[tram] [Errata Verified] RFC8489 (6268)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 19 October 2020 08:04 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4653A14F1; Mon, 19 Oct 2020 01:04:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyAKA-qiEx4b; Mon, 19 Oct 2020 01:04:06 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1527A3A14ED; Mon, 19 Oct 2020 01:04:05 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 113FBF40719; Mon, 19 Oct 2020 01:04:04 -0700 (PDT)
To: renthraysk@gmail.com, marc@petit-huguenin.org, gsalguei@cisco.com, jdrosen@jdrosen.net, dwing-ietf@fuggles.com, rohan.ietf@gmail.com, philip_matthews@magma.ca
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: magnus.westerlund@ericsson.com, iesg@ietf.org, tram@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20201019080404.113FBF40719@rfc-editor.org>
Date: Mon, 19 Oct 2020 01:04:04 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/6g0T0n52BNNWIHtuFfse-HBJb24>
X-Mailman-Approved-At: Mon, 19 Oct 2020 01:12:32 -0700
Subject: [tram] [Errata Verified] RFC8489 (6268)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 08:04:08 -0000

The following errata report has been verified for RFC8489,
"Session Traversal Utilities for NAT (STUN)". 

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6268

--------------------------------------
Status: Verified
Type: Technical

Reported by: Jared Williams <renthraysk@gmail.com>
Date Reported: 2020-08-30
Verified by: Magnus Westerlund (IESG)

Section: Appendix B.1

Original Text
-------------
        00 01 00 9c      Request type and message length
        21 12 a4 42      Magic cookie
        78 ad 34 33   }
        c6 ad 72 c0   }  Transaction ID
        29 da 41 2e   }
        00 1e 00 20      USERHASH attribute header
        4a 3c f3 8f   }
        ef 69 92 bd   }
        a9 52 c6 78   }
        04 17 da 0f   }  Userhash value (32 bytes)
        24 81 94 15   }
        56 9e 60 b2   }
        05 c4 6e 41   }
        40 7f 17 04   }
        00 15 00 29      NONCE attribute header
        6f 62 4d 61   }
        74 4a 6f 73   }
        32 41 41 41   }
        43 66 2f 2f   }
        34 39 39 6b   }  Nonce value and padding (3 bytes)
        39 35 34 64   }
        36 4f 4c 33   }
        34 6f 4c 39   }
        46 53 54 76   }
        79 36 34 73   }
        41 00 00 00   }
        00 14 00 0b      REALM attribute header
        65 78 61 6d   }
        70 6c 65 2e   }  Realm value (11 bytes) and padding (1 byte)
        6f 72 67 00   }
        00 1c 00 20      MESSAGE-INTEGRITY-SHA256 attribute header
        e4 68 6c 8f   }
        0e de b5 90   }
        13 e0 70 90   }
        01 0a 93 ef   }  HMAC-SHA256 value
        cc bc cc 54   }
        4c 0a 45 d9   }
        f8 30 aa 6d   }
        6f 73 5a 01   }
 

Corrected Text
--------------
   Password Algorithm: SHA-256 (0x0002), and parameters len (0)

      00 01 00 90     Request type and message length
      21 12 a4 42     Magic cookie
      78 ad 34 33  }
      c6 ad 72 c0  }  Transaction ID
      29 da 41 2e  }
      00 1e 00 20     USERHASH attribute header
      4a 3c f3 8f  }
      ef 69 92 bd  }
      a9 52 c6 78  }
      04 17 da 0f  }  Userhash value (32  bytes)
      24 81 94 15  }
      56 9e 60 b2  }
      05 c4 6e 41  }
      40 7f 17 04  }
      00 15 00 29     NONCE attribute header
      6f 62 4d 61  }
      74 4a 6f 73  }
      32 41 41 41  }
      43 66 2f 2f  }
      34 39 39 6b  }  Nonce value and padding (3 bytes)
      39 35 34 64  }
      36 4f 4c 33  }
      34 6f 4c 39  }
      46 53 54 76  }
      79 36 34 73  }
      41 00 00 00  }
      00 14 00 0b     REALM attribute header
      65 78 61 6d  }
      70 6c 65 2e  }  Realm value (11  bytes) and padding (1 byte)
      6f 72 67 00  }
      00 1d 00 04     PASSWORD-ALGORITHM attribute header
      00 02 00 00     PASSWORD-ALGORITHM value (4 bytes)
      00 1c 00 20     MESSAGE-INTEGRITY-SHA256 attribute header
      b5 c7 bf 00  }
      5b 6c 52 a2  }
      1c 51 c5 e8  }
      92 f8 19 24  }  HMAC-SHA256 value
      13 62 96 cb  }
      92 7c 43 14  }
      93 09 27 8c  }
      c6 51 8e 65  }

Notes
-----
The message length in the test vector (first line, value: 9c) is the absolute length of the whole test vector. However from section 5. STUN Message Structure

"The message length MUST contain the size of the message in bytes, not
   including the 20-byte STUN header."

So the message length in the header should be 20 bytes less than absolute length of the whole message. 

0x9C - 20 = 0x88.

Also the section was missing an indication of what password algorithm that was to be used to derive the password. As SHA-256 was used, and is not the default the PASSWORD-ALGORITHM attribute is required. Thus, this corrected message contains that STUN attribute. 

The corrected message has a recalculated Message-Integrity-SHA256 attribute. 

--------------------------------------
RFC8489 (draft-ietf-tram-stunbis-21)
--------------------------------------
Title               : Session Traversal Utilities for NAT (STUN)
Publication Date    : February 2020
Author(s)           : M. Petit-Huguenin, G. Salgueiro, J. Rosenberg, D. Wing, R. Mahy, P. Matthews
Category            : PROPOSED STANDARD
Source              : TURN Revised and Modernized
Area                : Transport
Stream              : IETF
Verifying Party     : IESG