IETF Logo Mail Archive

Re: [babel] hmac info model elements

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 04 January 2019 23:12 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49C0130EA8 for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 15:12:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_qyC6bFpvxs for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 15:12:57 -0800 (PST)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF06126BED for <babel@ietf.org>; Fri, 4 Jan 2019 15:12:57 -0800 (PST)
Received: by mail-pg1-x52d.google.com with SMTP id s198so18077486pgs.2 for <babel@ietf.org>; Fri, 04 Jan 2019 15:12:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=wU0IEiNgiplJEFNv6lRs7/rJZ1M4fPZgcYs+gweIh0Y=; b=TT5IGiAOtsrvmoCKM/wGIC5P/Tgkv/qLji2rZ2nHEa2uuUy8n+uLdJoCAKhP1m2px6 DyChWOf1riyJLJkNXzm4ft3Gd2xA5gx6C7VZu9pbRz5eeXOiqreQxYk2372/N2RJRmtB AfDUuvIeCd1zO6bzXvoBcqA1X5gaBtLx5y31cskkRgoov1IekpUQooycVnUw4btgKZ/U szYv77tzHLsUGa3OaiV/xH1bYnia+03VPQH+5BpCNJVIWYWKqzhg91cpQNxsOkce0P1I Hxb3Ao5APL2POS+0Zaus9MARTEcxBDbv1+nGaGJ0Q3/s9qQAqXsYyokPoulUfczJePDT +OSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=wU0IEiNgiplJEFNv6lRs7/rJZ1M4fPZgcYs+gweIh0Y=; b=h4bfIBCU1FvSY/yU7Dbq01tXYmnOcnGQvA5LolBc2KjGy+mjedcwAs7MwV8qVSRY3W PBP9Srl6BnLvGSYdnq21ZsNQDLcAP5U/Mrc1tEPqAIctS7aYb4Ptg/OItgP2hGRFkSD9 YBlMEu6ebnwaoh6iDltLNkQQGcguSD/qc3TnRcsnKd2ymglL12TNuSceKqSJtsrWeXg0 ki2jNRoMVxp7ISVjFCt2CPhrYt2HBnZME9gq9YVXWCfP5YRIWZwGRy+ot4/ThQtlD5h5 RDUai7n4arBtmhvJcnfZ5FXhqt6zxPSDFML6AeRn2N6FCpKPhBb/bMEuUY0/45RXaHjh X1ZQ==
X-Gm-Message-State: AJcUukdxXhxHi0RiMi7y/P1WOtf+OQelx+oinoxdGs+oIWwef5NycSWv 8q78GkyYEC01ns8+lfdEPHc=
X-Google-Smtp-Source: ALg8bN49OU2WLcOYCv/x0lmaVlFtigKMkh5Tt+2Gihg9G+cTvpDwuuUTGEb2ZNLfqGUriSRKJTOqQA==
X-Received: by 2002:a63:cd11:: with SMTP id i17mr3234734pgg.345.1546643576849; Fri, 04 Jan 2019 15:12:56 -0800 (PST)
Received: from [10.33.122.97] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id 19sm114868558pfs.108.2019.01.04.15.12.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 15:12:55 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <D3140959-D1C1-4DD7-A4C3-A636F0353376@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0DBDB6A3-BDD9-492A-95BA-86FEA2F0C140"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 04 Jan 2019 15:12:53 -0800
In-Reply-To: <C7A7F306-7BC3-4800-BD96-A62A7B621C3E@gmail.com>
Cc: "STARK, BARBARA H" <bs7652@att.com>, Babel at IETF <babel@ietf.org>
To: Dave Taht <dave.taht@gmail.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF7EECB@GAALPA1MSGUSRBF.ITServices.sbc.com> <91CABBA9-DFC0-48C5-9A36-E2B12FC376D9@gmail.com> <2D09D61DDFA73D4C884805CC7865E6114DF8354B@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAA93jw6fUrEjUvN4xc_1Q1d+b6spUuVVWK3p7AO9yNt1Uudhyg@mail.gmail.com> <C7A7F306-7BC3-4800-BD96-A62A7B621C3E@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/8OhBhIlJuCGTbZmk0PLPK3_0-xc>
Subject: Re: [babel] hmac info model elements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 23:13:00 -0000


> On Jan 4, 2019, at 3:08 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> 
> 
> 
>> On Jan 4, 2019, at 12:02 PM, Dave Taht <dave.taht@gmail.com <mailto:dave.taht@gmail.com>> wrote:
>> 
>> On Fri, Jan 4, 2019 at 11:54 AM STARK, BARBARA H <bs7652@att.com <mailto:bs7652@att.com>> wrote:
>>> 
>>>>> We had discussed previously that keys should not be readable -- only add
>>>> and delete keys. In this case, it's good for a non-readable parameter to have
>>>> a "nickname" or index to reference it with. And it can be useful to know
>>>> when the key was added. In my experience, these sorts of shared keys are
>>>> modeled as strings.
>>>> 
>>>> I would think the keys are modeled as binary.
>>> 
>>> That depends on how we generally expect the keys to be generated. If we think they'll be randomly generated by a centralized machine, then binary makes sense. If we think they'll be created by a human being who will input them through a keyboard, then string makes sense. I was thinking the latter would be more common. I'm curious what others think?
>> 
>> What I wanted was a representation that was standard and unambiguous.
>> 0xdeadbeef for a hex representation, base64
>> (https://tools.ietf.org/html/rfc4648#page-7 <https://tools.ietf.org/html/rfc4648#page-7>) or (
>> http://docs.ros.org/diamondback/api/wpa_supplicant/html/base64_8c.html <http://docs.ros.org/diamondback/api/wpa_supplicant/html/base64_8c.html>
>> ) for all else.
> 
> YANG does not have a data type for base64. It uses base64 as an encoding, e.g. binary data is encoded as base64 for transmission over the wire. But you do not represent/configure the data using base64 in YANG. The choices would be string or binary.

Sorry. I should have added that RFC8177, YANG Key Chain, models keys as either string or hexadecimal (not binary).

             choice key-string-style {
               description
                 "Key string styles";
                case keystring {
                  leaf keystring {
                   type string;
                   description
                     "Key string in ASCII format.";
                 }
               }
               case hexadecimal {
                 if-feature "hex-key-string";
                 leaf hexadecimal-string {
                   type yang:hex-string;
                   description
                     "Key in hexadecimal string format.  When compared
                      to ASCII, specification in hexadecimal affords
                      greater key entropy with the same number of
                      internal key-string octets.  Additionally, it
                      discourages usage of well-known words or
                      numbers.";
                 }
               }
             }

> 
>>>>> Appendix A (incremental deployment and key rotation) indicates it should
>>>> be possible to configure a mode where authenticated packets are sent but all
>>>> packets are accepted.
>>>>> Multiple HMAC algorithms are possible. The draft doesn't say how the
>>>> nodes know which algorithm is being used (if multiple are implemented). The
>>>> draft does say that only one HMAC is calculated per key. Is it assumed the
>>>> algorithm choice is configured?
>>>>> Should the challenge expiry timer be configurable?
>>>>> I've decided to have completely separate HMAC and DTLS objects, because
>>>> they're very different now that I have detailed designs to work with.
>>>>> I'm adding an "operation" datatype to support key and cert manipulation.
>>>> This is intended to be consistent with YANG "action" datatype.
>>>> 
>>>> Is the idea that there is both an input and an output expected for key and
>>>> cert manipulation? If it is input only, i.e. configuring key and cert., then you
>>>> would not need an action type. Having said that, in the examples you give
>>>> below, I expect delete to be an action.
>>> 
>>> The only output needed is the result of the operation (success or failure).
>>> As I think about why BBF went with an operation for adding/deleting a X.509 cert, I realize it had to do with things related to its being an X.509 cert and not a "credential". So I think I agree with you here that for an HMAC key, the regular model manipulation mechanisms are fine (including for delete) and the key can just be noted as non-readable.
>>> 
>>>> I am not clear on the ‘check-key’ operation. I would expect that the device is
>>>> either enabled or disabled to check for HMAC. If enabled, and when a packet
>>>> is received, the receiver will compute the HMAC (using the key configured
>>>> for it) on the packet and compare it what is in the packet. If the HMAC
>>>> compariosn fails, the receiver will drop the packet, and log a count of
>>>> dropped packets because of mismatch. Why would the management plane
>>>> need to perform a ‘check-key’ operation?
>>> 
>>> We're making the key non-readable, once written. The check-key operation gives the router something to hash, and a hash of that something that you've created on your end (using what you think the key is), and asks the router if the hash it creates is the same as the hash you created. If yes, then you know (1) the key is what you think it is, and (2) the hash is being computed using the algorithm you think it is using. If the HMAC comparison is consistently failing, this can be a useful troubleshooting mechanism (especially when setting up a new network using routers with different implementations). Just knowing the packet is getting dropped doesn't tell you much. There are many things that could cause droppage.
>>> But this would be optional to support. And I won't insist on it if others don't think it's a good idea.
>>> It's similar to a fingerprint comparison done for an X.509 certificate.
>>> 
>>>>> Proposed HMAC model:
>>>>> add to top level information-obj:
>>>>> babel-hmac-algorithms (enumerated list of supported HMAC computation
>>>>> algorithms)
>>>>> 
>>>>> security-hmac-obj
>>>>> security-hmac-enable (boolean: enable / disable this instance)
>>>>> security-hmac-mode (Boolean: do or don't authenticate received
>>>>> packets)
>>>> 
>>>> I have the same question as Toke here.
>>> 
>>> OK. I've sent a reply to Toke's email.
>>> 
>>>>> security-hmac-algorithm (string: one of the supported HMAC
>>>>> algorithms)
>>>> 
>>>> You mean one of the enum values defined above.
>>> 
>>> Yes.
>>> 
>>>> Thanks for putting this together.
>>>> 
>>>>> security-interfaces (string list of references to interfaces-obj: the
>>>>> interfaces this instance applies to; if empty, it applies to all interfaces)
>>>> security-add-hmac-key (operation: inputs (reference name, key))
>>>>>    hmac-key-obj
>>>>>        key-name (string: reference name)
>>>>>        key-date (datetime: timestamp when key was added)
>>>>>        delete-key (operation)
>>>>>        check-key (operation: inputs (string, HMAC of string)) ; the node does
>>>> its own HMAC computation of the input string and compares this to the input
>>>> HMAC of string; if the computed and input HMAC are the same the operation
>>>> succeeds.
>>>>> 
>>>>> Thoughts?
>>>>> Barbara
>>>>> 
>>>>> _______________________________________________
>>>>> babel mailing list
>>>>> babel@ietf.org <mailto:babel@ietf.org>
>>>> 
>>>> Mahesh Jethanandani
>>>> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
>>> _______________________________________________
>>> babel mailing list
>>> babel@ietf.org <mailto:babel@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/babel <https://www.ietf.org/mailman/listinfo/babel>
>> 
>> 
>> 
>> -- 
>> 
>> Dave Täht
>> CTO, TekLibre, LLC
>> http://www.teklibre.com <http://www.teklibre.com/>
>> Tel: 1-831-205-9740
> 
> Mahesh Jethanandani
> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
> 
> 
> 

Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email