Date: Mon, 21 Jun 2021 12:04:24 +0530 From: Shamsher singh <meetshamsher@gmail.com> To: freebsd-security@freebsd.org Subject: Re: NTPv4 steps for AES128CMAC authentication Message-ID: <3FC5588E-5FC8-4043-A269-82F9C6249353@gmail.com> In-Reply-To: <mailman.9.1623844800.39628.freebsd-security@freebsd.org>
index | next in thread | previous in thread | raw e-mail
Hi, Can you please share the test steps to validate AES128CMAC authentication for NTPv4 ? Thanks & regards Shamsher Singh > On 16-Jun-2021, at 5:30 PM, freebsd-security-request@freebsd.org wrote: > > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. Re: ntpv4 steps for AES128CMAC authentication (Shamsher singh) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 15 Jun 2021 20:13:10 +0530 > From: Shamsher singh <meetshamsher@gmail.com> > To: freebsd-security@freebsd.org > Subject: Re: ntpv4 steps for AES128CMAC authentication > Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0@gmail.com> > Content-Type: text/plain; charset=us-ascii > > Hi, > Just for info the openssl shows below also support in my system: > > # openssl -v > openssl:Error: '-v' is an invalid command. > > Standard commands > asn1parse ca ciphers cms > crl crl2pkcs7 dgst dh > dhparam dsa dsaparam ec > ec ecparam ecparam enc > engine errstr gendh gendsa > genpkey genrsa nseq ocsp > passwd pkcs12 pkcs7 pkcs8 > pkey pkeyparam pkeyutl prime > rand req rsa rsautl > s_client s_server s_time sess_id > smime speed spkac srp > ts verify version x509 > > Message Digest commands (see the `dgst' command for more details) > md2 md4 md5 mdc2 > rmd160 sha sha1 > > Cipher commands (see the `enc' command for more details) > aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb > aes-256-cbc aes-256-ecb base64 bf > bf-cbc bf-cfb bf-ecb bf-ofb > camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb > camellia-256-cbc camellia-256-ecb cast cast-cbc > cast5-cbc cast5-cfb cast5-ecb cast5-ofb > des des-cbc des-cfb des-ecb > des-ede des-ede-cbc des-ede-cfb des-ede-ofb > des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb > des-ofb des3 desx idea > idea-cbc idea-cfb idea-ecb idea-ofb > rc2 rc2-40-cbc rc2-64-cbc rc2-cbc > rc2-cfb rc2-ecb rc2-ofb rc4 > rc4-40 seed seed-cbc seed-cfb > seed-ecb seed-ofb zlib > >> On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher@gmail.com> wrote: >> >> Hi, >> I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ <https://www.freshports.org/net/ntp/>; >> I am able to test MD5 and SHA authentication. But not able to test AES128CMAC. >> >> For all test used below parts: >> Added keys for MD5, SHA1 and AES128MAC >> Ref: used from http://doc.ntp.org/current-stable/keygen.html <http://doc.ntp.org/current-stable/keygen.html>; >> >> Example: >> 1 MD5 <xyz> >> 2 SHA1 <Xyz> >> 3 AES128CMAC <XYZ> >> ... >> at /etc/ntp.keys in client and /etc/ntp/keys in server. >> >> >> I am able to see authentication working fine for Md5 and SHA1 using >> ntpdate -d -a 1 <ntp server ip> --> working fine >> ntpdate -d -a 2 <ntp server ip> --> working fine >> ntpdate -d -a 3 <net server ip> --> fails >> >> The 1st two passes easily but 3rd one fails for AES128CMAC. >> It seems i am missing something here to test/validate it. >> >> Can you please tell/guide me the steps how can i test it? >> I am using below NTP version : >> # ntpd --version >> ntpd 4.2.8p15@1.3728-o <mailto:4.2.8p15@1.3728-o> Wed Jun 2 11:00:34 UTC 2021 (1) >> >> Thanks & regards >> Shamsher >> > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > ------------------------------ > > End of freebsd-security Digest, Vol 756, Issue 2 > ************************************************home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FC5588E-5FC8-4043-A269-82F9C6249353>