Re: [tcpm] RFC 5925 SNE algorithm concern
juhamatk@gmail.com Thu, 30 April 2020 16:44 UTC
Return-Path: <juhamatk@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBA53A0C2C for <tcpm@ietfa.amsl.com>; Thu, 30 Apr 2020 09:44:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gu4e2gU_ok_G for <tcpm@ietfa.amsl.com>; Thu, 30 Apr 2020 09:43:59 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB453A0C2A for <tcpm@ietf.org>; Thu, 30 Apr 2020 09:43:59 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id u127so2747540wmg.1 for <tcpm@ietf.org>; Thu, 30 Apr 2020 09:43:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y8d4AWjgUJJ37iz0RHDNhAVPV07VDb6HMU5MFd36JNo=; b=HtJXW0cyqV1buxOrOjn8MsfQuyJ2yJgM6V5hvQUGDYF9VBbRjqCvQfVSSbj691Xgu4 QbUjvIsqLgitrsNsrcyO5JmHcE2mcC/FhEznAa0v9Vrtq2lxoLAZqUuf85GCbpn6srZa mbPRTNFMEOW6AxRaoviVweka5iDhp/vu03i1PGcP2alQPVuyyAnwzvnl0qLSXDFNczpn 9yIQh3AkRCd7KpIvnQjoCu4ZBW8epZkhOpMilvX/KN0Q/Yc4zeB6NM7moaCryVw1gUCn DAAC+kv3Km09rrkOHrxCn+NsTS90wRSOdibCct1mooYUMh+lpTlS3REFVjq8VDtkXVfQ uHuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y8d4AWjgUJJ37iz0RHDNhAVPV07VDb6HMU5MFd36JNo=; b=i6lpJSX1KtsAWAreXH/QOiIDK1+JpvYxx3YDohXtztRq4KgV1JgtsRzoNsj98qCogw KGouPTS8WzyCxB4zgYXS2gFk96hozs6HJ7WPH4be76Cbp6rta3CS2DgLP4UDf3mxtoh2 N/qa+0Wj1R9NpcrB8yELIwC8Ta/f5F8yVPQhJAmwUnEC0/z+WEHzceUFnyCvWwj0IjCY T/tZ1FMnl+PdhU7rGDGKl9YniTiMAWUI9ImGEW7q/GrltEE3b7hwG8Qfb7uo1rsg2Y8p kENdCpBHGOMnCEP37q80oq1s1L8xZ7dkMQXX9sttAZc2IanpmRfnqoCfPJ2r0jzxLZLT iS1g==
X-Gm-Message-State: AGi0PuYIHF28AHar5ij4rMytba27TtPs/CpdfIznP4NRv9xPZMIqvDaV aFPDwRMO8NQWvECVisKpHTuARYx5QiPVqN4zpMY=
X-Google-Smtp-Source: APiQypJVURU6pB9OuYZ60Wnxa9uOB8jrNNgDfhIHuh4nnnRAI8H5/mcNWam/MMH9GBBVehIMKl4QCHxQjwfb13yLA+w=
X-Received: by 2002:a1c:e90a:: with SMTP id q10mr3877647wmc.22.1588265037365; Thu, 30 Apr 2020 09:43:57 -0700 (PDT)
MIME-Version: 1.0
References: <CACS3ZpBLAO2=O6Vf2Vx766qAGqmY2yD_yiLag-K7C3sYFjH9hw@mail.gmail.com> <EAE578C4-4C60-429A-9826-821B3075DA08@strayalpha.com>
In-Reply-To: <EAE578C4-4C60-429A-9826-821B3075DA08@strayalpha.com>
From: juhamatk@gmail.com
Date: Thu, 30 Apr 2020 19:43:45 +0300
Message-ID: <CACS3ZpCjWb2+-v8MCjRJvMCARZ1YDLAr5HyRUTSTteMefu76qQ@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: tcpm@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005c848705a484c568"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/TVrJgTsCITa9jyw4pmpyBHuU_44>
Subject: Re: [tcpm] RFC 5925 SNE algorithm concern
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2020 16:44:03 -0000
Hello Joe, Thanks for your reply. While I talk about retransmit, I refer actually to the other side retransmitting. So this is the receive side pseudo code. Does that change the situation? Thanks for the clarifications, -- Juhamatti to 30. huhtikuuta 2020 klo 17.31 Joseph Touch <touch@strayalpha.com> kirjoitti: > Hi, Juhamatti, > > See embedded below: > > > On Apr 30, 2020, at 12:31 AM, juhamatk@gmail.com wrote: > > > > Hello all, > > > > While working with RFC 5925, I have been checking the details of > > example SNE algorithm. I have a slight concern with the example > > algorithm proposed by the RFC. > > > > The idea of SNE is to simulate 64-bit sequence number with 32-bit > > sequences to prevent replay attacks. RFC 5925 proposes the following > > algorithm to implement 64-bit sequence numbering: > > > > Original algorithm pseudo-code in the RFC 5925 + errata: > > /* set the flag when the SEG.SEQ first rolls over */ > > if ((RCV.SNE_FLAG == 0) > > && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) { > > RCV.SNE = RCV.SNE + 1; > > RCV.SNE_FLAG = 1; > > } > > /* decide which SNE to use after incremented */ > > if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) { > > SNE = RCV.SNE - 1; # use the pre-increment value > > } else { > > SNE = RCV.SNE; # use the current value > > } > > /* reset the flag in the *middle* of the window */ > > if ((RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ > 0x7fffffff)) { > > RCV.SNE_FLAG = 0; > > } > > /* save the current SEQ for the next time through the code */ > > RCV.PREV_SEQ = SEG.SEQ; > > > > When looking into this in detail, to me it looks like there might be > > an issue when 32-bit sequence wraps back to the beginning and a > > retransmission occurs with the high sequence range. > > Retransmission should always use the value cached with that segment, so > there should not be an issue. > > > Then SNE is > > increased unexpectedly and does not follow proper sequencing. A test > > case below: > > > > State: > > PREV_SEQ = 0xffffffe > > RCV.SNE = 0 > > RCV.SNE_FLAG = 0 > > > > New frame: > > SEG.SEQ = 0x0 > > RCV.SNE => 1 > > RCV.SNE_FLAG => 1 > > PREV_SEQ => 0 > > > > Retransmit: > > SEG.SEQ = 0xfffffffd > > RCV.SNE_FLAG => 0 - incorrectly updated > > PREV_SEQ => 0xfffffffd - incorrectly updated > > You’re using the pseudocode that creates new SNEs with a previously > transmitted value. It’s acting like you’ve wrapped too quickly. > > > > > New frame: > > SEG.SEQ = 0x2 > > RCV.SNE => 2 - incorrect value, should be 1 based on sequencing > > RCV.SNE_FLAG => 1 > > PREV_SEQ => 0x2 > > > > I could not figure out any reason why the above sequence would not be > > valid. > > Because retransmission should be using the values cached when the original > transmission occurred. > > I don’t think the new code is needed - at least from this example. > > Joe > > > Even though it is mentioned in the RFC that the algorithm is > > just an example, the sequencing mismatch is unfortunate as mismatching > > SNEs on different sides will bring the authenticated TCP session down > > and cause data loss through timeout. Thus, for interoperability, it is > > crucial that correct sequencing is used on both ends. > > > > If above is really a real problem, then perhaps an improved algorithm > > could be as follows: > > > > Improved algorithm suggestion pseudo-code: > > PRE = 0; > > // set the flag when the SEG.SEQ first rolls over > > if ((RCV.SNE_FLAG == 0) > > && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) { > > RCV.SNE = RCV.SNE + 1; > > RCV.SNE_FLAG = 1; > > } > > // decide which SNE to use after incremented, > > // pre-increment is used for retransmits > > if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) { > > SNE = RCV.SNE - 1; # use the pre-increment value > > PRE = 1; > > } else { > > SNE = RCV.SNE; # use the current value > > } > > // reset the flag in the *middle* of the window, > > // include SEG.SEQ equals half so that we do not miss > > // that edge case > > if (PRE == 0) { > > if(RCV.SNE_FLAG == 1 && > > RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ >= 0x7fffffff)) { > > RCV.SNE_FLAG = 0; > > } > > // save the current SEQ for the next time through the code, > > // if we are not retransmitting > > RCV.PREV_SEQ = SEG.SEQ; > > } > > > > This passes the problematic case (and bunch of others I have tested). > > This also includes a small additional fix in the middle window > > handling where SEG.SEQ was missing one edge value (SEG.SEQ > > > 0x7fffffff => SEG.SEQ >= 0x7fffffff). I hope I have not missed > > anything else, but it is certainly possible, so comments are welcome. > > > > So, what do you think, is this a real concern? If it is a real issue, > > what would be the best way to handle this, perhaps an errata with an > > improved algorithm after throughout review of the new algorithm? > > > > Thank you, > > -- > > Juhamatti > > > > _______________________________________________ > > tcpm mailing list > > tcpm@ietf.org > > https://www.ietf.org/mailman/listinfo/tcpm > >
- [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk