ntpv4 steps for AES128CMAC authentication

Shamsher singh meetshamsher at gmail.com
Mon Jun 14 17:27:57 UTC 2021


Hi,
I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ <https://www.freshports.org/net/ntp/>
I am able to test MD5 and SHA authentication. But not able to test AES128CMAC.

For all test used below parts:
Added keys for MD5, SHA1 and AES128MAC 
Ref: used from http://doc.ntp.org/current-stable/keygen.html <http://doc.ntp.org/current-stable/keygen.html>

Example:
1 MD5 <xyz>
2 SHA1 <Xyz>
3 AES128CMAC <XYZ>
...
at /etc/ntp.keys in client and /etc/ntp/keys in server.


I am able to see authentication working fine for Md5 and SHA1 using 
 ntpdate -d -a 1 <ntp server ip>    --> working fine
 ntpdate -d -a 2 <ntp server ip>    --> working fine
 ntpdate -d -a 3 <net server ip>    --> fails

The 1st two passes easily but 3rd one fails for AES128CMAC.
It seems i am missing something here to test/validate it.

Can you please tell/guide me the steps how can i test it?
I am using below NTP version :
# ntpd --version
ntpd 4.2.8p15 at 1.3728-o <mailto:4.2.8p15 at 1.3728-o> Wed Jun  2 11:00:34 UTC 2021 (1)

Thanks & regards
Shamsher



More information about the freebsd-security mailing list