Re: [AVTCORE] I-D Action: draft-ietf-avtcore-aria-srtp-03.txt

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 15 August 2013 07:10 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1E5A11E80E1 for <avt@ietfa.amsl.com>; Thu, 15 Aug 2013 00:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.988
X-Spam-Level:
X-Spam-Status: No, score=-103.988 tagged_above=-999 required=5 tests=[AWL=-1.389, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lu8arQrTsiMV for <avt@ietfa.amsl.com>; Thu, 15 Aug 2013 00:10:18 -0700 (PDT)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id EADDD21F99A1 for <avt@ietf.org>; Thu, 15 Aug 2013 00:10:17 -0700 (PDT)
X-AuditID: c1b4fb38-b7fcf8e0000062b8-79-520c7ed8deeb
Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.253.125]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id 21.89.25272.8DE7C025; Thu, 15 Aug 2013 09:10:16 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.20) by smtp.internal.ericsson.com (153.88.183.41) with Microsoft SMTP Server id 14.2.328.9; Thu, 15 Aug 2013 09:10:16 +0200
Message-ID: <520C7F1D.4010505@ericsson.com>
Date: Thu, 15 Aug 2013 09:11:25 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: <draft-ietf-avtcore-aria-srtp@tools.ietf.org>
References: <20130627054313.28629.3912.idtracker@ietfa.amsl.com>
In-Reply-To: <20130627054313.28629.3912.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprALMWRmVeSWpSXmKPExsUyM+Jvre6NOp4ggz07NCxe9qxkt5g8WcCB yWPJkp9MHl8uf2YLYIrisklJzcksSy3St0vgyvi16xZTwW29io5Hn9kaGJcrdTFyckgImEhc WL2EHcIWk7hwbz0biC0kcJRR4uW0vC5GLiB7GaPEspvdzCAJXgFtiWV931lAbBYBVYkbj/eD NbMJWEjc/NEI1iwqECzRvv0rG0S9oMTJmU/A6kUEDCW2TmgGq2cWEJI4PecbK4gtLOAm8W7K TXaIxQ4SEw68BtvFKeAoseTbH2aI4yQlti06BtWrJzHlagsjhC0v0bx1NjNEr7ZEQ1MH6wRG oVlIVs9C0jILScsCRuZVjBzFqcVJuelGBpsYgaF6cMtvix2Ml//aHGKU5mBREufdoncmUEgg PbEkNTs1tSC1KL6oNCe1+BAjEwenVAOj4dNLyerX/ouff/Z8ewy/+M51rIt/hPv3Gx9/x+jy ujPhYeBX8/1PsircV9nLM/xZczDJZz9b9IqiOuFFR+T1Uze977bavmPrhAtMUWnV1TmnZoYe 45p6Yp6X5mG12d+5Kg8prSsXeG+vIiQzzfx+RsatLM1romfVba4yMIcGpHlpbZgTyLpHiaU4 I9FQi7moOBEAz1rswyMCAAA=
Cc: avt@ietf.org
Subject: Re: [AVTCORE] I-D Action: draft-ietf-avtcore-aria-srtp-03.txt
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 07:10:24 -0000

Authors and WG,

I have reviewed this new version. Thanks for addressing my issue. During
this review I only noticed a small number of minor issues.

Note, I have not verified in any way the test vectors. Nor am I certain
that I can spot any fact error regarding the crypto-algorithms. What I
have done is reviewed the draft consistency and correctness in their
actions to IANA and towards SRTP.


1. Section 5.3:


                              +--------------------------------------+
                              | Encryption | Encryption | AEAD Auth. |
                              | Algorithm  | Key Length | Tag Length |
                              +======================================+
    SRTP_ARIA_128_CTR_HMAC_80 |  ARIA-CTR  | 16 octets  |  80 bits   |
    SRTP_ARIA_128_CTR_HMAC_32 |  ARIA-CTR  | 16 octets  |  32 bits   |
    SRTP_ARIA_192_CTR_HMAC_80 |  ARIA-CTR  | 24 octets  |  80 bits   |
    SRTP_ARIA_192_CTR_HMAC_32 |  ARIA-CTR  | 24 octets  |  32 bits   |
    SRTP_ARIA_256_CTR_HMAC_80 |  ARIA-CTR  | 32 octets  |  80 bits   |
    SRTP_ARIA_256_CTR_HMAC_32 |  ARIA-CTR  | 32 octets  |  32 bits   |



Kim, et al.             Expires December 29, 2013              [Page 18]

Internet-Draft           ARIA Algorithm for SRTP               June 2013


    SRTP_AEAD_ARIA_128_GCM    |  ARIA-GCM  | 16 octets  | 128 bits   |
    SRTP_AEAD_ARIA_128_CCM    |  ARIA-CCM  | 16 octets  | 128 bits   |
    SRTP_AEAD_ARIA_128_GCM_12 |  ARIA-GCM  | 16 octets  |  96 bits   |
    SRTP_AEAD_ARIA_128_CCM_12 |  ARIA-CCM  | 16 octets  |  96 bits   |
    SRTP_AEAD_ARIA_128_GCM_8  |  ARIA-GCM  | 16 octets  |  64 bits   |
    SRTP_AEAD_ARIA_128_CCM_8  |  ARIA-CCM  | 16 octets  |  64 bits   |
    SRTP_AEAD_ARIA_256_GCM    |  ARIA-GCM  | 32 octets  | 128 bits   |
    SRTP_AEAD_ARIA_256_CCM    |  ARIA-CCM  | 32 octets  | 128 bits   |
    SRTP_AEAD_ARIA_256_GCM_12 |  ARIA-GCM  | 32 octets  |  96 bits   |
    SRTP_AEAD_ARIA_256_CCM_12 |  ARIA-CCM  | 32 octets  |  96 bits   |
    SRTP_AEAD_ARIA_256_GCM_8  |  ARIA-GCM  | 32 octets  |  64 bits   |
    SRTP_AEAD_ARIA_256_CCM_8  |  ARIA-CCM  | 32 octets  |  64 bits   |
                              +======================================+

           Figure 1: Mapping MIKEY parameters to AEAD algorithm

Shouldn't you split this into two tables as the last column and legend
are wrong for the first ARIA CTR + SHA-1 HMAC suits which are not AEAD
suites? That way you can use the correct labels on the last column for
auth tag lengths and in the legend.


2. Section A.2. and A.3

In section A.1 I do understand the structure for the test vectors. They
contain both just the Encrypted part and the full RTP header + payload +
ROC that authentication is calculated over, and then the resulting output.

However in A.2 and A.3 where there are AEAD algorithms I am bit
surprised over the split in Encrypted RTP payload and Authentication
tag. Due to AEAD shouldn't the relevant unit to test as input be the
full SRTP packet which contains both the encrypted and the data that is
just authenticated including the AEAD output in the payload location?

You might need a bit more explanation what the test vectors really are
so that one can correctly use them to verify ones implementation.



Next Steps:

Please address the above issues.

I personally think this is ready for going forward to WG last call when
the above is addressed. However, in that last call we will need to get a
review from someone that has sufficient crypto knowledge to be reduce
the risk for any such error making it through. Thus I intended to make
the WG last call's completion dependent on getting such a review.

Cheers

Magnus




On 2013-06-27 07:43, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the Audio/Video Transport Core Maintenance Working Group of the IETF.
> 
> 	Title           : The ARIA Algorithm and Its Use with the Secure Real-time Transport Protocol(SRTP)
> 	Author(s)       : Woo-Hwan Kim
>                           Jungkeun Lee
>                           Dong-Chan Kim
>                           Je-Hong Park
>                           Daesung Kwon
> 	Filename        : draft-ietf-avtcore-aria-srtp-03.txt
> 	Pages           : 32
> 	Date            : 2013-06-26
> 
> Abstract:
>    This document describes the use of the ARIA block cipher algorithm
>    within the Secure Real-time Transport Protocol (SRTP) for providing
>    confidentiality for the Real-time Transport Protocol (RTP) traffic
>    and for the control traffic for RTP, the Real-time Transport Control
>    Protocol (RTCP).  It details three modes of operation (CTR, CCM, GCM)
>    and a SRTP Key Derivation Function for ARIA.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-avtcore-aria-srtp
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-avtcore-aria-srtp-03
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-avtcore-aria-srtp-03
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> Audio/Video Transport Core Maintenance
> avt@ietf.org
> https://www.ietf.org/mailman/listinfo/avt
> 


-- 

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------