keys: add support for checking truncated MACs
This commit is contained in:
Miroslav Lichvar
parent
2f5b4aea91
commit
38c4a7ff97
3 changed files with 10 additions and 8 deletions
12
keys.c
12
keys.c
|
|
@ -350,12 +350,14 @@ generate_ntp_auth(int hash_id, const unsigned char *key, int key_len,
|
|||
static int
|
||||
check_ntp_auth(int hash_id, const unsigned char *key, int key_len,
|
||||
const unsigned char *data, int data_len,
|
||||
const unsigned char *auth, int auth_len)
|
||||
const unsigned char *auth, int auth_len, int trunc_len)
|
||||
{
|
||||
unsigned char buf[MAX_HASH_LENGTH];
|
||||
int hash_len;
|
||||
|
||||
return generate_ntp_auth(hash_id, key, key_len, data, data_len,
|
||||
buf, sizeof (buf)) == auth_len && !memcmp(buf, auth, auth_len);
|
||||
hash_len = generate_ntp_auth(hash_id, key, key_len, data, data_len, buf, sizeof (buf));
|
||||
|
||||
return MIN(hash_len, trunc_len) == auth_len && !memcmp(buf, auth, auth_len);
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
|
@ -379,7 +381,7 @@ KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len,
|
|||
|
||||
int
|
||||
KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
|
||||
const unsigned char *auth, int auth_len)
|
||||
const unsigned char *auth, int auth_len, int trunc_len)
|
||||
{
|
||||
Key *key;
|
||||
|
||||
|
|
@ -389,5 +391,5 @@ KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
|
|||
return 0;
|
||||
|
||||
return check_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len,
|
||||
data, data_len, auth, auth_len);
|
||||
data, data_len, auth, auth_len, trunc_len);
|
||||
}
|
||||
|
|
|
|||
4
keys.h
4
keys.h
|
|
@ -41,7 +41,7 @@ extern int KEY_CheckKeyLength(uint32_t key_id);
|
|||
|
||||
extern int KEY_GenerateAuth(uint32_t key_id, const unsigned char *data,
|
||||
int data_len, unsigned char *auth, int auth_len);
|
||||
extern int KEY_CheckAuth(uint32_t key_id, const unsigned char *data,
|
||||
int data_len, const unsigned char *auth, int auth_len);
|
||||
extern int KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
|
||||
const unsigned char *auth, int auth_len, int trunc_len);
|
||||
|
||||
#endif /* GOT_KEYS_H */
|
||||
|
|
|
|||
|
|
@ -1181,7 +1181,7 @@ check_packet_auth(NTP_Packet *pkt, int length,
|
|||
if (remainder >= NTP_MIN_MAC_LENGTH && remainder <= NTP_MAX_MAC_LENGTH) {
|
||||
id = ntohl(*(uint32_t *)(data + i));
|
||||
if (KEY_CheckAuth(id, (void *)pkt, i, (void *)(data + i + 4),
|
||||
remainder - 4)) {
|
||||
remainder - 4, NTP_MAX_MAC_LENGTH - 4)) {
|
||||
*auth_mode = AUTH_SYMMETRIC;
|
||||
*key_id = id;
|
||||
return 1;
|
||||
|
|
|
|||
Loading…
Reference in a new issue