Hi,
Can you please share the test steps to validate AES128CMAC authentication for
NTPv4 ?
Thanks & regards
Shamsher Singh
> On 16-Jun-2021, at 5:30 PM, freebsd-security-request at freebsd.org wrote:
>
> Send freebsd-security mailing list submissions to
> freebsd-security at freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> or, via email, send a message with subject or body 'help' to
> freebsd-security-request at freebsd.org
>
> You can reach the person managing the list at
> freebsd-security-owner at freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
>
>
> Today's Topics:
>
> 1. Re: ntpv4 steps for AES128CMAC authentication (Shamsher singh)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 15 Jun 2021 20:13:10 +0530
> From: Shamsher singh <meetshamsher at gmail.com>
> To: freebsd-security at freebsd.org
> Subject: Re: ntpv4 steps for AES128CMAC authentication
> Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0 at gmail.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
> Just for info the openssl shows below also support in my system:
>
> # openssl -v
> openssl:Error: '-v' is an invalid command.
>
> Standard commands
> asn1parse ca ciphers cms
> crl crl2pkcs7 dgst dh
> dhparam dsa dsaparam ec
> ec ecparam ecparam enc
> engine errstr gendh gendsa
> genpkey genrsa nseq ocsp
> passwd pkcs12 pkcs7 pkcs8
> pkey pkeyparam pkeyutl prime
> rand req rsa rsautl
> s_client s_server s_time sess_id
> smime speed spkac srp
> ts verify version x509
>
> Message Digest commands (see the `dgst' command for more details)
> md2 md4 md5 mdc2
> rmd160 sha sha1
>
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
> aes-256-cbc aes-256-ecb base64 bf
> bf-cbc bf-cfb bf-ecb bf-ofb
> camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
> camellia-256-cbc camellia-256-ecb cast cast-cbc
> cast5-cbc cast5-cfb cast5-ecb cast5-ofb
> des des-cbc des-cfb des-ecb
> des-ede des-ede-cbc des-ede-cfb des-ede-ofb
> des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
> des-ofb des3 desx idea
> idea-cbc idea-cfb idea-ecb idea-ofb
> rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
> rc2-cfb rc2-ecb rc2-ofb rc4
> rc4-40 seed seed-cbc seed-cfb
> seed-ecb seed-ofb zlib
>
>> On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher at
gmail.com> wrote:
>>
>> Hi,
>> I have taken latest NTPv4 from https://www.freshports.org/net/ntp/
<https://www.freshports.org/net/ntp/>
>> I am able to test MD5 and SHA authentication. But not able to test
AES128CMAC.
>>
>> For all test used below parts:
>> Added keys for MD5, SHA1 and AES128MAC
>> Ref: used from http://doc.ntp.org/current-stable/keygen.html
<http://doc.ntp.org/current-stable/keygen.html>
>>
>> Example:
>> 1 MD5 <xyz>
>> 2 SHA1 <Xyz>
>> 3 AES128CMAC <XYZ>
>> ...
>> at /etc/ntp.keys in client and /etc/ntp/keys in server.
>>
>>
>> I am able to see authentication working fine for Md5 and SHA1 using
>> ntpdate -d -a 1 <ntp server ip> --> working fine
>> ntpdate -d -a 2 <ntp server ip> --> working fine
>> ntpdate -d -a 3 <net server ip> --> fails
>>
>> The 1st two passes easily but 3rd one fails for AES128CMAC.
>> It seems i am missing something here to test/validate it.
>>
>> Can you please tell/guide me the steps how can i test it?
>> I am using below NTP version :
>> # ntpd --version
>> ntpd 4.2.8p15 at 1.3728-o <mailto:4.2.8p15 at 1.3728-o> Wed Jun
2 11:00:34 UTC 2021 (1)
>>
>> Thanks & regards
>> Shamsher
>>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
>
>
> ------------------------------
>
> End of freebsd-security Digest, Vol 756, Issue 2
> ************************************************