Wireshark-bugs: [Wireshark-bugs] [Bug 11580] New: Incorrect parsing of NTP datagrams with SHA1 b
Date: Fri, 09 Oct 2015 07:06:28 +0000
Bug ID 11580
Summary Incorrect parsing of NTP datagrams with SHA1 based message authentication code (MAC)
Product Wireshark
Version unspecified
Hardware All
OS Linux (other)
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter joachim@assured.se

Created attachment 13902 [details]
pcap of ntp sync with four UDP request-response exchanges where authentication
is done using sha1.

Build Information:
Version 1.12.1 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.14.12, with Cairo 1.14.2, with Pango 1.36.8, with
GLib 2.44.0, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python,
with GnuTLS 3.3.8, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Feb 25 2014 21:09:53), without AirPcap.

Running on Linux 3.19.0-30-generic, with locale en_US.UTF-8, with libpcap
version 1.6.2, with libz 1.2.8, GnuTLS 3.3.8, Gcrypt 1.6.2.
Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz

Built using gcc 4.9.2.

--
ntpd, the network time protocol reference implementation (see
http://www.ntp.org/) has from 4.2.6 supported both MD5 and SHA1 based
authentication where the client request and server response is protected using
a message authentication code (MAC). For md5 based MACs, Wireshark is able to
parse NTP datagrams and show extracted key and authentication code.

But for SHA1 based MACs, the Wireshark parser does an incorrect parsing and
instead interpret the key ID as the extension field length. The result is that
given the key ID in the datagram, the key ID displayed end up being part of the
MAC (which means that the ID displayd varies from datagram to datagram). And
the MAC displayed being both incorrect and shorter than the MAC for md5. I've
not tested what happens with a big key ID.

Included are a pcap of a successful exchange with sha1 based authentication. (A
successful time sync exchange consists of four separate request-responses.)
Open it in Wireshark and look at how the datagrams are parsed.

(I have a similar exchange for md5 baed authentication, but seems only to be
able to add ome file to this bug report, not two.)


You are receiving this mail because:
  • You are watching all bug changes.