IETF Logo Mail Archive

Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed

arno@natisbad.org (Arnaud Ebalard) Thu, 17 September 2009 08:59 UTC

Return-Path: <arno@natisbad.org>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B5BE28C12B for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 01:59:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rXrXpYj1RH9 for <cga-ext@core3.amsl.com>; Thu, 17 Sep 2009 01:59:22 -0700 (PDT)
Received: from copper.chdir.org (copper.chdir.org [88.191.97.87]) by core3.amsl.com (Postfix) with ESMTP id 028BF3A67AD for <cga-ext@ietf.org>; Thu, 17 Sep 2009 01:59:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=natisbad.org; s=mail; h=From:To:Cc:Subject:References:Date: In-Reply-To:Message-ID:MIME-Version:Content-Type; bh=5jeJfjlUOPK U8PrcQwpp3wD41mhHrVIOKKlrA07yt5U=; b=PMFsL3pfqdMAopWcYlbWWKQyfZ8 rvrDK55wJcVo7jJkJ51qjnI6ChCKWGOJZ0DebidsKWvweaahb2lP7whoHLGs6QEz a96cRk2hnqqM1K9Jir04N/fxQf4mMc/TDSWMlxB07QpvfBcYwgEGqU+fFw7eVl0R nuf6F3xRxCVyp3Ws=
Received: from [2001:7a8:78df:2:20d:93ff:fe55:8f79] (helo=small.ssi.corp) by copper.chdir.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <arno@natisbad.org>) id 1MoCqY-0003uJ-51; Thu, 17 Sep 2009 11:00:10 +0200
From: arno@natisbad.org
To: Eric Levy-Abegnoli <elevyabe@cisco.com>
References: <002501ca376a$5eb39950$3a0c6f0a@china.huawei.com> <4AB1EB54.4000903@cisco.com>
X-PGP-Key-URL: http://natisbad.org/arno@natisbad.org.asc
X-Fingerprint: 47EB 85FE B99A AB85 FD09 46F3 0255 957C 047A 5026
X-Hashcash: 1:20:090917:cga-ext@ietf.org::De2AiJC1J+QpaZkJ:00wNm
X-Hashcash: 1:20:090917:wdwang@bupt.edu.cn::ybwcj+dYchaYhMLF:00000000000000000000000000000000000000000000RFr
X-Hashcash: 1:20:090917:elevyabe@cisco.com::ANlMTU6jgy6LFuLK:00000000000000000000000000000000000000000003PrO
X-Hashcash: 1:20:090917:shengjiang@huawei.com::L0E8lgHQzHqNoE+j:00000000000000000000000000000000000000007TWo
Date: Thu, 17 Sep 2009 11:00:50 +0200
In-Reply-To: <4AB1EB54.4000903@cisco.com> (Eric Levy-Abegnoli's message of "Thu, 17 Sep 2009 09:55:00 +0200")
Message-ID: <87my4uoshp.fsf@small.ssi.corp>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: 'wdwang' <wdwang@bupt.edu.cn>, cga-ext@ietf.org
Subject: Re: [CGA-EXT] SEND checksum issue in current RFC 3791 - update needed
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 08:59:23 -0000

Hi,

>> Yes, it is an issue must be clearly clarified in the specification.
>> Actually, there are two possibility here (which makes more important that
>> specification should be clearly follow only one of them):

Not arguing on the fact that "A" will be kept because it is the
"implemented" solution (Docomo implementation, Cisco, probably Juniper
too).

>> A, if we would like to follow the drscription in Section 5.2.1 RFC 3791, the
>> input of RSA signature should be a checksum calculated without RSA signature
>> and it will be recalculated after signature attached. On the receiver side,
>> ICMP checksum should be validated, then signature validate, then maybe
>> checksum validate again.

For the records (correction welcome if I missed sth),

Signature computation:

  - Create ICMPv6 message w/o RSA Signature option
  - Compute ICMPv6 checksum as usual using the pseudo-header (current length,
    i.e. w/o the RSA Signature option)
  - Set that checksum in checksum field of the ICMPv6 header
  - Compute RSA Sig as described in section 5.2 of RFC 3971
  - Add RSA Signature Option at the end of the ICMPv6 message
  - Update ICMPv6 packet length to include RSA Sig option
  - Update IPv6 payload length to reflect addition of RSA Sig option
  - Update ICMPv6 checksum using updated pseudo-header for the
    computation (length value modified + addition of RSA Signature
    Option) 

Signature verification:

  - Verify ICMPv6 checksum as usual on received message (obviously,
    including RSA Signature option)
  - Remove RSA Signature option from the packet
  - Update IPv6 length field to reflect previous removal
  - Recompute the checksum on the packet based on the new values (and
    w/o the RSA Sig Opt in the message)
  - Verify RSA Signature as described in RFC 3971

>> B, more efficiently, on the sender side, as you said, the input of RSA
>> signature should be a checksum with all 0, and after signature attached, the
>> checksim is computed over the whole packet. However, this makes the
>> signature over checksum totally meaningless. Alternatively, we may take
>> checksum bits out from the RSA signature input.

Performing the signature over the given layout with the null checksum
prevents useless copies: you zero the field, pass the whole buffer to
your signature function w/o the need to copy things to create a
different layout. But I guess this does not matter anymore.

Cheers,

a+

v2.23.0 | Report a Bug | By Email