[Swan-dev] IKEv1 AH parsing quirk

Paul Wouters paul at nohats.ca
Fri Aug 18 02:09:08 UTC 2017 

There was a correcting function that did a minus 1 in the past. It was wrong for newer numbers and I think I killed it

Sent from my iPhone

> On Aug 17, 2017, at 21:51, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> 
>> On 17 August 2017 at 21:17, Paul Wouters <paul at nohats.ca> wrote:
>> The ESP integ numbers were the same as the AH integ numbers and the same as the IKE integ numbers? Probably sloppy programming that still worked?
> 
> They are different.  For instance:
> 
> AH_MD5=2 - transform
> AUTH_ALGORITHM_HMAC_MD5=1 - attribute
> 
> perhaps specifying both is just an IKEv1 quirk
> 
> 
>> Sent from my iPhone
>> 
>>> On Aug 17, 2017, at 20:46, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>>> 
>>> I've been trying to figure out why the IKEv1 AH_* values are pretty
>>> much absent from pluto's code base and instead AUTH_ALGORITHM_*
>>> appears everywhere.  Then I noticed this (ah-pluto-01):
>>> 
>>> | *****parse ISAKMP Transform Payload (AH):
>>> |    next payload type: ISAKMP_NEXT_NONE (0x0)
>>> |    length: 28 (0x1c)
>>> |    AH transform number: 0 (0x0)
>>> |    AH transform ID: AH_SHA (0x3)
>>> | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC
>>> 
>>> which is clearly wrong.  The code that handles this, and dates back to
>>> <=2007, unconditionally assigns the AH value to  .encrypt vis:
>>> 
>>>   if (!in_struct(trans, trans_desc, prop_pbs, trans_pbs))
>>>       return FALSE;
>>>  ...
>>>   attrs->transattrs.encrypt = trans->isat_transid;
>>>   attrs->transattrs.encrypter =
>>> ikev1_get_kernel_encrypt_desc(trans->isat_transid); // new
>>> 
>>> it then goes on:
>>> 
>>> | ******parse ISAKMP IPsec DOI attribute:
>>> |    af+type: AUTH_ALGORITHM (0x8005)
>>> |    length/value: 2 (0x2)
>>> |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
>>> | integrity ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1_96
>>> 
>>> which is handled by:
>>> 
>>>       case AUTH_ALGORITHM | ISAKMP_ATTR_AF_TV:
>>>           attrs->transattrs.integ_hash = val;
>>>           attrs->transattrs.integ = ikev1_get_kernel_integ_desc(val); // new
>>>           break;
>>> 
>>> which "fixes" the integrity.  From there, while most code uses
>>> integ_hash, .encrypt does get used as well.  For instance, in
>>> compute_proto_keymat() both fields get used:
>>> 
>>>   case PROTO_IPSEC_AH:
>>>       switch (pi->attrs.transattrs.encrypt) {
>>>       case AH_MD5:
>>>           needed_len = HMAC_MD5_KEY_LEN;
>>>           break;
>>> ...
>>>       default:
>>>           if (kernel_alg_ah_auth_ok(
>>>               pi->attrs.transattrs.integ_hash, NULL)) {
>>>               needed_len += kernel_alg_ah_auth_keylen(
>>>                   pi->attrs.transattrs.integ_hash);
>>>               break;
>>>           }
>>>           bad_case(pi->attrs.transattrs.encrypt);
>>>       }
>>> 
>>> short of me reading the IKEv1 spec, can anyone explain what is happening here?
>>> 
>>> Andrew
>>> _______________________________________________
>>> Swan-dev mailing list
>>> Swan-dev at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan-dev
>>

More information about the Swan-dev mailing list