[PATCH RFC 2/2] babel: Add HMAC support

Ondrej Zajicek santiago at crfreenet.org
Wed Aug 15 13:07:00 CEST 2018


On Tue, Aug 14, 2018 at 07:40:02PM +0200, Toke Høiland-Jørgensen wrote:
> > IMHO the draft describes this order:
> >
> > - parse trailer
> > - preparse for PC and index
> > - verify authentication (HMAC and PC/index)
> > - regular parse and processing
> >
> > You are doing
> >
> > - parse trailer
> > - verify HMAC
> > - regular parse
> > - verify PC/index
> > - regular processing
> >
> > I would prefer if we just keep whole packet verification as a separate
> > phase like described in the draft and as a separate function called
> > from babel_process_packet(), even if that means two iterations through
> > TLVs.
> 
> Why? The way it is described in the draft in influenced by the babeld
> parser, which will do full processing (including updating internal
> state) of TLVs as they are parsed. Since we already have a separate
> parsing step, verifying the HMAC between that and the stateful checks
> seems like the natural thing to do, rather than introduce a third round?

Well, there are several interconnnected reasons: It is much easier to
read and understand such code, which is especially important for
security-related code, there is much smaller attack vector - if there is
a bug in packet parsing code, it cannot be exploited by unathenticated
attacker [*] and it keeps consistent error messages (you do not get
packet parsing errors for regular LSAs for packets that are already
rejected due to invalid authentication regardless of whether it is
HMAC-invalid or PC/index-invalid).

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."



More information about the Bird-users mailing list