From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 19 Jun 2017 13:46:06 +0000 (+0200)
Subject: Print NTP MAC with 160-bit digest.
X-Git-Tag: tcpdump-4.99-bp~2013
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/bd3f9392a6197020d81cd11be3eb64f5906acb48

Print NTP MAC with 160-bit digest.

An NTP packet authenticated with a key using stronger hash function than
MD5 may have a 160-bit digest.
---

diff --git a/print-ntp.c b/print-ntp.c
index a0b04641..5b6771b4 100644
--- a/print-ntp.c
+++ b/print-ntp.c
@@ -126,7 +126,7 @@ struct ntpdata {
 	struct l_fixedpt rec_timestamp;
 	struct l_fixedpt xmt_timestamp;
         uint32_t key_id;
-        uint8_t  message_digest[16];
+        uint8_t  message_digest[20];
 };
 /*
  *	Leap Second Codes (high order two bits)
@@ -310,18 +310,28 @@ ntp_print(netdissect_options *ndo,
 	ND_PRINT((ndo, "\n\t    Originator - Transmit Timestamp: "));
 	p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
 
-	if ( (sizeof(struct ntpdata) - length) == 16) { 	/* Optional: key-id */
+	if ( (sizeof(struct ntpdata) - length) == 20) { 	/* Optional: key-id (crypto-NAK) */
 		ND_TCHECK(bp->key_id);
 		ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
-	} else if ( (sizeof(struct ntpdata) - length) == 0) { 	/* Optional: key-id + authentication */
+	} else if ( (sizeof(struct ntpdata) - length) == 4) { 	/* Optional: key-id + 128-bit digest */
 		ND_TCHECK(bp->key_id);
 		ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
-		ND_TCHECK2(bp->message_digest, sizeof (bp->message_digest));
+		ND_TCHECK2(bp->message_digest, 16);
                 ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x",
         		       EXTRACT_32BITS(bp->message_digest),
 		               EXTRACT_32BITS(bp->message_digest + 4),
 		               EXTRACT_32BITS(bp->message_digest + 8),
 		               EXTRACT_32BITS(bp->message_digest + 12)));
+	} else if ( (sizeof(struct ntpdata) - length) == 0) { 	/* Optional: key-id + 160-bit digest */
+		ND_TCHECK(bp->key_id);
+		ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
+		ND_TCHECK2(bp->message_digest, 20);
+		ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x%08x",
+		               EXTRACT_32BITS(bp->message_digest),
+		               EXTRACT_32BITS(bp->message_digest + 4),
+		               EXTRACT_32BITS(bp->message_digest + 8),
+		               EXTRACT_32BITS(bp->message_digest + 12),
+		               EXTRACT_32BITS(bp->message_digest + 16)));
         }
 	return;