IETF Logo Mail Archive

Re: [babel] [Babel-users] MAC auth. for Babel in babeld

Toke Høiland-Jørgensen <toke@toke.dk> Wed, 23 September 2020 15:47 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE4F3A11CD for <babel@ietfa.amsl.com>; Wed, 23 Sep 2020 08:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MgYGkaZ5AsNW for <babel@ietfa.amsl.com>; Wed, 23 Sep 2020 08:47:46 -0700 (PDT)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2a0c:4d80:42:2001::664]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FE623A11A6 for <babel@ietf.org>; Wed, 23 Sep 2020 08:47:46 -0700 (PDT)
From: Toke Høiland-Jørgensen <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1600876063; bh=4q/X1HwiBHid92+yij3Wns1I6/p4/cOcOlDSXRQBASA=; h=From:To:Subject:In-Reply-To:References:Date:From; b=jxHe3piM6+07nklLLBakm3b+quWG2hpAbnHY1oSXvV6rAFB/WNX/FUSN6Edb5yk+u y23dhqAwseeFsxjz/aYSiLDdAPeq1wxPMWlpf5MQKSd37CpJJAskKAkvqPYJ/IS29k e5jj6IjeD2Wckkc4bh7csWy808W/DYUpyi20iVK/9Z6Fm4hEYu9G5nsV13RwBzyhy8 hLc02b3f8s/gytq8mgvW6BUBIZpYnvZs36Feg1YVr5lOTM7VAfYqZUyCsW97Fa7DLT 9HZJd2BmKRx/46e5ImI0TKByXxZLTjKbIsBrzjEFWyHTSW/mU1FMI6D2S3nrPpe/do ymz8IKWlCrkwA==
To: Antonin Décimo <antonin.decimo@gmail.com>, Babel at IETF <babel@ietf.org>, babel-users <babel-users@lists.alioth.debian.org>
In-Reply-To: <C5UU6NMIAW8I.3RALHZUWY7BJO@kobain>
References: <C5UU6NMIAW8I.3RALHZUWY7BJO@kobain>
Date: Wed, 23 Sep 2020 17:47:41 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87lfh0o5pe.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/86hpNCQwguK-iUayp0IGKHnwayY>
Subject: Re: [babel] [Babel-users] MAC auth. for Babel in babeld
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 15:47:55 -0000

Antonin Décimo <antonin.decimo@gmail.com> writes:

> Hello Toke,
>
>> I've done basic interoperability testing with the latest version of my
>> MAC implementation for Babel in Bird. They can successfully exchange
>> messages with both hmac-sha256 and blake2s hash algorithms configured.
>
> Yay! Thank you very much! I’m glad it worked (on the first try) :-)

Well, I did test an earlier version of your code against an earlier
version of me, so not quite first try ;)

>> - You don't enforce a minimum key length.
>
> This was on purpose, but maybe it was a bad idea.
>
>> For blake2s this means the key will effectively be zero-padded up to
>> the block size of 32 bytes (not sure what hmac-sha256 does).
>
> hmac-sha256 is the same. Under the block size, the key is padded with
> zeroes, above, the key is pre-hashed.

Yeah, that's what the Bird implementation is doing too. I'm also
limiting the *max* length of keys to avoid the pre-hashing as I figured
that would be an interoperability issue. But if it's standard practice
maybe that is not necessary?

>> For Bird I'm enforcing that the key size must match the hash output
>> size (32 bytes for both blake2s and hmac-sha256). This is based on
>> the security considerations section in the draft; should babeld do
>> the same?
>
> Now babeld requires keys of 32 bytes for both algorithms.

Great!

>> - I think the configuration is a bit verbose. This was the minimal
>> config I needed to enable MAC in babeld:
>>
>> key name test algorithm hmac-sha256 value
>> 7465737474657374746573747465737474657374746573747465737474657374 use
>> both
>> keyset test
>> keyset-add-key test test
>> interface veth0 mac true add-keyset test
>>
>> The two middle lines feel like they are a bit redundant; could we go
>> without them for simple configs?
>
> You’re right; at least the line `keyset test` can go, keysets are now
> implicitly created. I don’t see how I can further simplify without
> losing the idea that interfaces may share keysets and keysets may
> share keys.

The obvious thing would be to assign keys to a "default" keyset if no
explicit keyset is configured, and assign that default keyset to all
interfaces that don't specify one?

I think that would be safer anyway, as right now it's quite easy to
think you've configured authentication, but it's not actually enabled
because there was not key assigned. So I think the interface config
should be bailing out if 'mac true' is set but no key is available...

> One thing that is still buggy in my implementation is to use the
> "default" pseudo-interface with keysets and keys, this may simplify
> the configuration for common usecases.

Yeah, for more complex configurations that will help, of course. I did
not test the config interface extensively, just did the minimum to get
things working ;)

-Toke

v2.23.0 | Report a Bug | By Email