This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 5a39074e01a654570d3b581ae5feda9f010fd8f2 (commit)
via c8e57f43503c52d3b250490db64cde4e500099aa (commit)
via b1230efac33314fe68ad8d37837919ff6f756e7d (commit)
via 4e1ce8898168626d4bb54e1ac3013dc3eb6b0ee0 (commit)
via 790a336eb21b4bf7e321eb6ce6342fa26110c347 (commit)
via cc706b50b9f84715eba80ee99bbe3a166dad01c7 (commit)
via 73042494bd4864f4379a5454a22c33a52a1f68f5 (commit)
via ec89739d50226a2959e7635e5c3df01e703e6869 (commit)
via 4baf999cc30b992f5cf7de7dcb5ec08ac5e61af6 (commit)
via 9afd19c29b3d8097a0a1b3df20e0bd1b1e0a6991 (commit)
via 5dd173c05014fc0b31bb4f407ac20bea2b0dc8cf (commit)
via 5caf0ad1877170bf4773c5757ccbef9fd97b5c81 (commit)
via 17d2291a84b56904e473ae7ae0ff29831059abfb (commit)
via a6179261a7f2de08f9e0bd9ac2110cbe52a4fbf4 (commit)
via 098e0c43fc395b33b92bf220478f4c4241253121 (commit)
from 7b197953e8add5515b7e58c4638dc55aa4bb91b7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5a39074e01a654570d3b581ae5feda9f010fd8f2
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Wed Oct 19 14:57:16 2022 +0200
nts: fix number of extension fields after failed encryption
If the authenticator SIV encryption fails (e.g. due to wrong nonce
length), decrement the number of extension fields to keep the packet
info consistent.
commit c8e57f43503c52d3b250490db64cde4e500099aa
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Thu Oct 13 15:35:53 2022 +0200
nts: change ntskeys format to support different algorithms
Specify the AEAD ID for each key saved in the ntskeys file instead of
one ID for all keys. Keep support for loading files in the old format.
This will allow servers to save their keys after upgrading to a new
version with AES-128-GCM-SIV support before the loaded AES-SIV-CMAC-256
keys are rotated out.
If an unsupported key is found, don't load any keys. Also, change the
severity of the error message from debug to error.
commit b1230efac33314fe68ad8d37837919ff6f756e7d
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Wed Oct 12 16:46:56 2022 +0200
nts: add support for encrypting cookies with AES-128-GCM-SIV
If AES-128-GCM-SIV is available on the server, use it for encryption of
cookies. This makes them shorter by 4 bytes due to shorter nonce and it
might also improve the server performance.
After server upgrade and restart with ntsdumpdir, the switch will happen
on the second rotation of the server key. Clients should accept shorter
cookies without restarting NTS-KE. The first response will have extra
padding in the authenticator field to make the length symmetric.
commit 4e1ce8898168626d4bb54e1ac3013dc3eb6b0ee0
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Wed Oct 12 16:00:45 2022 +0200
nts: make server key access more readable
Get a pointer to the server key instead of repeated indexing.
commit 790a336eb21b4bf7e321eb6ce6342fa26110c347
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Tue Oct 11 14:36:14 2022 +0200
nts: add server support for authentication with AES-128-GCM-SIV
Keep a server SIV instance for each available algorithm.
Select AES-128-GCM-SIV if requested by NTS-KE client as the first
supported algorithm.
Instead of encoding the AEAD ID in the cookie, select the algorithm
according to the length of decrypted keys. (This can work as a long as
all supported algorithms use keys with different lengths.)
commit cc706b50b9f84715eba80ee99bbe3a166dad01c7
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Mon Oct 10 16:35:20 2022 +0200
nts: add client support for authentication with AES-128-GCM-SIV
If AES-128-GCM-SIV is available on the client, add it to the requested
algorithms in NTS-KE as the first (preferred) entry.
If supported on the server, it will make the cookies shorter, which
will get the length of NTP messages containing only one cookie below
200 octets. This should make NTS more reliable in networks where longer
NTP packets are filtered as a mitigation against amplification attacks
exploiting the ntpd mode 6/7 protocol.
commit 73042494bd4864f4379a5454a22c33a52a1f68f5
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Mon Oct 10 15:09:01 2022 +0200
nts: add support for NTP authenticator field using AES-GCM-SIV
Add support for SIV algorithms which have maximum nonce length shorter
than 16 bytes.
commit ec89739d50226a2959e7635e5c3df01e703e6869
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Tue Oct 11 12:32:04 2022 +0200
nts: make sure encrypted S2C and C2S keys have equal length
Don't allow a cookie to contain keys with different lengths to not break
the assumption made in decoding, if there will ever be a case where this
could be requested.
commit 4baf999cc30b992f5cf7de7dcb5ec08ac5e61af6
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Tue Oct 11 10:35:19 2022 +0200
nts: don't connect to server if missing AES-SIV-CMAC-256
Avoid wasting server resources if the client doesn't support
AES-SIV-CMAC-256 (the only algorithm required on servers).
commit 9afd19c29b3d8097a0a1b3df20e0bd1b1e0a6991
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Mon Oct 10 12:43:40 2022 +0200
nts: use signed lengths in NNA_DecryptAuthEF()
Make the types consistent with the rest of the file.
commit 5dd173c05014fc0b31bb4f407ac20bea2b0dc8cf
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Mon Oct 10 12:25:47 2022 +0200
siv: add functions to return min and max nonce length
While AES-SIV-CMAC allows nonces of any length, AES-GCM-SIV requires
exactly 12 bytes, which is less than the unpadded minimum length of 16
used in the NTS authenticator field. These functions will be needed to
support both ciphers in the NTS code.
commit 5caf0ad1877170bf4773c5757ccbef9fd97b5c81
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Mon Oct 3 17:28:39 2022 +0200
siv: add support for AES-128-GCM-SIV in Nettle
This is a newer nonce misuse-resistant cipher specified in RFC 8452,
which is now supported in the development code of the Nettle library.
The advantages over AES-SIV-CMAC-256 are shorter keys and better
performance.
commit 17d2291a84b56904e473ae7ae0ff29831059abfb
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Tue Oct 18 10:22:23 2022 +0200
doc: improve ntsrotate description
commit a6179261a7f2de08f9e0bd9ac2110cbe52a4fbf4
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Thu Oct 13 12:29:29 2022 +0200
doc: fix wrong name of authselectmode directive
commit 098e0c43fc395b33b92bf220478f4c4241253121
Author: Miroslav Lichvar <mlich...@redhat.com>
Date: Tue Sep 20 10:56:28 2022 +0200
test: add float-cast-overflow to 003-sanitizers test
-----------------------------------------------------------------------
Summary of changes:
configure | 11 ++-
doc/chrony.conf.adoc | 5 +-
doc/chronyc.adoc | 5 +-
doc/faq.adoc | 2 +-
nts_ke_client.c | 31 +++++--
nts_ke_server.c | 197 ++++++++++++++++++++++++++--------------
nts_ntp_auth.c | 20 ++--
nts_ntp_auth.h | 2 +-
nts_ntp_server.c | 48 +++++++---
siv.h | 4 +
siv_gnutls.c | 16 ++++
siv_nettle.c | 141 +++++++++++++++++++++++-----
test/compilation/003-sanitizers | 2 +-
test/unit/nts_ke_client.c | 7 +-
test/unit/nts_ke_server.c | 3 +-
test/unit/nts_ntp_auth.c | 149 +++++++++++++++++-------------
test/unit/nts_ntp_client.c | 30 ++++--
test/unit/nts_ntp_server.c | 6 +-
test/unit/siv.c | 110 +++++++++++++++++++++-
19 files changed, 585 insertions(+), 204 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
