[openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM

"brian m. carlson" <sandals@crustytoothpaste.net> Tue, 14 February 2017 01:30 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 528BE129960 for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Eqy6OciBpK2D for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:15 -0800 (PST)
Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BB3B12998C for <openpgp@ietf.org>; Mon, 13 Feb 2017 17:30:11 -0800 (PST)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 6871E280AD for <openpgp@ietf.org>; Tue, 14 Feb 2017 01:30:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1487035810; bh=Sp71P1V2rSBqF0xh2cIGMVWkZhLp01wgrcD4odeZMUI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=kdJe8TQYkM+data1wBYJIg61tRpG/iuzK3eIQRgYzdrJeVL6SnCPZaAmARiliSe8H wU887EhvUWT++DoMASx2IBqOM2AuZV+OGuprjxswah4ReteGyMzn9iiV1wfL4c35NQ VsbDBaLn/P3iEaNFUJ+/HH4RUjfeBSVRZu4W4gdWAipHZvhtMJZa8JzZghNKJ8TfT2 ggT/phWN9U8aV3C6Ia3WqPgDM4IwTQ5rvsyjhawcx/LEnjv/PKHGj8pCYRuuNjfjjS hLBgL19DzOAebz37ND30NeRtYyxHMxpIvZnAWM6JqS1St9ykLGawn7HJYGvB8WZp9q pLuQpTaT008VIxZ0eHQM7SFSn85KF3bqIXwqqpKf9npiCzetH0e3HpfTOl6EG+NsIu sw7Mk1FckJiaHyUJLgx29bQ+UW9dvqX1Ne77FlDFP5zL43g0UE9gm3kJoU2PUyEbQg VJu+Pg6tOmCcDg2YAdKon/3t1QpXAAPDEf46lmIKBDlp4Upz7R8
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Date: Tue, 14 Feb 2017 01:29:53 +0000
Message-Id: <20170214012953.839519-1-sandals@crustytoothpaste.net>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
References: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9yj0RuncKNpqnQmR7HcptfYLxeE>
Subject: [openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 01:30:16 -0000

 middle.mkd   | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 template.xml | 11 +++++++++++
 2 files changed, 57 insertions(+)

diff --git a/middle.mkd b/middle.mkd
index 5182c7d..e842938 100644
--- a/middle.mkd
+++ b/middle.mkd
@@ -2483,6 +2483,42 @@ packet length.  The reason for this is that the hashing rules for
 modification detection include a one-octet tag and one-octet length in
 the data hash.  While this is a bit restrictive, it reduces complexity.
+## {5.14} AEAD Encrypted Data Packet (Tag 18)
+This packet contains data encrypted with an authenticated encryption and
+additional data (AEAD) construction.  When it has been decrypted, it
+will typically contain other packets (often a Literal Data packet or
+Compressed Data packet).
+The body of this packet consists of:
+  * A one-octet version number.  The only currently defined value
+    is 1.
+  * A one-octet cipher algorithm.
+  * A one-octet AEAD algorithm.
+  * An initialization vector of size specified by the AEAD algorithm.
+    This value MUST be unique and it MUST be unpredictable.
+  * Encrypted data, the output of the selected symmetric-key cipher
+    operating in the given AEAD mode.
+  * The authentication tag for the AEAD mode.
+The AEAD construction is given the packet header, version number, cipher
+algorithm octet, and AEAD algorithm octet as additional data.
+### {5.14.1} Galois Counter Mode
+The only currently defined AEAD algorithm is Galois Counter Mode
+[](#GCM).  This algorithm can only use block ciphers with 16-byte
+blocks.  The initialization vector is 12 bytes long.
+The security of GCM requires that the counter is never reused, hence the
+requirement that the initialization vector be unique.
 # {6}  Radix-64 Conversions
 As stated in the introduction, OpenPGP's underlying native
@@ -3014,6 +3050,16 @@ algorithm.
 Implementations MUST implement SHA-1.  Implementations MAY implement
 other algorithms.  MD5 is deprecated.
+## {9.5} AEAD Algorithms
+       ID  Algorithm
+ --------  ---------
+        1  GCM [](#GCM)
+ 100--110  Private/Experimental algorithm
+Implementations MUST implement GCM.  Implementations MAY implement
+other algorithms.
 # {10} IANA Considerations
 OpenPGP is highly parameterized, and consequently there are a number
diff --git a/template.xml b/template.xml
index 9ea1582..f52521e 100644
--- a/template.xml
+++ b/template.xml
@@ -144,6 +144,17 @@
+      <reference anchor='GCM'>
+        <front>
+        <title>Recommendation for Block Cipher Modes of Operation:
+            Galois/Counter Mode (GCM) and GMAC (SP 800-38D)</title>
+        <author>
+          <organization>NIST</organization>
+        </author>
+        <date year="2007" month="November" />
+        </front>
+      </reference>
       <reference anchor="HAC">
           <title>Handbook of Applied Cryptography</title>