[Swan-dev] encrypted informational message when in state R1?
Antony Antony
antony at phenome.org
Wed Feb 18 20:49:12 EET 2015
On Wed, Feb 18, 2015 at 01:33:23PM -0500, Andrew Cagney wrote:
> On 18 February 2015 at 13:16, Antony Antony <antony at phenome.org> wrote:
> > Here is my recollection of an experience and the patch.
> >
> > On Mon, Feb 16, 2015 at 03:32:51PM -0500, Andrew Cagney wrote:
> >> Hi,
> >>
> >> I'm trying to understand this:
> >>
> >> /* Informational Exchange */
> >> { .story = "R1: process INFORMATIONAL",
> >> .state = STATE_PARENT_R1,
> >> .next_state = STATE_PARENT_R1,
> >> .flags = SMF2_STATENEEDED,
> >> .req_clear_payloads = P(SK),
> >> .opt_enc_payloads = P(N) | P(D) | P(CP),
> >> .processor = process_encrypted_informational_ikev2,
> >> .recv_type = ISAKMP_v2_INFORMATIONAL,
> >> .timeout_event = EVENT_RETAIN, },
> >>
> >> from ikev2.c.
> >>
> >> Several things make me think this transition won't happen or the
> >> message will be ignored:
> >
> > yes the message will be dropped by libreswan.
> > In past there were reports, log files, of cisco sending such message and libreswan crash inside NSS. The current behavior is drop the message silently. A better one would finish the DH computation and decode the informational message. For that libreswan need another _continue _tail function to complete DH.
>
> > Later I also herd CISCO was possibly misconfigured.
>
> Given ...
>
> >> - to me, rfc7296 makes it really clear that during the INIT and AUTH
> >> exchanges the only valid messages are of type INIT and AUTH and not
> >> INFORMATIONAL - a packet of this type just isn't allowed at this point
> >> (there's an edge case at the end of AUTH, but by then the responder
> >> had better be in state R2
> >> http://tools.ietf.org/html/rfc7296#section-2.21.2)
>
> I'm thinking that dropping the packet like a hot potato is the best solution.
>
> >> - when the responder is in state R1, while it has all the DH material,
> >> it hasn't done the DH calculation (pluto delays that until the R1->R2
> >> transition), consequently, if such a packet were to be received it
> >> would be rejected anyway with STF_FAIL because
> >> !st->hidden_variables.st_skeyid_calculated (see ikev2_decrypt_msg).
> >
> > I belive this was added after we discovered cisco could send such message. I think that check is reasonable.
>
> (I've nothing against the sanity check)
>
> It sounds like the above transition can be removed.
not sure. are you proposing to drop message in process_v2_packet?
I don't see an issue in calling process_encrypted_informational_ikev2 and dropping the message.
alternatively we could change processing function saying drop the packet.
IMHO, having smc entry is cleaner than using conditional drop in process_v2_packet.
More information about the Swan-dev
mailing list