From owner-freebsd-net@FreeBSD.ORG Mon Feb 9 20:23:51 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E235E1065673 for ; Mon, 9 Feb 2009 20:23:51 +0000 (UTC) (envelope-from rrs@lakerest.net) Received: from lakerest.net (unknown [IPv6:2001:240:585:2:203:6dff:fe1a:4ddc]) by mx1.freebsd.org (Postfix) with ESMTP id 90C078FC17 for ; Mon, 9 Feb 2009 20:23:51 +0000 (UTC) (envelope-from rrs@lakerest.net) Received: from [192.168.60.98] (mail.columbiaairport.com [24.123.146.3]) (authenticated bits=0) by lakerest.net (8.14.3/8.14.3) with ESMTP id n19KNtSK045581 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 9 Feb 2009 15:23:57 -0500 (EST) (envelope-from rrs@lakerest.net) DKIM-Signature: a=rsa-sha1; c=simple/simple; d=lakerest.net; s=mail; t=1234211038; h=Cc:Message-Id:From:To:In-Reply-To:Content-Type: Content-Transfer-Encoding:Mime-Version:Subject:Date:References: X-Mailer; b=0iPGmFcXVUPuWZGh78wX6VuKuYYF5QQBEalaO+ovVOgj894D9sGNWqK ZAsr2gCYahz2FPtZSpgSUPuXNuuEnIw== Message-Id: From: Randall Stewart To: Peter Lei In-Reply-To: <0EEEB325-C7AF-468F-9374-EFED1BD3B3E4@ieee.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v930.3) Date: Mon, 9 Feb 2009 15:23:41 -0500 References: <4980B747.7070400@free.fr> <0EEEB325-C7AF-468F-9374-EFED1BD3B3E4@ieee.org> X-Mailer: Apple Mail (2.930.3) Cc: =?ISO-8859-1?Q?Michael_T=FCxen?= , Yann WANWANSCAPPEL , freebsd-net@freebsd.org Subject: Re: SCTP, possible bug in peer authentication key X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 20:23:52 -0000 Note that all of these changes are now in Head.. however I am not sure of the likely-hood of them moving into 7 since the xsctp_xxxx changes for the mib (rwnd and assoc_id) break ABI compatability. I have now (in head) padded up the structures at the end (in case we need to add more). But in general this means I cannot commit to stable many changes. I will go back and see what can be done :-( I may be able to do some "ifdef" and other magic so I can pull in the changes that have went on.. not sure. R On Jan 29, 2009, at 12:29 PM, Peter Lei wrote: > There's a corresponding change that is needed for pulling the auth =20 > info > out of the cookie for the other direction (i.e. server side =20 > handling). I've > committed that into the SCTP project repo, and should also get in with > Randall's next commit. > > --peter > > On Jan 29, 2009, at 2:23 AM, Michael T=FCxen wrote: > >> Hi Yann, >> >> very good catch! You are right. >> >> I have committed your patch to Randalls repository, so it will >> show up in the FreeBSD sources soon (next time he syncs them)... >> >> Best regards >> Michael >> >> On Jan 28, 2009, at 8:51 PM, Yann WANWANSCAPPEL wrote: >> >>> Hi all, >>> >>> I think I found a bug in the SCTP authentication code, in >>> sctp_load_addresses_from_init() in sctp_pcb.c >>> >>> keylen =3D sizeof(*p_random) + random_len + sizeof(*chunks) + =20 >>> num_chunks + >>> sizeof(*hmacs) + hmacs_len; >>> >>> The keylen calculation assumes the Chunk List Parameter (CHUNKS) >>> vl-param was present in the received INIT packet, which can be =20 >>> false if >>> peer SCTP does not require any chunk to be authenticated (this =20 >>> typically >>> occurs if peer does not support ASCONF). >>> >>>> =46rom RFC 4895, 6.1 >>> >>> * An SCTP endpoint has a list of chunks it only accepts if they are >>> * received in an authenticated way. This list is included in the =20= >>> INIT >>> * and INIT-ACK, and MAY be omitted if it is empty. Since this list >>> * does not change during the lifetime of the SCTP endpoint there =20 >>> is no >>> * problem in case of INIT collision. >>> >>> This case is properly handled later in the build of the key >>> >>> /* append in the AUTH chunks */ >>> if (chunks !=3D NULL) { >>> ..... >>> } >>> >>> I think the calculated keylen should be something like this : >>> >>> keylen =3D sizeof(*p_random) + random_len + sizeof(*hmacs) + =20 >>> hmacs_len; >>> >>> if (chunks !=3D NULL) { >>> keylen +=3D sizeof(*chunks) + num_chunks >>> } >>> >>> This problem results in authenticated packets sent from peer SCTP =20= >>> to be >>> discarded. >>> >>> The problem does not occurs if peer SCTP is modified to send an =20 >>> empty >>> Chunk List Parameter, (eg num_chunks =3D 0 in the decoding). >>> >>> Br, >>> Yann >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to = "freebsd-net-unsubscribe@freebsd.org=20 >>> " >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-=20 >> unsubscribe@freebsd.org" > ------------------------------ Randall Stewart 803-317-4952 (cell) 803-345-0391(direct)