4 #include "isc/string.h"
5 #include "libssl_compat.h"
15 const struct key *cmp_key,
23 if (cmp_key->key_len > 64)
25 if (pkt_size % 4 != 0)
29 key_type = keytype_from_text(cmp_key->type, NULL);
31 ctx = EVP_MD_CTX_new();
32 EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
33 EVP_DigestUpdate(ctx, (const u_char *)cmp_key->key_seq, (u_int)cmp_key->key_len);
34 EVP_DigestUpdate(ctx, pkt_data, (u_int)pkt_size);
35 EVP_DigestFinal(ctx, digest, &len);
42 /* Generates a md5 digest of the key specified in keyid concatenated with the
43 * ntp packet (exluding the MAC) and compares this digest to the digest in
44 * the packet's MAC. If they're equal this function returns 1 (packet is
45 * authentic) or else 0 (not authentic).
52 const struct key *cmp_key
58 const u_char *pkt_ptr;
59 if (mac_size > (int)sizeof(digest))
62 hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key,
67 /* isc_tsmemcmp will be better when its easy to link
68 * with. sntp is a 1-shot program, so snooping for
69 * timing attacks is Harder.
71 authentic = !memcmp(digest, (const char*)pkt_data + pkt_size + 4,
84 if ('0' <= x && x <= '9')
86 else if ('a' <= x && x <= 'f')
88 else if ('A' <= x && x <= 'F')
96 /* Load keys from the specified keyfile into the key structures.
97 * Returns -1 if the reading failed, otherwise it returns the
98 * number of keys it read
106 FILE *keyf = fopen(keyfile, "r");
107 struct key *prev = NULL;
108 int scan_cnt, line_cnt = 0;
114 printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
119 printf("sntp auth_init: Key file %s is empty!\n", keyfile);
124 while (!feof(keyf)) {
129 if (NULL == fgets(kbuf, sizeof(kbuf), keyf))
132 kbuf[sizeof(kbuf) - 1] = '\0';
133 octothorpe = strchr(kbuf, '#');
136 act = emalloc(sizeof(*act));
137 scan_cnt = sscanf(kbuf, "%d %9s %128s", &act->key_id, act->type, keystring);
139 int len = strlen(keystring);
142 memcpy(act->key_seq, keystring, len + 1);
144 } else if ((len & 1) != 0) {
145 goodline = 0; /* it's bad */
149 act->key_len = len >> 1;
150 for (j = 0; j < len; j+=2) {
152 val = (hex_val(keystring[j]) << 4) |
153 hex_val(keystring[j+1]);
155 goodline = 0; /* it's bad */
158 act->key_seq[j>>1] = (char)val;
171 msyslog(LOG_DEBUG, "auth_init: scanf %d items, skipping line %d.",
183 /* Looks for the key with keyid key_id and sets the d_key pointer to the
184 * address of the key. If no matching key is found the pointer is not touched.
196 for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) {
197 if (itr_key->key_id == key_id) {