]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
ntp.h, ntp_crypto.h, ntp_control.c, ntp_crypto.c, ntp_proto.c:
authorHarlan Stenn <stenn@ntp.org>
Thu, 30 Mar 2000 04:49:50 +0000 (04:49 -0000)
committerHarlan Stenn <stenn@ntp.org>
Thu, 30 Mar 2000 04:49:50 +0000 (04:49 -0000)
  More improvements from Dave

bk: 38e2dceeOH-zBa8Pifl3UWE1ce0tPg

include/ntp.h
include/ntp_crypto.h
ntpd/ntp_control.c
ntpd/ntp_crypto.c
ntpd/ntp_proto.c

index 3dc7951238a20423449e0ad911b635e22258e151..87d2202fe25ced2f90348d1628f29561647a40d2 100644 (file)
@@ -107,7 +107,6 @@ typedef char s_char;
 #define        NTP_WINDOW      8       /* reachability register size */
 #define        NTP_SHIFT       8       /* 8 suitable for crystal time base */
 #define        NTP_MAXKEY      65535   /* maximum authentication key number */
-#define NTP_MINSESSION 10      /* minimum session key list entries */
 #define NTP_MAXSESSION 100     /* maximum session key list entries */
 #define NTP_AUTOMAX    12      /* log2 default max session key lifetime */
 #define KEY_REVOKE     16      /* log2 default key revoke timeout */
index 86dc3a3319f1ce7324e924e98ad1440e801352ea..401c3e4c258db9bd8233d7b2fe598aa415881ae4 100644 (file)
@@ -18,6 +18,7 @@
 #define CRYPTO_AUTO    3       /* autokey values */
 #define CRYPTO_PRIV    4       /* cookie value (client/server) */
 #define CRYPTO_DH      5       /* Diffie-Hellman value (symmetric) */
+#define CRYPTO_NAME    6       /* host name */
 #define CRYPTO_RESP    0x80    /* response */
 #define CRYPTO_ERROR   0x40    /* error */
 
index 630d70b53183a94555cc9ecc0608f1335bdc36a4..a880c8b9a6aa3583536f07cd5c4a215d56dbc4a7 100644 (file)
@@ -243,6 +243,8 @@ static u_char def_peer_var[] = {
        CP_FILTERROR,
 #ifdef PUBKEY
        CP_PUBLIC,
+       CP_SESKEY,
+       CP_AUTOSEQ,
 #endif /* PUBKEY */
        0
 };
@@ -1551,25 +1553,27 @@ ctl_putpeer(
                break;
 #ifdef PUBKEY
        case CP_PUBLIC:
-               if (peer->keystr == 0)
+               if (peer->keystr == NULL)
                        break;
                len = strlen(peer->keystr);
                ctl_putstr(peer_var[CP_PUBLIC].text, peer->keystr, len);
+               break;
 
        case CP_SESKEY:
-               if (peer->pcookie != 0)
+               if (peer->pcookie != NULL)
                        ctl_puthex(peer_var[CP_SESKEY].text, peer->pcookie);
-               if (peer->hcookie != 0)
+               if (peer->hcookie != NULL)
                        ctl_puthex(peer_var[CP_SASKEY].text, peer->hcookie);
                break;
 
        case CP_AUTOSEQ:
-               if (peer->keylist != NULL)
+               if (peer->keylist == NULL)
                        break;
                ctl_putint(peer_var[CP_AUTOSEQ].text, peer->recseq);
                ctl_putint(peer_var[CP_INITSEQ].text, peer->recauto.seq);
                ctl_puthex(peer_var[CP_INITKEY].text, peer->recauto.key);
                ctl_putuint(peer_var[CP_INITTSP].text, peer->recauto.tstamp);
+               break;
 #endif /* PUBKEY */
        }
 }
index 008c8e3d67e96d11034fb76e5aaf0de8089c4faa..b8a9ce22021ae3b786deeec56b22b6a134138ae1 100644 (file)
@@ -147,7 +147,7 @@ make_keylist(
        keyid_t cookie;         /* private value */
        l_fp tstamp;            /* NTP timestamp */
        u_long ltemp;
-       int i, n;
+       int i;
 #ifdef PUBKEY
        R_SIGNATURE_CTX ctx;    /* signature context */
        int rval;               /* return value */
@@ -187,18 +187,15 @@ make_keylist(
        ltemp = sys_automax;
        peer->hcookie = session_key(&peer->dstadr->sin, &peer->srcadr,
            0, sys_private, 0);
-       n = NTP_MINSESSION;
-       if (peer->hmode == MODE_BROADCAST) {
+       if (peer->hmode == MODE_BROADCAST)
                cookie = 0;
-               n = NTP_MAXSESSION;
-/*
-       } else if (peer->hmode == MODE_SERVER) {
-               cookie = peer->hcookie;
-*/
-       } else {
+       else
+#ifdef PUBKEY
                cookie = peer->pcookie;
-       }
-       for (i = 0; i < n; i++) {
+#else
+               cookie = peer->hcookie ^ peer->pcookie;
+#endif /* PUBKEY */
+       for (i = 0; i < NTP_MAXSESSION; i++) {
                peer->keylist[i] = keyid;
                peer->keynumber = i;
                keyid = session_key(&peer->dstadr->sin, (peer->hmode ==
@@ -325,8 +322,9 @@ crypto_recv(
 #ifdef DEBUG
                        if (debug)
                                printf(
-                                   "crypto_recv: verify %x autokey %d %08x %u (%u)\n",
-                                   rval, (u_int32)ntohl(pkt[i + 3]),
+                                   "crypto_recv: verify %x autokey %d %d %08x %u (%u)\n",
+                                   rval, (u_int32)ntohl(pkt[i + 2]),
+                                   (u_int32)ntohl(pkt[i + 3]),
                                    (u_int32)ntohl(pkt[i + 4]),
                                    (u_int32)ntohl(pkt[i + 5]),
                                    peer->recauto.tstamp);
@@ -443,7 +441,7 @@ crypto_recv(
                 * symmetric modes. The verification fails if the
                 * signature length does not match the modulus length or
                 * any of the public values or the agreed key is not
-                *valid.
+                * valid.
                 */
                case CRYPTO_DH | CRYPTO_RESP:
                        temp = ntohl(pkt[i + 2]);
index 2e529babfe6760ad209e0d257a6867d811fe8192..7f223f8013187e8a2c55d8fcfb27b9a1742797c3 100644 (file)
@@ -417,7 +417,11 @@ receive(
                        else if (hismode == MODE_CLIENT)
                                pkeyid = peer->hcookie;
                        else
+#ifdef PUBKEY
                                pkeyid = peer->pcookie;
+#else
+                               pkeyid = peer->hcookie ^ peer->pcookie;
+#endif /* PUBKEY */
 
                        /*
                         * The session key includes both the public
@@ -1968,10 +1972,17 @@ peer_xmit(
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_AUTO | CRYPTO_RESP,
                                    peer->hcookie, peer->associd);
+#ifdef PUBKEY
                        } else if (peer->pcookie == 0) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_DH, peer->hcookie,
                                    peer->assoc);
+#else
+                       } else if (peer->pcookie == 0) {
+                               sendlen += crypto_xmit((u_int32 *)&xpkt,
+                                   sendlen, CRYPTO_PRIV, peer->hcookie,
+                                   peer->assoc);
+#endif /* PUBKEY */
                        }
                        if (peer->cmmd != 0) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
@@ -2011,8 +2022,8 @@ peer_xmit(
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_PRIV, peer->hcookie,
                                    peer->assoc);
-                       } else if (peer->recauto.seq == 0 && peer->flags &
-                           FLAG_MCAST2) {
+                       } else if (peer->recauto.seq == 0 &&
+                           peer->flags & FLAG_MCAST2) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_AUTO, peer->hcookie,
                                    peer->assoc);