IETF Logo Mail Archive

[quicwg/base-drafts] Consider simplifying Packet Number Encryption (#1575)

David Schinazi <notifications@github.com> Tue, 17 July 2018 15:27 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180A5130F88 for <quic-issues@ietfa.amsl.com>; Tue, 17 Jul 2018 08:27:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level:
X-Spam-Status: No, score=-3.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAjcd-PZ_LDn for <quic-issues@ietfa.amsl.com>; Tue, 17 Jul 2018 08:27:43 -0700 (PDT)
Received: from o9.sgmail.github.com (o9.sgmail.github.com [167.89.101.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B946130F89 for <quic-issues@ietf.org>; Tue, 17 Jul 2018 08:27:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=0hwTlXSjbYQ4aFg4lSJTJ6sjtew=; b=s8XNq+xHQBdmqOil I9MaMGGwFVNwnAIKRDLWMkI3eLAynu/tYMVPQMstOLa6Z5ssK1YFmuUw7tiRa/5m 3+fmxEYpkqYbW7EIPEPnY+Zk0NeqO5xx7HYZB723SjP5x06p0pp7gMHJhDwW45tw UEnVZ8IgrIQ+3S/yXL91i7riy3U=
Received: by filter0411p1iad2.sendgrid.net with SMTP id filter0411p1iad2-2710-5B4E0AE8-23 2018-07-17 15:27:36.539721615 +0000 UTC m=+415845.809312712
Received: from github-lowworker10-cp1-prd.iad.github.net (unknown [192.30.252.38]) by ismtpd0008p1iad1.sendgrid.net (SG) with ESMTP id wMhmjXPXQC2if_TsCBGRCQ for <quic-issues@ietf.org>; Tue, 17 Jul 2018 15:27:36.497 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker10-cp1-prd.iad.github.net (Postfix) with ESMTP id 4A32444B10 for <quic-issues@ietf.org>; Tue, 17 Jul 2018 08:27:36 -0700 (PDT)
Date: Tue, 17 Jul 2018 15:27:36 +0000
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abaab3ff4c19ef33f0f8e0d61bb8a709b2a9b8cd6592cf000000011765cce892a169ce14620d9d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1575@github.com>
Subject: [quicwg/base-drafts] Consider simplifying Packet Number Encryption (#1575)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b4e0ae848526_1c433fbc7d728f841132b9"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2UmHwyb/AJOZPVHbZKtXUNdafhoLuQRM/OGT znRF3shcv3VDQr5XFYqVDbHqv255k2ktOI5lODIn4prJyholK2L8xJaa5FU4xMc+bRrycsTpArStw4 dUCXAMIfI0PH20we8JDO9yGL2cGsapw62Cw/l8hhG2FBdQvzHWyWsYYypHzcdHoFND43XL8SysYYaj M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/T8ml-6FPnY2o8SmRsWlpJx2svF0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 15:27:52 -0000

Currently PNE encrypts the variable-length packet number. There are at least two ways to implement decryption:

1. decrypt the first byte in-place, compute the PN length, decrypt the remaining bytes in-place
2. decrypt the max PN length (4 bytes) into a separate buffer, compute the PN length, copy that amount of bytes back

This has the downside of worse performance, or can cause timing attacks.

It would be simpler to always encrypt the max length - that way we can always decrypt 4 bytes in place.

Apologies if this has been discussed before, I wasn't able to find it.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1575

v2.15.0 | Report a Bug | By Email