[Serdev] Better CRC implementation for SER
Andrei Pelinescu-Onciul
andrei at iptel.org
Wed Jun 4 19:26:05 CEST 2008
On Jun 01, 2008 at 15:06, Jan Janak <jan at iptel.org> wrote:
> Andrei,
>
> I came across this today (haven't tried):
>
> http://sourceforge.net/projects/slicing-by-8
>
> Maybe we could use it in SER?
Yes, cool. It's only crc32 though (and in some places we use crc16).
We could also probably reduce CRC usage in ser. I'm not sure we need it
in so many places.
I've also found some strange usage for avp cookies in rr. It's used in
the same way one would use a signature:
cookie = crc16( avp_cookies | crc_secret) | avp_cookies
This is really strange, if it's used only to protect against random
changes on the wire, then no need for crc_secret and most likely a
simple faster checksum16 offers enough protection.
If it's used as some cryptographic signature, then it has 0 value, a real
hmac would need to be used (md5, sha* a.s.o). I think that
given a few messages it would be possible not only to send some avp
flags for which the cookie check will match (no need for more then 1
message for that), but even the secret can be found out.
Another function that we should replace is the MD5. I think (not tested
yet) that for example the openssl version is much faster (they have
optimized version for various archs). OTOH I wouldn't want to make ser
depend on openssl...
As a compromise we could have a make option for linking libcrypto and if
the option is set use it, else use the slow ser implementation.
(I don't think we could easily take the code from openssl, I'm not sure
even if the licence for libcrypto still has the advertising clause, like
the rest of the openssl).
Andrei
More information about the Serdev
mailing list