IETF Logo Mail Archive

Re: [tcpm] RFC 5925 SNE algorithm concern

juhamatk@gmail.com Tue, 05 May 2020 07:25 UTC

Return-Path: <juhamatk@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA6E3A15B9 for <tcpm@ietfa.amsl.com>; Tue, 5 May 2020 00:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdoKU1D6e4eo for <tcpm@ietfa.amsl.com>; Tue, 5 May 2020 00:25:26 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E133A15B7 for <tcpm@ietf.org>; Tue, 5 May 2020 00:25:26 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id y3so1443389wrt.1 for <tcpm@ietf.org>; Tue, 05 May 2020 00:25:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hntnrNOxJjF3ImZ+plEEZ12HgphNj1DSC/7LhQqWZGQ=; b=q8wgc9R/WcluQQCAyvxQui68c4KmUvBL9a8t7E0WdAORQhkgaZFsYQ2Y9aQ4aM/2RM ysLgZhQKBv75nD0WiPx3SFouFZe7Ghqz9vF1ahb76pyc8uyK/YR49DuBg13dJH7iARSJ guMl1vM0epz+Zq5J7A05/ADncgV5ASKVCtHYDRQn4zcu7i2bE2X/Nh053ykaS7G9viWx dPhK9kC1lIUQ7wQg81xZ1fW2o9OG8U9JBSFioRCpzVpdOaAT1ZeId1RSlTdUkaEO6Ovq YO/VGZybVWO9r/bTr1fFAEAMmTmHlPm/FlkFeGyQ6XEC/tiup4cWhrX0gKpE+BMyjIIf abng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hntnrNOxJjF3ImZ+plEEZ12HgphNj1DSC/7LhQqWZGQ=; b=rIgT0KxLgrIbOATkOAYmkOR9rfPdGPr+CdE6ny+LPHRyFLdhWTQINkPBqHZbDHP865 eD7odbK/pT3HAmRe7seZb3L7ghgno8D5qOdpxSgo3Cv9rZca6996Z67HrTEMmO/8WTOM pxMgJD4VM9Y0z47zeDUZitkP6cyHEO3fmKhoesVV21F9/BZiPebb7knVUcTYEbabety8 dM4LIzVbTShnuIZBczrzrYdZAoAM/1JFUJIbT9AI/bqMnJgW/gi1NHODotZXsjh2EaXp Vy8VP6Ew/DdRM4YnwqPP6ZS6bkmg65PedMEyr3TpWM3LbS2P1ZBEWwuDvo6pRWx6bMx3 CvOA==
X-Gm-Message-State: AGi0PuZsSukQdmL4480I6fLmt1thxIz/9LFflwAzt4KYbN+tPd8d8M2S r93A1aLpmaDTHI2txskASQnljMtG+Omg4IkXOAk=
X-Google-Smtp-Source: APiQypL11YT7R7dq06cXgYnT2wdokmtCcYOekZ4V+MP953fI5+ezMKuAC9QrcLIHCxsIn5U3oylAab0klPskzMud0HA=
X-Received: by 2002:a5d:4092:: with SMTP id o18mr2015166wrp.227.1588663525003; Tue, 05 May 2020 00:25:25 -0700 (PDT)
MIME-Version: 1.0
References: <CACS3ZpBLAO2=O6Vf2Vx766qAGqmY2yD_yiLag-K7C3sYFjH9hw@mail.gmail.com> <EAE578C4-4C60-429A-9826-821B3075DA08@strayalpha.com> <CACS3ZpCjWb2+-v8MCjRJvMCARZ1YDLAr5HyRUTSTteMefu76qQ@mail.gmail.com>
In-Reply-To: <CACS3ZpCjWb2+-v8MCjRJvMCARZ1YDLAr5HyRUTSTteMefu76qQ@mail.gmail.com>
From: juhamatk@gmail.com
Date: Tue, 05 May 2020 10:25:12 +0300
Message-ID: <CACS3ZpC3z-D8C=g90vuz-1n-w4oX8y2vOzJWrhouNqnKeuZ42w@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: tcpm@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/XxrnRDPyZpfcmsNai9D_V0vkiA8>
Subject: Re: [tcpm] RFC 5925 SNE algorithm concern
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 07:25:28 -0000

Hello,

And there seems to be a minor parenthesis mismatch in the pseudo-code
of the improved algorithm I sent earlier. Here is a new fixed version
below for the record.

Improved algorithm suggestion pseudo-code:
     PRE = 0;
     // set the flag when the SEG.SEQ first rolls over
     if ((RCV.SNE_FLAG == 0)
        && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) {
          RCV.SNE = RCV.SNE + 1;
          RCV.SNE_FLAG = 1;
     }
     // decide which SNE to use after incremented,
     // pre-increment is used for retransmits
     if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) {
        SNE = RCV.SNE - 1; // use the pre-increment value
        PRE = 1;
     } else {
        SNE = RCV.SNE; // use the current value
     }
     // reset the flag in the *middle* of the window,
     // include SEG.SEQ equals half so that we do not miss
     // that edge case
     if (PRE == 0) {
        if(RCV.PREV_SEQ < 0x7fffffff && SEG.SEQ >= 0x7fffffff) {
           RCV.SNE_FLAG = 0;
        }
        // save the current SEQ for the next time through the code,
        // if we are not retransmitting
        RCV.PREV_SEQ = SEG.SEQ;
     }

BR,
--
 Juhamatti


On Thu, 30 Apr 2020 at 19:43, <juhamatk@gmail.com> wrote:
>
>
> Hello Joe,
>
> Thanks for your reply. While I talk about retransmit, I refer actually to the other side retransmitting. So this is the receive side pseudo code. Does that change the situation?
>
> Thanks for the clarifications,
> --
>  Juhamatti
>
> to 30. huhtikuuta 2020 klo 17.31 Joseph Touch <touch@strayalpha.com> kirjoitti:
>>
>> Hi, Juhamatti,
>>
>> See embedded below:
>>
>> > On Apr 30, 2020, at 12:31 AM, juhamatk@gmail.com wrote:
>> >
>> > Hello all,
>> >
>> > While working with RFC 5925, I have been checking the details of
>> > example SNE algorithm. I have a slight concern with the example
>> > algorithm proposed by the RFC.
>> >
>> > The idea of SNE is to simulate 64-bit sequence number with 32-bit
>> > sequences to prevent replay attacks. RFC 5925 proposes the following
>> > algorithm to implement 64-bit sequence numbering:
>> >
>> > Original algorithm pseudo-code in the RFC 5925 + errata:
>> >     /* set the flag when the SEG.SEQ first rolls over */
>> >     if ((RCV.SNE_FLAG == 0)
>> >        && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) {
>> >           RCV.SNE = RCV.SNE + 1;
>> >           RCV.SNE_FLAG = 1;
>> >     }
>> >     /* decide which SNE to use after incremented */
>> >     if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) {
>> >        SNE = RCV.SNE - 1; # use the pre-increment value
>> >     } else {
>> >        SNE = RCV.SNE; # use the current value
>> >     }
>> >     /* reset the flag in the *middle* of the window */
>> >     if ((RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ > 0x7fffffff)) {
>> >        RCV.SNE_FLAG = 0;
>> >     }
>> >     /* save the current SEQ for the next time through the code */
>> >     RCV.PREV_SEQ = SEG.SEQ;
>> >
>> > When looking into this in detail, to me it looks like there might be
>> > an issue when 32-bit sequence wraps back to the beginning and a
>> > retransmission occurs with the high sequence range.
>>
>> Retransmission should always use the value cached with that segment, so there should not be an issue.
>>
>> > Then SNE is
>> > increased unexpectedly and does not follow proper sequencing. A test
>> > case below:
>> >
>> > State:
>> > PREV_SEQ = 0xffffffe
>> > RCV.SNE = 0
>> > RCV.SNE_FLAG = 0
>> >
>> > New frame:
>> > SEG.SEQ = 0x0
>> > RCV.SNE => 1
>> > RCV.SNE_FLAG => 1
>> > PREV_SEQ => 0
>> >
>> > Retransmit:
>> > SEG.SEQ = 0xfffffffd
>> > RCV.SNE_FLAG => 0 - incorrectly updated
>> > PREV_SEQ => 0xfffffffd - incorrectly updated
>>
>> You’re using the pseudocode that creates new SNEs with a previously transmitted value. It’s acting like you’ve wrapped too quickly.
>>
>> >
>> > New frame:
>> > SEG.SEQ = 0x2
>> > RCV.SNE => 2 - incorrect value, should be 1 based on sequencing
>> > RCV.SNE_FLAG => 1
>> > PREV_SEQ => 0x2
>> >
>> > I could not figure out any reason why the above sequence would not be
>> > valid.
>>
>> Because retransmission should be using the values cached when the original transmission occurred.
>>
>> I don’t think the new code is needed - at least from this example.
>>
>> Joe
>>
>> > Even though it is mentioned in the RFC that the algorithm is
>> > just an example, the sequencing mismatch is unfortunate as mismatching
>> > SNEs on different sides will bring the authenticated TCP session down
>> > and cause data loss through timeout. Thus, for interoperability, it is
>> > crucial that correct sequencing is used on both ends.
>> >
>> > If above is really a real problem, then perhaps an improved algorithm
>> > could be as follows:
>> >
>> > Improved algorithm suggestion pseudo-code:
>> >     PRE = 0;
>> >     // set the flag when the SEG.SEQ first rolls over
>> >     if ((RCV.SNE_FLAG == 0)
>> >        && (RCV.PREV_SEQ > 0x7fffffff) && (SEG.SEQ < 0x7fffffff)) {
>> >          RCV.SNE = RCV.SNE + 1;
>> >          RCV.SNE_FLAG = 1;
>> >     }
>> >     // decide which SNE to use after incremented,
>> >     // pre-increment is used for retransmits
>> >     if ((RCV.SNE_FLAG == 1) && (SEG.SEQ > 0x7fffffff)) {
>> >        SNE = RCV.SNE - 1; # use the pre-increment value
>> >        PRE = 1;
>> >     } else {
>> >        SNE = RCV.SNE; # use the current value
>> >     }
>> >     // reset the flag in the *middle* of the window,
>> >     // include SEG.SEQ equals half so that we do not miss
>> >     // that edge case
>> >     if (PRE == 0) {
>> >        if(RCV.SNE_FLAG == 1 &&
>> >           RCV.PREV_SEQ < 0x7fffffff) && (SEG.SEQ >= 0x7fffffff)) {
>> >           RCV.SNE_FLAG = 0;
>> >        }
>> >        // save the current SEQ for the next time through the code,
>> >        // if we are not retransmitting
>> >        RCV.PREV_SEQ = SEG.SEQ;
>> >     }
>> >
>> > This passes the problematic case (and bunch of others I have tested).
>> > This also includes a small additional fix in the middle window
>> > handling where SEG.SEQ was missing one edge value (SEG.SEQ >
>> > 0x7fffffff => SEG.SEQ >= 0x7fffffff). I hope I have not missed
>> > anything else, but it is certainly possible, so comments are welcome.
>> >
>> > So, what do you think, is this a real concern? If it is a real issue,
>> > what would be the best way to handle this, perhaps an errata with an
>> > improved algorithm after throughout review of the new algorithm?
>> >
>> > Thank you,
>> > --
>> > Juhamatti
>> >
>> > _______________________________________________
>> > tcpm mailing list
>> > tcpm@ietf.org
>> > https://www.ietf.org/mailman/listinfo/tcpm
>>

v2.23.0 | Report a Bug | By Email