Miroslav Lichvar pushed to branch master at chrony / chrony


Commits:
2adda9c1 by Miroslav Lichvar at 2024-09-26T12:45:44+02:00
nts: construct key exporter context

When the NTS client and server negotiated use of AES-128-GCM-SIV keys,
the keys exported from the TLS session and used for authentication and
encryption of NTP messages do not comply to RFC8915. The exporter
context value specified in the section 5.1 of RFC8915 function is
incorrect. It is a hardcoded string which contains 15 (AES-SIV-CMAC-256)
instead of 30 (AES-128-GCM-SIV). This causes chrony to not interoperate
with NTS implementations that follow RFC8915 correctly. (At this time,
there doesn't seem to be another implementation with AES-128-GCM-SIV
support yet.)

Replace the string with a proper construction of the exporter context
from a specified AEAD ID and next protocol.

Keep using the incorrect AEAD ID for AES-128-GCM-SIV to not break
compatibility with existing chrony servers and clients. A new NTS-KE
record will be added to negotiate the compliant exporter context.

Reported-by: Martin Mayer <martin.ma...@m2-it-solutions.de>

- - - - -
07078654 by Miroslav Lichvar at 2024-09-26T16:04:01+02:00
nts: negotiate compliant export of AES-128-GCM-SIV keys

Add client and server support for a new NTS-KE record to negotiate use
of the compliant key exporter context with the AES-128-GCM-SIV AEAD as
specified here:

https://chrony-project.org/doc/spec/nts-compliant-128gcm.html

- - - - -
689605b6 by Miroslav Lichvar at 2024-10-03T15:02:03+02:00
nts: switch client to compliant key exporter on NTS NAK

Implement a fallback for the NTS-NTP client to switch to the compliant
AES-128-GCM-SIV exporter context when the server is using the compliant
context, but does not support the new NTS-KE record negotiating its use,
assuming it can respond with an NTS NAK to the request authenticated
with the incorrect key.

Export both sets of keys when processing the NTS-KE response. If an NTS
NAK is the only valid response from the server after the last NTS-KE
session, switch to the keys exported with the compliant context for the
following requests instead of dropping all cookies and restarting
NTS-KE. Don't switch back to the original keys if an NTS NAK is received
again.

- - - - -
f5cd79d2 by Miroslav Lichvar at 2024-10-03T15:02:16+02:00
nts: check TLS session in NKSN_GetKeys()

Make sure the TLS session is not NULL in NKSN_GetKeys() before trying to
export the keys in case some future code tried to call the function
outside of the NTS-KE message handler.

- - - - -
79a790e6 by Miroslav Lichvar at 2024-10-03T15:02:16+02:00
test: improve nts_ke_client unit test

- - - - -
42fbf416 by Miroslav Lichvar at 2024-10-03T16:09:53+02:00
nts: make server and client AEAD algorithms configurable

Add ntsaeads directive to specify a list of AEAD algorithms enabled for
NTS. The list is shared between the server and client. For the client it
also specifies the order of priority. The default is "30 15", matching
the previously hardcoded preference of AES-128-GCM-SIV (30) over
AES-SIV-CMAC-256 (15).

- - - - -


16 changed files:

- conf.c
- conf.h
- doc/chrony.conf.adoc
- nts_ke.h
- nts_ke_client.c
- nts_ke_client.h
- nts_ke_server.c
- nts_ke_session.c
- nts_ke_session.h
- nts_ntp_client.c
- siv.h
- test/simulation/139-nts
- test/unit/nts_ke_client.c
- test/unit/nts_ke_server.c
- test/unit/nts_ke_session.c
- test/unit/nts_ntp_client.c


View it on GitLab: 
https://gitlab.com/chrony/chrony/-/compare/113d1134d14e9b5dd8133b934eb853aa7f4f7e38...42fbf4168612a5e320e5e7b03013d2f5425ea285

-- 
View it on GitLab: 
https://gitlab.com/chrony/chrony/-/compare/113d1134d14e9b5dd8133b934eb853aa7f4f7e38...42fbf4168612a5e320e5e7b03013d2f5425ea285
You're receiving this email because of your account on gitlab.com.


Reply via email to