git.ipfire.org Git - thirdparty/chrony.git/commit

author	Miroslav Lichvar <mlichvar@redhat.com>
	Mon, 16 Sep 2024 12:15:38 +0000 (14:15 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 26 Sep 2024 10:45:44 +0000 (12:45 +0200)
commit	2adda9c12cae778a7ed37f9e04ce998f6fe5c912
tree	c054adeb3f3a2a8509dc6df51c3632aa83f5d231	tree
parent	113d1134d14e9b5dd8133b934eb853aa7f4f7e38	commit \| diff

nts: construct key exporter context

When the NTS client and server negotiated use of AES-128-GCM-SIV keys,
the keys exported from the TLS session and used for authentication and
encryption of NTP messages do not comply to RFC8915. The exporter
context value specified in the section 5.1 of RFC8915 function is
incorrect. It is a hardcoded string which contains 15 (AES-SIV-CMAC-256)
instead of 30 (AES-128-GCM-SIV). This causes chrony to not interoperate
with NTS implementations that follow RFC8915 correctly. (At this time,
there doesn't seem to be another implementation with AES-128-GCM-SIV
support yet.)

Replace the string with a proper construction of the exporter context
from a specified AEAD ID and next protocol.

Keep using the incorrect AEAD ID for AES-128-GCM-SIV to not break
compatibility with existing chrony servers and clients. A new NTS-KE
record will be added to negotiate the compliant exporter context.

Reported-by: Martin Mayer <martin.mayer@m2-it-solutions.de>

nts_ke.h		diff \| blob \| blame \| history
nts_ke_client.c		diff \| blob \| blame \| history
nts_ke_server.c		diff \| blob \| blame \| history
nts_ke_session.c		diff \| blob \| blame \| history
nts_ke_session.h		diff \| blob \| blame \| history
test/unit/nts_ke_server.c		diff \| blob \| blame \| history
test/unit/nts_ke_session.c		diff \| blob \| blame \| history