[Swan-dev] ikev2parent_inI1outR1 parsing questions
Andrew Cagney
andrew.cagney at gmail.com
Thu Jan 21 01:46:37 UTC 2016
On 20 January 2016 at 16:59, Paul Wouters <paul at nohats.ca> wrote:
> On Wed, 20 Jan 2016, Andrew Cagney wrote:
>
>> Um, what is "connection switching"?
>
>
> We answer IKE_INIT, they come back with IKE_AUTH. We then check if there
> is a better matching connection to switch to.
In IKEv2, the only way the initiator is going to encrypt and the
responder decrypt that IKE_AUTH packet is by using the KE and proposal
agreed to during IKE_INIT.
> for example, say one is authby=secret and the other authby=rsasig, then
> in IKEv2 we will only know the difference during IKE_AUTH. If we
> happened to have taken the initial packet on the conn with
> authby=secret, we need to switch.
>
> This is why later in the IKE negotiation we can find out the KE payload
> we had is actually not valid (because we had to switch connection)
I suspect there's something else I'm missing.
>>> vendorid information might go onto the state, but that assumes there
>>> is a state. For NO_PROPOSAL_CHOSEN or INVALID_KE we would not need it,
>>> unless later in life we need to do some workaround based on VID.
>>
>>
>> The current IKEv2 code seems to simply log the values received (but I
>> could easily be wrong).
>
>
> Yes. we are not acting on any kind of VID right now.
>
>> Without the proposal:
>>
>> - the keying material is the wrong size for the group being proposed;
>> this would be a new test lifted from accept_KE
>
>
> If there is no proposal matching the KE offered I'm fine with only
> rejecting it later on when we are going through the proposals. The
> client is stupid and so they can wait :P
>> - the group isn't in any of the local proposals at all; this is
>> stronger than the current code which just checks that lookup_group()
>> isn't NULL
>
>
> But if they have another proposal value that is not the one they picked
> for KE, then we can send back INVALID_KE with a value that matches a
> mutually agreeable group. If there is no group that is shared between
> initiator and responder, NO_PROPOSAL_CHOSEN should be returned instead
> of INVALID_KE.
Ah, you'd like to play nice :-)
The existing code:
- struct ikev2_ke *ke = &md->chain[ISAKMP_NEXT_v2KE]->payload.v2ke;
- st->st_oakley.group = lookup_group(ke->isak_group);
- if (st->st_oakley.group == NULL) {
- /*
- * It is arguable what to do here: reply with
- * INVALID_SYNTAX; reply with INVALID_KE and
- * no group; reply with INVALID_KE and a group
- * that matches; or reply INVALID_KE and the
- * default group.
- *
- * Go with the last one so that, for little
- * cost, a legitimate initiator gets a hint as
- * to the problem.
- */
I believe:
- sends back INVALID_KE(default)
causing remote end to come back with a KE we might consider, and then either:
- sends-back (I hope) INVALID_KE(correct ke); causing the remote end
to come back with KE we'll hopefully agree to
- or, no proposal chosen
either way we give their end some extra work
>> and with the proposal:
>>
>> - the KE matches the group in the chosen proposal
>>
>> In the case where NO_PROPSOAL_CHOSEN and INVALID_KE are both true,
>> does it matter which fail we send back?
>
>
> If there is a potentially matching group, we should send back
> INVALID_KE. If there is not, send back NO_PROPSOAL_CHOSEN.
Ok.
Once the proposals are being parsed before DH I'll remove the
INVALID_KE pre-check.
Andrew
More information about the Swan-dev
mailing list