Date: Tue, 15 Jun 2021 20:13:10 +0530 From: Shamsher singh <meetshamsher@gmail.com> To: freebsd-security@freebsd.org Subject: Re: ntpv4 steps for AES128CMAC authentication Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0@gmail.com> In-Reply-To: <9AEAF58B-22F0-4E8E-AA70-DEB6DCCF4344@gmail.com>
index | next in thread | previous in thread | raw e-mail
Hi, Just for info the openssl shows below also support in my system: # openssl -v openssl:Error: '-v' is an invalid command. Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ec ecparam ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp ts verify version x509 Message Digest commands (see the `dgst' command for more details) md2 md4 md5 mdc2 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 seed seed-cbc seed-cfb seed-ecb seed-ofb zlib > On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher@gmail.com> wrote: > > Hi, > I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ <https://www.freshports.org/net/ntp/>; > I am able to test MD5 and SHA authentication. But not able to test AES128CMAC. > > For all test used below parts: > Added keys for MD5, SHA1 and AES128MAC > Ref: used from http://doc.ntp.org/current-stable/keygen.html <http://doc.ntp.org/current-stable/keygen.html>; > > Example: > 1 MD5 <xyz> > 2 SHA1 <Xyz> > 3 AES128CMAC <XYZ> > ... > at /etc/ntp.keys in client and /etc/ntp/keys in server. > > > I am able to see authentication working fine for Md5 and SHA1 using > ntpdate -d -a 1 <ntp server ip> --> working fine > ntpdate -d -a 2 <ntp server ip> --> working fine > ntpdate -d -a 3 <net server ip> --> fails > > The 1st two passes easily but 3rd one fails for AES128CMAC. > It seems i am missing something here to test/validate it. > > Can you please tell/guide me the steps how can i test it? > I am using below NTP version : > # ntpd --version > ntpd 4.2.8p15@1.3728-o <mailto:4.2.8p15@1.3728-o> Wed Jun 2 11:00:34 UTC 2021 (1) > > Thanks & regards > Shamsher >help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0>