[openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM
"brian m. carlson" <sandals@crustytoothpaste.net> Tue, 14 February 2017 01:30 UTC
Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 528BE129960 for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eqy6OciBpK2D for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:15 -0800 (PST)
Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BB3B12998C for <openpgp@ietf.org>; Mon, 13 Feb 2017 17:30:11 -0800 (PST)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 6871E280AD for <openpgp@ietf.org>; Tue, 14 Feb 2017 01:30:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1487035810; bh=Sp71P1V2rSBqF0xh2cIGMVWkZhLp01wgrcD4odeZMUI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=kdJe8TQYkM+data1wBYJIg61tRpG/iuzK3eIQRgYzdrJeVL6SnCPZaAmARiliSe8H wU887EhvUWT++DoMASx2IBqOM2AuZV+OGuprjxswah4ReteGyMzn9iiV1wfL4c35NQ VsbDBaLn/P3iEaNFUJ+/HH4RUjfeBSVRZu4W4gdWAipHZvhtMJZa8JzZghNKJ8TfT2 ggT/phWN9U8aV3C6Ia3WqPgDM4IwTQ5rvsyjhawcx/LEnjv/PKHGj8pCYRuuNjfjjS hLBgL19DzOAebz37ND30NeRtYyxHMxpIvZnAWM6JqS1St9ykLGawn7HJYGvB8WZp9q pLuQpTaT008VIxZ0eHQM7SFSn85KF3bqIXwqqpKf9npiCzetH0e3HpfTOl6EG+NsIu sw7Mk1FckJiaHyUJLgx29bQ+UW9dvqX1Ne77FlDFP5zL43g0UE9gm3kJoU2PUyEbQg VJu+Pg6tOmCcDg2YAdKon/3t1QpXAAPDEf46lmIKBDlp4Upz7R8
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Date: Tue, 14 Feb 2017 01:29:53 +0000
Message-Id: <20170214012953.839519-1-sandals@crustytoothpaste.net>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
References: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9yj0RuncKNpqnQmR7HcptfYLxeE>
Subject: [openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 01:30:16 -0000
---
middle.mkd | 46 ++++++++++++++++++++++++++++++++++++++++++++++
template.xml | 11 +++++++++++
2 files changed, 57 insertions(+)
diff --git a/middle.mkd b/middle.mkd
index 5182c7d..e842938 100644
--- a/middle.mkd
+++ b/middle.mkd
@@ -2483,6 +2483,42 @@ packet length. The reason for this is that the hashing rules for
modification detection include a one-octet tag and one-octet length in
the data hash. While this is a bit restrictive, it reduces complexity.
+## {5.14} AEAD Encrypted Data Packet (Tag 18)
+
+This packet contains data encrypted with an authenticated encryption and
+additional data (AEAD) construction. When it has been decrypted, it
+will typically contain other packets (often a Literal Data packet or
+Compressed Data packet).
+
+The body of this packet consists of:
+
+ * A one-octet version number. The only currently defined value
+ is 1.
+
+ * A one-octet cipher algorithm.
+
+ * A one-octet AEAD algorithm.
+
+ * An initialization vector of size specified by the AEAD algorithm.
+ This value MUST be unique and it MUST be unpredictable.
+
+ * Encrypted data, the output of the selected symmetric-key cipher
+ operating in the given AEAD mode.
+
+ * The authentication tag for the AEAD mode.
+
+The AEAD construction is given the packet header, version number, cipher
+algorithm octet, and AEAD algorithm octet as additional data.
+
+### {5.14.1} Galois Counter Mode
+
+The only currently defined AEAD algorithm is Galois Counter Mode
+[](#GCM). This algorithm can only use block ciphers with 16-byte
+blocks. The initialization vector is 12 bytes long.
+
+The security of GCM requires that the counter is never reused, hence the
+requirement that the initialization vector be unique.
+
# {6} Radix-64 Conversions
As stated in the introduction, OpenPGP's underlying native
@@ -3014,6 +3050,16 @@ algorithm.
Implementations MUST implement SHA-1. Implementations MAY implement
other algorithms. MD5 is deprecated.
+## {9.5} AEAD Algorithms
+
+ ID Algorithm
+ -------- ---------
+ 1 GCM [](#GCM)
+ 100--110 Private/Experimental algorithm
+
+Implementations MUST implement GCM. Implementations MAY implement
+other algorithms.
+
# {10} IANA Considerations
OpenPGP is highly parameterized, and consequently there are a number
diff --git a/template.xml b/template.xml
index 9ea1582..f52521e 100644
--- a/template.xml
+++ b/template.xml
@@ -144,6 +144,17 @@
</front>
</reference>
+ <reference anchor='GCM'>
+ <front>
+ <title>Recommendation for Block Cipher Modes of Operation:
+ Galois/Counter Mode (GCM) and GMAC (SP 800-38D)</title>
+ <author>
+ <organization>NIST</organization>
+ </author>
+ <date year="2007" month="November" />
+ </front>
+ </reference>
+
<reference anchor="HAC">
<front>
<title>Handbook of Applied Cryptography</title>
--
2.11.0
- [openpgp] Pull request for AEAD encrypted data pa… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Stephen Farrell
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- [openpgp] [PATCH] Add AEAD Encrypted Data Packet … brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Werner Koch
- [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Questions around AEAD packets Tom Ritter
- Re: [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Pull request for AEAD encrypted dat… Peter Gutmann
- Re: [openpgp] Questions around AEAD packets Derek Atkins