IETF Logo Mail Archive

Re: [IPsec] rfc 8750 question

Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 10 May 2022 11:59 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59EF9C14F728 for <ipsec@ietfa.amsl.com>; Tue, 10 May 2022 04:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.755
X-Spam-Level:
X-Spam-Status: No, score=-3.755 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KY3DAhjP8Ir4 for <ipsec@ietfa.amsl.com>; Tue, 10 May 2022 04:59:18 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACD37C14F726 for <ipsec@ietf.org>; Tue, 10 May 2022 04:59:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 4473562569; Tue, 10 May 2022 07:58:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Lcg0VR8aKELR; Tue, 10 May 2022 07:58:25 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 01ED76247F; Tue, 10 May 2022 07:58:24 -0400 (EDT)
Message-ID: <cac94813-33e1-5b7b-5245-eda7c1878513@htt-consult.com>
Date: Tue, 10 May 2022 07:59:08 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0
Content-Language: en-US
To: Valery Smyslov <smyslov.ietf@gmail.com>, ipsec@ietf.org
References: <432fd973-212c-00b3-48a1-9de81129d6eb@htt-consult.com> <004801d8642f$fa763140$ef6293c0$@gmail.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <004801d8642f$fa763140$ef6293c0$@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/V5-cDHjmgbUzYploCxTwPEdHTDU>
Subject: Re: [IPsec] rfc 8750 question
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2022 11:59:19 -0000


On 5/10/22 01:37, Valery Smyslov wrote:
> Hi Bob,
>
>> I just noticed that 8750 defines one algorithm number for aes-gcm:
>>
>>    30     | ENCR_AES_GCM_16_IIV        | RFC 8750
>>
>> But rfc 4106 defined 3:
>>
>>         18 for AES-GCM with an 8 octet ICV;
>>         19 for AES-GCM with a 12 octet ICV; and
>>         20 for AES-GCM with a 16 octet ICV.
>>
>>
>> so for 8750, what is the ICV length?
> It's 16.
>
> You may guess it by comparing what RFC 4106 defined:
>
> 20	ENCR_AES_GCM_16
>
> and what RFC 8750 defined:
>
> 30	ENCR_AES_GCM_16_IIV
>
> The only difference is a suffix "_IIV".

Actually, I thought that was the implicit IV size.  And thus this was 
some kind of AND condition of the base cipher AND implicit IV.

Humpf.

I really want the AES_GCM_12 used along with diet-esp.  Those 4 bytes 
are important when you are dealing with an MTU of 64 bytes and only have 
a 26 byte UDP data packet.

With diet-esp in transport mode for a single UDP app, I can have a 
2-byte SPI (server will have LOTS of clients).  I COULD get by with a 
1-byte SN, but that would only cover ~4 min of comm before advancing the 
implicit msb, so better a 2-byte SN and that gives word alignment for 
the ESP header (not really soooo important). Those 4 bytes in the ICV 
hurt.  And the data is only valid for 1sec for the app.

The lightweigt crypto (like Xoodyak) from the NIST LWC effort (workshop 
this week) looks more attractive, as I can easily only squeeze the 12 
bytes out of the sponge for the tag...

v2.23.0 | Report a Bug | By Email