From: Harlan Stenn Date: Thu, 30 Mar 2000 04:49:50 +0000 (-0000) Subject: ntp.h, ntp_crypto.h, ntp_control.c, ntp_crypto.c, ntp_proto.c: X-Git-Tag: NTP_4_0_99_J~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ac4e3526dde0a2edef50cf6887b1e71e4509a6f1;p=thirdparty%2Fntp.git ntp.h, ntp_crypto.h, ntp_control.c, ntp_crypto.c, ntp_proto.c: More improvements from Dave bk: 38e2dceeOH-zBa8Pifl3UWE1ce0tPg --- diff --git a/include/ntp.h b/include/ntp.h index 3dc7951238..87d2202fe2 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -107,7 +107,6 @@ typedef char s_char; #define NTP_WINDOW 8 /* reachability register size */ #define NTP_SHIFT 8 /* 8 suitable for crystal time base */ #define NTP_MAXKEY 65535 /* maximum authentication key number */ -#define NTP_MINSESSION 10 /* minimum session key list entries */ #define NTP_MAXSESSION 100 /* maximum session key list entries */ #define NTP_AUTOMAX 12 /* log2 default max session key lifetime */ #define KEY_REVOKE 16 /* log2 default key revoke timeout */ diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index 86dc3a3319..401c3e4c25 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -18,6 +18,7 @@ #define CRYPTO_AUTO 3 /* autokey values */ #define CRYPTO_PRIV 4 /* cookie value (client/server) */ #define CRYPTO_DH 5 /* Diffie-Hellman value (symmetric) */ +#define CRYPTO_NAME 6 /* host name */ #define CRYPTO_RESP 0x80 /* response */ #define CRYPTO_ERROR 0x40 /* error */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 630d70b531..a880c8b9a6 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -243,6 +243,8 @@ static u_char def_peer_var[] = { CP_FILTERROR, #ifdef PUBKEY CP_PUBLIC, + CP_SESKEY, + CP_AUTOSEQ, #endif /* PUBKEY */ 0 }; @@ -1551,25 +1553,27 @@ ctl_putpeer( break; #ifdef PUBKEY case CP_PUBLIC: - if (peer->keystr == 0) + if (peer->keystr == NULL) break; len = strlen(peer->keystr); ctl_putstr(peer_var[CP_PUBLIC].text, peer->keystr, len); + break; case CP_SESKEY: - if (peer->pcookie != 0) + if (peer->pcookie != NULL) ctl_puthex(peer_var[CP_SESKEY].text, peer->pcookie); - if (peer->hcookie != 0) + if (peer->hcookie != NULL) ctl_puthex(peer_var[CP_SASKEY].text, peer->hcookie); break; case CP_AUTOSEQ: - if (peer->keylist != NULL) + if (peer->keylist == NULL) break; ctl_putint(peer_var[CP_AUTOSEQ].text, peer->recseq); ctl_putint(peer_var[CP_INITSEQ].text, peer->recauto.seq); ctl_puthex(peer_var[CP_INITKEY].text, peer->recauto.key); ctl_putuint(peer_var[CP_INITTSP].text, peer->recauto.tstamp); + break; #endif /* PUBKEY */ } } diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 008c8e3d67..b8a9ce2202 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -147,7 +147,7 @@ make_keylist( keyid_t cookie; /* private value */ l_fp tstamp; /* NTP timestamp */ u_long ltemp; - int i, n; + int i; #ifdef PUBKEY R_SIGNATURE_CTX ctx; /* signature context */ int rval; /* return value */ @@ -187,18 +187,15 @@ make_keylist( ltemp = sys_automax; peer->hcookie = session_key(&peer->dstadr->sin, &peer->srcadr, 0, sys_private, 0); - n = NTP_MINSESSION; - if (peer->hmode == MODE_BROADCAST) { + if (peer->hmode == MODE_BROADCAST) cookie = 0; - n = NTP_MAXSESSION; -/* - } else if (peer->hmode == MODE_SERVER) { - cookie = peer->hcookie; -*/ - } else { + else +#ifdef PUBKEY cookie = peer->pcookie; - } - for (i = 0; i < n; i++) { +#else + cookie = peer->hcookie ^ peer->pcookie; +#endif /* PUBKEY */ + for (i = 0; i < NTP_MAXSESSION; i++) { peer->keylist[i] = keyid; peer->keynumber = i; keyid = session_key(&peer->dstadr->sin, (peer->hmode == @@ -325,8 +322,9 @@ crypto_recv( #ifdef DEBUG if (debug) printf( - "crypto_recv: verify %x autokey %d %08x %u (%u)\n", - rval, (u_int32)ntohl(pkt[i + 3]), + "crypto_recv: verify %x autokey %d %d %08x %u (%u)\n", + rval, (u_int32)ntohl(pkt[i + 2]), + (u_int32)ntohl(pkt[i + 3]), (u_int32)ntohl(pkt[i + 4]), (u_int32)ntohl(pkt[i + 5]), peer->recauto.tstamp); @@ -443,7 +441,7 @@ crypto_recv( * symmetric modes. The verification fails if the * signature length does not match the modulus length or * any of the public values or the agreed key is not - *valid. + * valid. */ case CRYPTO_DH | CRYPTO_RESP: temp = ntohl(pkt[i + 2]); diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 2e529babfe..7f223f8013 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -417,7 +417,11 @@ receive( else if (hismode == MODE_CLIENT) pkeyid = peer->hcookie; else +#ifdef PUBKEY pkeyid = peer->pcookie; +#else + pkeyid = peer->hcookie ^ peer->pcookie; +#endif /* PUBKEY */ /* * The session key includes both the public @@ -1968,10 +1972,17 @@ peer_xmit( sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO | CRYPTO_RESP, peer->hcookie, peer->associd); +#ifdef PUBKEY } else if (peer->pcookie == 0) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_DH, peer->hcookie, peer->assoc); +#else + } else if (peer->pcookie == 0) { + sendlen += crypto_xmit((u_int32 *)&xpkt, + sendlen, CRYPTO_PRIV, peer->hcookie, + peer->assoc); +#endif /* PUBKEY */ } if (peer->cmmd != 0) { sendlen += crypto_xmit((u_int32 *)&xpkt, @@ -2011,8 +2022,8 @@ peer_xmit( sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_PRIV, peer->hcookie, peer->assoc); - } else if (peer->recauto.seq == 0 && peer->flags & - FLAG_MCAST2) { + } else if (peer->recauto.seq == 0 && + peer->flags & FLAG_MCAST2) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO, peer->hcookie, peer->assoc);