ntpv4 steps for AES128CMAC authentication

Shamsher singh meetshamsher at gmail.com
Tue Jun 15 14:43:16 UTC 2021 

Hi,
Just for info the openssl shows below also support in my system:

# openssl -v
openssl:Error: '-v' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ec                ecparam           ecparam           enc               
engine            errstr            gendh             gendsa            
genpkey           genrsa            nseq              ocsp              
passwd            pkcs12            pkcs7             pkcs8             
pkey              pkeyparam         pkeyutl           prime             
rand              req               rsa               rsautl            
s_client          s_server          s_time            sess_id           
smime             speed             spkac             srp               
ts                verify            version           x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               mdc2              
rmd160            sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          zlib   

> On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher at gmail.com> wrote:
> 
> Hi,
> I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ <https://www.freshports.org/net/ntp/>
> I am able to test MD5 and SHA authentication. But not able to test AES128CMAC.
> 
> For all test used below parts:
> Added keys for MD5, SHA1 and AES128MAC 
> Ref: used from http://doc.ntp.org/current-stable/keygen.html <http://doc.ntp.org/current-stable/keygen.html>
> 
> Example:
> 1 MD5 <xyz>
> 2 SHA1 <Xyz>
> 3 AES128CMAC <XYZ>
> ...
> at /etc/ntp.keys in client and /etc/ntp/keys in server.
> 
> 
> I am able to see authentication working fine for Md5 and SHA1 using 
>  ntpdate -d -a 1 <ntp server ip>    --> working fine
>  ntpdate -d -a 2 <ntp server ip>    --> working fine
>  ntpdate -d -a 3 <net server ip>    --> fails
> 
> The 1st two passes easily but 3rd one fails for AES128CMAC.
> It seems i am missing something here to test/validate it.
> 
> Can you please tell/guide me the steps how can i test it?
> I am using below NTP version :
> # ntpd --version
> ntpd 4.2.8p15 at 1.3728-o <mailto:4.2.8p15 at 1.3728-o> Wed Jun  2 11:00:34 UTC 2021 (1)
> 
> Thanks & regards
> Shamsher
>

More information about the freebsd-security mailing list