[ntp:hackers] Protocol specification modification for MS-SNTP

David Mills mills at udel.edu
Mon Jul 6 21:28:34 UTC 2009


The Samba folks have modified ntpd to support Microsoft authentication, 
which requies some bending of the protocol specification and 
implementation. I'd like to make it much simpler, reduce the code 
clutter and support alternative digest algorithms. The present protocol 
specification requires a nonzero key ID and MD5 digest algorithm by 
default. The ntpd never generates a MAC with a zero key ID. The current 
MS-SNTP code uses a 20-octet all-zero MAC, causing ntpd to hand the 
packet off to another program which fills in the MAC. This makes MS-SNTP 
"legal" and much more likely to be supported by "official" servers. I 
propose to add something like this, either to the protocol specification 
or as an addendum:

"A received MAC with a zero key ID is a special case. By default, the 
packet is treated as if the MAC were not present, so is not 
authenticated. On output the MAC is returned exactly as received and the 
packet is not authenticated. As a configurable option, an output packet 
with zero key ID can be passed to another program that fills in the MAC."

In order to retain backwards compatibility, I  propose to add a new 
configuration command digest with argument the OpenSSL digest name. If 
it has 16 octets, it replaces the default MD5 algorithm, perhaps with 
HMAC-MD5. In this case it would not be compatible with servers or 
clients using MD5. If it has 20 octets, it does not replace the 16-octet 
algorithm, but can be selected according to the following rules. For an 
input packet, a MAC with either 16 octets or 20 octets selects the 
appropriate algorithm. In stateless modes the server responds using the 
same algorithm.  For stateful associations a new digest opton on the 
configuration command is used to specify the algorithm, either 16 octet 
or 20 octet.

Of course, this only works if the OpenSSL library is available.


More information about the hackers mailing list