Commits (2)
......@@ -12,6 +12,20 @@ on user-visible changes.
== Repository Head ==
Update ntpkeygen, keygone and docs to reflect updated keyfile issues.
Print protostats since start of execution for 'ntpq -c sysstats'
Add dextral peers mode in ntpq and ntpmon.
Drop NTPv1 as the support was not RFC compliant, maybe v2 except mode 6 next.
Fix argument P for ntpd parsing fixed and ntpdate improvements.
Fix crash for raw ntpq readvar.
Add processor usage to NTS-KE logging except on NetBSD.
Remove --build-epoch and replace it with arbitrary --build-desc text.
Passing '--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)' restores the previous
default extended version.
......@@ -20,14 +34,14 @@ The build epoch has been replaced with a hardcoded timestamp which will be
manually updated every nine years or so (approx 512w). This makes the
binaries reproducible by default.
Compare versions of ntp.ntpc and libntpc printing a warning is
Compare versions of ntp.ntpc and libntpc printing a warning if
mismatched. Fix libntpc install path if using it.
Reduce maxclocks to 5 to reduce the NTP pool load.
Reduce maxclocks default to 5 to reduce the NTP pool load.
Print LIBDIR during ./waf configure.
Documentation, new GPG key, and miscellaneous cleanups.
Add documentation, new GPG key, and other cleanups.
== 2020-10-06: 1.2.0 ==
......
......@@ -38,7 +38,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
delete algorithm (repeatable) or "everything"
+-f+ FILE, +--file+ FILE::
Output to a file
Output to a file defaults to "ntp.keygone"
+-s+ LINK, +--link+ LINK::
create a symlink (requires file)
......@@ -56,7 +56,7 @@ passwords for the link:ntpq.html[+ntpq+] utility program.
gap between subsequent groups (default 0)
+-t+, +--text+::
generate text keys (base-95 default)
generate text keys (base-92 default)
+-x+, +--hex+::
generate hexadecimal keys (lowercase base-16)
......@@ -121,11 +121,11 @@ Following any headers the keys are entered one per line in the
format:
[options="header"]
|====================================================================
|====
|Field | Meaning
|keyno | Positive integer in the range 1-65,535
|type | Type of key (md5, sha224, aes-128 etc).
|key | the actual key, printable ASCII or hex
|====================================================================
|====
// end
......@@ -2,13 +2,13 @@
include::include-html.ad[]
[cols="10%,90%",frame="none",grid="none",style="verse"]
|==============================
|====
|image:pic/alice23.gif[]|
{millshome}pictures.html[from 'Alice's Adventures in Wonderland', Lewis Carroll]
Alice holds the key.
|==============================
|====
== Manual Pages
......@@ -30,11 +30,47 @@ include::keygone-body.adoc[]
// The end of "Cryptographic Data Files" runs into this following text.
image:pic/sx5.gif[]
Figure 1. Typical Symmetric Key File
Figure 1 shows a typical symmetric keys file used by the reference
.Figure 1. Atypical Symmetric Key File
----
# ntpkey_taos.lan.1620985116
# Fri May 14 09:38:36 2021
1 aes-128 Sn0mdtd)-[ecHF}w
2 aria-128 EaN>^b3-_2dHX+,\
3 camellia-128 o$cO.]TFU{(DE>s,
4 sm4 F)jK&L@bU%$Qz@zu
5 sha224 bJbF:)G0Ngtcs.t}A&]d
6 sha3-224 qav0OY<9w,TK=0TQjkBQ
7 blake2s256 q?&^(FNn@a'CrFbHiWKC
8 sha256 l4h.|47};\ZgbzpyQF%(
9 sha3-256 .LiSr(UX+v(J*ZUcNA}5
10 sha384 *s$HZ<+0n*(8(@AiJJ})
11 sha3-384 ^wJy$c'_NlB{-%*:.Pt;
12 blake2b512 &1e[cY`vch(-pSVY^ZQ7
13 sha512 VjijOAk@C%_ZIhQht>Pg
14 sha3-512 =:+@xwSf:cn>Mcq1TaBJ
15 aes-128 e40122f7db128d0714c97947dfd9312c
16 aria-128 4d29f0c699b1cd8244be71ee85cc20f0
17 camellia-128 cd6588cc4278f430c7ab57ac06015a19
18 aes-192 cc2da35450866eebd37375b646bc5384412125f00cab94e8
19 aria-192 b0a28c291e248608545d621fef564c2ab7907d72db9b1bc5
20 camellia-192 e2235a1a30378872b7a28fa28114c717beaee78f163740fd
21 aes-256 4872fd4649019190ccb9600cf0d7d6e21068531eafc80d5d377aa5be7edb6c57
22 aria-256 327f630491b008f11578177f8cff0f853a159e099ac2be83e5b7a09d59022452
23 camellia-256 a6b0258e17c018b8acf91f04092a61907a91c97bc54096147f2c6a6df6f16774
24 sm4 c2ae033683fe1188f34454eab1e09f67
25 sha224 271c511127c68f0c520aade3c3ca691352c9c55bcc62676b553f33b6
26 sha3-224 67b843a209849715a56faafd2ad8bc3db434563184bbf6af81818474
27 blake2s256 7e8f97644f4cb8e8041e0d12a260aee16b124cece3c541f44647ce487718f4be
28 sha256 5f60aa9ab115f0f85ec881f08d6f55b9f0ee2f6ad5643a2ef2f4a3e1807eadd5
29 sha3-256 0dc5183aba8a233c858492428c3c4560654c376edcec7d10d4a2153810c57fb8
30 sha384 adaa8221ba060a578536ef46c3534da0f672f8463671b2d2681cbedf5727a2ec
31 sha3-384 519939e44a2e99b1a5c77ba34a8c7e313dcd8262de7f8211265fcb15baa49268
32 blake2b512 434ee92506ba32a9ce7fea6796ab191a91f75f3adb061e6ce997fa916b23ebcf
33 sha512 7b37b67ab3fb6bc962295b91fff79a3a6b91aff3739e7aaeba9afcd194f876c2
34 sha3-512 9a2a59ad41ac993d3501f0001f36efdfee049635ba4624660e14194fe0e45657
----
Figure 1 shows an atypical symmetric keys file used by the reference
implementation. Each line of the file contains three fields, first
keyno an integer between 1 and 65535, inclusive, representing the
key identifier used in the `server` configuration commands. Next
......
......@@ -24,42 +24,42 @@ import stat
import sys
list_md_bad = [
[16, 'md5'],
[16, 16, 'md5'],
[20, 'sha1'],
[20, 'rmd160']
[20, 16, 'sha1'],
[20, 16, 'rmd160']
]
list_md_good = [
[16, 'sm4'],
[16, 16, 'sm4'],
[28, 'sha224'],
[28, 'sha3-224'],
[28, 16, 'sha224'],
[28, 16, 'sha3-224'],
[32, 'blake2s256'],
[32, 'sha256'],
[32, 'sha3-256'],
[32, 16, 'blake2s256'],
[32, 16, 'sha256'],
[32, 16, 'sha3-256'],
[48, 'sha384'],
[48, 'sha3-384'],
[48, 16, 'sha384'],
[48, 16, 'sha3-384'],
[64, 'blake2b512'],
[64, 'sha512'],
[64, 'sha3-512']
[64, 16, 'blake2b512'],
[64, 16, 'sha512'],
[64, 16, 'sha3-512']
]
list_cmac_bad = [
]
list_cmac_good = [
[16, 'aes-128'],
[16, 'aria-128'],
[16, 'camellia-128'],
[16, 16, 'aes-128'],
[16, 16, 'aria-128'],
[16, 16, 'camellia-128'],
[24, 'aes-192'],
[24, 'aria-192'],
[24, 'camellia-192'],
[24, 24, 'aes-192'],
[24, 24, 'aria-192'],
[24, 24, 'camellia-192'],
[32, 'aes-256'],
[32, 'aria-256'],
[32, 'camellia-256'],
[32, 32, 'aes-256'],
[32, 32, 'aria-256'],
[32, 32, 'camellia-256'],
]
......@@ -76,7 +76,7 @@ class KeyGone():
'Return a string containing the generated keys.'
_ = ''
for row in self.backing:
_ += '%d\t%s\t%s\n' % (row, *self.backing[row])
_ += '%5d\t%13s\t%s\n' % (row, *self.backing[row])
return _
def to_file(self, oname: str):
......@@ -93,14 +93,19 @@ class KeyGone():
os.remove(link) # The symlink() line below matters
os.symlink(oname, link)
def add(self, algor: str, keys: int, length: int, hexed: bool = False):
def add(self, algo: list, keys: int, hexed: bool = False):
'Generate a slew of new keys according to specs.'
length, mlength, algor = algo
newlength = min(length, 32 if hexed else 20) # Yuck, hardcoded magic
if mlength > newlength:
sys.stderr.write('"%s" excluded because minimum length %d exceeds truncation %d\n' % (algor, mlength, newlength))
return
for _ in range(keys):
self.backing[self.index] = [algor, self.gen_key(length, hexed)]
self.backing[self.index] = [algor, self._gen_key(newlength, hexed)]
self.index += 1
self.index += self.gap
def gen_key(self, length: int, hexed: bool) -> str:
def _gen_key(self, length: int, hexed: bool) -> str:
'Generate a single key.'
if hexed:
return secrets.token_hex(length)
......@@ -135,7 +140,8 @@ if __name__ == '__main__':
help='delete algorithm (repeatable) or "everything"')
parser.add_argument('-a', '--add', nargs='+',
help='delete algorithm (repeatable) or "everything"')
parser.add_argument('-f', '--file', help='Output to a file')
parser.add_argument('-f', '--file', help='Output to a file defaults to "ntp.keygone"',
default='ntp.keygone')
parser.add_argument(
'-s', '--link', help='create a symlink (requires file)')
parser.add_argument('-c', '--console', action='store_true',
......@@ -154,8 +160,8 @@ if __name__ == '__main__':
if args.list:
list_algos()
kg = KeyGone(args.initial, args.gap)
set_cur = set(map(lambda x: x[1], list_cmac_good + list_md_good))
set_all = set(map(lambda x: x[1], list_cmac_bad + list_md_bad))
set_cur = set(map(lambda x: x[2], list_cmac_good + list_md_good))
set_all = set(map(lambda x: x[2], list_cmac_bad + list_md_bad))
set_all.update(set_cur)
if isinstance(args.delete, str):
args.delete = [args.delete]
......@@ -203,8 +209,8 @@ if __name__ == '__main__':
if fail:
sys.exit(1)
for algo in algos:
if algo[1] in set_cur:
kg.add(algo[1], args.number, algo[0], args.fmt)
if algo[2] in set_cur:
kg.add(algo, args.number, args.fmt)
if args.file is not None:
if args.link is not None:
kg.do_link(args.file, args.link)
......