IETF Logo Mail Archive

RE: aes128gcm: why verify padding?

"Manger, James" <James.H.Manger@team.telstra.com> Mon, 23 January 2017 04:33 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2151129AC6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 22 Jan 2017 20:33:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.1
X-Spam-Level:
X-Spam-Status: No, score=-10.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=teamtelstra.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YTwdfB0KqhGN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 22 Jan 2017 20:33:16 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41592129496 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 22 Jan 2017 20:33:15 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cVWGQ-0003vr-LG for ietf-http-wg-dist@listhub.w3.org; Mon, 23 Jan 2017 04:29:54 +0000
Resent-Date: Mon, 23 Jan 2017 04:29:54 +0000
Resent-Message-Id: <E1cVWGQ-0003vr-LG@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <James.H.Manger@team.telstra.com>) id 1cVWGI-0003tB-R1 for ietf-http-wg@listhub.w3.org; Mon, 23 Jan 2017 04:29:46 +0000
Received: from ipxcno.tcif.telstra.com.au ([203.35.82.208]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <James.H.Manger@team.telstra.com>) id 1cVWG2-0006RX-NG for ietf-http-wg@w3.org; Mon, 23 Jan 2017 04:29:41 +0000
X-IronPort-AV: E=Sophos;i="5.33,272,1477918800"; d="scan'208";a="18490358"
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipocni.tcif.telstra.com.au with ESMTP; 23 Jan 2017 15:28:57 +1100
X-IronPort-AV: E=McAfee;i="5700,7163,8416"; a="287821958"
Received: from wsmsg3753.srv.dir.telstra.com ([172.49.40.174]) by ipcbni.tcif.telstra.com.au with ESMTP; 23 Jan 2017 15:28:57 +1100
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by WSMSG3753.srv.dir.telstra.com (172.49.40.174) with Microsoft SMTP Server (TLS) id 8.3.485.1; Mon, 23 Jan 2017 15:28:57 +1100
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Mon, 23 Jan 2017 15:28:56 +1100
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (10.172.229.126) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Mon, 23 Jan 2017 15:28:56 +1100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=teamtelstra.onmicrosoft.com; s=selector1-team-telstra-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=G7CJMbV/tF3m+H0kJFmC+eRSVrBfkqaAnCTye71wRO4=; b=NzM/GH0V28gHpNBjL92JFLz3Zu3ZNko8hBVw8KmMsgceWvEVLkCRR5uMkzSnH1o7GQlnRUlVMY9fKsQ61ceSv64BH530Xs3QN3H46NsOrNWIqC1SSMLGTtcuWS5tx2Fz53jaMi7FktDidrBRbmWMsFwDb9atohstW2ISdR2GCL4=
Received: from SYXPR01MB1615.ausprd01.prod.outlook.com (10.175.209.15) by SYXPR01MB1615.ausprd01.prod.outlook.com (10.175.209.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.860.13; Mon, 23 Jan 2017 04:28:55 +0000
Received: from SYXPR01MB1615.ausprd01.prod.outlook.com ([10.175.209.15]) by SYXPR01MB1615.ausprd01.prod.outlook.com ([10.175.209.15]) with mapi id 15.01.0860.021; Mon, 23 Jan 2017 04:28:55 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: aes128gcm: why verify padding?
Thread-Index: AdJvg9D1nChV1RXVTGiVAO+6sRrzlwADDv6AAAAcAeAADb7rAAFW7FVw
Date: Mon, 23 Jan 2017 04:28:55 +0000
Message-ID: <SYXPR01MB1615DD56268D7EF9929F3DBFE5720@SYXPR01MB1615.ausprd01.prod.outlook.com>
References: <SYXPR01MB161520224A59CDCE0D433A2CE57A0@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnUo-tf69AzJC=OUy2rjDZwedTd5Ua9mhOiJBqaA0VKrYw@mail.gmail.com> <SYXPR01MB16150F4D3D19CC69D18E1A09E57D0@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnV_OatRWyZBE3Rak22gS1jrOZKjCGwOePpbqJCAeJFM4Q@mail.gmail.com>
In-Reply-To: <CABkgnnV_OatRWyZBE3Rak22gS1jrOZKjCGwOePpbqJCAeJFM4Q@mail.gmail.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=James.H.Manger@team.telstra.com;
x-originating-ip: [203.41.142.244]
x-ms-office365-filtering-correlation-id: 32bfc4ec-6c0f-4720-1c56-08d4434857b9
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SYXPR01MB1615;
x-microsoft-exchange-diagnostics: 1; SYXPR01MB1615; 7:WofRkTuZNF8CZ+fh7w3CTMpQZCNWeXWGiiOjt4wTiLO/8szbdvv8/YX3l62CvcSnm2x7ulJ7a//RK7X9kIjvLT8ZGJ49T6R2WRTyMYK4XXQXQoiovEMihjs5XFI70oSVFp6mGAu73s23Rmcnl/f/Q3meF3IsCQ+lzd+BkmaJHBIcGJ5/jr+Akm/8m4sYsvKCmAooR7jZUIKeQFrbxCkQevLZv+skfXA03FLg+fT6mjnkWCtdV/2mTjn3P0oTaxUOM0PW7r4cOs6XTGkp53DarVsGBqWXAsCNYWB3R6wjB+JhXOg6lSmXHMT2aeYbiXpgriG1a4Wt5e3tqIM3BmL+QMsXFuq/Mpf9mtHbkwwi9ylaTJ9qh7Rl4lqHzCCpYC51kzmcQTEcdS5gnk9pmJcNd2mBT3qpJuYTJ8M7ngH9bI9HL9Bfl8qN1/d5xiZT2z7R1mvmgufnpZUeXdqc7j2y3A==
x-microsoft-antispam-prvs: <SYXPR01MB16155654E80956F329A4AFF3E5720@SYXPR01MB1615.ausprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(272811157607776)(67441168502697);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(6072148); SRVR:SYXPR01MB1615; BCL:0; PCL:0; RULEID:; SRVR:SYXPR01MB1615;
x-forefront-prvs: 0196A226D1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39450400003)(189002)(13464003)(24454002)(377454003)(199003)(9686003)(99286003)(55016002)(3660700001)(15650500001)(6506006)(6436002)(68736007)(25786008)(3280700002)(8936002)(5660300001)(305945005)(106356001)(105586002)(8676002)(81166006)(81156014)(74316002)(97736004)(53936002)(110136003)(66066001)(54356999)(93886004)(2906002)(38730400001)(7696004)(101416001)(122556002)(7736002)(76176999)(33656002)(86362001)(189998001)(92566002)(42882006)(2950100002)(50986999)(2900100001)(39060400001)(3846002)(229853002)(102836003)(6916009)(6116002)(4326007)(77096006); DIR:OUT; SFP:1102; SCL:1; SRVR:SYXPR01MB1615; H:SYXPR01MB1615.ausprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
received-spf: None (protection.outlook.com: team.telstra.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2017 04:28:55.1985 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYXPR01MB1615
X-OriginatorOrg: team.telstra.com
Received-SPF: none client-ip=203.35.82.208; envelope-from=James.H.Manger@team.telstra.com; helo=ipxcno.tcif.telstra.com.au
X-W3C-Hub-Spam-Status: No, score=-2.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, W3C_NW=0.5
X-W3C-Scan-Sig: titan.w3.org 1cVWG2-0006RX-NG 8c072db63a75a4748bdde56707056f46
X-Original-To: ietf-http-wg@w3.org
Subject: RE: aes128gcm: why verify padding?
Archived-At: <http://www.w3.org/mid/SYXPR01MB1615DD56268D7EF9929F3DBFE5720@SYXPR01MB1615.ausprd01.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33355
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

After implementing aes128gcm I have another reason to adjust the padding scheme.
Putting the content first, before the padding (whatever format), will save moving the content after decryption in some (typical?) implementations. A Decrypt API will typically expect the content to be at the start of a given buffer. For instance, my implementation decrypts to a given buffer, but due to the current padding scheme (<padlen><padding><content>) then needs to copy the data to the start of the buffer (shifting it 2 bytes backwards in typical no-padding situations). If, instead, the content came first then the data wouldn't need to be moved.


So I would support a padding scheme similar to TLS 1.3: <content><non-zero byte><zeros…>.

--
James Manger

-----Original Message-----
From: Martin Thomson [mailto:martin.thomson@gmail.com] 
Sent: Monday, 16 January 2017 6:09 PM
To: Manger, James <James.H.Manger@team.telstra.com>
Cc: ietf-http-wg@w3.org
Subject: Re: aes128gcm: why verify padding?

On 16 January 2017 at 14:06, Manger, James
<James.H.Manger@team.telstra.com> wrote:
> Improvement 2 is actually much better for this. The "internal" length (padding length) is calculated mod (external length - 2) so it can never be too large.

A better scheme would be to pad with an arbitrary number of zeroes,
then a terminal non-zero value.  That could be at the end, like in
TLS.  It also allows for lower overhead and arbitrary amounts of
padding.

But I'd like to hear whether other people think that this is worth fixing.

v2.23.0 | Report a Bug | By Email