MC's Journal

NTS developments

Once again $DAYJOB sponsored a mini hackathon in Malmö during the IETF hackathon. Martin “cos” Samuelsson, Daniel “quite” Lublin and I gathered in Netnod's southern office for two days of hacking on Network Time Security (NTS), the authenticated flavour of the Network Time Protocol (NTP).

See my first post about Network Time Security for an introduction to NTS.

The first few hours my daughter graced us with her presence and left a few traces...

Omni also came by for a while and helped us reading specs.

The hackathon sort of dragged on for a couple of days into my summer vacation. We now have a working NTS client written in Go!

NTS/NTP package

A friendly fork of beevik/ntp with NTS support:

https://github.com/mchackorg/ntp

Use it like this:

options := ntp.QueryOptions{ NTS: true, C2s: c2sKey, S2c: s2cKey }
resp, err := ntp.QueryWithOptions(server, opt)

Authenticated time is now available in resp.Time.

NTS-KE

An NTS-KE library for doing the initial key exchange:

https://gitlab.com/hacklunch/ntske

NTS client

A small NTS client using the above libraries:

https://gitlab.com/hacklunch/ntsclient/

Use with -set to actually set system time.

This is still a work in progress but seems to work fine against for example time.cloudflare.com:1234 and zoo.weinigel.se:4446.

I'm not formally working on NTS during work hours so I'm glad I had the chance to do at least something on the project.