[quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)

Marten Seemann <notifications@github.com> Mon, 07 January 2019 04:33 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B15BD128D09 for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 20:33:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.661
X-Spam-Level:
X-Spam-Status: No, score=-6.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ne2B14Yehy28 for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 20:33:03 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02F581274D0 for <quic-issues@ietf.org>; Sun, 6 Jan 2019 20:33:03 -0800 (PST)
Date: Sun, 06 Jan 2019 20:33:02 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546835582; bh=fsPS3/BERW4Dv2NliNQ6mceDfjSK8vMFxqQnq477NmQ=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=HOf98XFccV4frzHo44Uuc3tJQgZz3zVI6gziCjrBjWFH4wpVII8miBmAMvsM9dxor G4vkJnEGoo2Vs9nXrnOdAOxYHLMv5nqR229O3aPArrOzmIo9dgHuiQ/v//wtXbN5Gn Rsg4w6BsX3B2HIMymuZuiHTxgVp/JimGcip8UDNI=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab605f73b783d6c1645828e6cc2820103c76f696d592cf00000001184a987e92a169ce179fbcfb@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2308@github.com>
Subject: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c32d67e1c20_5433f9bd38d45c479932f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/RKDzTLgvpDQobxjbReL18Brs9tw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 04:33:05 -0000

The spec says
> For example, if decryption fails (because the keys are not available or any other reason) [...], the receiver MAY either discard or buffer the packet for later processing and MUST attempt to process the remaining packets.

It makes sense to continue processing if the keys are not available. However, if the keys are available, and decryption fails, this means that the peer sent an invalid packet (or that we're dealing with an on-path attacker, which we can't do anything against anyway). It seems that it would be equally valid to stop processing the datagram in that case.

Since it's possible to coalesce about 70 QUIC packets into a single 1200 byte datagram, an attacker could cause a peer to attempt 70 AEAD operations with a single datagram.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2308