IETF Logo Mail Archive

Re: [babel] hmac info model elements

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 04 January 2019 23:08 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0708B130EA1 for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 15:08:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PsxoxVali3B for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 15:08:35 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30A0B126BED for <babel@ietf.org>; Fri, 4 Jan 2019 15:08:34 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id y1so18030284plp.9 for <babel@ietf.org>; Fri, 04 Jan 2019 15:08:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YQFkf5qCXt+IesIZLJNjoRygZzyQyTM8IS8yJaqwjgw=; b=DBg7pv68BX19tsE7nZ19fGgrLZGRYiaAv6HGj6cCuZGI8T+2dckroWkKIoGpLeOZIg PEfPAndH/Jv0CcreAzoqW5p7HPdqOhKr5D42J9E/BlxZj4lB7eYn5wR3yDr7wHI6SVDM J+NSrX5Y6QsWsTVucJEI3bJ3WbwMdHbKwjKGPz1iAP5/VWzBcHad/GQ+c6VEJ+kfPP2Q nTkngq0eMTOLd15VS8NS/NCffYiTUL0UoHS00R9IlDQnN6iqIAhBRja25yi7+oXzVWbM 2AWnYXVVQvCgi66cOLPUjeNe+A23tn+NnUwFCLaWXmmju1iqNR0hdRmhOT451iB8bSnv ZaUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YQFkf5qCXt+IesIZLJNjoRygZzyQyTM8IS8yJaqwjgw=; b=Y1MNBO7LihuzmZFxaoz3LuSKcXwJrzLuNydaLFXiqICeSvKAClT5/286yhLX6ELPuE XVDaOIiNjWiWwvZaTwbyiU57Odskk9T6nrr8zLmrg78rUTnlAL3t90I1mctoow1i8/nH y0Ljf2APdb8UEX7YjPX49Oyzf4ag/pxdIP9mQ0SoDM4FL+9P4GcHuhNyRJyh2hIz0YxC L5tqsOSHX1SHp0u7/P+CFboDrr57oKe3UvJAJK+ZmzWsEOeUJ1frLetXYFSgWfP/rUua SMIvZF3KXVaYy0tVbAYHoDopRkBcPbXc5LGoFmpTr7DoHa3lqHHZTBY0XnVQ9PTNygvj qyeg==
X-Gm-Message-State: AJcUukenCax9PSnErLScNE40gzMxOUOaNZVL9i1DxZk8lGZ14j0d7iNQ oCz+6HGIB6+Ejk7YMBu9vxE=
X-Google-Smtp-Source: ALg8bN6Tigj7l3z7nlmBPtQREWvZt2n88co3Yj7WpF24iewKtWRKx9E2Fb5S1eovC+UNjtKwNh4Uqw==
X-Received: by 2002:a17:902:ba8b:: with SMTP id k11mr52253442pls.177.1546643314326; Fri, 04 Jan 2019 15:08:34 -0800 (PST)
Received: from [10.33.122.97] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id a195sm111918778pfa.7.2019.01.04.15.08.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 15:08:32 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <C7A7F306-7BC3-4800-BD96-A62A7B621C3E@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B80312C5-F546-4374-BB3E-07E22E8B0A43"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 04 Jan 2019 15:08:31 -0800
In-Reply-To: <CAA93jw6fUrEjUvN4xc_1Q1d+b6spUuVVWK3p7AO9yNt1Uudhyg@mail.gmail.com>
Cc: "STARK, BARBARA H" <bs7652@att.com>, Babel at IETF <babel@ietf.org>
To: Dave Taht <dave.taht@gmail.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF7EECB@GAALPA1MSGUSRBF.ITServices.sbc.com> <91CABBA9-DFC0-48C5-9A36-E2B12FC376D9@gmail.com> <2D09D61DDFA73D4C884805CC7865E6114DF8354B@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAA93jw6fUrEjUvN4xc_1Q1d+b6spUuVVWK3p7AO9yNt1Uudhyg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/hZoGe_us1IvrP7LmRYjNkNkc56k>
Subject: Re: [babel] hmac info model elements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 23:08:38 -0000


> On Jan 4, 2019, at 12:02 PM, Dave Taht <dave.taht@gmail.com> wrote:
> 
> On Fri, Jan 4, 2019 at 11:54 AM STARK, BARBARA H <bs7652@att.com <mailto:bs7652@att.com>> wrote:
>> 
>>>> We had discussed previously that keys should not be readable -- only add
>>> and delete keys. In this case, it's good for a non-readable parameter to have
>>> a "nickname" or index to reference it with. And it can be useful to know
>>> when the key was added. In my experience, these sorts of shared keys are
>>> modeled as strings.
>>> 
>>> I would think the keys are modeled as binary.
>> 
>> That depends on how we generally expect the keys to be generated. If we think they'll be randomly generated by a centralized machine, then binary makes sense. If we think they'll be created by a human being who will input them through a keyboard, then string makes sense. I was thinking the latter would be more common. I'm curious what others think?
> 
> What I wanted was a representation that was standard and unambiguous.
> 0xdeadbeef for a hex representation, base64
> (https://tools.ietf.org/html/rfc4648#page-7 <https://tools.ietf.org/html/rfc4648#page-7>) or (
> http://docs.ros.org/diamondback/api/wpa_supplicant/html/base64_8c.html <http://docs.ros.org/diamondback/api/wpa_supplicant/html/base64_8c.html>
> ) for all else.

YANG does not have a data type for base64. It uses base64 as an encoding, e.g. binary data is encoded as base64 for transmission over the wire. But you do not represent/configure the data using base64 in YANG. The choices would be string or binary.

>>>> Appendix A (incremental deployment and key rotation) indicates it should
>>> be possible to configure a mode where authenticated packets are sent but all
>>> packets are accepted.
>>>> Multiple HMAC algorithms are possible. The draft doesn't say how the
>>> nodes know which algorithm is being used (if multiple are implemented). The
>>> draft does say that only one HMAC is calculated per key. Is it assumed the
>>> algorithm choice is configured?
>>>> Should the challenge expiry timer be configurable?
>>>> I've decided to have completely separate HMAC and DTLS objects, because
>>> they're very different now that I have detailed designs to work with.
>>>> I'm adding an "operation" datatype to support key and cert manipulation.
>>> This is intended to be consistent with YANG "action" datatype.
>>> 
>>> Is the idea that there is both an input and an output expected for key and
>>> cert manipulation? If it is input only, i.e. configuring key and cert., then you
>>> would not need an action type. Having said that, in the examples you give
>>> below, I expect delete to be an action.
>> 
>> The only output needed is the result of the operation (success or failure).
>> As I think about why BBF went with an operation for adding/deleting a X.509 cert, I realize it had to do with things related to its being an X.509 cert and not a "credential". So I think I agree with you here that for an HMAC key, the regular model manipulation mechanisms are fine (including for delete) and the key can just be noted as non-readable.
>> 
>>> I am not clear on the ‘check-key’ operation. I would expect that the device is
>>> either enabled or disabled to check for HMAC. If enabled, and when a packet
>>> is received, the receiver will compute the HMAC (using the key configured
>>> for it) on the packet and compare it what is in the packet. If the HMAC
>>> compariosn fails, the receiver will drop the packet, and log a count of
>>> dropped packets because of mismatch. Why would the management plane
>>> need to perform a ‘check-key’ operation?
>> 
>> We're making the key non-readable, once written. The check-key operation gives the router something to hash, and a hash of that something that you've created on your end (using what you think the key is), and asks the router if the hash it creates is the same as the hash you created. If yes, then you know (1) the key is what you think it is, and (2) the hash is being computed using the algorithm you think it is using. If the HMAC comparison is consistently failing, this can be a useful troubleshooting mechanism (especially when setting up a new network using routers with different implementations). Just knowing the packet is getting dropped doesn't tell you much. There are many things that could cause droppage.
>> But this would be optional to support. And I won't insist on it if others don't think it's a good idea.
>> It's similar to a fingerprint comparison done for an X.509 certificate.
>> 
>>>> Proposed HMAC model:
>>>> add to top level information-obj:
>>>> babel-hmac-algorithms (enumerated list of supported HMAC computation
>>>> algorithms)
>>>> 
>>>> security-hmac-obj
>>>> security-hmac-enable (boolean: enable / disable this instance)
>>>> security-hmac-mode (Boolean: do or don't authenticate received
>>>> packets)
>>> 
>>> I have the same question as Toke here.
>> 
>> OK. I've sent a reply to Toke's email.
>> 
>>>> security-hmac-algorithm (string: one of the supported HMAC
>>>> algorithms)
>>> 
>>> You mean one of the enum values defined above.
>> 
>> Yes.
>> 
>>> Thanks for putting this together.
>>> 
>>>> security-interfaces (string list of references to interfaces-obj: the
>>>> interfaces this instance applies to; if empty, it applies to all interfaces)
>>> security-add-hmac-key (operation: inputs (reference name, key))
>>>>    hmac-key-obj
>>>>        key-name (string: reference name)
>>>>        key-date (datetime: timestamp when key was added)
>>>>        delete-key (operation)
>>>>        check-key (operation: inputs (string, HMAC of string)) ; the node does
>>> its own HMAC computation of the input string and compares this to the input
>>> HMAC of string; if the computed and input HMAC are the same the operation
>>> succeeds.
>>>> 
>>>> Thoughts?
>>>> Barbara
>>>> 
>>>> _______________________________________________
>>>> babel mailing list
>>>> babel@ietf.org
>>> 
>>> Mahesh Jethanandani
>>> mjethanandani@gmail.com
>> _______________________________________________
>> babel mailing list
>> babel@ietf.org <mailto:babel@ietf.org>
>> https://www.ietf.org/mailman/listinfo/babel <https://www.ietf.org/mailman/listinfo/babel>
> 
> 
> 
> -- 
> 
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com <http://www.teklibre.com/>
> Tel: 1-831-205-9740

Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email