Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt

"Dan Harkins" <dharkins@lounge.org> Mon, 06 October 2014 22:35 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7909F1A9030 for <cfrg@ietfa.amsl.com>; Mon, 6 Oct 2014 15:35:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RRfkgyqfMCpm for <cfrg@ietfa.amsl.com>; Mon, 6 Oct 2014 15:35:01 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 303C11A902E for <cfrg@irtf.org>; Mon, 6 Oct 2014 15:35:01 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 59FFD10224008; Mon, 6 Oct 2014 15:35:00 -0700 (PDT)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 6 Oct 2014 15:35:00 -0700 (PDT)
Message-ID: <def39d05b9dfd967b3219f2bcf1af6a0.squirrel@www.trepanning.net>
In-Reply-To: <CAMfhd9UQr6wR4ooxfvkNDpmura5oSFask2JhnD+OERDA6tB30A@mail.gmail.com>
References: <542D48CD.9060404@isode.com> <CAGvU-a7zd9jB_0vwipe4ALO5u5F0tk5BrfQ-0B5sLNjNRjZiPQ@mail.gmail.com> <9a348a00f974bffba1c3785464cd2032.squirrel@www.trepanning.net> <1CFF7FC2-DDC9-46AF-B574-4126379232DB@gmail.com> <CAMfhd9UQr6wR4ooxfvkNDpmura5oSFask2JhnD+OERDA6tB30A@mail.gmail.com>
Date: Mon, 6 Oct 2014 15:35:00 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: "Adam Langley" <agl@imperialviolet.org>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/Xo1xXku04iUcUuJJLq2X83bdL1E
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 22:35:02 -0000


On Mon, October 6, 2014 2:53 pm, Adam Langley wrote:
> On Mon, Oct 6, 2014 at 2:50 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:
>> I’m not quite sure I follow. The construction uses a 96-bit nonce
>> precisely
>> so that we comply with RFC 5116. What requirement of 5116 are we not
>> fitting
>> into?
>
> I think Dan is just saying that the limits need to be specified. For
> example see page 8 in
> https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04#section-5
> (although these values are wrong now).

  I'm sorry, I meant the formation of the AAD. Is it a single blob that
gets passed to the algorithm? Does the mode allow for multiple distinct
AAD inputs ala RFC 5297? What if the protocol I want to use with this
mode has several distinct blobs I want to use as AAD (like how IEEE Std
802.11 uses AAD with AEAD cipher modes-- take these bits and then
concatenate these addresses, etc)? I suspect it's all just a single
concatenated blob but it would help to say so explicitly and to define
the RFC 5116 interface.

  It obviously takes AAD since section 2.8 mentions it as something to
include as input to AEAD_CHACHA20-POLY1305. So I'm suggesting you
define what AAD looks like when it is delivered to the mode: "Distinct
AAD shall be concatenated into a single input to
AEAD_CHACHA20-POLY1305", for example.

  regards,

  Dan.

> Cheers
>
> AGL
>
> --
> Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
>