[tcpm] Roman Danyliw's No Objection on draft-ietf-tcpm-ao-test-vectors-08: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 02 March 2022 18:36 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tcpm-ao-test-vectors@ietf.org, tcpm-chairs@ietf.org, tcpm@ietf.org, michael.scharf@hs-esslingen.de, michael.scharf@hs-esslingen.de
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <164624617425.17940.4257598685672395625@ietfa.amsl.com>
Date: Wed, 02 Mar 2022 10:36:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/Ee_Td0ipkqDM4Gtwv67NG2bsMRo>
Subject: [tcpm] Roman Danyliw's No Objection on draft-ietf-tcpm-ao-test-vectors-08: (with COMMENT)

Roman Danyliw has entered the following ballot position for
draft-ietf-tcpm-ao-test-vectors-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tcpm-ao-test-vectors/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for making this document to help validate implementations.

Thank you to Christian Huitema for the SECDIR review.

I didn’t not validate all of the examples.

** Section 3.1.5.  Since ISNs are part of the context needed to make the
traffic key (per Section 5.2 of RFC5925), should some statement be made about
their values in these example packets?

** Given the observed implementation errors noted in Section 8, consider
including a single detailed example per algorithm of how the appropriate
traffic key and MAC would be computed in an appendix.  For example, considering
Section 4.1.1, such a detailed example showing how to compute the traffic key
could be:

(fixed format font required to read it)

==[ snip ]==
Master_key: "testvector" (74 65 73 74 76 65 63 74 6F 72)
KDF_Alg: KDF_HMAC_SHA1
IPv4/TCP Packet:

     45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d
     ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00
     e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08
     04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54
     2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7

Source IP (sip): 10.11.12.13 (0A 0B 0C 0D)
Destination IP (dip): 172.27.28.29 (AC 1B 1C 1D)
Source Port (sport): 59863 (E9 D7)
Destination Port (dport): 179 (00 B3)
Source ISN (sisn): FB FB AB 5A
Destination ISN (disn): 00 00 00 00

Send_SYN_traffic_key
= KDF_alg(master_key, input)
= HMAC-SHA1(master_key, i || Label || Context || Output_Length)

i = 1 (01)
Label= TCP-AO (54 43 50 2D 41 4F)
Context = sip || dip || sport || dport || sisn || disn
        = 0A 0B 0C 0D AC 1B 1C 1D E9 D7 00 B3 FB FB AB 5A 00 00 00 00
Output_Length = 160 bits (00 A0)

Send_SYN_traffic_key
= HMAC-SHA1 ( 74 65 73 74 76 65 63 74 6F 72,
              01 54 43 50 2D 41 4F 0A 0B 0C 0D AC 1B 1C 1D E9 D7
              00 B3 FB FB AB 5A 00 00 00 00 00 A0 )
= 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 16 ab b7 4f
==[ snip ]==

[tcpm] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
Re: [tcpm] Roman Danyliw's No Objection on draft-… touch@strayalpha.com
Re: [tcpm] Roman Danyliw's No Objection on draft-… touch@strayalpha.com