Re: [tcpm] RFC 5925 SNE algorithm concern
juhamatk@gmail.com Tue, 05 May 2020 07:25 UTC
Return-Path: <juhamatk@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA6E3A15B9 for <tcpm@ietfa.amsl.com>; Tue, 5 May 2020 00:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdoKU1D6e4eo for <tcpm@ietfa.amsl.com>; Tue, 5 May 2020 00:25:26 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E133A15B7 for <tcpm@ietf.org>; Tue, 5 May 2020 00:25:26 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id y3so1443389wrt.1 for <tcpm@ietf.org>; Tue, 05 May 2020 00:25:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hntnrNOxJjF3ImZ+plEEZ12HgphNj1DSC/7LhQqWZGQ=; b=q8wgc9R/WcluQQCAyvxQui68c4KmUvBL9a8t7E0WdAORQhkgaZFsYQ2Y9aQ4aM/2RM ysLgZhQKBv75nD0WiPx3SFouFZe7Ghqz9vF1ahb76pyc8uyK/YR49DuBg13dJH7iARSJ guMl1vM0epz+Zq5J7A05/ADncgV5ASKVCtHYDRQn4zcu7i2bE2X/Nh053ykaS7G9viWx dPhK9kC1lIUQ7wQg81xZ1fW2o9OG8U9JBSFioRCpzVpdOaAT1ZeId1RSlTdUkaEO6Ovq YO/VGZybVWO9r/bTr1fFAEAMmTmHlPm/FlkFeGyQ6XEC/tiup4cWhrX0gKpE+BMyjIIf abng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hntnrNOxJjF3ImZ+plEEZ12HgphNj1DSC/7LhQqWZGQ=; b=rIgT0KxLgrIbOATkOAYmkOR9rfPdGPr+CdE6ny+LPHRyFLdhWTQINkPBqHZbDHP865 eD7odbK/pT3HAmRe7seZb3L7ghgno8D5qOdpxSgo3Cv9rZca6996Z67HrTEMmO/8WTOM pxMgJD4VM9Y0z47zeDUZitkP6cyHEO3fmKhoesVV21F9/BZiPebb7knVUcTYEbabety8 dM4LIzVbTShnuIZBczrzrYdZAoAM/1JFUJIbT9AI/bqMnJgW/gi1NHODotZXsjh2EaXp Vy8VP6Ew/DdRM4YnwqPP6ZS6bkmg65PedMEyr3TpWM3LbS2P1ZBEWwuDvo6pRWx6bMx3 CvOA==
X-Gm-Message-State: AGi0PuZsSukQdmL4480I6fLmt1thxIz/9LFflwAzt4KYbN+tPd8d8M2S r93A1aLpmaDTHI2txskASQnljMtG+Omg4IkXOAk=
X-Google-Smtp-Source: APiQypL11YT7R7dq06cXgYnT2wdokmtCcYOekZ4V+MP953fI5+ezMKuAC9QrcLIHCxsIn5U3oylAab0klPskzMud0HA=
X-Received: by 2002:a5d:4092:: with SMTP id o18mr2015166wrp.227.1588663525003; Tue, 05 May 2020 00:25:25 -0700 (PDT)
MIME-Version: 1.0
References: <CACS3ZpBLAO2=O6Vf2Vx766qAGqmY2yD_yiLag-K7C3sYFjH9hw@mail.gmail.com> <EAE578C4-4C60-429A-9826-821B3075DA08@strayalpha.com> <CACS3ZpCjWb2+-v8MCjRJvMCARZ1YDLAr5HyRUTSTteMefu76qQ@mail.gmail.com>
In-Reply-To: <CACS3ZpCjWb2+-v8MCjRJvMCARZ1YDLAr5HyRUTSTteMefu76qQ@mail.gmail.com>
From: juhamatk@gmail.com
Date: Tue, 05 May 2020 10:25:12 +0300
Message-ID: <CACS3ZpC3z-D8C=g90vuz-1n-w4oX8y2vOzJWrhouNqnKeuZ42w@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: tcpm@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/XxrnRDPyZpfcmsNai9D_V0vkiA8>
Subject: Re: [tcpm] RFC 5925 SNE algorithm concern
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 07:25:28 -0000
Hello, And there seems to be a minor parenthesis mismatch in the pseudo-code of the improved algorithm I sent earlier. Here is a new fixed version below for the record. Improved algorithm suggestion pseudo-code: PRE = 0; // set the flag when the SEG.SEQ first rolls over if ((RCV.SNE_FLAG == 0) && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) { RCV.SNE = RCV.SNE + 1; RCV.SNE_FLAG = 1; } // decide which SNE to use after incremented, // pre-increment is used for retransmits if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) { SNE = RCV.SNE - 1; // use the pre-increment value PRE = 1; } else { SNE = RCV.SNE; // use the current value } // reset the flag in the *middle* of the window, // include SEG.SEQ equals half so that we do not miss // that edge case if (PRE == 0) { if(RCV.PREV_SEQ < 0x7fffffff && SEG.SEQ >= 0x7fffffff) { RCV.SNE_FLAG = 0; } // save the current SEQ for the next time through the code, // if we are not retransmitting RCV.PREV_SEQ = SEG.SEQ; } BR, -- Juhamatti On Thu, 30 Apr 2020 at 19:43, <juhamatk@gmail.com> wrote: > > > Hello Joe, > > Thanks for your reply. While I talk about retransmit, I refer actually to the other side retransmitting. So this is the receive side pseudo code. Does that change the situation? > > Thanks for the clarifications, > -- > Juhamatti > > to 30. huhtikuuta 2020 klo 17.31 Joseph Touch <touch@strayalpha.com> kirjoitti: >> >> Hi, Juhamatti, >> >> See embedded below: >> >> > On Apr 30, 2020, at 12:31 AM, juhamatk@gmail.com wrote: >> > >> > Hello all, >> > >> > While working with RFC 5925, I have been checking the details of >> > example SNE algorithm. I have a slight concern with the example >> > algorithm proposed by the RFC. >> > >> > The idea of SNE is to simulate 64-bit sequence number with 32-bit >> > sequences to prevent replay attacks. RFC 5925 proposes the following >> > algorithm to implement 64-bit sequence numbering: >> > >> > Original algorithm pseudo-code in the RFC 5925 + errata: >> > /* set the flag when the SEG.SEQ first rolls over */ >> > if ((RCV.SNE_FLAG == 0) >> > && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) { >> > RCV.SNE = RCV.SNE + 1; >> > RCV.SNE_FLAG = 1; >> > } >> > /* decide which SNE to use after incremented */ >> > if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) { >> > SNE = RCV.SNE - 1; # use the pre-increment value >> > } else { >> > SNE = RCV.SNE; # use the current value >> > } >> > /* reset the flag in the *middle* of the window */ >> > if ((RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ > 0x7fffffff)) { >> > RCV.SNE_FLAG = 0; >> > } >> > /* save the current SEQ for the next time through the code */ >> > RCV.PREV_SEQ = SEG.SEQ; >> > >> > When looking into this in detail, to me it looks like there might be >> > an issue when 32-bit sequence wraps back to the beginning and a >> > retransmission occurs with the high sequence range. >> >> Retransmission should always use the value cached with that segment, so there should not be an issue. >> >> > Then SNE is >> > increased unexpectedly and does not follow proper sequencing. A test >> > case below: >> > >> > State: >> > PREV_SEQ = 0xffffffe >> > RCV.SNE = 0 >> > RCV.SNE_FLAG = 0 >> > >> > New frame: >> > SEG.SEQ = 0x0 >> > RCV.SNE => 1 >> > RCV.SNE_FLAG => 1 >> > PREV_SEQ => 0 >> > >> > Retransmit: >> > SEG.SEQ = 0xfffffffd >> > RCV.SNE_FLAG => 0 - incorrectly updated >> > PREV_SEQ => 0xfffffffd - incorrectly updated >> >> You’re using the pseudocode that creates new SNEs with a previously transmitted value. It’s acting like you’ve wrapped too quickly. >> >> > >> > New frame: >> > SEG.SEQ = 0x2 >> > RCV.SNE => 2 - incorrect value, should be 1 based on sequencing >> > RCV.SNE_FLAG => 1 >> > PREV_SEQ => 0x2 >> > >> > I could not figure out any reason why the above sequence would not be >> > valid. >> >> Because retransmission should be using the values cached when the original transmission occurred. >> >> I don’t think the new code is needed - at least from this example. >> >> Joe >> >> > Even though it is mentioned in the RFC that the algorithm is >> > just an example, the sequencing mismatch is unfortunate as mismatching >> > SNEs on different sides will bring the authenticated TCP session down >> > and cause data loss through timeout. Thus, for interoperability, it is >> > crucial that correct sequencing is used on both ends. >> > >> > If above is really a real problem, then perhaps an improved algorithm >> > could be as follows: >> > >> > Improved algorithm suggestion pseudo-code: >> > PRE = 0; >> > // set the flag when the SEG.SEQ first rolls over >> > if ((RCV.SNE_FLAG == 0) >> > && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) { >> > RCV.SNE = RCV.SNE + 1; >> > RCV.SNE_FLAG = 1; >> > } >> > // decide which SNE to use after incremented, >> > // pre-increment is used for retransmits >> > if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) { >> > SNE = RCV.SNE - 1; # use the pre-increment value >> > PRE = 1; >> > } else { >> > SNE = RCV.SNE; # use the current value >> > } >> > // reset the flag in the *middle* of the window, >> > // include SEG.SEQ equals half so that we do not miss >> > // that edge case >> > if (PRE == 0) { >> > if(RCV.SNE_FLAG == 1 && >> > RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ >= 0x7fffffff)) { >> > RCV.SNE_FLAG = 0; >> > } >> > // save the current SEQ for the next time through the code, >> > // if we are not retransmitting >> > RCV.PREV_SEQ = SEG.SEQ; >> > } >> > >> > This passes the problematic case (and bunch of others I have tested). >> > This also includes a small additional fix in the middle window >> > handling where SEG.SEQ was missing one edge value (SEG.SEQ > >> > 0x7fffffff => SEG.SEQ >= 0x7fffffff). I hope I have not missed >> > anything else, but it is certainly possible, so comments are welcome. >> > >> > So, what do you think, is this a real concern? If it is a real issue, >> > what would be the best way to handle this, perhaps an errata with an >> > improved algorithm after throughout review of the new algorithm? >> > >> > Thank you, >> > -- >> > Juhamatti >> > >> > _______________________________________________ >> > tcpm mailing list >> > tcpm@ietf.org >> > https://www.ietf.org/mailman/listinfo/tcpm >>
- [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern Joseph Touch
- Re: [tcpm] RFC 5925 SNE algorithm concern juhamatk