simple_nts_client 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fc37d0334da875bdc71e5089fc001e0ce29772ab238db3ca93f750f25579d417
+  data.tar.gz: c432c7f707cdbe678df8181881900525d39fa6e502190924fb3b6025ad5ca63e
+SHA512:
+  metadata.gz: 054d1484e8d6c17b1da9f183edd9c18c79fe83b86747555774a551b6791460a67c9c6aff5dff5ef5b9bda1a47e8613e58ceec5dd2ae3848253dc8718973bcbb2
+  data.tar.gz: ee2d152f81b731ab6e9213acb11b8e7af43366cb6565a3369000efbb8f8d005f2f46dbdde95708fa3c1b7e26917a94cc79eafb62834cbaab9042535645ef3503

data/.gitignore

@@ -0,0 +1,16 @@
+*.gem
+/vendor/
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/tmp/
+
+.byebug_history
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+.rvmrc

data/.rubocop.yml

@@ -0,0 +1,24 @@
+AllCops:
+  TargetRubyVersion: 2.6
+
+Style/Documentation:
+  Enabled: false
+
+Style/NumericLiterals:
+  Enabled: false
+
+Style/BlockDelimiters:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 30
+
+Metrics/MethodLength:
+  Max: 30
+
+Naming/UncommunicativeMethodParamName:
+  MinNameLength: 1
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/*.rb'

data/.travis.yml

@@ -0,0 +1,17 @@
+sudo: false
+
+language: ruby
+
+rvm:
+  - 2.6.3
+  - ruby-head
+
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+
+before_install:
+  - gem install bundler
+  - bundle install
+
+script: bundle exec rake

data/Gemfile

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gem 'miscreant'
+gem 'rake'
+gem 'tttls1.3', '>= 0.2.7'
+
+group :test do
+  gem 'pry'
+  gem 'pry-byebug'
+  gem 'rspec', '3.8.0'
+  gem 'rubocop', '0.68.1'
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Tomoya Kuwayama
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+# simple_nts_client
+
+[![Gem Version](https://badge.fury.io/simple_nts_client.svg)](https://badge.fury.io/rb/simple_nts_client)
+[![Build Status](https://travis-ci.org/thekuwayama/simple_nts_client.svg?branch=master)](https://travis-ci.org/thekuwayama/simple_nts_client)
+[![Maintainability](https://api.codeclimate.com/v1/badges/7b34a4868f1e297af084/maintainability)](https://codeclimate.com/github/thekuwayama/simple_nts_client/maintainability)
+
+simple\_nts\_client is CLI that is simple NTS(Network Time Security) Client implementation.
+This CLI prints the now timestamp got with NTS.
+Current implementation is based on:
+
+* [draft-ietf-ntp-using-nts-for-ntp-20](https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20)
+
+
+## Installation
+
+The gem is available at [rubygems.org](https://rubygems.org/gems/simple_nts_client). You can install it the following:
+
+```bash
+$ gem install simple_nts_client
+```
+
+
+## Usage
+
+```bash
+$ simple_nts_client --help
+Usage: simple_nts_client [options]
+    -s, --server VALUE               NTS-KE server name (default time.cloudflare.com)
+    -p, --port VALUE                 NTS-KE port number (default 1234)
+    -v, --verbose                    verbose mode       (default false)
+```
+
+You can run it the following:
+
+```bash
+$ simple_nts_client
+2019-07-20 06:00:00 +0900
+```
+
+If you need to access other NTS-KE server or port, you can run it the following:
+
+```bash
+$ simple_nts_client --server YOURSERVER --port YOURPORT
+2019-07-20 06:00:00 +0900
+```
+
+
+## How "simple" client?
+
+* The CLI supports only `AEAD_AES_SIV_CMAC_256` as AEAD algorithms to protect the NTPv4 packet.
+* The CLI sends the first one of the received cookies via the response of the New Cookie for NTPv4 record and discards cookies that didn't send.
+* The CLI just prints the timestamp adjusted by calculated system clock offset.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+require 'rspec/core/rake_task'
+
+RuboCop::RakeTask.new
+RSpec::Core::RakeTask.new(:spec)
+
+task default: %i[rubocop spec]

data/exe/simple_nts_client

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+$LOAD_PATH << __dir__ + '/../lib'
+
+require 'nts'
+
+Nts::CLI.new.run

data/lib/nts/cli.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'optparse'
+
+module Nts
+  class CLI
+    # rubocop: disable Metrics/MethodLength
+    def parse_options(argv = ARGV)
+      op = OptionParser.new
+
+      # default value
+      opts = {
+        server: 'time.cloudflare.com',
+        port: 1234,
+        verbose: false
+      }
+
+      op.on(
+        '-s',
+        '--server VALUE',
+        "NTS-KE server name (default #{opts[:server]})"
+      ) do |v|
+        opts[:server] = v
+      end
+
+      op.on(
+        '-p',
+        '--port VALUE',
+        "NTS-KE port number (default #{opts[:port]})"
+      ) do |v|
+        opts[:port] = v
+      end
+
+      op.on(
+        '-v',
+        '--verbose',
+        "verbose mode       (default #{opts[:verbose]})"
+      ) do |v|
+        opts[:verbose] = v
+      end
+
+      begin
+        op.parse(argv)
+      rescue OptionParser::InvalidOption => e
+        puts op.to_s
+        puts "error: #{e.message}"
+        exit 1
+      end
+
+      opts
+    end
+    # rubocop: enable Metrics/MethodLength
+
+    def run
+      opts = parse_options
+
+      # NTS-KE
+      ntske_client = Ntske::Client.new(opts[:server], opts[:port])
+      hostname, ntp_port, cookies, c2s_key, s2c_key = ntske_client.key_establish
+      hostname ||= opts[:server]
+      ntp_port ||= 123
+
+      # verbose mode
+      if opts[:verbose]
+        puts "# NTPv4 Server          => #{hostname}"
+        puts "# NTPv4 Port            => #{ntp_port}"
+        puts "# Cookie for NTPv4(hex) => #{cookies.first.unpack1('H*')}"
+        puts "# client-to-server(hex) => #{c2s_key.unpack1('H*')}"
+        puts "# server-to-client(hex) => #{s2c_key.unpack1('H*')}"
+      end
+
+      # NTS protected NTP
+      ntp_client = Nts::Sntp::Client.new(
+        hostname,
+        ntp_port,
+        cookies.first,
+        c2s_key,
+        s2c_key
+      )
+      puts ntp_client.what_time
+    end
+  end
+end

data/lib/nts/ntske/client.rb

@@ -0,0 +1,100 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    class Client
+      ALPN = 'ntske/1'
+      private_constant :ALPN
+
+      KE_LABEL = 'EXPORTER-network-time-security/1'
+      private_constant :KE_LABEL
+
+      # @param hostname [String]
+      # @param port [Integer]
+      def initialize(hostname, port)
+        @hostname = hostname
+        @port = port
+      end
+
+      # @return [String | nil] NTPv4 Server
+      # @return [Integer | nil] NTPv4 Port
+      # @return [Array of String] Cookies for NTPv4
+      # @return [String] C2S key
+      # @return [String] S2C key
+      # rubocop: disable Metrics/AbcSize
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/MethodLength
+      # rubocop: disable Metrics/PerceivedComplexity
+      def key_establish
+        sock = TCPSocket.new(@hostname, @port)
+        client = TTTLS13::Client.new(sock, @hostname, alpn: [ALPN])
+        client.connect
+        req = [
+          NtsNextProtocolNegotiation.new,
+          AeadAlgorithmNegotiation.new([AeadAlgorithm::AEAD_AES_SIV_CMAC_256]),
+          EndOfMessage.new
+        ]
+        client.write(req.map(&:serialize))
+        res = []
+        buffer = ''
+        loop do
+          read, = IO.select([sock], nil, nil, 1)
+          if read.nil?
+            warn 'Timeout: receiving for NTS-KE messages'
+            exit 1
+          else
+            r, b = Ntske.response_deserialize(buffer + client.read)
+            res += r
+            buffer = b
+          end
+
+          # Error
+          er = res.find { |m| m.is_a?(ErrorRecord) }
+          raise "received Error(#{er.error_code.unpack1('n')})" unless er.nil?
+
+          # Warning
+          wr = res.find { |m| m.is_a?(WarningRecord) }
+          raise "received Warning(#{wr.warning_code})" unless wr.nil?
+
+          # End of Message
+          break if res.last&.is_a?(EndOfMessage) &&
+                   res.count { |m| m.is_a?(EndOfMessage) } == 1 &&
+                   buffer.empty?
+        end
+
+        # Next Protocol Negotiation
+        npn = res.select { |m| m.is_a?(NtsNextProtocolNegotiation) }
+        raise Exception if npn.nil? || npn.length != 1
+
+        # NTPv4 Server
+        server = res.find { |m| m.is_a?(Ntsv4ServerNegotiation) }&.server
+
+        # NTPv4 Port
+        port = res.find { |m| m.is_a?(Ntsv4PortNegotiation) }&.port
+
+        # Cookies for NTPv4
+        cookies = res.select { |m| m.is_a?(Cookie) }&.map(&:cookie)
+        raise Exception if cookies.empty?
+
+        # AEAD algorithm => C2S, S2C key
+        # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-5.1
+        alg = res.find { |m| m.is_a?(AeadAlgorithmNegotiation) }&.algorithms
+                &.first
+        raise Exception if alg.nil?
+
+        key_len = 32 # only support AEAD_AES_SIV_CMAC_256
+        # NTPv4 context | AEAD Algorithm | C2S  / S2C
+        # 0x00 0x00     | [refer IANA]   | 0x00 / 0x01
+        c2s_key = client.exporter(KE_LABEL, "\x00\x00" + alg + "\x00", key_len)
+        s2c_key = client.exporter(KE_LABEL, "\x00\x00" + alg + "\x01", key_len)
+
+        [server, port, cookies, c2s_key, s2c_key]
+      end
+      # rubocop: enable Metrics/AbcSize
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/MethodLength
+      # rubocop: enable Metrics/PerceivedComplexity
+    end
+  end
+end

data/lib/nts/ntske/message/aead_algorithm_negotiation.rb

@@ -0,0 +1,47 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://www.iana.org/assignments/aead-parameters/aead-parameters.xhtml#aead-parameters-2
+    module AeadAlgorithm
+      AEAD_AES_SIV_CMAC_256 = "\x00\x0F"
+    end
+
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.5
+    class AeadAlgorithmNegotiation < Record
+      attr_reader :algorithms
+
+      # @param algorithms [Array of Nts::Ntske::AeadAlgorithm constants]
+      # @param c [Boolean]
+      #
+      # example:
+      #     AeadAlgorithmNegotiation.new([
+      #         AeadAlgorithm::AEAD_AES_SIV_CMAC_256
+      #     ])
+      def initialize(algorithms, c = false)
+        super(c, RecordType::AEAD_ALGORITHM_NEGOTIATION)
+        @algorithms = algorithms
+      end
+
+      # @param s [String]
+      # @param c [Boolean]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::AeadAlgorithmNegotiation]
+      def self.deserialize(s, c)
+        raise Exception unless (s.length % 2).zero?
+
+        AeadAlgorithmNegotiation.new(s.scan(/.{2}/), c)
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        @algorithms.join
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/cookie.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.6
+    class Cookie < Record
+      attr_reader :cookie
+
+      # @param cookie [String]
+      # @param c [Boolean]
+      def initialize(cookie, c = false)
+        super(c, RecordType::NEW_COOKIE_FOR_NTPV4)
+
+        @cookie = cookie
+      end
+
+      # @param s [String]
+      # @param c [Boolean]
+      #
+      # @return [Nts::Ntske::Cookie]
+      def self.deserialize(s, c)
+        Cookie.new(s, c)
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        @cookie
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/end_of_message.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.1
+    class EndOfMessage < Record
+      def initialize
+        super(true, RecordType::END_OF_MESSAGE)
+      end
+
+      # @param s [String]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::EndOfMessage]
+      def self.deserialize(s)
+        raise Exception unless s.empty?
+
+        EndOfMessage.new
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        ''
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/error_record.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.3
+    module ErrorCode
+      UNRECOGNIZED_CRITICAL_RECORD = "\x00\x00"
+      BAD_REQUEST                  = "\x00\x01"
+    end
+
+    class ErrorRecord < Record
+      attr_reader :error_code
+
+      # @param error_code [Nts::Ntske::ErrorCode constant]
+      def initialize(error_code)
+        super(true, RecordType::ERROR)
+        @error_code = error_code
+      end
+
+      # @param s [String]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::ErrorRecord]
+      def self.deserialize(s)
+        raise Exception unless s.length == 2
+
+        ErrorRecord.new(s)
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        @error_code
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/nts_next_protocol_negotiation.rb

@@ -0,0 +1,35 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.2
+    class NtsNextProtocolNegotiation < Record
+      attr_reader :next_protocol
+
+      def initialize
+        super(false, RecordType::NTS_NEXT_PROTOCOL_NEGOTIATION)
+        @next_protocol = "\x00\x00" # Protocol ID 0 (NTPv4)
+      end
+
+      # @param s [String]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::NtsNextProtocolNegotiation]
+      def self.deserialize(s)
+        # only support NTPv4
+        raise Exception unless s == "\x00\x00"
+
+        NtsNextProtocolNegotiation.new
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        @next_protocol
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/ntsv4_port_negotiation.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.8
+    class Ntsv4PortNegotiation < Record
+      attr_reader :port
+
+      # @param port [Integer]
+      # @param c [Boolean]
+      def initialize(port, c = false)
+        super(c, RecordType::NTPV4_PORT_NEGOTIATION)
+        @port = port
+      end
+
+      # @param s [String]
+      # @param c [Boolean]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::Ntsv4PortNegotiation]
+      def self.deserialize(s, c)
+        raise Exception unless s.length == 2
+
+        Ntsv4PortNegotiation.new(s.unpack1('n'), c)
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        [@port].pack('n1')
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/ntsv4_server_negotiation.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.7
+    class Ntsv4ServerNegotiation < Record
+      attr_reader :server
+
+      # @param server [String]
+      # @param c [Boolean]
+      def initialize(server, c = false)
+        super(c, RecordType::NTPV4_SERVER_NEGOTIATION)
+        @server = server
+      end
+
+      # @param s [String]
+      # @param c [Boolean]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske::Ntsv4ServerNegotiation]
+      def self.deserialize(s, c)
+        raise Exception if s.nil? || s.empty?
+
+        Ntsv4ServerNegotiation.new(s, c)
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        @server
+      end
+    end
+  end
+end

data/lib/nts/ntske/message/warning_record.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Nts
+  module Ntske
+    # https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-20#section-4.1.4
+    class WarningRecord < Record
+      attr_reader :warning_code
+
+      # @param warning_code [Integer]
+      def initialize(warning_code)
+        super(true, RecordType::WARNING)
+        @warning_code = warning_code
+      end
+
+      # @param s [String]
+      #
+      # @raise [Exception]
+      #
+      # @return [Nts::Ntske:WarningRecord]
+      def self.deserialize(s)
+        raise Exception unless s.length == 2
+
+        WarningRecord.new(s.unpack1('n'))
+      end
+
+      private
+
+      # @return [String]
+      def serialize_body
+        [@warning_code].pack('n1')
+      end
+    end
+  end
+end