Babel Hashed Message Authentication Code (HMAC) Cryptographic Authentication
draft-ovsienko-babel-hmac-authentication-09
The information below is for an old version of the document that is already published as an RFC.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7298.
|
|
|---|---|---|---|
| Author | Denis Ovsienko | ||
| Last updated | 2014-07-11 (Latest revision 2014-04-18) | ||
| RFC stream | Independent Submission | ||
| Intended RFC status | Experimental | ||
| Formats | |||
| IETF conflict review | conflict-review-ovsienko-babel-hmac-authentication | ||
| Stream | ISE state | Published RFC | |
| Consensus boilerplate | Unknown | ||
| Document shepherd | Eliot Lear | ||
| Shepherd write-up | Show Last changed 2014-03-21 | ||
| IESG | IESG state | Became RFC 7298 (Experimental) | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IANA Actions |
draft-ovsienko-babel-hmac-authentication-09
+---------------+-------------------------------+-------------------+ | Packet field | Packet octets (hexadecimal) | Meaning (decimal) | +---------------+-------------------------------+-------------------+ | Magic | 2a | 42 | | Version | 02 | version 2 | | Body length | 00:4c | 76 octets | | [TLV] Type | 04 | 4 (Hello) | | [TLV] Length | 06 | 6 octets | | Reserved | 00:00 | no meaning | | Seqno | 09:25 | 2341 | | Interval | 01:90 | 400 (4.00 s) | | [TLV] Type | 08 | 8 (Update) | | [TLV] Length | 0a | 10 octets | | AE | 00 | 0 (wildcard) | | Flags | 40 | default router-id | | Plen | 00 | 0 bits | | Omitted | 00 | 0 bits | | Interval | ff:ff | infinity | | Seqno | 68:21 | 26657 | | Metric | ff:ff | infinity | | [TLV] Type | 0b | 11 (TS/PC) | | [TLV] Length | 06 | 6 octets | | PacketCounter | 00:01 | 1 | | Timestamp | 52:1d:7e:8b | 1377664651 | | [TLV] Type | 0c | 12 (HMAC) | | [TLV] Length | 16 | 22 octets | | KeyID | 00:c8 | 200 | | Digest | c6:f1:06:13:30:3c:fa:f3:eb:5d | HMAC result | | | 60:3a:ed:fd:06:55:83:f7:ee:79 | | | [TLV] Type | 0c | 12 (HMAC) | | [TLV] Length | 16 | 22 octets | | KeyID | 00:64 | 100 | | Digest | df:32:16:5e:d8:63:16:e5:a6:4d | HMAC result | | | c7:73:e0:b5:22:82:ce:fe:e2:3c | | +---------------+-------------------------------+-------------------+ Table 4: A Babel Packet with Each HMAC TLV Containing an HMAC Result Appendix B. Test Vectors The test vectors below may be used to verify the correctness of some procedures performed by an implementation of this mechanism, namely: o appending of TS/PC and HMAC TLVs to the Babel packet body, o padding of the HMAC TLV(s), Ovsienko Expires October 20, 2014 [Page 52] Internet-Draft Babel HMAC Cryptographic Authentication April 2014 o computation of the HMAC result(s), and o placement of the result(s) in the TLV(s). This verification isn't exhaustive, there are other important implementation aspects that would require testing methods of their own. The test vectors were produced as follows. 1. A Babel speaker with a network interface with IPv6 link-local address fe80::0a11:96ff:fe1c:10c8 was configured to use two CSAs for the interface: * CSA1={HashAlgo=RIPEMD-160, KeyChain={{LocalKeyID=200, AuthKeyOctets=Key26}}} * CSA2={HashAlgo=SHA-1, KeyChain={{LocalKeyId=100, AuthKeyOctets=Key70}}} The authentication keys above are: * Key26 in ASCII: ABCDEFGHIJKLMNOPQRSTUVWXYZ * Key26 in hexadecimal: 41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50 51:52:53:54:55:56:57:58:59:5a * Key70 in ASCII: This=key=is=exactly=70=octets=long.=ABCDEFGHIJKLMNOPQRSTUVWXYZ01234567 * Key70 in hexadecimal: 54:68:69:73:3d:6b:65:79:3d:69:73:3d:65:78:61:63 74:6c:79:3d:37:30:3d:6f:63:74:65:74:73:3d:6c:6f 6e:67:2e:3d:41:42:43:44:45:46:47:48:49:4a:4b:4c 4d:4e:4f:50:51:52:53:54:55:56:57:58:59:5a:30:31 32:33:34:35:36:37 The length of each key was picked to relate (in the terms of Section 2.4) with the properties of respective hash algorithm as follows: Ovsienko Expires October 20, 2014 [Page 53] Internet-Draft Babel HMAC Cryptographic Authentication April 2014 * the digest length (L) of both RIPEMD-160 and SHA-1 is 20 octets, * the internal block size (B) of both RIPEMD-160 and SHA-1 is 64 octets, * the length of Key26 (26) is greater than L but less than B, and * the length of Key70 (70) is greater than B (and thus greater than L). KeyStartAccept, KeyStopAccept, KeyStartGenerate and KeyStopGenerate were set to make both authentication keys valid. 2. The instance of the original protocol of the speaker produced a Babel packet (PktO) to be sent from the interface. Table 2 provides a decoding of PktO, contents of which is below: 2a:02:00:14:04:06:00:00:09:25:01:90:08:0a:00:40 00:00:ff:ff:68:21:ff:ff 3. The authentication mechanism appended one TS/PC TLV and two HMAC TLVs to the packet body, updated the "Body length" packet header field and padded the Digest field of the HMAC TLVs using the link-local IPv6 address of the interface and necessary amount of zeroes. Table 3 provides a decoding of the resulting temporary packet (PktT), contents of which is below: 2a:02:00:4c:04:06:00:00:09:25:01:90:08:0a:00:40 00:00:ff:ff:68:21:ff:ff:0b:06:00:01:52:1d:7e:8b 0c:16:00:c8:fe:80:00:00:00:00:00:00:0a:11:96:ff fe:1c:10:c8:00:00:00:00:0c:16:00:64:fe:80:00:00 00:00:00:00:0a:11:96:ff:fe:1c:10:c8:00:00:00:00 4. The authentication mechanism produced two HMAC results, performing the computations as follows: * For H=RIPEMD-160, K=Key26, and Text=PktT the HMAC result is: c6:f1:06:13:30:3c:fa:f3:eb:5d:60:3a:ed:fd:06:55 83:f7:ee:79 * For H=SHA-1, K=Key70, and Text=PktT the HMAC result is: df:32:16:5e:d8:63:16:e5:a6:4d:c7:73:e0:b5:22:82 ce:fe:e2:3c Ovsienko Expires October 20, 2014 [Page 54] Internet-Draft Babel HMAC Cryptographic Authentication April 2014 5. The authentication mechanism placed each HMAC result into respective HMAC TLV, producing the final authenticated Babel packet (PktA), which was eventually sent from the interface. Table 4 provides a decoding of PktA, contents of which is below: 2a:02:00:4c:04:06:00:00:09:25:01:90:08:0a:00:40 00:00:ff:ff:68:21:ff:ff:0b:06:00:01:52:1d:7e:8b 0c:16:00:c8:c6:f1:06:13:30:3c:fa:f3:eb:5d:60:3a ed:fd:06:55:83:f7:ee:79:0c:16:00:64:df:32:16:5e d8:63:16:e5:a6:4d:c7:73:e0:b5:22:82:ce:fe:e2:3c Interpretation of this process is to be done in the view of Figure 1, differently for the sending and the receiving directions. For the sending direction, given a Babel speaker configured using the IPv6 address and the sequence of CSAs as described above, the implementation SHOULD (see notes in Section 5.3) produce exactly the temporary packet PktT if the original protocol instance produces exactly the packet PktO to be sent from the interface. If the temporary packet exactly matches PktT, the HMAC results computed afterwards MUST exactly match respective results above and the final authenticated packet MUST exactly match the PktA above. For the receiving direction, given a Babel speaker configured using the sequence of CSAs as described above (but a different IPv6 address), the implementation MUST (assuming the TS/PC check didn't fail) produce exactly the temporary packet PktT above if its network stack receives through the interface exactly the packet PktA above from the source IPv6 address above. The first HMAC result computed afterwards MUST match the first result above. The receiving procedure doesn't compute the second HMAC result in this case, but if the implementor decides to compute it anyway for the verification purpose, it MUST exactly match the second result above. Author's Address Denis Ovsienko Yandex 16, Leo Tolstoy St. Moscow, 119021 Russia Email: infrastation@yandex.ru Ovsienko Expires October 20, 2014 [Page 55]