Re: [dtn-security] Bundle Authentication Block interoperability

"Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov> Tue, 08 December 2009 16:43 UTC

Received: from ndmsnpf02.ndc.nasa.gov (ndmsnpf02.ndc.nasa.gov [198.117.0.122]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id nB8Gh4bY009203 for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 08:43:04 -0800
Received: from ndjsppt03.ndc.nasa.gov (ndjsppt03.ndc.nasa.gov [198.117.1.102]) by ndmsnpf02.ndc.nasa.gov (Postfix) with ESMTP id 8DF3310804F for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 10:43:04 -0600 (CST)
Received: from ndjshub05.ndc.nasa.gov (ndjshub05.ndc.nasa.gov [198.117.4.164]) by ndjsppt03.ndc.nasa.gov (8.14.3/8.14.3) with ESMTP id nB8Gh4An009175 for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 10:43:04 -0600
Received: from NDJSSCC03.ndc.nasa.gov ([198.117.4.170]) by ndjshub05.ndc.nasa.gov ([198.117.4.164]) with mapi; Tue, 8 Dec 2009 10:43:04 -0600
From: "Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov>
To: "Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov>, "dtn-security@maillists.intel-research.net" <dtn-security@maillists.intel-research.net>
Date: Tue, 8 Dec 2009 10:42:33 -0600
Thread-Topic: Bundle Authentication Block interoperability
Thread-Index: Acp3cta+p5YCBVDVQtitzO8crwDp2AAsi4Mw
Message-ID: <3A5AA67A8B120B48825BFFCF54438561945FE47367@NDJSSCC03.ndc.nasa.gov>
References: <3A5AA67A8B120B48825BFFCF54438561945FE46FA3@NDJSSCC03.ndc.nasa.gov>
In-Reply-To: <3A5AA67A8B120B48825BFFCF54438561945FE46FA3@NDJSSCC03.ndc.nasa.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2009-12-08_08:2009-11-30, 2009-12-08, 2009-12-08 signatures=0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by maillists.intel-research.net id nB8Gh4bY009203
Subject: Re: [dtn-security] Bundle Authentication Block interoperability
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 16:43:04 -0000

We discovered our problem.

DTN2 uses a 40 character hex string. ION key file should contain a 20 byte ASCII key, not the hex equivalent of that as DTN2 expects. Thus, one can hexdump the 20 byte ION key file and use the hex value of that key in the DTN2 config.

Still interested to know if anyone has run BAB interoperability with various DTN builds.


--Will


>-----Original Message-----
>From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn-
>security-bounces@maillists.intel-research.net] On Behalf Of Ivancic,
>William D. (GRC-RHN0)
>Sent: Monday, December 07, 2009 2:24 PM
>To: dtn-security@maillists.intel-research.net
>Subject: [dtn-security] Bundle Authentication Block interoperability
>
>We have been running DTN-2 and ION interoperability tests for BAB up to
>64 Kbyte blocks using "dtn" naming.
>
>We have run into a problem in that it appears to be in the Hash
>algorithm or implementation.
>
>DTN2 code is using the OpenSSL HMAC functions.
>
>According to Scott Burleigh, "The ION code's SHA1 implementation is
>taken from git, which seems to be using the SHA 180-1 Reference
>Implementation (Compact Version) developed by Paul Kocher.  The HMAC
>implementation was written by Bill Van Biesen from RFC 2104 and
>validated with NIST test vectors."
>
>I was wondering if any other DTN bundling implementations have
>implemented BAB and tested it with other DTN bundling implementations?
>(i.e. Spindle III, Symbian, JAVA implementations, etc...).
>
>
>Will