IETF Logo Mail Archive

Re: [kitten] History of AES block size issues

Tom Yu <tlyu@MIT.EDU> Thu, 15 August 2013 02:48 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB5DC11E80F6 for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 19:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yKWCH8z0q5fm for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 19:48:43 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) by ietfa.amsl.com (Postfix) with ESMTP id 2071E11E80E9 for <kitten@ietf.org>; Wed, 14 Aug 2013 19:48:43 -0700 (PDT)
X-AuditID: 1209190d-b7f078e000000937-0b-520c418ae6d5
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id ED.BA.02359.A814C025; Wed, 14 Aug 2013 22:48:42 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id r7F2mepL022920; Wed, 14 Aug 2013 22:48:40 -0400
Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r7F2mbH2021752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Aug 2013 22:48:39 -0400
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id r7F2mbgE006379; Wed, 14 Aug 2013 22:48:37 -0400 (EDT)
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <tslk3jodwgc.fsf@mit.edu> <5674376E76F88641AD3748A64F0996971AAB7DDE@TK5EX14MBXC285.redmond.corp.microsoft.com> <tslsiybaldd.fsf@mit.edu> <970B41DA-0AE6-4CC8-9DAB-A4049D8F0A44@padl.com> <tslob8zakik.fsf@mit.edu>
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 14 Aug 2013 22:48:37 -0400
In-Reply-To: <tslob8zakik.fsf@mit.edu> (Sam Hartman's message of "Wed, 14 Aug 2013 20:02:43 -0400")
Message-ID: <ldvk3jnfz3u.fsf@cathode-dark-space.mit.edu>
Lines: 44
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupmleLIzCtJLcpLzFFi42IR4hTV1u1y5AkyuLlGxuJr2wM2i6ObV7FY 3L30n93iXzefA4vHkiU/mTxad/xl95j7YRqLx8qpp9kDWKK4bFJSczLLUov07RK4Mn41PmEv 6OOvuPJZsoHxGHcXIyeHhICJxOMXh1ggbDGJC/fWs4HYQgL7GCXmTPfoYuQCsjcySmx/v5AJ wjnHJHGttwnK6WKUWN/Qyg7SIiKgLrH60iQwm1mgTOLM7qXMILawgJnE+WsrWCAanjFKrFo1 Ecjh4GATkJY4urgMpIZFQFVi+Zw3YPWcAskSrZ9WsILYvAIWEndOvQM7iUeAU2LundvMEHFB iZMzn7BA7NKSuPHvJdMERsFZSFKzkKQWMDKtYpRNya3SzU3MzClOTdYtTk7My0st0jXSy80s 0UtNKd3ECA5nSd4djO8OKh1iFOBgVOLhjWjjDhJiTSwrrsw9xCjJwaQkyqtnzxMkxJeUn1KZ kVicEV9UmpNafIhRgoNZSYQ3Rhsox5uSWFmVWpQPk5LmYFES53369GygkEB6YklqdmpqQWoR TFaGg0NJglfPAahRsCg1PbUiLTOnBCHNxMEJMpwHaLgvSA1vcUFibnFmOkT+FKMux5+Vcz8x CrHk5eelSonz2oIUCYAUZZTmwc2BpaFXjOJAbwnzyoNU8QBTGNykV0BLmICWOGRzgSwpSURI STUwutUtPlvjLPbqxBvBZ4ZNEj/4DL66HbntNifdLSIl2FDwfuUSdr2oSQtsPp3xPlestX/K 5MiiNQLz95e3P92kt15C9GdmsvnBD5cXRSV3nyzgmqy4Xr9vqbCo3PeM8koFAwMlds+Vjj1p jy+eOtC23uLclFeqjCEf/CXKEn99OmSWFxQ+Y1mrEktxRqKhFnNRcSIA37kRMh4DAAA=
Cc: "kitten@ietf.org" <kitten@ietf.org>, Michiko Short <michikos@microsoft.com>
Subject: Re: [kitten] History of AES block size issues
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 02:48:49 -0000

Sam Hartman <hartmans-ietf@MIT.EDU> writes:

>>>>>> "Luke" == Luke Howard <lukeh@padl.com> writes:
>
>     >> If I send you a 9-octet message it's actually 16.  If I send you
>     >> a 16-octet message it's still 16 octets.
>
>     Luke> Is it not 24 octets?
>
> Ah, that depends if you are talking RFC 3961 or RFC 1964.
> Under 3961 I think 16; under 1964 I think 24.
>
>     >> Greg, am I right that if your application aligns to a block size
>     >> then you'll actually end up expanding more so you can indicate no
>     >> padding is needed?  If so will DCE RPC be OK with that?
>
>     Luke> I believe it's fine for the reasons I mentioned in my last
>     Luke> mail:
>
>     Luke> Note "trailer" here means DCE RPC auth trailer, containing the
>     Luke> RFC 4121 "header" (which has the EC and checksum rotated into
>     Luke> a single token)
>
>     Luke> * DCE RPC always pads at the application layer, if this it to
>     Luke> at least 16 bytes then we will have a constant length trailer
>     Luke> (we need to investigate this)
>
> Yeah, although in the obvious implementation we'll have 16 octets of pad
> buffer.
>
> so you might have to modify DCE RPC to deal with that if it doesn't
> already, but I guess that's not a problem if you control both your DCE
> RPC and your GSS.

My interpretation of C706 and MS-RPCE is that it won't be a problem at
a MS-RPC protocol level (except for possibly transmitting
overallocated padding).  Applications that roll their own MS-RPC
implementation rather than using a library might be in trouble,
though.  Applications that can query for the padding and block size,
and pad at the application layer to 16 bytes, can probably get away
with assuming a constant size trailer without overallocating.

I don't have detailed citations for the above at this time, but I
could probably write them up if people feel that it's necessary.

v2.23.0 | Report a Bug | By Email