Date: Mon, 21 Jun 2021 12:04:24 +0530 From: Shamsher singh <meetshamsher@gmail.com> To: freebsd-security@freebsd.org Subject: Re: NTPv4 steps for AES128CMAC authentication Message-ID: <3FC5588E-5FC8-4043-A269-82F9C6249353@gmail.com> In-Reply-To: <mailman.9.1623844800.39628.freebsd-security@freebsd.org> References: <mailman.9.1623844800.39628.freebsd-security@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Can you please share the test steps to validate AES128CMAC = authentication for NTPv4 ? Thanks & regards Shamsher Singh > On 16-Jun-2021, at 5:30 PM, freebsd-security-request@freebsd.org = wrote: >=20 > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org >=20 > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org >=20 > You can reach the person managing the list at > freebsd-security-owner@freebsd.org >=20 > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." >=20 >=20 > Today's Topics: >=20 > 1. Re: ntpv4 steps for AES128CMAC authentication (Shamsher singh) >=20 >=20 > ---------------------------------------------------------------------- >=20 > Message: 1 > Date: Tue, 15 Jun 2021 20:13:10 +0530 > From: Shamsher singh <meetshamsher@gmail.com> > To: freebsd-security@freebsd.org > Subject: Re: ntpv4 steps for AES128CMAC authentication > Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0@gmail.com> > Content-Type: text/plain; charset=3Dus-ascii >=20 > Hi, > Just for info the openssl shows below also support in my system: >=20 > # openssl -v > openssl:Error: '-v' is an invalid command. >=20 > Standard commands > asn1parse ca ciphers cms = =20 > crl crl2pkcs7 dgst dh = =20 > dhparam dsa dsaparam ec = =20 > ec ecparam ecparam enc = =20 > engine errstr gendh gendsa = =20 > genpkey genrsa nseq ocsp = =20 > passwd pkcs12 pkcs7 pkcs8 = =20 > pkey pkeyparam pkeyutl prime = =20 > rand req rsa rsautl = =20 > s_client s_server s_time sess_id = =20 > smime speed spkac srp = =20 > ts verify version x509 = =20 >=20 > Message Digest commands (see the `dgst' command for more details) > md2 md4 md5 mdc2 = =20 > rmd160 sha sha1 =20 >=20 > Cipher commands (see the `enc' command for more details) > aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb = =20 > aes-256-cbc aes-256-ecb base64 bf = =20 > bf-cbc bf-cfb bf-ecb bf-ofb = =20 > camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb = =20 > camellia-256-cbc camellia-256-ecb cast cast-cbc = =20 > cast5-cbc cast5-cfb cast5-ecb cast5-ofb = =20 > des des-cbc des-cfb des-ecb = =20 > des-ede des-ede-cbc des-ede-cfb des-ede-ofb = =20 > des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb = =20 > des-ofb des3 desx idea = =20 > idea-cbc idea-cfb idea-ecb idea-ofb = =20 > rc2 rc2-40-cbc rc2-64-cbc rc2-cbc = =20 > rc2-cfb rc2-ecb rc2-ofb rc4 = =20 > rc4-40 seed seed-cbc seed-cfb = =20 > seed-ecb seed-ofb zlib =20 >=20 >> On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher@gmail.com> = wrote: >>=20 >> Hi, >> I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ = <https://www.freshports.org/net/ntp/>; >> I am able to test MD5 and SHA authentication. But not able to test = AES128CMAC. >>=20 >> For all test used below parts: >> Added keys for MD5, SHA1 and AES128MAC=20 >> Ref: used from http://doc.ntp.org/current-stable/keygen.html = <http://doc.ntp.org/current-stable/keygen.html>; >>=20 >> Example: >> 1 MD5 <xyz> >> 2 SHA1 <Xyz> >> 3 AES128CMAC <XYZ> >> ... >> at /etc/ntp.keys in client and /etc/ntp/keys in server. >>=20 >>=20 >> I am able to see authentication working fine for Md5 and SHA1 using=20= >> ntpdate -d -a 1 <ntp server ip> --> working fine >> ntpdate -d -a 2 <ntp server ip> --> working fine >> ntpdate -d -a 3 <net server ip> --> fails >>=20 >> The 1st two passes easily but 3rd one fails for AES128CMAC. >> It seems i am missing something here to test/validate it. >>=20 >> Can you please tell/guide me the steps how can i test it? >> I am using below NTP version : >> # ntpd --version >> ntpd 4.2.8p15@1.3728-o <mailto:4.2.8p15@1.3728-o> Wed Jun 2 11:00:34 = UTC 2021 (1) >>=20 >> Thanks & regards >> Shamsher >>=20 >=20 >=20 >=20 > ------------------------------ >=20 > Subject: Digest Footer >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" >=20 >=20 > ------------------------------ >=20 > End of freebsd-security Digest, Vol 756, Issue 2 > ************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FC5588E-5FC8-4043-A269-82F9C6249353>