IETF Logo Mail Archive

Problems verifying sample packet protection in appendix A of Using TLS to Secure QUIC

tim.jebb@bt.com Tue, 14 July 2020 16:06 UTC

Return-Path: <tim.jebb@bt.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66613A0912 for <quic@ietfa.amsl.com>; Tue, 14 Jul 2020 09:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ibqT2CXb81r7 for <quic@ietfa.amsl.com>; Tue, 14 Jul 2020 09:05:59 -0700 (PDT)
Received: from smtpe1.intersmtp.com (smtpe1.intersmtp.com [213.121.35.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D31753A091B for <quic@ietf.org>; Tue, 14 Jul 2020 09:05:58 -0700 (PDT)
Received: from tpw09926dag05e.domain1.systemhost.net (10.9.202.20) by BWP09926085.bt.com (10.36.82.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Tue, 14 Jul 2020 17:05:55 +0100
Received: from tpw09926dag12e.domain1.systemhost.net (10.9.212.12) by tpw09926dag05e.domain1.systemhost.net (10.9.202.20) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 14 Jul 2020 17:05:55 +0100
Received: from bwp09926084.bt.com (10.36.82.115) by tpw09926dag12e.domain1.systemhost.net (10.9.212.12) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 14 Jul 2020 17:05:55 +0100
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (104.47.20.59) by smtpe1.intersmtp.com (10.36.82.115) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Tue, 14 Jul 2020 17:05:54 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bhrfLxVXSY3Iw+dt4N5b5Cl+0PuBqsLkS4HrDRDG/yJtTZ4+ortk9lTj2M+Z2yjbK1RtoWuqUODTJgH7j8W/KUabs8yhtqDvfzvOUJbrV4Pte+ddb08mUS2WsZV0HIVzMUiAdepiaLBU1GoLGELPJFSq6q8k6kTIQ8KMydRSFV1Ta+vgnw8/pHUJSbXzYonEn40PlWgn+f5PzPLN8RvGp2weKai9UbUfcjCfrrjcQOl9ni1XbC8iiV4Fbwm7YxPN00rHl0HOgCGrmvknQheqVXgNfFUilJUxwNAX7PKfMvAePkNEgqZ7sSwKsfaFJYhAhhfR0TWUSD4ke5bWfk65Ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FTDC4WgIt3zg0ZU20oBQH35FsA8ux8qjTmXWk0kkGWQ=; b=nQ3p5W73N/kN9v7mOBlX+HW43J7OuJGaOjQYKwPwya9DjWZ8KYQbw373tva3oEF1jjE6NxhcHERnlfrIXOQQMv5o2aipUuuimxvwiSAeOCT1MhGR79nZfjr0VUS+cA9WfLGFZ1AkH5mu68qOf71tmIg1/IXseUSTTtPzISQLpbA7SpP87Kqa+KGR5oZdl2/iAMb/z96yCHopsLPfBVvbXSH5bdhEZEqr/mP4uwe+FPO2sZLB3hJiXlIfGH+C5633lWBjLefssw+GOA2pvwVr93AXjRiigogSYYnhlxPb2PjYgDjEYz8mwA9hzFBj18+kKnT1G/apZ5tmIKoMVdv8lw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bt.com; dmarc=pass action=none header.from=bt.com; dkim=pass header.d=bt.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bt.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FTDC4WgIt3zg0ZU20oBQH35FsA8ux8qjTmXWk0kkGWQ=; b=UoeHWA/i9fgtroZIax7ZYS6Z71OcfQf8q9V07oItefFulxhOcwLrsH19kn1VAO0LTYiKY20LvRUT94S1GVcIXbgSADzq5XjlQVTUr7ZbPVYuw2wqaC1/SEtnMLLs/p+pPZAPKK06pbJjJ8ZYbxZfw5WTip8pnEHemHpavldtXZw=
Received: from LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:dc::10) by LNXP123MB2586.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:ac::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.29; Tue, 14 Jul 2020 16:05:53 +0000
Received: from LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM ([fe80::ec07:dcb5:1747:4632]) by LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM ([fe80::ec07:dcb5:1747:4632%7]) with mapi id 15.20.3174.025; Tue, 14 Jul 2020 16:05:53 +0000
From: tim.jebb@bt.com
To: quic@ietf.org
Subject: Problems verifying sample packet protection in appendix A of Using TLS to Secure QUIC
Thread-Topic: Problems verifying sample packet protection in appendix A of Using TLS to Secure QUIC
Thread-Index: AdZZ60hBgJSiLWoSRDqZxGYKUQVBHw==
Date: Tue, 14 Jul 2020 16:05:53 +0000
Message-ID: <LNXP123MB2460833EC5BC592C8D410EDCF2610@LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=bt.com;
x-originating-ip: [109.150.151.240]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0083dfa4-4e2f-4c9c-7968-08d8280fc92f
x-ms-traffictypediagnostic: LNXP123MB2586:
x-microsoft-antispam-prvs: <LNXP123MB2586E42C8D4F8CB487418743F2610@LNXP123MB2586.GBRP123.PROD.OUTLOOK.COM>
x-antispam-2: 1
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0464DBBBC4
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: haCd+ac7Qmq/TrzZ32VCTQMoQrqc/ofJu5iNI/i3ms6mJ2eS6eT5jiaCvi0azQ2iGFL+32h09pk2lXUnaPBf3fMwEF2+NiwX+amXMP9Lcy+cszsUYjSQIZJIVOltCRi0haViID7YLJgou9s429cEAciyEItXZo5dPaMpNUssQhDfWFYjWW5kkjpHUjAGTJ/6VTZmnQYxR2wSR+2kLvnamX8HwOThMaCBHFiuXqBEcyIsyqry6QEErWPD8KP9/RLzJy9Gv+iePkdhl8z1+U9Rn0BwRObviXx/JMxDSFxT7OrpKESAS0xIsj44mOJ1SES7xzULT6FLgkoY/HyXzqW5cMgdxHwP0wegtQtmYb8x0YLh+cLhrBVxl9kGogjovMqDmduPcKZWY6lZkNCsEYLmkw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(346002)(396003)(39860400002)(366004)(136003)(33656002)(966005)(6506007)(7696005)(16799955002)(186003)(2906002)(478600001)(26005)(8936002)(52536014)(9326002)(66476007)(8676002)(55016002)(76116006)(9686003)(71200400001)(66556008)(66946007)(86362001)(66446008)(64756008)(83380400001)(166002)(6916009)(316002)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: JdmDDo/nEmqfajr+B0/WzxtDfwwSlABlPJdDYXg8JhS4L8CeaNBMx3eYwi3HbSglNEgKafRDEKIWrJ0EfLKmJNNaMCKpVcykTAE/W/nrTzkg1UzMEiFxYFzCZDLCU2BxnjqrBK9ibzSRIXClEXH5Wz88/kfnfUSdOv9GUvOmYF+NggJJ9Qns2eu0GCySRrG4cNxTV63FFiVCiJ9RhlrKw+Pj3MzC0HEPT5pICfo4EiAnPozoByO4RA9/AkIPi30fyTraGIyWc9gY4g0i8tmhPax8p+EOuffwOMvOawA+gYYKM6e2Y8nztDTPg5gOkKCMS2iBNpM3hfvvOTnT4Uj3lHG35APRwecu0lmcMs/1gV2g6vkemwbn1qwTAmqUxJlOFvUy4btNWv+Myx0uOeop1mDjW2t+9uZlrOsnDdt4PKwSpkrVcgRxURhkSmUnIkv/SFSCfNwtt0RsY86i3OK0fecJ169xKdB/A6gQvkg6gpkZPQeYDwShhvGGoCmFKIKq
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LNXP123MB2460833EC5BC592C8D410EDCF2610LNXP123MB2460GBRP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LNXP123MB2460.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 0083dfa4-4e2f-4c9c-7968-08d8280fc92f
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2020 16:05:53.6718 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a7f35688-9c00-4d5e-ba41-29f146377ab0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 98nfeRc6UDSlbXp2b+SAbD4FY5EMFjpChtCIt74lgurqpghR+ffFH7O0MQnOu2ei
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP123MB2586
X-OriginatorOrg: bt.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/84tPtT9oTMKo1DQA8Iobuy-cOAM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 16:06:01 -0000

Hi,

I'm working through Appendix A of the QUIC TLS doc to check my understanding, but am having trouble decrypting the sample client initial packet.  I'm unsure if I've made a silly error or two, or if I've made one or more incorrect assumptions.  Or both.

The functions I'm using are the OpenSSL EVP ones.  I'm attempting to follow the recipe here:
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_GCM_mode in conjunction with the draft RFC.


EVP_CIPHER_CTX_new()

EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)

EVP_DecryptInit_ex(ctx, NULL, NULL, client_key, iv)         where the client key is 0x175257a31eb09dea9366d8bb79ad80ba and the iv is 0x6b26114b9cba2b63a9e8dd4f

EVP_DecryptUpdate(ctx, NULL, &len, pUnprotectedHeader, headerLength)           where the unprotected header is 0xc3ff00001d088394c8f03e5157080000449e00000002 - this I believe is the Additional Data required

EVP_DecryptUpdate(ctx, decryptedPayload, &len, pPayload, payloadLength-16))   here I'm passing in the encrypted payload beginning 0xfb66bc5f and ending 0xe82a4d919d48, length 1162.  I'm assuming that the final 16 bytes of the payload is the authentication tag so am not passing it in here.  Note that if this assumption about the authentication tag is correct, I think it could be more clearly stated in the draft RFC.

EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) where tag is the final 16 bytes of the encrypted payload, ie 0x43b1ca70 a2d8d3f7 25ead139 1377dcc0

EVP_DecryptFinal_ex(ctx, decryptedPayload + len, &len)

Everything seems OK until the EVP_DecryptFinal_ex() call which fails.

Is there anything obviously wrong with the above?  I've not posted the full source code as I'm not asking people to check my working, I'm really asking if my assumptions are correct, am I using the correct functions, input data etc.

Thanks in advance

Tim

v2.23.0 | Report a Bug | By Email