1ed542
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20231204/a14ab814/attachment-0001.htm>
More information about the vc
mailing list