diff options
author | Vincent Blut <vincent.debian@free.fr> | 2017-01-16 17:37:59 +0100 |
---|---|---|
committer | Vincent Blut <vincent.debian@free.fr> | 2017-01-16 17:37:59 +0100 |
commit | 7095e70bea486d51b3d303ef2e4eed61628970f4 (patch) | |
tree | b4fa2368d2eb6b1aed7766e7d263e1787c30677d /keys.c | |
parent | 53e3fdbcd5a0daa3dba21532d87fe65c048a9dd9 (diff) |
New upstream version 3.0
Diffstat (limited to 'keys.c')
-rw-r--r-- | keys.c | 103 |
1 files changed, 87 insertions, 16 deletions
@@ -103,9 +103,9 @@ static int determine_hash_delay(uint32_t key_id) { NTP_Packet pkt; - struct timeval before, after; - unsigned long usecs, min_usecs=0; - int i; + struct timespec before, after; + double diff, min_diff; + int i, nsecs; for (i = 0; i < 10; i++) { LCL_ReadRawTime(&before); @@ -113,19 +113,49 @@ determine_hash_delay(uint32_t key_id) (unsigned char *)&pkt.auth_data, sizeof (pkt.auth_data)); LCL_ReadRawTime(&after); - usecs = (after.tv_sec - before.tv_sec) * 1000000 + (after.tv_usec - before.tv_usec); + diff = UTI_DiffTimespecsToDouble(&after, &before); - if (i == 0 || usecs < min_usecs) { - min_usecs = usecs; - } + if (i == 0 || min_diff > diff) + min_diff = diff; } /* Add on a bit extra to allow for copying, conversions etc */ - min_usecs += min_usecs >> 4; + nsecs = 1.0625e9 * min_diff; - DEBUG_LOG(LOGF_Keys, "authentication delay for key %"PRIu32": %ld useconds", key_id, min_usecs); + DEBUG_LOG(LOGF_Keys, "authentication delay for key %"PRIu32": %d nsecs", key_id, nsecs); - return min_usecs; + return nsecs; +} + +/* ================================================== */ +/* Decode password encoded in ASCII or HEX */ + +static int +decode_password(char *key) +{ + int i, j, len = strlen(key); + char buf[3], *p; + + if (!strncmp(key, "ASCII:", 6)) { + memmove(key, key + 6, len - 6); + return len - 6; + } else if (!strncmp(key, "HEX:", 4)) { + if ((len - 4) % 2) + return 0; + + for (i = 0, j = 4; j + 1 < len; i++, j += 2) { + buf[0] = key[j], buf[1] = key[j + 1], buf[2] = '\0'; + key[i] = strtol(buf, &p, 16); + + if (p != buf + 2) + return 0; + } + + return i; + } else { + /* assume ASCII */ + return len; + } } /* ================================================== */ @@ -192,7 +222,7 @@ KEY_Reload(void) continue; } - key.len = UTI_DecodePasswordFromText(keyval); + key.len = decode_password(keyval); if (!key.len) { LOG(LOGS_WARN, LOGF_Keys, "Could not decode password in key %"PRIu32, key_id); continue; @@ -293,6 +323,22 @@ KEY_GetAuthDelay(uint32_t key_id) /* ================================================== */ int +KEY_GetAuthLength(uint32_t key_id) +{ + unsigned char buf[MAX_HASH_LENGTH]; + Key *key; + + key = get_key_by_id(key_id); + + if (!key) + return 0; + + return HSH_Hash(key->hash_id, buf, 0, buf, 0, buf, sizeof (buf)); +} + +/* ================================================== */ + +int KEY_CheckKeyLength(uint32_t key_id) { Key *key; @@ -307,6 +353,31 @@ KEY_CheckKeyLength(uint32_t key_id) /* ================================================== */ +static int +generate_ntp_auth(int hash_id, const unsigned char *key, int key_len, + const unsigned char *data, int data_len, + unsigned char *auth, int auth_len) +{ + return HSH_Hash(hash_id, key, key_len, data, data_len, auth, auth_len); +} + +/* ================================================== */ + +static int +check_ntp_auth(int hash_id, const unsigned char *key, int key_len, + const unsigned char *data, int data_len, + const unsigned char *auth, int auth_len, int trunc_len) +{ + unsigned char buf[MAX_HASH_LENGTH]; + int hash_len; + + hash_len = generate_ntp_auth(hash_id, key, key_len, data, data_len, buf, sizeof (buf)); + + return MIN(hash_len, trunc_len) == auth_len && !memcmp(buf, auth, auth_len); +} + +/* ================================================== */ + int KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len, unsigned char *auth, int auth_len) @@ -318,15 +389,15 @@ KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len, if (!key) return 0; - return UTI_GenerateNTPAuth(key->hash_id, (unsigned char *)key->val, - key->len, data, data_len, auth, auth_len); + return generate_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len, + data, data_len, auth, auth_len); } /* ================================================== */ int KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len, - const unsigned char *auth, int auth_len) + const unsigned char *auth, int auth_len, int trunc_len) { Key *key; @@ -335,6 +406,6 @@ KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len, if (!key) return 0; - return UTI_CheckNTPAuth(key->hash_id, (unsigned char *)key->val, - key->len, data, data_len, auth, auth_len); + return check_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len, + data, data_len, auth, auth_len, trunc_len); } |