[babel] ANNOUNCE: hmac authentication for Babel, first prototype
Juliusz Chroboczek <jch@irif.fr> Fri, 22 June 2018 21:18 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36DC7130EF1 for <babel@ietfa.amsl.com>; Fri, 22 Jun 2018 14:18:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kftEno7dCEQq for <babel@ietfa.amsl.com>; Fri, 22 Jun 2018 14:18:35 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE70D130EEB for <babel@ietf.org>; Fri, 22 Jun 2018 14:18:34 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/75695) with ESMTP id w5MLHn81030311; Fri, 22 Jun 2018 23:17:49 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 040EFEB22D; Fri, 22 Jun 2018 23:18:31 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 9_ppnPcYagXt; Fri, 22 Jun 2018 23:18:29 +0200 (CEST)
Received: from lanthane.irif.fr (unknown [172.23.36.89]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id A704BEB200; Fri, 22 Jun 2018 23:18:26 +0200 (CEST)
Date: Fri, 22 Jun 2018 23:18:25 +0200
Message-ID: <878t76a5b2.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: babel@ietf.org, babel-users@lists.alioth.debian.org
CC: Weronika Kołodziejak <weronika.kolodziejak@gmail.com>, Clara Dô <clarado_perso@yahoo.fr>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="ISO-8859-2"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Fri, 22 Jun 2018 23:17:49 +0200 (CEST)
X-Miltered: at korolev with ID 5B2D677D.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5B2D677D.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5B2D677D.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/QTjNABf47ptaNkyNPTixDxxcDBE>
Subject: [babel] ANNOUNCE: hmac authentication for Babel, first prototype
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 21:18:39 -0000
Dear all, Clara Dô et Weronika Kołodziejak (in copy of this mail) have just pushed their work on HMAC authentication for babeld to Github: https://github.com/wkolod/babeld branch hmac It's a very early prototype, and has received almost no testing. To use, checkout and compile the hmac branch, and say in your config file: key id key1 type sha1 value deadbeefdeadbeefdeadbeefdeadbeefdeadbeef interface wlan0 hmac key1 The following features are planned but not implemented yet: - multiple keys on a single interface; - key rotation; - restart with loss of state in the absence of a hardware clock. There's a minor bug that we plan to fix next week: - all keys known to babeld are accepted, not just the keys assigned to a given interface. We also need to carefully check the error-handling behaviour, especially for TLV truncation. The protocol ============ The protocol is closely based on the work of Denis Ovsienko (RFC 7298, draft-ovsienko-babel-rfc7298bis-00. The main differences are as follows: (1) rather than inserting the source address into the HMAC TLV before hashing, we use a pseudo-header consisting of the source and destination addresses (suggested by David Schinazi, to whom thanks); (2) the HMAC TLV does not carry an explicit key-ID; instead, we test the received HMAC against all provisioned keys (just one in the normal case, just two during key rotation); (3) the HMAC TLV carries a single opaque field "TS/PC" of size 6 octets; it is not structured into TS and PC, since the distinction is not necessary; (4) the HMAC TLV lives in the packet trailer, which makes it clear what is covered by the HMAC and what isn't; (5) replay protection is slightly different, to avoid the flaw described in my posting of 10 May 2018 to babel@ietf. A neighbour is considered authentic if we received a fresh TS/PC echo from it in the last 30 seconds. Details are likely to change (I think we'll make that 4 * IHU interval). We're pretty sure of ourselves for points 1, 2, and 3. Point 4 is open for discussion -- it makes implementation simpler, but complicates the description of the protocol. Point 5 is likely to change. We are open to suggestions about how to achieve restart with loss of state. Be aware that the internship officially ends by the end of the month, so earlier comments will be even more welcome than later ones. The code ======== A quick guide to the code: - keys live in struct interface and struct buffered; all known keys are in the key table, which is reference counted; - the packet trailer is checked in check_hmac, which is called early in parse_packet; if the HMAC check fails, the packet is dropped straight away, with no further parsing; - a first pass is made over the packet to check for TS/PC and update neighbour authenticity; this is preparse_tspc, called from parse_packet; if the neighbour is not fresh, the packet is dropped straight away; - the packet is then parsed as usual. All together, some 850 lines of code, 730 not counting the configuration parser. Makefile | 10 +- anm.c | 81 +++++++++++++++ anm.h | 31 ++++++ babeld.c | 5 +- configuration.c | 121 ++++++++++++++++++++++- configuration.h | 4 + hmac.c | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hmac.h | 36 +++++++ interface.c | 12 ++- interface.h | 10 ++ message.c | 178 ++++++++++++++++++++++++++++++--- message.h | 10 +- neighbour.c | 5 + neighbour.h | 1 + net.c | 40 +++++++- net.h | 3 +- util.c | 32 ++++++ util.h | 2 + 18 files changed, 851 insertions(+), 30 deletions(-) Enjoy, -- Juliusz
- [babel] ANNOUNCE: hmac authentication for Babel, … Juliusz Chroboczek