IETF Logo Mail Archive

Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.

Danny Mayer <mayer@ntp.org> Tue, 21 June 2016 15:46 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429A012D99A for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 08:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.326
X-Spam-Level:
X-Spam-Status: No, score=-8.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9g7jDqsdbs4g for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 08:46:17 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id EE2C112D98B for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 08:46:16 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id D24F686DAF1 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 15:46:16 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 26CE186D55E for <ntpwg@lists.ntp.org>; Tue, 21 Jun 2016 15:45:20 +0000 (UTC)
Received: from [198.22.153.130] (helo=[10.2.184.123]) by mail1.ntp.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1bFNrV-000Igk-Mx; Tue, 21 Jun 2016 15:45:17 +0000
References: <stenn@ntp.org> <E1bFCJh-000G0C-Bf@stenn.ntp.org> <20160621093932.BD9A7406057@ip-64-139-1-69.sjc.megapath.net> <f4f6f8f969ac49ff819ccae06ec2e3db@usma1ex-dag1mb1.msg.corp.akamai.com> <d5934cd7-5808-3e2b-3ed6-b5e1b3f9e2df@ntp.org> <CAJm83bAHcSQtOHRjUHVk7o27KmbSqH_dad+dLMAhQ6Vh3hnsWw@mail.gmail.com>
To: Daniel Franke <dfoxfranke@gmail.com>
From: Danny Mayer <mayer@ntp.org>
Organization: NTP
Message-ID: <d201d6d1-e769-c9c3-492c-409f129e54a9@ntp.org>
Date: Tue, 21 Jun 2016 11:45:09 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAJm83bAHcSQtOHRjUHVk7o27KmbSqH_dad+dLMAhQ6Vh3hnsWw@mail.gmail.com>
X-SA-Exim-Connect-IP: 198.22.153.130
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org, stenn@ntp.org, hmurray@megapathdsl.net, rsalz@akamai.com, dfoxfranke@gmail.com
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Reply-To: mayer@ntp.org
Cc: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>, Hal Murray <hmurray@megapathdsl.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

On 6/21/2016 10:51 AM, Daniel Franke wrote:
> On 6/21/16, Danny Mayer <mayer@ntp.org> wrote:
>> Yes. The reference code supports the creation of better hashes than MD5
>> and SHA-1, since OpenSSL supports it, but the parsing code does not and
>> that's what needs to get fixed. This is not a NTP WG issue, it's a
>> problem with the reference implementation that needs to get fixed. I do
>> note that RFC5905 only references MD5 and that IS a WG problem.
> 
> A bigger problem than MD5 is the fact that NTP's  "HMAC" isn't HMAC;
> it's the H(K||V) construction vulnerable to length-extension attacks.
> 
> However, supporting better hash functions shouldn't require any
> changes to parsing. The length of a MAC tag doesn't have to be the
> same as the digest size of the hash function you're using. It's
> perfectly safe, e.g., to truncate HMAC-SHA256 to 128 bits.
> 
> I oppose putting the legacy MAC field to any new uses or allowing it
> take on anything other than its current size. Any new crypto should be
> done in extension fields. The parsing rules should be as follows:
> 
> If the packet is 48 bytes, it has no extensions and no MAC.
> If the packet is between 49 and 67 bytes inclusive, it's malformed; discard it.
> If the packet is 68 bytes, it has a legacy MAC and no extensions.
> If the packet is more than 68 bytes, the last 20 bytes are the keyid
> and MAC, the first 48 bytes are the standard fields, and everything in
> between is extension fields. If the keyid field is 0, then the MAC
> field is ignored, and these last 20 bytes are basically just filler to
> make the packet parse correctly.
> 
> At such time as we publish a standard for NTPv5, we can get rid of the
> legacy MAC fields and move their functionality into extension fields,
> so that the 20 bytes of wasted filler is no longer necessary.

Yes, the intention is to relegate the old MAC to existing usage and only
use EF MAC for future use. We are also planning to move to GMAC for
hashing algorithms.

Danny


_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email