[multipathtcp] Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
Nigel Williams <njwilliams@swin.edu.au> Tue, 16 October 2012 04:14 UTC
Return-Path: <njwilliams@swin.edu.au>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5C621F86CB for <multipathtcp@ietfa.amsl.com>; Mon, 15 Oct 2012 21:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jueNEWLabN4g for <multipathtcp@ietfa.amsl.com>; Mon, 15 Oct 2012 21:14:18 -0700 (PDT)
Received: from gpo4.cc.swin.edu.au (gpo4.cc.swin.edu.au [136.186.1.33]) by ietfa.amsl.com (Postfix) with ESMTP id A4BAE21F8646 for <multipathtcp@ietf.org>; Mon, 15 Oct 2012 21:14:17 -0700 (PDT)
Received: from [136.186.229.154] (nwilliams-laptop.caia.swin.edu.au [136.186.229.154]) by gpo4.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id q9G4EB4T013927; Tue, 16 Oct 2012 15:14:14 +1100
Message-ID: <507CDF0F.6090605@swin.edu.au>
Date: Tue, 16 Oct 2012 15:14:07 +1100
From: Nigel Williams <njwilliams@swin.edu.au>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1
MIME-Version: 1.0
To: Christoph Paasch <christoph.paasch@uclouvain.be>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: multipathtcp <multipathtcp@ietf.org>
Subject: [multipathtcp] Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 04:14:18 -0000
Dear Christoph, I'm currently doing some interop testing between the Linux MPTCP implementation (built from the git repository as of October 10) and the FreeBSD implementation that I am working on. I have some questions/comments. I've cc'd the mailing list as some of this might be of interest to others. Please let me know if I've missed something obvious! (1) Endianess and the sha1 hashing of local and remote keys: I initially had some trouble matching keys and idsns with the Linux implementation. Having a look through the linux code (function mptcp_key_sha1(local_key) in mptcp_ctrl.c) it looks like the output of sha_transform is converted into big-endian, and the token and idsn are then assigned (as big-endian). Once the mptcp_key_sha1() function returns, 'idsn = ntohll(idsn) + 1;' is called (returning the idsn to host order). The idsn is then typcast as a u32 and this value is used for tcb->seq (which is the starting dseq value of DSN mappings). All this was calculated from 'local_key', which is stored locally in host order. The problem arises then that the local_key is put onto the wire in host byte order, when we were expecting to receive it in network byte order. Is there a reason why the key is not transmitted in network byte order? Also, is it possible to do the conversion to host order of the idsn and token within mptcp_key_sha1(), rather than on return? A quick glance at the function does not make it immediately obvious that the values should be converted into host order on return. Some comments in this function would be useful (for instance the FreeBSD sha1 returns the hash in network order, while Linux does not). (2) Perhaps as a general comment/feedback, it might be worth detailing a little more explicitly in the implementers guide the conversions occurring in this process, as it is currently a little ambiguous and I needed to dig through the linux code in order to make my implementation compatible on the wire. As far as I can tell, the process should be along the lines of: 1. generate 64-bit key (store in host order) 2. sha1 hash of key (byte order is implementation specific) 3. choose the most significant 4 bytes for the token, and least significant 8 bytes, taking into account the byte order of the sha output. 4. store token and idsn locally in host order. 5. get the lower portion of the idsn with an unsigned 32-bit typecast 6. when transmitting the local_key/remote_key, do so in network order. (currently Linux transmits in host order?) As we need to be sure that different implementations are exchanging keys correctly during the handshake, it would be nice to have this information documented, making the endianess of things clear for implementers. It would also be helpful in the future to add some more comments to the Linux code, as it isn't always clear as why things are being done a certain way. regards, nigel
- [multipathtcp] Feedback on sha1/key exchange for … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- Re: [multipathtcp] Feedback on sha1/key exchange … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- [multipathtcp] Fwd: Re: Feedback on sha1/key exch… Nigel Williams