nts: negotiate compliant export of AES-128-GCM-SIV keys

Add client and server support for a new NTS-KE record to negotiate use of the compliant key exporter context with the AES-128-GCM-SIV AEAD as specified here: https://chrony-project.org/doc/spec/nts-compliant-128gcm.html
2025-12-07 04:25:06 -05:00 · 2024-09-19 12:08:36 +02:00
parent 2adda9c12c
commit 0707865413
5 changed files with 52 additions and 10 deletions
--- a/nts_ke.h
+++ b/nts_ke.h
@@ -40,6 +40,7 @@
 #define NKE_RECORD_COOKIE               5
 #define NKE_RECORD_NTPV4_SERVER_NEGOTIATION 6
 #define NKE_RECORD_NTPV4_PORT_NEGOTIATION 7
+#define NKE_RECORD_COMPLIANT_128GCM_EXPORT 1024

 #define NKE_NEXT_PROTOCOL_NTPV4         0