[openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM
"brian m. carlson" <sandals@crustytoothpaste.net> Tue, 14 February 2017 01:30 UTC
Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 528BE129960 for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eqy6OciBpK2D for <openpgp@ietfa.amsl.com>; Mon, 13 Feb 2017 17:30:15 -0800 (PST)
Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BB3B12998C for <openpgp@ietf.org>; Mon, 13 Feb 2017 17:30:11 -0800 (PST)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 6871E280AD for <openpgp@ietf.org>; Tue, 14 Feb 2017 01:30:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1487035810; bh=Sp71P1V2rSBqF0xh2cIGMVWkZhLp01wgrcD4odeZMUI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=kdJe8TQYkM+data1wBYJIg61tRpG/iuzK3eIQRgYzdrJeVL6SnCPZaAmARiliSe8H wU887EhvUWT++DoMASx2IBqOM2AuZV+OGuprjxswah4ReteGyMzn9iiV1wfL4c35NQ VsbDBaLn/P3iEaNFUJ+/HH4RUjfeBSVRZu4W4gdWAipHZvhtMJZa8JzZghNKJ8TfT2 ggT/phWN9U8aV3C6Ia3WqPgDM4IwTQ5rvsyjhawcx/LEnjv/PKHGj8pCYRuuNjfjjS hLBgL19DzOAebz37ND30NeRtYyxHMxpIvZnAWM6JqS1St9ykLGawn7HJYGvB8WZp9q pLuQpTaT008VIxZ0eHQM7SFSn85KF3bqIXwqqpKf9npiCzetH0e3HpfTOl6EG+NsIu sw7Mk1FckJiaHyUJLgx29bQ+UW9dvqX1Ne77FlDFP5zL43g0UE9gm3kJoU2PUyEbQg VJu+Pg6tOmCcDg2YAdKon/3t1QpXAAPDEf46lmIKBDlp4Upz7R8
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Date: Tue, 14 Feb 2017 01:29:53 +0000
Message-Id: <20170214012953.839519-1-sandals@crustytoothpaste.net>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
References: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9yj0RuncKNpqnQmR7HcptfYLxeE>
Subject: [openpgp] [PATCH] Add AEAD Encrypted Data Packet with GCM
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 01:30:16 -0000
--- middle.mkd | 46 ++++++++++++++++++++++++++++++++++++++++++++++ template.xml | 11 +++++++++++ 2 files changed, 57 insertions(+) diff --git a/middle.mkd b/middle.mkd index 5182c7d..e842938 100644 --- a/middle.mkd +++ b/middle.mkd @@ -2483,6 +2483,42 @@ packet length. The reason for this is that the hashing rules for modification detection include a one-octet tag and one-octet length in the data hash. While this is a bit restrictive, it reduces complexity. +## {5.14} AEAD Encrypted Data Packet (Tag 18) + +This packet contains data encrypted with an authenticated encryption and +additional data (AEAD) construction. When it has been decrypted, it +will typically contain other packets (often a Literal Data packet or +Compressed Data packet). + +The body of this packet consists of: + + * A one-octet version number. The only currently defined value + is 1. + + * A one-octet cipher algorithm. + + * A one-octet AEAD algorithm. + + * An initialization vector of size specified by the AEAD algorithm. + This value MUST be unique and it MUST be unpredictable. + + * Encrypted data, the output of the selected symmetric-key cipher + operating in the given AEAD mode. + + * The authentication tag for the AEAD mode. + +The AEAD construction is given the packet header, version number, cipher +algorithm octet, and AEAD algorithm octet as additional data. + +### {5.14.1} Galois Counter Mode + +The only currently defined AEAD algorithm is Galois Counter Mode +[](#GCM). This algorithm can only use block ciphers with 16-byte +blocks. The initialization vector is 12 bytes long. + +The security of GCM requires that the counter is never reused, hence the +requirement that the initialization vector be unique. + # {6} Radix-64 Conversions As stated in the introduction, OpenPGP's underlying native @@ -3014,6 +3050,16 @@ algorithm. Implementations MUST implement SHA-1. Implementations MAY implement other algorithms. MD5 is deprecated. +## {9.5} AEAD Algorithms + + ID Algorithm + -------- --------- + 1 GCM [](#GCM) + 100--110 Private/Experimental algorithm + +Implementations MUST implement GCM. Implementations MAY implement +other algorithms. + # {10} IANA Considerations OpenPGP is highly parameterized, and consequently there are a number diff --git a/template.xml b/template.xml index 9ea1582..f52521e 100644 --- a/template.xml +++ b/template.xml @@ -144,6 +144,17 @@ </front> </reference> + <reference anchor='GCM'> + <front> + <title>Recommendation for Block Cipher Modes of Operation: + Galois/Counter Mode (GCM) and GMAC (SP 800-38D)</title> + <author> + <organization>NIST</organization> + </author> + <date year="2007" month="November" /> + </front> + </reference> + <reference anchor="HAC"> <front> <title>Handbook of Applied Cryptography</title> -- 2.11.0
- [openpgp] Pull request for AEAD encrypted data pa… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Stephen Farrell
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- [openpgp] [PATCH] Add AEAD Encrypted Data Packet … brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Werner Koch
- [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Questions around AEAD packets Tom Ritter
- Re: [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Pull request for AEAD encrypted dat… Peter Gutmann
- Re: [openpgp] Questions around AEAD packets Derek Atkins