Miroslav Lichvar [Thu, 16 Apr 2020 14:08:43 +0000 (16:08 +0200)]
nts: allow disabling certificate time checks
Add "nocerttimecheck" directive to specify the number of clock updates
that need to be made before the time validation of certificates is
enabled. This makes NTS usable on machines that don't have a RTC.
Miroslav Lichvar [Wed, 15 Apr 2020 09:43:59 +0000 (11:43 +0200)]
nts: enable external management of server keys
If ntsrotate is set to 0, don't generate new server keys and don't save
them to ntsdumpdir. This allows the keys to be managed externally and
shared with other servers.
Miroslav Lichvar [Wed, 15 Apr 2020 14:26:43 +0000 (16:26 +0200)]
ntp: update auth-specific address sooner
When replacing an NTP source, update the NTS address before the NTP
address to save cookies with the old NTP address instead of the newly
resolved address (which may immediately change to an address provided by
NTS-KE).
Include in the key dump file an identifier, the AEAD number, and the
age of the last key to improve robustness and avoid generating a new key
immediately on start.
Also, improve the code that saves and loads the file.
Save the NTS context and cookies to files in the NTS dumpdir when the
client NTS instances are destroyed or the address is changed, and reload
the data to avoid unnecessary NTS-KE requests when chronyd is restarted
or it is switching between different addresses resolved from the NTS-KE
or NTP name.
Miroslav Lichvar [Mon, 30 Mar 2020 16:06:57 +0000 (18:06 +0200)]
nts: refactor NTS context
Add a context structure for the algorithm and keys established by
NTS-KE. Modify the client to save the context and reset the SIV key to
the C2S/S2C key before each request/response instead of keeping two SIV
instances.
This will make it easier for the server to support different algorithms
and allow the client to save the context with cookies to disk.
Miroslav Lichvar [Wed, 25 Mar 2020 16:01:27 +0000 (17:01 +0100)]
nts: rework NTS-KE retry interval
Make the NTS-KE retry interval exponentially increasing, using a factor
provided by the NKE session. Use shorter intervals when the server is
refusing TCP connections or the connection is closed or timing out
before the TLS handshake.
Miroslav Lichvar [Mon, 23 Mar 2020 14:34:08 +0000 (15:34 +0100)]
nts: fix address in server NTS-KE log messages
The server session instances are reused for different clients. Separate
the server name from the label used in log messages and set it on each
start of the session.
Miroslav Lichvar [Thu, 26 Mar 2020 10:51:17 +0000 (11:51 +0100)]
ntp: fix log message for replaced source
When a source was replaced and the new source had the same slot as the
old source, a wrong message was logged. Fix the condition to distinguish
correctly between changed address and port.
Fixes: 9468fd4aa680 ("ntp: allow changing port of source")
Miroslav Lichvar [Wed, 25 Mar 2020 08:12:35 +0000 (09:12 +0100)]
reference: improve check for close leap second
Improve the check to work with the actual timestamp of the leap second
instead of the closest midnight and don't turn it off on the leap
timeout. Also allow sample times to be checked in addition to the system
time and NTP time to avoid accumulation of samples mixing pre-leap and
post-leap timestamps (causing error of +/-0.5 or +/-1.0 seconds).
Miroslav Lichvar [Tue, 24 Mar 2020 14:22:31 +0000 (15:22 +0100)]
socket: simplify receiving messages
Don't require the caller to provide a SCK_Message (on stack). Modify the
SCK_ReceiveMessage*() functions to return a pointer to static buffers,
as the message buffer which SCK_Message points to already is.
Miroslav Lichvar [Mon, 23 Mar 2020 10:34:02 +0000 (11:34 +0100)]
socket: enable port sharing on Linux
On Linux, enable the SO_REUSEPORT option on sockets bound to a port in
order to support load balancing with multiple chronyd instances
(configured to not adjust the system clock).
The IP_FREEBIND option already allowed different instances to bind to
the same address and port, but only one was actually receiving packets.
As the instances don't share their state, sharing the NTP port doesn't
work well with the interleaved mode, symmetric mode, and rate limiting.
Sharing the NTS-KE port will not work until the server keys can be
derived from a shared key.
Earlier versions of macOS do not provide clock_gettime(). This patch
checks for clock_gettime() at run-time and falls back to gettimeofday()
if the symbol is not present.
Miroslav Lichvar [Thu, 12 Mar 2020 09:49:38 +0000 (10:49 +0100)]
reference: update synchronization status more frequently
Update the local clock errors with each update of the leap status to
avoid the kernel marking the clock as unsynchronized when a large
number of NTP samples is dropped.
Miroslav Lichvar [Wed, 11 Mar 2020 16:03:00 +0000 (17:03 +0100)]
sources: update reference leap status early
When a leap second status is updated by a source, don't wait for the
next source selection and full update of the reference. Count votes from
sources that passed the previous selection and update the reference leap
status directly.
This should allow leap seconds to spread quickly even when the
samples are dropped or delayed by the filters.
Miroslav Lichvar [Wed, 11 Mar 2020 14:48:00 +0000 (15:48 +0100)]
sources: separate update of leap status
Remove leap status from the NTP sample and set it independently from
the sample accumulation in order to accept a leap second sooner when
samples are filtered.
Miroslav Lichvar [Wed, 11 Mar 2020 11:20:51 +0000 (12:20 +0100)]
cmdmon: add reset command
The reset command drops all measurements and switches the reference to
the unsynchronised state. This command can help chronyd with recovery
when the measurements are known to be no longer valid or accurate, e.g.
due to moving the computer to a different network, or resuming the
computer from a low-power state (which resets the system clock).
Miroslav Lichvar [Wed, 11 Mar 2020 10:38:24 +0000 (11:38 +0100)]
reference: don't report synchronized status after unknown step
The source handler resets SST instances on an unknown step, which
makes the sources unselectable, but SRC_SelectSource() doesn't call
REF_SetUnsynchronised() when no source is selectable.
Handle the step in the reference handler.
Fixes: 049eae661ae3 ("sources: keep synchronized status with unreachable/unselectable sources")
Miroslav Lichvar [Wed, 11 Mar 2020 07:56:17 +0000 (08:56 +0100)]
sched: provide low-precision monotonic time
Measure the interval since the start in order to provide a monotonic
time for periodical tasks not using timers like driftfile updates, key
refresh, etc. Return the interval in the double format, but keep an
integer remainder limiting the precision to 0.01 second to avoid issues
with very small increments in a long-running process.
Miroslav Lichvar [Tue, 10 Mar 2020 13:02:08 +0000 (14:02 +0100)]
configure: improve nettle and gnutls check
Before enabling NTS, check for more gnutls functions (some added in
3.6.3) to avoid build failures with older gnutls versions. Also, make
sure that nettle supports the new AES interface (added in 3.0).
ntp: ignore onoffline command for unresolved sources
The onoffline command switches an unresolved source to the offline
status, even when the network is already up.
Ignore the onoffline command for unresolved sources to prevent sources
unexpectedly staying in the offline status, e.g. when the command is
issued from a network dispatcher script (and no other call is expected
later when the name is resolved).
Allow the nts and ntsport options to be specified for sources added from
chronyc. This is an incompatible change in the request, but there was no
release using the new REQ_ADD_SOURCE command yet.
Add an option to enable NTS for an NTP source. Check for NTS-specific
extension fields and pass the packets to the NTS-NTP code in order to
enable the NTS client and server.
Miroslav Lichvar [Wed, 21 Aug 2019 12:09:37 +0000 (14:09 +0200)]
siv: add internal implementation based on Nettle
This adds an internal implementation of the AES-SIV-CMAC-256 cipher
based on GNU Nettle and the following patch (which was later reworked
and included in Nettle):
Miroslav Lichvar [Mon, 11 Nov 2019 18:02:30 +0000 (19:02 +0100)]
nameserv: allow concurrent asynchronous requests
Allow multiple resolving threads to be running at the same time in order
to support multiple callers, but use a mutex to avoid sending multiple
requests to the privops helper. This will be needed for the NTS-KE
server negotiation.
Miroslav Lichvar [Sat, 23 Mar 2019 14:49:06 +0000 (15:49 +0100)]
ntp: add function to update source NTP address
This will allow a source to have its address changed due to NTS-KE
server negotiation, which allows the NTS-KE server to have a different
address than the NTP server.
Miroslav Lichvar [Thu, 13 Feb 2020 12:27:23 +0000 (13:27 +0100)]
ntp: allow changing port of source
Modify the replace_source() function to not require a different IP
address when replacing a source with the same address but different
port. This will enable the NTS-KE port negotiation.
ntp: don't accept packets with unexpected authentication
If authentication is not enabled in configuration, responses are not
expected to be authenticated. Handle such responses as having failed
authentication.
A case where this could happen is a misconfigured symmetric association
where only one peer has specified the other with a key. Before this
change synchronization would work in one direction and used packets
with an asymmetric length.
ntp: don't allow long MACs in NTPv4 packets with extension fields
MAC longer than 24 octets in NTPv4 packet is supported only for
compatibility with some pre-RFC7822 chrony versions. They didn't use
any extension fields.
Miroslav Lichvar [Wed, 14 Aug 2019 16:23:45 +0000 (18:23 +0200)]
ntp: refactor authentication
Move most of the authentication-specific code to a new file and
introduce authenticator instances in order to support other
authentication mechanisms (e.g. NTS).
Miroslav Lichvar [Wed, 14 Aug 2019 13:53:17 +0000 (15:53 +0200)]
ntp: rework packet parsing
Rework the code to detect the authentication mode and count extension
fields in the first parsing of the packet and store this information in
the new packet info structure.
Miroslav Lichvar [Mon, 15 Apr 2019 10:48:41 +0000 (12:48 +0200)]
ntp: don't send response longer than request
When sending a response in the server or passive mode, make sure the
response is not longer than the request to prevent amplification
attacks when resposes may contain extension fields (e.g. NTS).
Miroslav Lichvar [Wed, 14 Aug 2019 12:10:28 +0000 (14:10 +0200)]
ntp: add structure with packet info
Add a structure for length and other information about received and
transmitted NTP packets to minimize the number of parameters and avoid
repeated parsing of the packet.