[Swan-dev] calculate DH response _after_ checking entire policy
Andrew Cagney
andrew.cagney at gmail.com
Mon Jan 26 18:00:21 EET 2015
Per earlier e-mail, I've been updating the default policies for IKEv2.
Along with a few, lets say, quirks, I found this, er, feature:
Given the initator's request containing:
- a modp-group and DH material
- initator's policies (algorithms et.al.)
the responder checks the modp-group as follows:
First there's what I've been calling the fast path:
- check that the modp-group is known; if not, send back invalid_ke
- check that the modp-group is found in the responder's policy set; if
not, send back invalid_ke
And then, if that passes, it goes onto what I'll call the slow path:
- calculate local DH material based on initiator's modp-group (hence slow)
- chooses a policy using the initiator's and the responder's policies,
if not ...
- check that initiator's modp-group matches the chosen policy, if not
send back an invalid_ke with that policy's modp-group as a suggestion
Notice how, when the modp-group doesn't match, there can be wasted DH
calculation.
I'm guessing that the code should look something like:
- check that the modp-group is known
- check that the modp-group is in the resonder's policy set
- choose a policy
- check that the modp-group matches the policy
if any fail, send back invalid_ke with a suggestion
- and then calculate the DH
I can't see any benefit in doing the DH calculation midway through the
modp-group check. It perhaps slows down an attacker trying to figure
out the server's policy, but not my much, and at the expense of more
server load.
Andrew
PS: I suspect this is something to address after libevent is merged in.
More information about the Swan-dev
mailing list