https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16640
Bug ID: 16640
Summary: Incorrect parsing of NTP datagrams with SHA512 based
message authentication code (MAC)
Product: Wireshark
Version: 3.2.3
Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: olega...@gmail.com
Target Milestone: ---
Created attachment 17817
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17817&action=edit
pcap with sha1,sha256,sha512
Build Information:
3.2.3 (v3.2.3-0-gf39b50865a13)
Compiled (32-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM)
i5-8350U CPU @ 1.70GHz (with SSE4.2), with 8030 MB of physical memory, with
locale English_World.1252, with light display mode, without HiDPI, without
Npcap
or WinPcap, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, with
AirPcap 4.1.0 build 1622, binary plugins supported (19 loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.24, build 28316).
--
NTP datagrams with symmetric authentication using SHA512 are not parsed
correctly.
Attached is packet capture between ntpd and chrony NTP software, using SHA1,
SHA256, SHA512 (packets 11-13).
Below is my dissection of the packets.
+packet
11___________________________________________________________________MESSAGE________________|---KEY-ID---|====DIGEST=======
('e30006e80000000000000000494e4954000000000000000000000000000000000000000000000000e2816164f8f27d03',
'0000000c',
'8e5b9b0256dfe7fb55793626b6745c7b8633461e2a7f8ae6f26ffc14db28f0aaf08d704a8738c324bcfc8530fac89d8e1a0e70ed84afbc0a2db784d725dee75d')
SHA512 was used to create digest for key 12, SHA1 was expected
+packet
12___________________________________________________________________MESSAGE________________|---KEY-ID---|====DIGEST=======
('e30006e80000000000000040494e4954000000000000000000000000000000000000000000000000e28161a5f8f2edb2',
'0000000c',
'af41f7f747c0daf0db289a54b62ce74a0fa78ac2d28310028a021dd3a9973606cc5cf702c13fb8ba39f63fc9da8c2c628fd6bce4b8c2c97e9e2d2ca2804e7600')
SHA512 was used to create digest for key 12, SHA1 was expected
+packet
13___________________________________________________________________MESSAGE________________|---KEY-ID---|====DIGEST=======
('1c0306e700000ed5000006be4ad0eb3ce281619dd7bfd757e28161a5f8f2edb2e28161a5fa21fe18e28161a5fa265e74',
'0000000c',
'db8742bc94623411281565cdd0203df248c38e58830d403b0a29ecb6f915c8afbfea1311fec5d633af605926b91788b6dd0ffbe84479a42fafa8c087520de35f')
SHA512 was used to create digest for key 12, SHA1 was expected
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
