WIP

pendulum-project · Nov 9, 2023 · cab12a3 · cab12a3
1 parent 070dd7d
commit cab12a3
Show file tree

Hide file tree

Showing 9 changed files with 617 additions and 46 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -60,6 +60,7 @@ rustls-native-certs = "0.6.0"
 # crypto
 aead = "0.5.0"
 aes-siv = "0.7.0"
+ed25519-dalek = { version = "2.0.0", features = ["rand_core"] }
 # Note: md5 is needed to calculate ReferenceIDs for IPv6 addresses per RFC5905
 md-5 = "0.10.0"
 zeroize = "1.5"

diff --git a/ntp-proto/Cargo.toml b/ntp-proto/Cargo.toml
@@ -30,6 +30,7 @@ thiserror.workspace = true
 aead.workspace = true
 aes-siv.workspace = true
 zeroize.workspace = true
+ed25519-dalek.workspace = true
 
 [dev-dependencies]
 rustls-pemfile.workspace = true
diff --git a/ntp-proto/src/keyset.rs b/ntp-proto/src/keyset.rs
@@ -11,6 +11,7 @@ use crate::{
         AesSivCmac256, AesSivCmac512, Cipher, CipherHolder, CipherProvider, CipherType,
         DecryptError, EncryptResult, ExtensionField,
     },
+    NtpTimestamp,
 };
 
 pub struct DecodedServerCookie {
@@ -210,7 +211,7 @@ impl KeySet {
 
         let nonce = &cookie[6..22];
         let ciphertext = cookie[22..].get(..cipher_text_length).ok_or(DecryptError)?;
-        let plaintext = key.decrypt(nonce, ciphertext, &[])?;
+        let plaintext = key.decrypt(nonce, ciphertext, &[], NtpTimestamp::default())?;
 
         let [b0, b1, ref key_bytes @ ..] = plaintext[..] else {
             return Err(DecryptError);
@@ -266,6 +267,7 @@ impl KeySet {
 impl CipherProvider for KeySet {
     fn get(&self, etype: CipherType, context: &[ExtensionField<'_>]) -> Option<CipherHolder<'_>> {
         match etype {
+            CipherType::None => None,
             CipherType::Nts => {
                 let mut decoded = None;
 
@@ -281,6 +283,7 @@ impl CipherProvider for KeySet {
 
                 decoded.map(CipherHolder::DecodedServerCookie)
             }
+            CipherType::Ed25519 => None,
         }
     }
 }

diff --git a/ntp-proto/src/lib.rs b/ntp-proto/src/lib.rs
@@ -43,8 +43,9 @@ mod exports {
     #[cfg(feature = "__internal-fuzz")]
     pub use super::packet::ExtensionField;
     pub use super::packet::{
-        Cipher, CipherProvider, EncryptResult, ExtensionHeaderVersion, NoCipher,
-        NtpAssociationMode, NtpLeapIndicator, NtpPacket, PacketParsingError,
+        Cipher, CipherProvider, Ed25519Private, Ed25519Public, EncryptResult,
+        ExtensionHeaderVersion, NoCipher, NtpAssociationMode, NtpLeapIndicator, NtpPacket,
+        PacketParsingError,
     };
     #[cfg(feature = "__internal-fuzz")]
     pub use super::peer::fuzz_measurement_from_packet;