Re: [openpgp] AEAD encrypted data packet with EAX

Werner Koch <wk@gnupg.org> Tue, 25 July 2017 19:10 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B40131714 for <openpgp@ietfa.amsl.com>; Tue, 25 Jul 2017 12:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opsfGlqhHUg5 for <openpgp@ietfa.amsl.com>; Tue, 25 Jul 2017 12:10:06 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C692131E9D for <openpgp@ietf.org>; Tue, 25 Jul 2017 12:10:05 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1da5DX-0000nP-4n for <openpgp@ietf.org>; Tue, 25 Jul 2017 21:10:03 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1da57f-00086E-Fn; Tue, 25 Jul 2017 21:03:59 +0200
From: Werner Koch <wk@gnupg.org>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: openpgp@ietf.org
References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Tue, 25 Jul 2017 21:03:53 +0200
In-Reply-To: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> (brian m. carlson's message of "Fri, 21 Jul 2017 22:21:50 +0000")
Message-ID: <87inig5ofa.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ci5OEKkxYPYHNBxv_iX272LCGxM>
Subject: Re: [openpgp] AEAD encrypted data packet with EAX
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 19:10:11 -0000

On Sat, 22 Jul 2017 00:21, sandals@crustytoothpaste.net said:

> I've updated my proposal and will be sending out a series of three
> patches shortly.  As Werner suggested, I've moved the IV requirements to
> the mode specification and I've expanded the possible values of the
> cipher type octet.

Thanks.  I pushed your patches so that we can use this as a starting
point.  I made two changes:

 - Assigned tag 20 for the AEAD Encrypted data packet
 - Removed a probably left-over sentence:

    An implementation MUST support chunk size octets with values from 0
    to 56.  An implementation MAY support other chunk sizes.  Chunk size
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    octets with other values are reserved for future extensions.

and also pushed this to indicate the support for AEAD

--8<---------------cut here---------------start------------->8---
@@ -1594,6 +1594,9 @@ #### {5.2.3.24} Features
 
     0x01 - Modification Detection (packets 18 and 19)
 
+    0x02 - AEAD Encrypted Data Packet (packet 20) and version 5
+           Symmetric-Key Encrypted Session Key Packets (packet 3)
+
 If an implementation implements any of the defined features, it SHOULD
 implement the Features subpacket, too.
--8<---------------cut here---------------end--------------->8---


> with AEAD and a secret key packet with AEAD.  These packets use a fixed
> value of 10 for the chunk size octet (a chunk of 65536 bytes), which

I am fine with this.

> I welcome comments on this proposal with the goal of trying to get
> consensus.

Do we have an RFC for EAX Mode?  That would make a better reference.

I think we should have a more verbose description of the AEAD chunk
construction in particular related to the use of the IV/nonce in the
chunks.



Salam-Shalom,

   Werner



p.s.
I uploaded a rendered version to https://dev.gnupg.org/F167170

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.