IETF Logo Mail Archive

RE: aes128gcm: why verify padding?

"Manger, James" <James.H.Manger@team.telstra.com> Tue, 24 January 2017 00:14 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95DB8129453 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 23 Jan 2017 16:14:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.12
X-Spam-Level:
X-Spam-Status: No, score=-10.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=teamtelstra.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuTZJYMojXX7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 23 Jan 2017 16:14:22 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E03012944D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 23 Jan 2017 16:14:22 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cVoi8-0006kT-9S for ietf-http-wg-dist@listhub.w3.org; Tue, 24 Jan 2017 00:11:44 +0000
Resent-Date: Tue, 24 Jan 2017 00:11:44 +0000
Resent-Message-Id: <E1cVoi8-0006kT-9S@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <James.H.Manger@team.telstra.com>) id 1cVoi2-0006jd-Cx for ietf-http-wg@listhub.w3.org; Tue, 24 Jan 2017 00:11:38 +0000
Received: from ipxbvo.tcif.telstra.com.au ([203.35.135.204]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <James.H.Manger@team.telstra.com>) id 1cVohu-0005hc-GM for ietf-http-wg@w3.org; Tue, 24 Jan 2017 00:11:33 +0000
X-IronPort-AV: E=Sophos;i="5.33,276,1477918800"; d="scan'208";a="133945308"
Received: from unknown (HELO ipcavi.tcif.telstra.com.au) ([10.97.217.200]) by ipobvi.tcif.telstra.com.au with ESMTP; 24 Jan 2017 11:10:57 +1100
X-IronPort-AV: E=McAfee;i="5700,7163,8417"; a="383641814"
Received: from wsmsg3754.srv.dir.telstra.com ([172.49.40.198]) by ipcavi.tcif.telstra.com.au with ESMTP; 24 Jan 2017 11:10:57 +1100
Received: from wsapp5862.srv.dir.telstra.com (10.75.3.94) by wsmsg3754.srv.dir.telstra.com (172.49.40.198) with Microsoft SMTP Server (TLS) id 8.3.485.1; Tue, 24 Jan 2017 11:10:57 +1100
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by wsapp5862.srv.dir.telstra.com (10.75.3.94) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Tue, 24 Jan 2017 11:10:56 +1100
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (10.172.229.125) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Tue, 24 Jan 2017 11:10:57 +1100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=teamtelstra.onmicrosoft.com; s=selector1-team-telstra-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aNfMozm422L60gFWUau0lSgrwu8ashIRW83Sy6bIfDA=; b=eaguh0h7Q0qiJrfvbvFNDmIdEv4Fxm0q3Qrovyknb5B7Iaz35ROKFwtLvII/wBiFlRswlmZPD0oUzJdBqCQei5VJgiojXuD9UkoCRjRvQ3TcLPRGcPPYjciSVpFegamURpf4uQX4QCQiG99hOXpmtO62uwUpruZZjTlkwpHNUT8=
Received: from SYXPR01MB1615.ausprd01.prod.outlook.com (10.175.209.15) by SYXPR01MB1616.ausprd01.prod.outlook.com (10.175.209.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.860.13; Tue, 24 Jan 2017 00:10:55 +0000
Received: from SYXPR01MB1615.ausprd01.prod.outlook.com ([10.175.209.15]) by SYXPR01MB1615.ausprd01.prod.outlook.com ([10.175.209.15]) with mapi id 15.01.0860.021; Tue, 24 Jan 2017 00:10:55 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: aes128gcm: why verify padding?
Thread-Index: AdJvg9D1nChV1RXVTGiVAO+6sRrzlwADDv6AAAAcAeAADb7rAAFW7FVwAAoO2IAACMzpgAAYx0WAAAAn4DA=
Date: Tue, 24 Jan 2017 00:10:55 +0000
Message-ID: <SYXPR01MB1615AE56D810A0372AF811FCE5750@SYXPR01MB1615.ausprd01.prod.outlook.com>
References: <SYXPR01MB161520224A59CDCE0D433A2CE57A0@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnUo-tf69AzJC=OUy2rjDZwedTd5Ua9mhOiJBqaA0VKrYw@mail.gmail.com> <SYXPR01MB16150F4D3D19CC69D18E1A09E57D0@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnV_OatRWyZBE3Rak22gS1jrOZKjCGwOePpbqJCAeJFM4Q@mail.gmail.com> <SYXPR01MB1615DD56268D7EF9929F3DBFE5720@SYXPR01MB1615.ausprd01.prod.outlook.com> <20170123073623.GA28101@LK-Perkele-V2.elisa-laajakaista.fi> <SYXPR01MB1615798CC057FB3232B2FA4BE5720@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnW4e+FOz+gsu6vZ2d9WOSv9Yohn+OejrNom9HCBiMrRWQ@mail.gmail.com>
In-Reply-To: <CABkgnnW4e+FOz+gsu6vZ2d9WOSv9Yohn+OejrNom9HCBiMrRWQ@mail.gmail.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=James.H.Manger@team.telstra.com;
x-originating-ip: [203.35.185.244]
x-ms-office365-filtering-correlation-id: 15113f2c-0ba5-4b78-81a7-08d443ed7731
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SYXPR01MB1616;
x-microsoft-exchange-diagnostics: 1; SYXPR01MB1616; 7:H6PnOrGJ/+GQyWXK/LM7fD4iCgfbYyitxVC4C8zHdH1KhhTc95NEfUCq9B84jCBh7m82OE7IftDXAEvjwhyDtYh4mFTWYw8fPXbnoWJGxh+9+Wy5KTlRLj13IVV7xfE68+vASfMoz98YgqP9fnnYannHtS2+A3oe+oHfgvjc88wAL93UWbx4bnnZTwT6NMFDoM/9pkwzKBpD/OouiypqV8ogLGrrU0y3OjGaDb70R3bUIL+n/+ZJ5nGTE6Wrpoz5r+8l7Wjo/qFOEq8hWzuouEh1/Ip8H8pRxl2lkE9KF8p9TpGXbcKLlqlI2mgBp6vViCaW1rKl2wJxN0ZeUz3gBIOoJDnEU6E1xBtBkgTySjqk1oCEupNMynJxMXTDx5P9lYLrWY2kzjfqjSPWTWjeMYcQPVGK6ngRU5bL8+Ald/jWHqyxeGUn43rBhJ0SMF145t/ccDXEzG372/WvQSGdlg==
x-microsoft-antispam-prvs: <SYXPR01MB1616BAD1659F764B3BB41AAEE5750@SYXPR01MB1616.ausprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(6072148); SRVR:SYXPR01MB1616; BCL:0; PCL:0; RULEID:; SRVR:SYXPR01MB1616;
x-forefront-prvs: 0197AFBD92
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39450400003)(189002)(199003)(5660300001)(15650500001)(81156014)(2906002)(101416001)(81166006)(92566002)(8676002)(33656002)(76176999)(54356999)(93886004)(3660700001)(7696004)(50986999)(8936002)(122556002)(53936002)(2900100001)(68736007)(105586002)(38730400001)(86362001)(229853002)(39060400001)(25786008)(77096006)(6436002)(55016002)(6506006)(305945005)(99286003)(74316002)(54906002)(189998001)(7736002)(3846002)(2950100002)(6116002)(4326007)(106356001)(102836003)(42882006)(6916009)(3280700002)(9686003)(97736004)(66066001)(110136003); DIR:OUT; SFP:1102; SCL:1; SRVR:SYXPR01MB1616; H:SYXPR01MB1615.ausprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
received-spf: None (protection.outlook.com: team.telstra.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2017 00:10:55.1505 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYXPR01MB1616
X-OriginatorOrg: team.telstra.com
Received-SPF: none client-ip=203.35.135.204; envelope-from=James.H.Manger@team.telstra.com; helo=ipxbvo.tcif.telstra.com.au
X-W3C-Hub-Spam-Status: No, score=-2.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, W3C_NW=0.5
X-W3C-Scan-Sig: titan.w3.org 1cVohu-0005hc-GM 9a317f905b2924d2db35f859e934b5ce
X-Original-To: ietf-http-wg@w3.org
Subject: RE: aes128gcm: why verify padding?
Archived-At: <http://www.w3.org/mid/SYXPR01MB1615AE56D810A0372AF811FCE5750@SYXPR01MB1615.ausprd01.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33361
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

>>>> So I would support a padding scheme similar to TLS 1.3: <content><non-zero byte><zeros…>.

>>> Furthermore, if the nonzero byte was 0x01 for non-final blocks and
0x81 for final block (or any two different nonzero values), then
that would also solve the truncation flaw from last message, no?

>> A padding byte to distinguish intermediate and final records could indeed work.

> I like it.  You can pad an arbitrary amount and you only pay one octet
per record overhead if you don't like padding, and the trailing record
requirement goes away.

If we go with this approach, we should also distinguish the 1st record. For instance, for the end-of-padding byte:
* Set bit 8
* Set bit 1 if this is the first record
* Set bit 2 if this is the last record
So
0x81 indicates the 1st of multiple records;
0x83 indicates a message with only a single record (first is also last);
0x82 indicates the last of multiple records;
0x80 indicates an intermediate record;
0x00 is padding, keeping looking back for the end-of-padding byte
Any other value indicates an error.

--
James Manger

v2.23.0 | Report a Bug | By Email