faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2432 commits 8 branches 75 tags 4.3 MiB
Commit graph

16 commits

Author SHA1 Message Date
Miroslav Lichvar
9820c22c1d nts: improve NTP client code 
Reset the client instance more thoroughly and make sure the
nonce cannot be reused.
 2020-09-10 09:36:35 +02:00
Miroslav Lichvar
ed1077a788 nts: check all encrypted fields before saving cookies 
Don't save any cookies if an encrypted extension field fails parsing.
 2020-08-13 16:37:20 +02:00
Miroslav Lichvar
d48f012809 nts: improve NTS-NTP server/client code 
Add more comments, assertions, debug messages, and other minor
changes to make the code more robust.
 2020-07-28 12:48:23 +02:00
Miroslav Lichvar
cc20ead3dc nts: reset NAK indicator with new request 
Don't restart NTS-KE if a spoofed NAK response was received and no valid
response is received for a subsequent request.
 2020-07-20 16:52:46 +02:00
Miroslav Lichvar
fd8fbcd090 nts: don't allow malformed encrypted extension fields 
Require data decrypted from the NTS authenticator field to contain
correctly formatted extension fields (known or unknown).
 2020-07-20 16:52:42 +02:00
Miroslav Lichvar
51fe589aeb cmdmon: add cookie length to authdata report 2020-05-18 17:39:22 +02:00
Miroslav Lichvar
79c7384e5e cmdmon: add authdata command 
Add a command to display information about authentication of NTP
sources.
 2020-05-14 15:37:38 +02:00
Miroslav Lichvar
75beeaf2b0 nts: assign ID to NTS context 
For monitoring purposes, assign an incrementing ID to the client NTS
context.
 2020-05-14 15:37:38 +02:00
Miroslav Lichvar
d690faeb19 cmdmon: save NTS cookies and server keys on dump command 
Extend the dump command to save also the server NTS keys and client NTS
cookies. Remove the warning for unset dumpdir.
 2020-04-15 16:30:54 +02:00
Miroslav Lichvar
2fa83b541c nts: save and load cookies on client 
Save the NTS context and cookies to files in the NTS dumpdir when the
client NTS instances are destroyed or the address is changed, and reload
the data to avoid unnecessary NTS-KE requests when chronyd is restarted
or it is switching between different addresses resolved from the NTS-KE
or NTP name.
 2020-04-09 16:57:32 +02:00
Miroslav Lichvar
adcf073484 nts: refactor NTS context 
Add a context structure for the algorithm and keys established by
NTS-KE. Modify the client to save the context and reset the SIV key to
the C2S/S2C key before each request/response instead of keeping two SIV
instances.

This will make it easier for the server to support different algorithms
and allow the client to save the context with cookies to disk.
 2020-04-09 16:57:31 +02:00
Miroslav Lichvar
5296858411 nts: drop unused constant 2020-04-09 16:42:20 +02:00
Miroslav Lichvar
9b98247d9c nts: zero cookie placeholder 
Zero the body of the cookie placeholder in client requests as
recommended by the latest NTS draft.
 2020-03-26 15:30:34 +01:00
Miroslav Lichvar
66dc2b6d6b nts: rework NTS-KE retry interval 
Make the NTS-KE retry interval exponentially increasing, using a factor
provided by the NKE session. Use shorter intervals when the server is
refusing TCP connections or the connection is closed or timing out
before the TLS handshake.
 2020-03-26 15:30:27 +01:00
Miroslav Lichvar
fd59877692 nts: convert to monotonic time 
Use the monotonic timestamp provided by the scheduler for NTS-KE rate
limiting and refresh.
 2020-03-12 12:09:50 +01:00
Miroslav Lichvar
6043632f80 nts: add NTS-NTP server and client 
Add support for the NTS NTP extension fields.
 2020-03-05 16:02:15 +01:00