RIOT icon indicating copy to clipboard operation
RIOT copied to clipboard

Published 20 hours ago verified publisher icon RIOT-OS

gnrc_ipv6_nib/SLAAC: rfc7217 stable privacy addresses

Open xnumad opened this issue 1 year ago • 3 comments

Contribution description

Implementation of RFC7217 ("stable privacy") means that for addresses generated by SLAAC, their IID (interface identifier) is

  • semantically opaque, i.e. cannot derive hwaddr from it
  • random but with such parameters that it is stable within a subnet (i.e. for the same prefix on the same interface)
  • derived from a randomly generated key (secret_key) that shouldn't be shared across devices. RIOT-specific: The implementation in this PR compiles the secret_key into the elffile, therefore the same elffile shouldn't be flashed onto multiple devices - in order to fulfill the RFC requirements.

Notes about implementation:

  • uses tail recursion (i.e. optimizable by compiler, or manually replacable by a loop) (affects stack size)

RFC compatibility: Requirement levels: (implemented: MUST, SHOULD. not implemented: MAY, OPTIONAL.)

--

Adaptability

Supports any link layer that has a hardware address: https://github.com/xnumad/RIOT/blob/88363f3cde7175691fe27399d73a54e08934e6c7/sys/net/gnrc/network_layer/ipv6/nib/_nib-slaac.c#L168-L169

The usage of IIDs which do not match the link layer address causes LOWPAN_IPHC to not be able to statelessly compress the IP address anymore. An optimization to enable compression again could be to add compression contexts (feature branch for opportunistic compression contexts: https://github.com/xnumad/RIOT/tree/feature%2Fopportunistic-compression-contexts).

6LoWPAN specifics

They do not affect this PRs current functionality but are worth noting.

For link-local addresses on a 6LN iface, this PR does not use the IDGEN (interface identifier generation) mechanism described by rfc7217.

  • This is because of incompatibility with 6LoWPAN-ND (RFC6775) (and RFC8505, which would allow it, is not implemented).
  • → Not fulfilling RFC7217 requirement "MUST be employed for [...] link-local"

Testing procedure

Add CFLAGS += -DCONFIG_GNRC_IPV6_STABLE_PRIVACY=1 at the appropriate position in the Makefile of examples/gnrc_networking. Tested on BOARD=nrf52840dk

Output of ifconfig command shows that SLAAC addresses have random differing IIDs (except for link-local address on a 6LoWPAN iface, see above). The IID is stable within a subnet, i.e. it also persists across reboots.

Issues/PRs references

Commits marked with 🍒 (cherry-picked) are largely derived from the RFC8981 implementation at #20369

xnumad avatar Feb 11 '24 01:02 xnumad

Squashed

xnumad avatar Feb 22 '24 11:02 xnumad

Squashed a typo

xnumad avatar Feb 22 '24 20:02 xnumad