IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-01.txt (fwd)

Nico Williams <nico@cryptonector.com> Thu, 21 November 2013 05:01 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AC901AE08C for <kitten@ietfa.amsl.com>; Wed, 20 Nov 2013 21:01:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6na6m9mu725 for <kitten@ietfa.amsl.com>; Wed, 20 Nov 2013 21:01:47 -0800 (PST)
Received: from homiemail-a87.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by ietfa.amsl.com (Postfix) with ESMTP id CE6251ADFE3 for <kitten@ietf.org>; Wed, 20 Nov 2013 21:01:47 -0800 (PST)
Received: from homiemail-a87.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTP id 4263526C05E; Wed, 20 Nov 2013 21:01:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=tYhaNJOT8SDLkt Eme5cUzD2w0Ik=; b=qNrDhUFhBXSr/GVjt2Q8YsVa+HeGZqAs0FemHwiQQtT+A3 5QWdG8b9RmdvGT1+dnHx/2OYXx7Ks3OBehZplQnqov4hdHzS6z3IzUk5kP+isSSn N0aXY8hapEzEdzD3FxBh0haVkKL4c0yaT80rTWq8Oqz2NSuMPwO2JRfdHdrHc=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTPA id E1C0926C05B; Wed, 20 Nov 2013 21:01:40 -0800 (PST)
Date: Wed, 20 Nov 2013 23:01:40 -0600
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Message-ID: <20131121050138.GB3655@localhost>
References: <20131120235129.7E4E71AACA@ld9781.wdf.sap.corp> <alpine.GSO.1.10.1311201921370.23560@multics.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.GSO.1.10.1311201921370.23560@multics.mit.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: kitten@ietf.org
Subject: Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-01.txt (fwd)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2013 05:01:49 -0000

On Wed, Nov 20, 2013 at 07:40:28PM -0500, Benjamin Kaduk wrote:
> On Thu, 21 Nov 2013, Martin Rex wrote:
> >It is up to the mechanism implementation at which point during the
> >handshake the src_name output parameter from gss_accept_sec_context()
> >is populated.  The application caller MUST provide the exact same
> >parameter as src_name to *ALL* iteration calls of gss_accept_sec_context()
> 
> Having recently completed a re-read of RFC 2743 and RFC 2744 (*),
> I'm sad to say that I do not believe there is a normative reference
> to support the MUST, there.  I really wish there was, but RFC 2743
> only calls out the acceptor_cred_handle as being fixed between
> iterations.

Well, no other interpretation is sensible but the one that Martin gave.
Anything else surely would have been mentioned, and, at any rate, would
not be sensible.

Why would the name of the initiator *as output to the application* vary
as the security context token exchange progresses?

Clearly allowing that makes no sense.  That's not to say that the
mechanism might not learn the initiator's name piecemeal, just that it
can't output it piecemeal.

> Hmm, I guess this is relevant, though:
>    [...] verifies the incoming input_token and
>    (following the successful completion of a context establishment
>    sequence) returns the authenticated src_name and the mech_type used.
> So, that would indicate that src_name is only valid after successful
> context establishment.

Authentication is only complete when security context establishment
completes.  Until then anything that may be available (e.g., PROT_READY,
channel binding state -- any and all ret_flags, src_name) is not
authenticated.  (The one exception that might make sense might be
deleg_cred, but there's no purpose to treating it as an exception.)

> >>We discussed whether (either at the abstract level or the C bindings) it
> >>is guaranteed to be safe to call gss_release_buffer() twice on the same
> >>buffer.  It is required to set the length of the buffer to zero (but not
> >>to zero the value field), but also "Any buffer object returned by a
> >>GSS-API routine may be passed to gss_release_buffer (even if there is no
> >>storage associated with the buffer)."  What exactly constitutes a "buffer
> >>object returned by a GSS-API routine" seems subject to interpretation.
> >
> >What in particular causes your notion "seems subject to interprettion"?
> 
> Nico was making arguments about how it is "torturing the language
> and common sense" to claim that gss_release_buffer() is "notionally
> output[ting] a buffer".  I was claiming that (in the C bindings at
> least), the buffer parameter is an output parameter of
> gss_release_buffer().

"Output" is an [notional] attribute of the function argument in the GSS
abstract API and in the C bindings, not an attribute of the buffer type
(sadly).  The buffer is only an output of gss_release_buffer() in that
this notionally permits gss_release_buffer() to modify the buffer.

IF RFC2744 had specified proper const typedefs then we'd not say that
the buffer is an output of that function, just that the input to it is
not of a const type.  And then the const-/not-const-ness of an argument
would not merely be notional; it'd be specified in a way that the C
tooling can understand.

It is torturing the language to say that gss_release_buffer() outputs a
token.  It does not.  It modifies a buffer structure to mark it as
"empty", but that's it.

There is a problem in that RFC2744 says that gss_release_buffer() must
set the buffer's length to zero but only that it may set the pointer to
NULL.  This is a problem because malloc(0) may return a non-NULL pointer
that must be free()ed, and so gss_release_buffer() called with a
zero-length, non-NULL value buffer might well call free() on that value!

Now, obviously the foregoing is not a problem because a) apps shouldn't
be double-releasing things, and b) because providers shouldn't be
idiotic: they must either set the value to NULL on buffer release or not
free() it when length is zero (preferably both).

Nico
--

v2.30.2 | Report a Bug | By Email | System Status