1 /* 2 * nts.h - NTS (Network Time Security) declarations 3 * Copyright the NTPsec project contributors 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #ifndef GUARD_NTS_H 8 #define GUARD_NTS_H 9 10 #include <stdbool.h> 11 #include <stdint.h> 12 13 /* default file names */ 14 #define NTS_CERT_FILE "/etc/ntp/cert-chain.pem" 15 #define NTS_KEY_FILE "/etc/ntp/key.pem" 16 #define NTS_COOKIE_KEY_FILE "/var/lib/ntp/nts-keys" 17 18 #define NTS_KE_PORT 4460 19 #define NTS_KE_PORTA "4460" 20 21 #define NTS_KE_TIMEOUT 3 22 23 bool nts_server_init(void); 24 bool nts_client_init(void); 25 bool nts_cookie_init(void); 26 bool nts_server_init2(void); /* after sandbox */ 27 bool nts_cookie_init2(void); 28 29 void nts_cert_timer(void); 30 void nts_cookie_timer(void); 31 32 bool nts_read_cookie_keys(void); 33 void nts_make_cookie_key(void); 34 bool nts_write_cookie_keys(void); 35 36 int nts_make_cookie(uint8_t *cookie, 37 uint16_t aead, 38 uint8_t *c2s, uint8_t *s2c, int keylen); 39 bool nts_unpack_cookie(uint8_t *cookie, int cookielen, 40 uint16_t *aead, 41 uint8_t *c2s, uint8_t *s2c, int *keylen); 42 43 /* working finger into a buffer - updated by append/unpack routines */ 44 struct BufCtl_t { 45 uint8_t *next; /* pointer to next data/space */ 46 int left; /* data left or space available */ 47 }; 48 typedef struct BufCtl_t BufCtl; 49 50 bool nts_ke_process_receive(struct BufCtl_t *buf, int *aead); 51 bool nts_ke_setup_send(struct BufCtl_t *buf, int aead, 52 uint8_t *c2s, uint8_t *s2c, int keylen); 53 54 /***********************************************************/ 55 56 /* buffer packing/unpacking routines. 57 * NB: The length field in NTP extensions includes the header 58 * while the length field in NTS-KE data streams does not. 59 * 60 * These routines do not handle padding. NTS-KE has no padding. 61 * NTP extensions are padded to word (4 byte) boundaries. 62 * 63 * Note that data on the wire is big endian. 64 * buffer is wire format, not host format. 65 */ 66 67 68 /* xxx_append_record_foo makes whole record with one foo */ 69 /* append_foo appends foo to existing partial record */ 70 void ke_append_record_null(BufCtl* buf, uint16_t type); 71 void ke_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data); 72 void ke_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length); 73 74 void ex_append_record_null(BufCtl* buf, uint16_t type); 75 void ex_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data); 76 void ex_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length); 77 78 void ex_append_header(BufCtl* buf, uint16_t type, uint16_t length); 79 void append_header(BufCtl* buf, uint16_t type, uint16_t length); 80 void append_uint16(BufCtl* buf, uint16_t data); 81 void append_bytes(BufCtl* buf, uint8_t *data, int length); 82 83 uint16_t ke_next_record(BufCtl* buf, int *length); 84 uint16_t ex_next_record(BufCtl* buf, int *length); /* body length */ 85 uint16_t next_uint16(BufCtl* buf); 86 uint16_t next_bytes(BufCtl* buf, uint8_t *data, int length); 87 88 /***********************************************************/ 89 90 #define NTS_MAX_KEYLEN 64 /* used in cookies */ 91 #define NTS_MAX_COOKIELEN 192 /* see nts_cookie.c */ 92 #define NTS_MAX_COOKIES 8 /* RFC 4.1.6 */ 93 #define NTS_UID_LENGTH 32 /* RFC 5.3 */ 94 #define NTS_UID_MAX_LENGTH 64 95 96 97 /* Client side configuration data for an NTS association 98 * All are optional. 99 * part of peer struct */ 100 struct ntscfg_t { 101 char *ca; /* root/trusted certificates */ 102 char *aead; /* AEAD algorithms on wire */ 103 }; 104 105 /* Client-side state per connection to server */ 106 struct ntsclient_t { 107 /* wire connection */ 108 uint16_t aead; /* AEAD algorithm used on wire */ 109 int keylen; 110 uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN]; 111 /* UID of last request sent - RFC 5.3 */ 112 uint8_t UID[NTS_UID_LENGTH]; 113 /* cookies */ 114 int readIdx, writeIdx; 115 int count; /* -1 if not in NTS mode */ 116 int cookielen; 117 uint8_t cookies[NTS_MAX_COOKIES][NTS_MAX_COOKIELEN]; 118 }; 119 120 /* Server-side state per packet */ 121 struct ntspacket_t { 122 bool valid; 123 int uidlen; 124 uint8_t UID[NTS_UID_MAX_LENGTH]; 125 int needed; 126 uint16_t aead; 127 int keylen; 128 uint8_t c2s[NTS_MAX_KEYLEN], s2c[NTS_MAX_KEYLEN]; 129 }; 130 131 132 /* Configuration data for an NTS server or client instance */ 133 struct ntsconfig_t { 134 bool ntsenable; /* enable NTS KE server on this ntpd */ 135 const char * mintls; /* minimum TLS version allowed */ 136 const char * maxtls; /* maximum TLS version allowed */ 137 const char *tlsciphersuites;/* allowed TLS 1.3 ciphersuites */ 138 const char *cert; /* file holding server certificate key */ 139 const char *key; /* file holding server private key */ 140 const char *KI; /* file holding K/I for making cookies */ 141 const char *ca; /* root cert dir/file */ 142 const char *aead; /* AEAD algorithms on wire */ 143 }; 144 145 146 /* CMAC length is wired into AEAD_AES_SIV_CMAC_nnn. */ 147 #define CMAC_LENGTH 16 148 /* The NONCE length comes from RFC 5116 and/or 5297. */ 149 #define NONCE_LENGTH 16 150 151 /* NTS protocol constants */ 152 153 #define NTS_CRITICAL 0x8000 154 enum nts_record_type { 155 nts_end_of_message = 0, /* CRITICAL */ 156 nts_next_protocol_negotiation = 1, /* CRITICAL */ 157 nts_error = 2, /* CRITICAL */ 158 nts_warning = 3, 159 nts_algorithm_negotiation = 4, 160 nts_new_cookie = 5, 161 nts_server_negotiation = 6, 162 nts_port_negotiation = 7 163 }; 164 165 enum nts_protocol_type { 166 nts_protocol_NTP = 0, 167 }; 168 169 170 enum nts_errors_type { 171 nts_unrecognized_critical_section = 0, 172 nts_bad_request = 1 173 }; 174 175 enum aead_ciphers { 176 #define NO_AEAD 0xffff 177 AEAD_AES_128_GCM = 1, 178 AEAD_AES_256_GCM = 2, 179 AEAD_AES_128_CCM = 3, 180 AEAD_AES_256_CCM = 4, 181 182 AEAD_AES_128_GCM_8 = 5, 183 AEAD_AES_256_GCM_8 = 6, 184 AEAD_AES_128_GCM_12 = 7, 185 AEAD_AES_256_GCM_12 = 8, 186 187 AEAD_AES_128_CCM_SHORT = 9, 188 AEAD_AES_256_CCM_SHORT = 10, 189 AEAD_AES_128_CCM_SHORT_8 = 11, 190 AEAD_AES_256_CCM_SHORT_8 = 12, 191 AEAD_AES_128_CCM_SHORT_12 = 13, 192 AEAD_AES_256_CCM_SHORT_12 = 14, 193 194 AEAD_AES_SIV_CMAC_256 = 15, /* RFC 5297 */ 195 AEAD_AES_SIV_CMAC_384 = 16, /* These 3 are the ones we use */ 196 AEAD_AES_SIV_CMAC_512 = 17, 197 #define AEAD_AES_SIV_CMAC_256_KEYLEN 32 198 #define AEAD_AES_SIV_CMAC_384_KEYLEN 48 199 #define AEAD_AES_SIV_CMAC_512_KEYLEN 64 200 201 AEAD_AES_128_CCM_8 = 18, 202 AEAD_AES_256_CCM_8 = 19, 203 204 AEAD_AES_128_OCB_TAGLEN128 = 20, 205 AEAD_AES_128_OCB_TAGLEN96 = 21, 206 AEAD_AES_128_OCB_TAGLEN64 = 22, 207 AEAD_AES_192_OCB_TAGLEN128 = 23, 208 AEAD_AES_192_OCB_TAGLEN96 = 24, 209 AEAD_AES_192_OCB_TAGLEN64 = 25, 210 AEAD_AES_256_OCB_TAGLEN128 = 26, 211 AEAD_AES_256_OCB_TAGLEN96 = 27, 212 AEAD_AES_256_OCB_TAGLEN64 = 28, 213 214 AEAD_CHACHA20_POLY1305 = 29 215 }; 216 217 218 219 extern struct ntsconfig_t ntsconfig; 220 221 222 223 /* NTS-related statistics visible via ntpq -c nts */ 224 extern uint64_t nts_client_send; 225 extern uint64_t nts_client_recv_good; 226 extern uint64_t nts_client_recv_bad; 227 extern uint64_t nts_server_send; 228 extern uint64_t nts_server_recv_good; 229 extern uint64_t nts_server_recv_bad; 230 extern uint64_t nts_cookie_make; 231 extern uint64_t nts_cookie_decode; 232 extern uint64_t nts_cookie_decode_old; 233 extern uint64_t nts_cookie_decode_too_old; 234 extern uint64_t nts_cookie_decode_error; 235 extern uint64_t nts_ke_serves_good; 236 extern uint64_t nts_ke_serves_bad; 237 extern uint64_t nts_ke_probes_good; 238 extern uint64_t nts_ke_probes_bad; 239 240 #endif /* GUARD_NTS_H */ 241