package module
Version: v0.0.0-...-e09fea3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2020 License: ISC Imports: 10 Imported by: 2


Network Time Security Key Exchange Protocol

Network Time Security (NTS) is a development of the venerable Network Time Protocol (NTP). NTS defines a separate Network Time Security Key Establishment (NTS-KE) protocol to set up keys and initial cookies. This is an implementation of NTS-KE in Golang.

This project is a part of an NTS implementation. Other parts:




View Source
const (
	RecEom       uint16 = 0
	RecNextproto uint16 = 1
	RecError     uint16 = 2
	RecWarning   uint16 = 3
	RecAead      uint16 = 4
	RecCookie    uint16 = 5
	RecServer    uint16 = 6
	RecPort      uint16 = 7

NTS-KE record types

View Source
const (
	AES_SIV_CMAC_256   = 0x0f
View Source
const NTPv4 uint16 = 0


This section is empty.


This section is empty.


type Algorithm

type Algorithm struct {
	Algo []uint16

Algorithm is the record type for a list of AEAD algorithm we can use.

type Cookie struct {
	Cookie []byte

Cookie is an NTS cookie to be used when querying time over NTS.

type Data

type Data struct {
	C2sKey []byte
	S2cKey []byte
	Server string
	Port   uint16
	Cookie [][]byte
	Algo   uint16

Data is negotiated data from the Key Exchange

type End

type End struct {

End is the End of Message record.

type Error

type Error struct {
	Code uint16

Error is the record type to send errors to the other end. Put error code in Code.

type ExchangeMsg

type ExchangeMsg struct {
	Record []Record

ExchangeMsg is a representation of a series of records to be sent to the peer.

func (*ExchangeMsg) AddRecord

func (m *ExchangeMsg) AddRecord(rec Record)

AddRecord adda new record type to a Key Exchange message.

func (ExchangeMsg) Pack

func (m ExchangeMsg) Pack() (buf *bytes.Buffer, err error)

Pack allocates a buffer and packs all records into wire format in that buffer.

func (ExchangeMsg) String

func (m ExchangeMsg) String()

String prints a description of all recortds in the Key Exchange message.

type KeyExchange

type KeyExchange struct {
	Conn *tls.Conn

	Meta  Data
	Debug bool
	// contains filtered or unexported fields

KeyExchange is Network Time Security Key Exchange connection

func Connect

func Connect(hostport string, config *tls.Config, debug bool) (*KeyExchange, error)

Connect connects to host:port and establishes an NTS-KE connection. If :port is left out, protocol default port is used. No further action is done.

func NewListener

func NewListener(listener net.Listener) (*KeyExchange, error)

func (*KeyExchange) Exchange

func (ke *KeyExchange) Exchange() error

Exchange initiates a client exchange using sane defaults on a connection already established with Connect(). After a succesful run negotiated data is in ke.Meta.

func (*KeyExchange) ExportKeys

func (ke *KeyExchange) ExportKeys() error

ExportKeys exports two extra sessions keys from the already established NTS-KE connection for use with NTS.

func (*KeyExchange) Read

func (ke *KeyExchange) Read() error

Read reads incoming NTS-KE messages until an End of Message record is received or an error occur. It fills out the ke.Meta structure with negotiated data.

type NextProto

type NextProto struct {
	NextProto uint16

NextProto record. Tells the other side we want to speak NTP, probably. Set to 0.

type Port

type Port struct {
	Port     uint16
	Critical bool

Port is the NTP Port record, telling the client to use this port for the next protocol query. Critical bit is optional. Set Critical to true if you want it set.

type Record

type Record interface {
	Header() RecordHdr
	// contains filtered or unexported methods

Record is the interface all record types must implement. Header() returns the record header. string() returns a printable representation of the record type. pack() packs the record into wire format.

type RecordHdr

type RecordHdr struct {
	Type    uint16 // First bit is Critical bit
	BodyLen uint16

RecordHdr is the header on all records send in NTS-KE. The first bit of the Type is the critical bit.

func (RecordHdr) Header

func (h RecordHdr) Header() RecordHdr

type Server

type Server struct {
	Addr     []byte
	Critical bool

Server is the NTP Server record, telling the client to use a certain server for the next protocol query. Critical bit is optional. Set Critical to true if you want it set.

type Warning

type Warning struct {
	Code uint16

Warning is the record type to send warnings to the other end. Put warning code in Code.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL