> On 10/04/2023 3:41 PM PDT Hal Murray <halmur...@sonic.net> wrote: > > > Does anybody have details on how MSSNTP signing works? > > If we can find that, we can write some POSIX code to test things.
I have test tools that should push the right buttons IF I can get the correct magic number in the key ID. After running it with a rainbow table, it did not work. Roughly... 1) The client does client things I should not have to care about 2) The client sends an NTP request with a magic key ID and 16-byte NUL MAC 3) after correctness checks, the server forms a reply and then sends it like this. a) ntpsec connects to Samba (works) b) ntpsec sends a length (tested/seems to work) c) ntpsec sends serialized struct samb_key_in. d) samba responds with a length (always 12 IIRC) e) samba continues with serialized struct samba_key_out 4) ntpsec reads that and concludes that the packet is not correctly signed and tries to throw a couple of new error messages. > There is a link in ntpd/ntp_signd.c > http://msdn.microsoft.com/en-us/library/cc212930.aspx > But I didn't find anything interesting there. (Maybe my browser was filtering > something.) I see walls of text that I do not want to read. > We still need to test with real Windows at least once to make sure our test > code does the right thing. Yes, I probably should. -30- _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
