Re: [CFRG] Can you help me with this?

"David McGrew (mcgrew)" <mcgrew@cisco.com> Sun, 25 July 2021 21:58 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E3D3A0A9D for <cfrg@ietfa.amsl.com>; Sun, 25 Jul 2021 14:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.895
X-Spam-Level:
X-Spam-Status: No, score=-11.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=efi65u9U; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=myhP3pWM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hD6y7zm6WUWJ for <cfrg@ietfa.amsl.com>; Sun, 25 Jul 2021 14:58:27 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 864993A0A9C for <cfrg@irtf.org>; Sun, 25 Jul 2021 14:58:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14393; q=dns/txt; s=iport; t=1627250307; x=1628459907; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fInCKg/1O7V2ocKFnKbGbUBtSAdae1e5+kEjTIKm7hE=; b=efi65u9UWwT6eESEA/pWkie/mvHj2iQKSbKR5F/wXd7+h3J0Bso/K2kW /60JbiB4fPdnNgChzSLtKGuxcbekJmojeJ7Vg/P2jtUs2LMMLm37dPZMP Wz/DZAPqW7s/8EqaMCI5H9oQlot1IMgS7mX5mmfSrTkPMeKehU0QSQgGA w=;
IronPort-PHdr: A9a23:piBUpR/XS3Cstv9uWD/oyV9kXcBvk7rxNw8RrJEgjuEGfqei+sHkO0rSrbVogUTSVIrWo/RDl6LNsq/mVGBBhPTJsH0LfJFWERNQj8IQkl8vBceEDQvwK/u5JyA/Fd5JAVli+XzzOENJGcH4MlvVpHD67TMbFhjlcwRvIeGgEY/JhMPx3Oe3qPXu
IronPort-HdrOrdr: A9a23:iZCpj6xacXMlbFwE3jaZKrPxjuskLtp133Aq2lEZdPULSK2lfpGV8sjziyWatN9IYgBepTiBUJPwJk80hqQFn7X5XI3SHTUO3VHJEGgM1/qY/9SNIVyaygcZ79YdT0EcMqyxMbEZt7eB3ODQKb9Jq7PrnNHK9IXjJjVWPHxXgspbnmFE43OgYzVLrX59dOME/fSnl656jgvlXU5SQtWwB3EDUeSGjcbMjojabRkPAANiwBWSjBuzgYSKUCSw71M7aXdi0L0i+W/Kn0jS/aO4qcy2zRfayiv684lWot380dFObfb8yPT9aw+czzpAVr4RHIFqjwpF5t1HL2xayeUkli1Qe/ibLUmhJl1d7yGdgDUImwxemkMKgWXo8UcL5/aJHg7Tz6F69N5kmtyz0Tt8gDg06tM540uJ85VQFh/OhyL7+pzBUAxrjFO9pT44nfcUlGE3a/pSVFZ9l/1VwKpuKuZLIMs60vFRLMB+SMXHoPpGe1KTaH7U+mFp3dy3R3w2WhOLWFILtMCZ2yVf2CkR9TpW+OUP2nMbsJ4tQZhN4OrJdqxuibFVV8cTKaZwHv0IT8e7AnHEBRjMLGWRK1L6E7xvAQOAl7fnpLEuoO26cp0By5U/3JzHTVNDrGY3P1njDMWftac7uiwlgF/NFAgF7/suqaSRloeMMYYDABfzPmzGyfHQ0cn3KverL8qOBA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DPDQAt3v1g/4cNJK1aHgEBCxIMgg4LgVNRB3daNzGER4NIA4U5iF+KW4pZhQCCUwNUCwEBAQ0BASoBDAoEAQGEWAIXgmUCJTcGDgIEAQEBEgEBBQEBAQIBBgR7E4VoDYZDAgQBARARHQEBLAsBDwIBCD8DAgICHwYLFBECBAENBSKCTwGBflcDLwEOnDwBgToCih96gTKBAYIHAQEGBASBSkFGglsNC4I0AwaBOoJ8hAwBAYEYhUsIHxyCDYEVJwwQgjIwPoIgQgEBAgGCCgmCYTaCLoIrOzksYQETFgJbKgwyGwElkjSDMog6N40DkTpcCoMmijeOKIVhBSamY5YKjDSDNJUmAgQCBAUCDgEBBoF2JYFZcBU7KgGCPlAZDo4fCRmDT4UUhUpzAjYCBgEKAQEDCYtIAQE
X-IronPort-AV: E=Sophos;i="5.84,269,1620691200"; d="scan'208,217";a="821528782"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Jul 2021 21:58:04 +0000
Received: from mail.cisco.com (xbe-rcd-002.cisco.com [173.37.102.17]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 16PLw2nb008664 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Sun, 25 Jul 2021 21:58:03 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xbe-rcd-002.cisco.com (173.37.102.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Sun, 25 Jul 2021 16:58:01 -0500
Received: from xfe-rtp-005.cisco.com (64.101.210.235) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Sun, 25 Jul 2021 16:58:01 -0500
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-005.cisco.com (64.101.210.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Sun, 25 Jul 2021 17:58:00 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T8s1meIL//9Wsv/B4EnA7deU46NtmR/1ehD/gBUhcS7ME+eZT7nS9l/+iW7acBP01TMw1/+TH5HkZgH04rkiGtQwlGYfiMrKj0FeF/hKbEuMsjZ2B7OMyeA1ESzNB2Dnz7WjsrchQdahduCaaVdjTR639QSKRt0nIRiAZbmkzbVzM0gguvwLf0nNSJgDR79rSBIB82XNGZM5b8IKEzwW+2IGruXRgtMunCO+rxIWbh2zqHFYR85nBumsqX4gKtG3uPZqes4xjrygq5ECArxHtEW0ADUhGKKZ7kMQOJc1nvTjuIyOlmB4xZ2UDnzlsw/HcsyXUi1vYBzhLq8RBV1sPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fInCKg/1O7V2ocKFnKbGbUBtSAdae1e5+kEjTIKm7hE=; b=Q+FpjvC3SbyMQP4pWwK/GnNsGsx4Dfpexq1A6GgzCV1TiNBL9vQfn+q6Z6VSmFENLBh1qZMIyxDKkTVmnMiESHZ75Z+Fz5TP+p7J7Lh32asMXQdy3nyNRSBdwGLV7Nk9RElfX08qvwfyD3o3VmeduAvcWfLaDN2lbkQJ69kMX3AW0n1bETRGuoArxqRYXArUbMWwdCl6H0cqpK69GbfIPYjfap5t/KBe4Imit2S8sGTyQfdefK86EpnrkGcN5iv/lfTwPDTeBN2dZj8oFdm4wMEJL6SfTBfFyscRNvB3GyEmGVqpWDpUUm+LZqkQkaJy/ZVJ22CLGOKBSaJwatSlmA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fInCKg/1O7V2ocKFnKbGbUBtSAdae1e5+kEjTIKm7hE=; b=myhP3pWMg8C4TkSlQ3gECLLMmtYqGiTB7jLg6Gzh1XbnhnxjpbZTSD4baa+NpEX+FiSyk/F8NjMkgJNpoXF5AmObmdsdvS6idS4Lsbfl6YgyjtsYuOxs+4WGjhtgtZr6bDLulhKJje5tpBdbexrWX8BEbUUI858t31B5w/srXxM=
Received: from BL0PR11MB2947.namprd11.prod.outlook.com (2603:10b6:208:33::28) by MN2PR11MB4302.namprd11.prod.outlook.com (2603:10b6:208:179::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24; Sun, 25 Jul 2021 21:57:57 +0000
Received: from BL0PR11MB2947.namprd11.prod.outlook.com ([fe80::698c:8e83:3c23:d702]) by BL0PR11MB2947.namprd11.prod.outlook.com ([fe80::698c:8e83:3c23:d702%3]) with mapi id 15.20.4352.031; Sun, 25 Jul 2021 21:57:57 +0000
From: "David McGrew (mcgrew)" <mcgrew@cisco.com>
To: Soatok Dreamseeker <soatok.dhole@gmail.com>, Adnan Rashid <adnanrashidpk@gmail.com>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] Can you help me with this?
Thread-Index: AQHXgJ1SnYHJ1AucnEymdu33Xb6KN6tSvgwAgAGA+QA=
Date: Sun, 25 Jul 2021 21:57:57 +0000
Message-ID: <74E5700C-8610-4637-B5C3-0A679E256811@cisco.com>
References: <CAGm_172fyiRdByRvp_Cd9C7ZZwB=vOS5OTpRz+-Dy4iF_m+GrQ@mail.gmail.com> <CAOvwWh2H4kbLfJhxQNVoWkosuL88V_rbX9Pw9FJqcdzx7XhY9A@mail.gmail.com>
In-Reply-To: <CAOvwWh2H4kbLfJhxQNVoWkosuL88V_rbX9Pw9FJqcdzx7XhY9A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 43c4b36b-ed33-40eb-fa19-08d94fb74311
x-ms-traffictypediagnostic: MN2PR11MB4302:
x-microsoft-antispam-prvs: <MN2PR11MB4302292AF224A462F4073893C9E79@MN2PR11MB4302.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FcPhXazubnBMUhTlr9EabNbcyQAY1WEcEMhgK2moR8wbEq9Xtfqt6QS5hl2leLSHR48ObtYzDyj3PyHvAvpKY/llTJS6TGM3ekDybIYFqhQDPDPEfqFOZO8fkZvSAKy9fxhGuMGdhPCoCTvHiNzDkgckaoWHQvG8GcyBulP7NW8iIo7HhcyKjLaj1es6RnaT2GEKNktzhcUDGh506xEBXJc9h+c+Eytnyp2LF8Qu6nHeexu8RaLZWZwp+VifCuo+Gld06AEf2O0iY3qVbJW1HpDLA6+qPrBIc9wV64VaturHgCwJxt4aPya2PxObpP5bSGKUqCVdlaTVookfa/ZhFTL5uP7psH1WAZvbgLIN8rjJSDAx4apAA1OsTkjHLT7NoAHIGU/roHEYe1U4KK0yAUcBikzxfeGA/u2oAEYCj/2QMypCiZnDJUhbMyZPisMHCNQcrYAk16qLNNx8peCyO13lB3FFSUbaayJLPfulHq1UMuv/ZcOlC5Hb9AVSTAgZqypOwSFXn54yAR4RBntWn6WG0kLicGoC+In+8s2slT75PtvHRAykLeDI8iNBkoZprvc7MoYxoP0+WZ8LbDDi9FHOya3PCiaNtm/xd7jbZV1vA2kLcT5naGPWqASh582/QmGqdhFZydjPuD2gi42TxARGBqgQI05tf8W+0ivzsbAXYJaSaWGuKpFNvwVyhEudV7zEKo/E3PciBZ+b9cwHbjfZz9lRFjEXZQ1FfyAgKvQzAOZe65+vdmA16Se97Hj8wblsaBYXL1GTetzlZKm7PWYiT7nt8MNBrJAGT9C5NxBQqwvEhPmq6L1Kl3da5rGGmf3+JhSpSZmv7kkQOFZ9zA1T4KTz5UVE7LaAqB3/w+Omw+iWi/hC3xZyB662W3rp
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB2947.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(136003)(366004)(396003)(346002)(39860400002)(84040400004)(76116006)(4326008)(966005)(6486002)(71200400001)(110136005)(53546011)(66476007)(38100700002)(83380400001)(316002)(66946007)(8936002)(26005)(86362001)(91956017)(186003)(36756003)(122000001)(33656002)(5660300002)(8676002)(6506007)(66446008)(66556008)(2906002)(166002)(2616005)(478600001)(64756008)(6512007)(182903001)(38070700004)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0NIRdcc8vknR1DHheu07aHpxJa0YczBQtYHncqKss7ceSQA2nimbNWvU+hXksdrHkcbo37s54BerR3fCzBZ9yUQA+BGPWMjXoSj2kPwXXRiaYitncy0LQ2lf3xKKz/tTsMGh19/lCOcT8E6mgtnoPzaDzTlQcWOygIpH1Ka7/cSwWKrg8oeHMgcY7JIIqUEVxNUdVlwd1V/GmdeTnSFYjpRtRt4If6nLn4QJBZE3532Nc3xOSHS9Td/edECXBPM+QRdG4DAwz+bWPQIZQEF8w4wQDyGVSAYkVa0cj6ghlZed/VOZsGHuWFtiuvnv1PlTgw4D+0vcoCNSw8yDLytMfyzIgnxaL556uVBR2n98lFUt8bnqXgsX6vlsnULdb4Wpcb/fW70qsUx2gxrPDSPDQmRnzzUR2DRgf/IFueotyB80mKqnBEyDZFAISU2uQ+9so4esUfbfhdXTN97GaoVLcrhprvEl3jfyMtB2a+u56TX47spF/Px/pBkhh0z1OgHcIBwEFaoVlDLMA+uvwI4duJDqJraA45G8LvquJWsr9XugtLIHdYJdOw3QYaZOpj/xc746Oz+8kpbNqqPNrmN8KpOTB43dIyNd+/JbCJqu4mOi7VwG5SAwY46VojS2rSN0rEbAMsq06axzOKoZW3/CR4kluOsuh42Dth0QS3BXJO80AYfd9j5R6yfYPhhd7+HmTi/ovVJChQNvA80US2AN7CGVTV4ustFCsCqlY7/U9XAsp7up0w5/fntw1kuKx8yqilrW+LgbtU+e/tI9Rmy6pECXmArE8Nsn6zqY9SdrCNo+grv6Fju8jkrjoUV05noTuZsp2Gf8zcUo8W8u2hERMFyDZt9al9l0sqoG8onUHkAHrwlO8JtVVbVVIg8OQNAdP921+KqPpCzvWjXu/DOS1cUh9E8JbCeYNYOLQZ7wgfTgqZnO0iM1rHSs38setBabt7UEr0XRGyTp7m3LM41lqNhcdtthZOWZmBMYSWVO0TSRCosB8vbpfguK+JjlkWkBOd+sTulktbzsbFETuc6LhfPbZo5ROgNi5i58TDvjGyx/QLR9FZk7dfViM621HuGeJB8IbteYvAjPjW1kNHeXOcsGAQkHNyjThNvBw62qIGkenhO8PL9vAW8HZpP54mnSvz5rkpasi999QAATbXIlTEaiso5Mhdl7j8KzOaCGF1G47vgyGiuuAsrLXzeUcy7WRU+qroCkXKN+Qgreu1RPkn1t6bOyDW2l998QBZQJXvGOni6iHmygZbP16ssu2H9S4+TRky/PHuDO2UDUle21ANye0FdCgw/MPVnupk45awg3JxiFGSMkcM0MtqdA/O1x
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_74E5700C86104637B5C30A679E256811ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB2947.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 43c4b36b-ed33-40eb-fa19-08d94fb74311
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2021 21:57:57.1517 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UWbuqPyKZ2kqIHSqMGxoy0g5XMezkcQEJodIUH59hB+0taV9MbpVXVSy4Lhs4tEoTUnSZmD/hrH101YTisECWQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4302
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xbe-rcd-002.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/o3tZMJFXTyVJddhdk-wOS6AercQ>
Subject: Re: [CFRG] Can you help me with this?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 21:58:33 -0000

Hi Soatok and Adnan,

From https://datatracker.ietf.org/doc/html/rfc5116#section-2.1, the associated data "contains the data to be authenticated, but not encrypted.”   Associated data has the same meaning as additional authenticated data, or AAD.    In other words, AAD is data associated with the plaintext to be encrypted, which is not encrypted.   For instance, if you are encrypting files, and you want to authenticate the file name so that someone who performs the authenticated decryption operation would detect a modification of the file name, then the file name would go into the AAD.

On Jul 24, 2021, at 4:00 PM, Soatok Dreamseeker <soatok.dhole@gmail.com<mailto:soatok.dhole@gmail.com>> wrote:

1. If you want, you can include the nonce in the AAD. In fact, this is necessary in constructions such as CBC+HMAC to prevent attackers from getting free reign over the first 16 bytes of the plaintext.

That’s not right; it would be wrong to define an AEAD construction that required the nonce to go into the AAD.  It should be sufficient that the nonce is distinct.

Side note: from the IANA registry, it looks as though no one has registered a CBC+HMAC construction  https://www.iana.org/assignments/aead-parameters/aead-parameters.xhtml#aead-parameters-2

2. That's a very open question.
3. Check out the TLS 1.3 RFC for specifics.

Happy to continue this conversation off-list.

On Sat, Jul 24, 2021 at 11:05 AM Adnan Rashid <adnanrashidpk@gmail.com<mailto:adnanrashidpk@gmail.com>> wrote:
Hi Everyone,


I am new and have few questions, My questions are regarding the AEAD.


Questions:

  1.  A nonce can be (Counter. LFSR, Timestamp, A sequence number, or some combination of these.)

Right.

  1.  Is it possible if we can use them as aad? aad can also be a sequence number, written in rfc5116.

You can put anything you want into the AAD field, but you don’t have to put anything into it.   You probably only want to have a data element in the AAD field if an attacker could cause something bad to happen by forging or spoofing that data element.   If there is no associated data that needs to be authenticated, just leave that input empty (that is, have it be zero length).

Best

David

  1.  If yes then what would be a vulnerability?
  2.  How do Alice and Bob know the exact nonce for a particular packet? Because packets may be dropped.


Regards,

ADNAN

_______________________________________________
CFRG mailing list
CFRG@irtf.org<mailto:CFRG@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
CFRG mailing list
CFRG@irtf.org<mailto:CFRG@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg