4 #include "isc/string.h"
14 const struct key *cmp_key,
22 if (cmp_key->key_len > 64)
24 if (pkt_size % 4 != 0)
28 key_type = keytype_from_text(cmp_key->type, NULL);
29 EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
30 EVP_DigestUpdate(&ctx, (const u_char *)cmp_key->key_seq, (u_int)cmp_key->key_len);
31 EVP_DigestUpdate(&ctx, pkt_data, (u_int)pkt_size);
32 EVP_DigestFinal(&ctx, digest, &len);
38 /* Generates a md5 digest of the key specified in keyid concatenated with the
39 * ntp packet (exluding the MAC) and compares this digest to the digest in
40 * the packet's MAC. If they're equal this function returns 1 (packet is
41 * authentic) or else 0 (not authentic).
48 const struct key *cmp_key
54 const u_char *pkt_ptr;
55 if (mac_size > (int)sizeof(digest))
58 hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key,
63 /* isc_tsmemcmp will be better when its easy to link
64 * with. sntp is a 1-shot program, so snooping for
65 * timing attacks is Harder.
67 authentic = !memcmp(digest, pkt_data + pkt_size + 4,
80 if ('0' <= x && x <= '9')
82 else if ('a' <= x && x <= 'f')
84 else if ('A' <= x && x <= 'F')
92 /* Load keys from the specified keyfile into the key structures.
93 * Returns -1 if the reading failed, otherwise it returns the
94 * number of keys it read
102 FILE *keyf = fopen(keyfile, "r");
103 struct key *prev = NULL;
104 int scan_cnt, line_cnt = 0;
110 printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
115 printf("sntp auth_init: Key file %s is empty!\n", keyfile);
120 while (!feof(keyf)) {
125 if (NULL == fgets(kbuf, sizeof(kbuf), keyf))
128 kbuf[sizeof(kbuf) - 1] = '\0';
129 octothorpe = strchr(kbuf, '#');
132 act = emalloc(sizeof(*act));
133 scan_cnt = sscanf(kbuf, "%d %9s %128s", &act->key_id, act->type, keystring);
135 int len = strlen(keystring);
138 memcpy(act->key_seq, keystring, len + 1);
140 } else if ((len & 1) != 0) {
141 goodline = 0; /* it's bad */
145 act->key_len = len >> 1;
146 for (j = 0; j < len; j+=2) {
148 val = (hex_val(keystring[j]) << 4) |
149 hex_val(keystring[j+1]);
151 goodline = 0; /* it's bad */
154 act->key_seq[j>>1] = (char)val;
167 msyslog(LOG_DEBUG, "auth_init: scanf %d items, skipping line %d.",
179 /* Looks for the key with keyid key_id and sets the d_key pointer to the
180 * address of the key. If no matching key is found the pointer is not touched.
192 for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) {
193 if (itr_key->key_id == key_id) {