On Jan 15, 2024, at 6:22 PM, Jeffrey Haas <jh...@pfrc.org> wrote:
>
> Authors,
>
> Feedback on version -12:
Thanks. I'll check these and hopefully push a PR tomorrow. I just want to
comment on one suggestion below.
> RFC 5880 defines
> : bfd.XmitAuthSeq
> :
> : A 32-bit unsigned integer containing the next sequence number for
> : Keyed MD5 or SHA1 Authentication to be transmitted. This variable
> : MUST be initialized to a random 32-bit value.
>
> Thus, the intention is that we start with a random value.
Yes.
> If the session is Up with one of the existing types with a known sequence
> number, and then we switch to Meticulous Keyed ISAAC, what is likely
> happening is:
> 1. We learn the Seed for this session for the first time. This somewhat
> argues we need a bfd.MetKeyIsaacKnown variable. We require it to not
> change. Note that it's critical that we say that we're setting it only
> after ISAAC authentication has succeeded.
That makes sense.
> 2. We need to generate the ISAAC table from the existing sequence number.
> It can't simply be sequence 0 because that's attackable.
Section 5.1 defines how ISAAC is seeded. It doesn't use sequence numbers to
generate the information.
More below.
> 3. Since we can't set it to zero, and we don't want to generate all
> intervening ISAAC pages to "catch up" to our random sequence number we
> started with,
But we don't need to "catch up". We just need to record that we started at
an agreed-upon sequence number.
The important bit is that we have a transition from
bfd.MetKeyIsaacKnown=false
to
bfd.MetKeyIsaacKnown=true
When that transition happens, the sequence number in the packet is used as
the start point. That number is the new bfd.MetKeyIsaacPageBase variable you
mentioned.
Saving that number means that if we get a new sequence number Y, we can do:
Auth Key index = Y - bfd.MetKeyIsaacPageBase
If that value is smaller than 256, the sequence number is in the current
page. If it's 256 or more, then we need to generate a new page.
I'll add some text to clarify this.
Alan DeKok.
