Re: [multipathtcp] Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
Christoph Paasch <christoph.paasch@uclouvain.be> Tue, 16 October 2012 09:01 UTC
Return-Path: <christoph.paasch@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD3B21F88B8 for <multipathtcp@ietfa.amsl.com>; Tue, 16 Oct 2012 02:01:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmJDbnxEE9gV for <multipathtcp@ietfa.amsl.com>; Tue, 16 Oct 2012 02:01:16 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id D2DD521F88B4 for <multipathtcp@ietf.org>; Tue, 16 Oct 2012 02:01:15 -0700 (PDT)
Received: from cpaasch-mac.localnet (haproxy2.sipr.ucl.ac.be [130.104.5.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: cpaasch@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id 31E0711EE2D; Tue, 16 Oct 2012 11:01:06 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be 31E0711EE2D
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1350378066; bh=j9RqpXnf17dPAkX2dNrTMoitLA3ZMq/TVuqbH+Y4hHo=; h=From:To:Reply-To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:Content-Type; b=ytjd8denB8J+7typ81nGV2u0tG7daig6W0eEvkEABbdoQnx/0WtQx2JEVdC4apvDO EzvlgqirZlcmm1K65S4fc6juFJBO0w2yEG2MshCehFJtPWM8fkOg28FUoTRqfSar6f F4ZB/tyKPl8jxuBPlUnJlpqzAbKMaV+QrDx8nugY=
From: Christoph Paasch <christoph.paasch@uclouvain.be>
To: Nigel Williams <njwilliams@swin.edu.au>
Date: Tue, 16 Oct 2012 11:01:02 +0200
Message-ID: <13373637.HTUXtqWYkN@cpaasch-mac>
Organization: Université Catholique de Louvain
User-Agent: KMail/4.9.2 (Linux/3.2.0-32-generic; KDE/4.9.2; x86_64; ; )
In-Reply-To: <507D1E56.3050701@swin.edu.au>
References: <507CDF0F.6090605@swin.edu.au> <1577583.oZiYgRU3s0@cpaasch-mac> <507D1E56.3050701@swin.edu.au>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
X-Virus-Scanned: clamav-milter 0.97.3-exp at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 31E0711EE2D.AF4EF
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: christoph.paasch@uclouvain.be
X-SGSI-Spam-Status: No
Cc: multipathtcp <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Christoph Paasch <christoph.paasch@uclouvain.be>
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 09:01:17 -0000
On Tuesday 16 October 2012 19:44:06 Nigel Williams wrote: > > The endianness conversion in mptcp_key_sha1 is part of the SHA-1 > > algorithm. > > SHA-1 does an endianness conversion on the input (done by sha_transform in > > lib/sha1.c). > > When returning the final output another conversion is done in sha1_final > > (crypto/sha1_generic.c), part of the generic crypto-library of the linux > > kernel. > > > > However, in MPTCP we don't use the crypto-library (thus, don't call > > sha1_final) because we want to spare some CPU cycles. So, we have to do > > the > > endianness conversion at the end of mptcp_key_sha1 by hand. > > What caused the confusion is that the Linux key is considered to be in > network order after it is generated. I don't recall the draft specifying > what order the key is to be in when hashed, and it is apparent that it > should. You should not look at the key as a 64-bit integer. It is rather a sequence of 8 bytes. When hashing, the key has to be in the same order as it was seen on the wire. SHA-1 algorithm makes sure that the hash produces as a result the same bit-sequence on little-endian and big-endian machines. If we would convert the key to host-byte-order, the bit-sequence input to the sha-1 algorithm will be different on little-endian and big-endian machines. Thus SHA-1 won't produce the same result anymore. > I would argue in favour of hashing in host order for semantic reasons: > - It seems non-standard behaviour to not perform a network-to-host byte > order conversion on arriving options. > - Maintains consistency with other stack variables which are kept in > host byte order for simplicity of arithmetic (or other things) Actually they are only stored in host-byte order if arithmetic operations are performed on them. TCP-MD5-options are not converted. For the same reason why the MPTCP-key is not converted, because we are working on a sequence of bits/bytes. Same for TCP Cookie extensions. Christoph -- IP Networking Lab --- http://inl.info.ucl.ac.be MultiPath TCP in the Linux Kernel --- http://mptcp.info.ucl.ac.be Université Catholique de Louvain --
- [multipathtcp] Feedback on sha1/key exchange for … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- Re: [multipathtcp] Feedback on sha1/key exchange … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- [multipathtcp] Fwd: Re: Feedback on sha1/key exch… Nigel Williams