Eric S. Raymond · Eric S. Raymond · 521435e7 · 521435e7 · 521435e7 · 521435e7
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -14,6 +14,7 @@
 #include "ntp_lists.h"
 #include "ntp_stdlib.h"
 #include "ntp_net.h"
+#include "nts.h"

 extern int32_t ntp_random (void);
 extern uint64_t ntp_random64 (void);
@@ -253,6 +254,7 @@ struct peer {
 	uint8_t	cast_flags;	/* additional flags */
 	uint8_t	last_event;	/* last peer error code */
 	uint8_t	num_events;	/* number of error events */
+	struct ntspeer_t nts;	/* per-peer Network Time Security state */

 	/*
 	 * Variables used by reference clock support

--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -420,6 +420,14 @@ extern struct refclock * const refclock_conf[];
 extern const uint8_t	num_refclock_conf;
 #endif

+/* nts.c */
+int nts_client_ke_request(void);
+int nts_server_ke_verify(void);
+int nts_client_ke_verify(struct ntspeer_t *);
+int nts_daily(void);
+int nts_validate(struct parsed_pkt *, struct ntspeer_t *);
+int nts_decorate(uint32_t *, size_t, struct ntspeer_t *);
+
 /* ntp_util.c */
 extern char * refid_dump(refid_t, int);


--- a/include/nts.h
+++ b/include/nts.h
@@ -4,13 +4,14 @@
 #ifndef NTS_H
 #define NTS_H

-struct nts_client_t;
+#define NTS_MAX_COOKIES	8	/* RFC 4.1.6 */
+#define NTS_COOKIELEN	128	/* placeholder - see RFC 6 */

-int nts_client_ke_request(void);
-int nts_server_ke_verify(void);
-int nts_client_ke_verify(struct nts_client_t *);
-int nts_daily(void);
-int nts_validate(struct parsed_pkt *, struct nts_client_t *);
-int nts_decorate(struct parsed_pkt *, struct nts_client_t *);
+/* Client-side state per connection to server */
+struct ntspeer_t {
+    /* we treat an empty cookie string as a sentinel */
+    char cookies[NTS_MAX_COOKIES][NTS_COOKIELEN];
+    int current_cookie;
+};

 #endif	/* NTS_H */
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -394,7 +394,7 @@ interface_dump(const endpt *itf)
 	sockaddr_dump(&itf->mask);
 	printf("name = %s\n", itf->name);
 	printf("flags = 0x%08x\n", itf->flags);
-	printf("addr_refid = %s\n", refid_dump(itf->addr_refid));
+	printf("addr_refid = %s\n", refid_dump(itf->addr_refid, 2));
 	printf("received = %ld\n", itf->received);
 	printf("sent = %ld\n", itf->sent);
 	printf("notsent = %ld\n", itf->notsent);

--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -68,7 +68,6 @@ static inline l_fp_w htonl_fp(l_fp lfp) {
 #define	CLEAR_TO_ZERO(p)	((char *)&((p)->clear_to_zero))
 #define	END_CLEAR_TO_ZERO(p)	((char *)&((p)->end_clear_to_zero))
 #define	LEN_CLEAR_TO_ZERO(p)	(END_CLEAR_TO_ZERO(p) - CLEAR_TO_ZERO(p))
-
 /*
 * traffic shaping parameters
 */
@@ -684,7 +683,7 @@ receive(
 		goto done;
 	}

-/* FIXME: This is lots more cleanup to do in this area. */
+	/* FIXME: This is lots more cleanup to do in this area. */

 	restrict_mask = restrictions(&rbufp->recv_srcadr);

@@ -786,10 +785,18 @@ receive(
 	switch (PKT_MODE(rbufp->pkt.li_vn_mode)) {
 	    case MODE_ACTIVE:  /* remote site using "peer" in config file */
 	    case MODE_CLIENT:  /* Request for us as a server. */
+		if (nts_validate(&rbufp->pkt, NULL) != 0) {
+			stat_count.sys_declined++;
+			break;
+		}
 		handle_fastxmit(rbufp, restrict_mask, auth);
 		stat_count.sys_processed++;
 		break;
-	    case MODE_SERVER:  /* Reply to our request. */
+	    case MODE_SERVER:  /* Reply to our request to a server. */
+		if (peer == NULL || nts_validate(&rbufp->pkt, &peer->nts) != 0) {
+		    stat_count.sys_declined++;
+		    break;
+		}	
 		handle_procpkt(rbufp, peer);
 		stat_count.sys_processed++;
 		peer->processed++;
@@ -2129,6 +2136,8 @@ peer_xmit(
 	xpkt.xmt = htonl_fp(peer->org_rand);	/* out in xmt, back in org */


+	sendlen += nts_decorate(xpkt.exten, sizeof(xpkt.exten), &peer->nts);
+
 	/*
 	 * If the peer (aka server) was configured with a key, authenticate
 	 * the packet.  Else, the packet is not authenticated.
@@ -2286,6 +2295,7 @@ fast_xmit(
 		xpkt.xmt = htonl_fp(xmt_tx);
 	}

+
 #ifdef ENABLE_MSSNTP
 	if (flags & RES_MSSNTP) {
 		keyid_t keyid = 0;
@@ -2295,6 +2305,7 @@ fast_xmit(
 	}
 #endif /* ENABLE_MSSNTP */

+
 	/*
 	 * If the received packet contains a MAC, the transmitted packet
 	 * is authenticated and contains a MAC. If not, the transmitted
@@ -2302,6 +2313,7 @@ fast_xmit(
 	 */
 	sendlen = LEN_PKT_NOMAC;
 	if (NULL == auth) {
+		sendlen += nts_decorate(xpkt.exten, sizeof(xpkt.exten), NULL);
 		sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, &xpkt, (int)sendlen);
 		DPRINT(1, ("transmit: at %u %s->%s mode %d len %zu\n",
 			   current_time, socktoa(&rbufp->dstadr->sin),
@@ -2316,6 +2328,7 @@ fast_xmit(
 	 * cryptosum.
 	 */
 	get_systime(&xmt_tx);
+	sendlen += nts_decorate(xpkt.exten, sizeof(xpkt.exten), NULL);
 	sendlen += (size_t)authencrypt(auth, (uint32_t *)&xpkt, (int)sendlen);
 	sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, &xpkt, (int)sendlen);
 	get_systime(&xmt_ty);

--- a/ntpd/nts.c
+++ b/ntpd/nts.c
@@ -5,7 +5,7 @@
 * https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-15
 *
 * This module exposes mostly functions and structure pointers (not
- * structures) so that the NTS implementation can be sealed off deom
+ * structures) so that the NTS implementation can be sealed off from
 * the rest of the code. It supports both the client and server sides.
 *
 * The exception is client configuration, for which various bits have
@@ -13,18 +13,7 @@
 */
 #include "config.h"
 #include "ntp_types.h"
-#include "ntp.h"
-#include "nts.h"
-
-#define NTS_COOKIES	8	/* RFC 4.1.6 */
-#define NTS_COOKIELEN	128	/* placeholder - see RFC 6 */
-
-/* Client-side state per connection to server */
-struct nts_client_t {
-    /* we treat an empty cookie string as a sentinel */
-    char cookies[NTS_COOKIES][NTS_COOKIELEN];
-    int current_cookie;
-};
+#include "ntpd.h"

 /* By design, there is no per-client-side state on the server */

@@ -71,9 +60,9 @@ int nts_server_ke_verify(void)
 * - Verify server response message
 * - Extract cookie(s). 
 */
-int nts_client_ke_verify(struct nts_client_t *nts_client)
+int nts_client_ke_verify(struct ntspeer_t *ntspeer)
 {
-	UNUSED_ARG(nts_client);
+	UNUSED_ARG(ntspeer);
 	return 0;
 }

@@ -90,27 +79,28 @@ int nts_daily(void)
 /*
 * Extract and validate NTS validation information from packet
 * extension fields in an incoming request or response.  On the server
- * side, the nts_client pointer is expected to be NULL as there is no
- * per-client server state.
+ * side, the ntspeer pointer is expected to be NULL as there is no
+ * per-client server state.  A nonzero return causes the packet to be
+ * discarded.
 */
-int nts_validate(struct parsed_pkt *pkt, struct nts_client_t *nts_client)
+int nts_validate(struct parsed_pkt *pkt, struct ntspeer_t *ntspeer)
 {
 	UNUSED_ARG(pkt);
-	UNUSED_ARG(nts_client);
+	UNUSED_ARG(ntspeer);
 	return 0;
 }

 /*
 * Decorate an outgoing client request or server response with packet
 * extension fields carrying NTS information.  For a server reponse,
- * the nts_client pointer is expected to be NULL as there is no
- * per-client server state.
+ * the ntspeer pointer is expected to be NULL as there is no
+ * per-client server state.  Return the count of words appended.
 */
-int nts_decorate(struct parsed_pkt *pkt, struct nts_client_t *nts_client)
+int nts_decorate(uint32_t *extdata, size_t extlen, struct ntspeer_t *ntspeer)
 {
-	UNUSED_ARG(pkt);
-	UNUSED_ARG(nts_client);
-	return 0;
+	UNUSED_ARG(extdata);
+	UNUSED_ARG(extlen);
+	UNUSED_ARG(ntspeer);
 }

 /* end */