Date: Tue, 15 Jun 2021 20:13:10 +0530 From: Shamsher singh <meetshamsher@gmail.com> To: freebsd-security@freebsd.org Subject: Re: ntpv4 steps for AES128CMAC authentication Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0@gmail.com> In-Reply-To: <9AEAF58B-22F0-4E8E-AA70-DEB6DCCF4344@gmail.com> References: <9AEAF58B-22F0-4E8E-AA70-DEB6DCCF4344@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Just for info the openssl shows below also support in my system: # openssl -v openssl:Error: '-v' is an invalid command. Standard commands asn1parse ca ciphers cms =20= crl crl2pkcs7 dgst dh =20= dhparam dsa dsaparam ec =20= ec ecparam ecparam enc =20= engine errstr gendh gendsa =20= genpkey genrsa nseq ocsp =20= passwd pkcs12 pkcs7 pkcs8 =20= pkey pkeyparam pkeyutl prime =20= rand req rsa rsautl =20= s_client s_server s_time sess_id =20= smime speed spkac srp =20= ts verify version x509 =20= Message Digest commands (see the `dgst' command for more details) md2 md4 md5 mdc2 =20= rmd160 sha sha1 =20 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb =20= aes-256-cbc aes-256-ecb base64 bf =20= bf-cbc bf-cfb bf-ecb bf-ofb =20= camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb =20= camellia-256-cbc camellia-256-ecb cast cast-cbc =20= cast5-cbc cast5-cfb cast5-ecb cast5-ofb =20= des des-cbc des-cfb des-ecb =20= des-ede des-ede-cbc des-ede-cfb des-ede-ofb =20= des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb =20= des-ofb des3 desx idea =20= idea-cbc idea-cfb idea-ecb idea-ofb =20= rc2 rc2-40-cbc rc2-64-cbc rc2-cbc =20= rc2-cfb rc2-ecb rc2-ofb rc4 =20= rc4-40 seed seed-cbc seed-cfb =20= seed-ecb seed-ofb zlib =20 > On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher@gmail.com> = wrote: >=20 > Hi, > I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ = <https://www.freshports.org/net/ntp/>; > I am able to test MD5 and SHA authentication. But not able to test = AES128CMAC. >=20 > For all test used below parts: > Added keys for MD5, SHA1 and AES128MAC=20 > Ref: used from http://doc.ntp.org/current-stable/keygen.html = <http://doc.ntp.org/current-stable/keygen.html>; >=20 > Example: > 1 MD5 <xyz> > 2 SHA1 <Xyz> > 3 AES128CMAC <XYZ> > ... > at /etc/ntp.keys in client and /etc/ntp/keys in server. >=20 >=20 > I am able to see authentication working fine for Md5 and SHA1 using=20 > ntpdate -d -a 1 <ntp server ip> --> working fine > ntpdate -d -a 2 <ntp server ip> --> working fine > ntpdate -d -a 3 <net server ip> --> fails >=20 > The 1st two passes easily but 3rd one fails for AES128CMAC. > It seems i am missing something here to test/validate it. >=20 > Can you please tell/guide me the steps how can i test it? > I am using below NTP version : > # ntpd --version > ntpd 4.2.8p15@1.3728-o <mailto:4.2.8p15@1.3728-o> Wed Jun 2 11:00:34 = UTC 2021 (1) >=20 > Thanks & regards > Shamsher >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0>