#define NTP_WINDOW 8 /* reachability register size */
#define NTP_SHIFT 8 /* 8 suitable for crystal time base */
#define NTP_MAXKEY 65535 /* maximum authentication key number */
-#define NTP_MINSESSION 10 /* minimum session key list entries */
#define NTP_MAXSESSION 100 /* maximum session key list entries */
#define NTP_AUTOMAX 12 /* log2 default max session key lifetime */
#define KEY_REVOKE 16 /* log2 default key revoke timeout */
#define CRYPTO_AUTO 3 /* autokey values */
#define CRYPTO_PRIV 4 /* cookie value (client/server) */
#define CRYPTO_DH 5 /* Diffie-Hellman value (symmetric) */
+#define CRYPTO_NAME 6 /* host name */
#define CRYPTO_RESP 0x80 /* response */
#define CRYPTO_ERROR 0x40 /* error */
CP_FILTERROR,
#ifdef PUBKEY
CP_PUBLIC,
+ CP_SESKEY,
+ CP_AUTOSEQ,
#endif /* PUBKEY */
0
};
break;
#ifdef PUBKEY
case CP_PUBLIC:
- if (peer->keystr == 0)
+ if (peer->keystr == NULL)
break;
len = strlen(peer->keystr);
ctl_putstr(peer_var[CP_PUBLIC].text, peer->keystr, len);
+ break;
case CP_SESKEY:
- if (peer->pcookie != 0)
+ if (peer->pcookie != NULL)
ctl_puthex(peer_var[CP_SESKEY].text, peer->pcookie);
- if (peer->hcookie != 0)
+ if (peer->hcookie != NULL)
ctl_puthex(peer_var[CP_SASKEY].text, peer->hcookie);
break;
case CP_AUTOSEQ:
- if (peer->keylist != NULL)
+ if (peer->keylist == NULL)
break;
ctl_putint(peer_var[CP_AUTOSEQ].text, peer->recseq);
ctl_putint(peer_var[CP_INITSEQ].text, peer->recauto.seq);
ctl_puthex(peer_var[CP_INITKEY].text, peer->recauto.key);
ctl_putuint(peer_var[CP_INITTSP].text, peer->recauto.tstamp);
+ break;
#endif /* PUBKEY */
}
}
keyid_t cookie; /* private value */
l_fp tstamp; /* NTP timestamp */
u_long ltemp;
- int i, n;
+ int i;
#ifdef PUBKEY
R_SIGNATURE_CTX ctx; /* signature context */
int rval; /* return value */
ltemp = sys_automax;
peer->hcookie = session_key(&peer->dstadr->sin, &peer->srcadr,
0, sys_private, 0);
- n = NTP_MINSESSION;
- if (peer->hmode == MODE_BROADCAST) {
+ if (peer->hmode == MODE_BROADCAST)
cookie = 0;
- n = NTP_MAXSESSION;
-/*
- } else if (peer->hmode == MODE_SERVER) {
- cookie = peer->hcookie;
-*/
- } else {
+ else
+#ifdef PUBKEY
cookie = peer->pcookie;
- }
- for (i = 0; i < n; i++) {
+#else
+ cookie = peer->hcookie ^ peer->pcookie;
+#endif /* PUBKEY */
+ for (i = 0; i < NTP_MAXSESSION; i++) {
peer->keylist[i] = keyid;
peer->keynumber = i;
keyid = session_key(&peer->dstadr->sin, (peer->hmode ==
#ifdef DEBUG
if (debug)
printf(
- "crypto_recv: verify %x autokey %d %08x %u (%u)\n",
- rval, (u_int32)ntohl(pkt[i + 3]),
+ "crypto_recv: verify %x autokey %d %d %08x %u (%u)\n",
+ rval, (u_int32)ntohl(pkt[i + 2]),
+ (u_int32)ntohl(pkt[i + 3]),
(u_int32)ntohl(pkt[i + 4]),
(u_int32)ntohl(pkt[i + 5]),
peer->recauto.tstamp);
* symmetric modes. The verification fails if the
* signature length does not match the modulus length or
* any of the public values or the agreed key is not
- *valid.
+ * valid.
*/
case CRYPTO_DH | CRYPTO_RESP:
temp = ntohl(pkt[i + 2]);
else if (hismode == MODE_CLIENT)
pkeyid = peer->hcookie;
else
+#ifdef PUBKEY
pkeyid = peer->pcookie;
+#else
+ pkeyid = peer->hcookie ^ peer->pcookie;
+#endif /* PUBKEY */
/*
* The session key includes both the public
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_AUTO | CRYPTO_RESP,
peer->hcookie, peer->associd);
+#ifdef PUBKEY
} else if (peer->pcookie == 0) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_DH, peer->hcookie,
peer->assoc);
+#else
+ } else if (peer->pcookie == 0) {
+ sendlen += crypto_xmit((u_int32 *)&xpkt,
+ sendlen, CRYPTO_PRIV, peer->hcookie,
+ peer->assoc);
+#endif /* PUBKEY */
}
if (peer->cmmd != 0) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_PRIV, peer->hcookie,
peer->assoc);
- } else if (peer->recauto.seq == 0 && peer->flags &
- FLAG_MCAST2) {
+ } else if (peer->recauto.seq == 0 &&
+ peer->flags & FLAG_MCAST2) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_AUTO, peer->hcookie,
peer->assoc);