Re: [TLS] Dumb thoughts for hardware backed keys for AEAD
Bill Cox <waywardgeek@google.com> Tue, 01 December 2015 03:17 UTC
Return-Path: <waywardgeek@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F5EE1B3898 for <tls@ietfa.amsl.com>; Mon, 30 Nov 2015 19:17:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dkt2iNxWJxo0 for <tls@ietfa.amsl.com>; Mon, 30 Nov 2015 19:17:37 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9024C1B3894 for <TLS@ietf.org>; Mon, 30 Nov 2015 19:17:37 -0800 (PST)
Received: by iofh3 with SMTP id h3so197588981iof.3 for <TLS@ietf.org>; Mon, 30 Nov 2015 19:17:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=guc7cih7aIJBzYoV2h10YzQTFOdhblkmbu85+v4nEgU=; b=YPChZD2g3Z674/mJBODNMNYXVmq+t7xmm/uqVctw4xDnklGSYmOQfkQLioJLYyrOrg iesvLa0TDrbX0Mz1zKn8bLhoAvQJFJ/xs4EWNgVNZfZAT5Qe6JD9WVT+X0nGcCDvEuyT TPCdZ9n2NesH6X7IOfSGLq4cygzqtDGB3fGzGzCR7a2J00960vd9Tp+O+zhLS49irHQ4 ymYENh7V2bfw95GhxIjhp9nAUSWHSXucrHGPRtW85iQ+xajHoi51qwAW790ACgJhDkM0 xRfCtyKBz3331YftUmd7/ip4zFjsnNbD9JYjqYYXMh+rQt9yoO0HoB4zuiiJNb4wMtXm RM3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=guc7cih7aIJBzYoV2h10YzQTFOdhblkmbu85+v4nEgU=; b=D9gw77V+hDRvSj57cJKxiDYuZZjIXC+HyL1u/usFQ/Ta1sDg2eCX+hOSPnvHyCwk4H 9Pmd261eLdEI0eHyWt4hb8euCPtaTsXIPuKuglHJyNmfXa86f+j2HXfo96x4fncn5jCU Pv+j1ef5+Cbthk4Blx7/w75wLtT1bBBeVfO6dDYAB0BhwKN7KRgs8kVieNLskc8FkGO3 LyblD9yye9IzEG0ErSS0+Gh8GpQwdbzJk8pPdvaPQypAuyAJqQKhAiNHHeiA1MPxRhv9 ikFqmwmU53N1Aa3ku8stUdazfDD6fwLZD/SCepi2738D66erJEqgvWAms1NiT6iAwErz o+3Q==
X-Gm-Message-State: ALoCoQmqhoWA1tc5CuZdVItr78pPx1/FNpPWZpzkmW/NYO6IFHGCgNmez4G0ZpSW2DCM4p8Lcw1t
MIME-Version: 1.0
X-Received: by 10.107.25.81 with SMTP id 78mr66750231ioz.127.1448939856906; Mon, 30 Nov 2015 19:17:36 -0800 (PST)
Received: by 10.107.173.15 with HTTP; Mon, 30 Nov 2015 19:17:36 -0800 (PST)
In-Reply-To: <CABcZeBOAaGvuF7+8y9M0P=Mh5+BWp-UdouEC2Tu1H+v7_kju4Q@mail.gmail.com>
References: <CAH9QtQG7738NcAaTHaiaS_zuGhyX3dONp2xkZaB3=JWtaUaz=A@mail.gmail.com> <CABcZeBOAaGvuF7+8y9M0P=Mh5+BWp-UdouEC2Tu1H+v7_kju4Q@mail.gmail.com>
Date: Mon, 30 Nov 2015 19:17:36 -0800
Message-ID: <CAH9QtQHx=Rc6Ce5XOcmRDpA+dJgvdQirZfSfQdvJ=9pDbHqGVA@mail.gmail.com>
From: Bill Cox <waywardgeek@google.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="001a113ff00a79212c0525cd996d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0pc-qbOC9oZ1XWE8jHthminKTb8>
Cc: "tls@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] Dumb thoughts for hardware backed keys for AEAD
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 03:17:38 -0000
On Mon, Nov 30, 2015 at 7:06 PM, Eric Rescorla <ekr@rtfm.com> wrote: > Hi Bill, > > I am sorry, but I do not understand what you are proposing. Do you think > you could try restating the computation you have in mind, perhaps by > providing an equation that explains the construct? > Sure. I'll stick to HMAC, which is more widely understood. We do encrypt-them-mac using the write key. The inner SHA-256 consumes the entire ciphertext, and at the end, the outer SHA-256 is applied. This hack would use a different key for the outer SHA-256. This way, it is only used to hash a single block. Quite a hack, right :) Bill
- [TLS] Dumb thoughts for hardware backed keys for … Bill Cox
- Re: [TLS] Dumb thoughts for hardware backed keys … Eric Rescorla
- Re: [TLS] Dumb thoughts for hardware backed keys … Tony Arcieri
- Re: [TLS] Dumb thoughts for hardware backed keys … Bill Cox
- Re: [TLS] Dumb thoughts for hardware backed keys … Eric Rescorla
- Re: [TLS] Dumb thoughts for hardware backed keys … Bill Cox
- Re: [TLS] Dumb thoughts for hardware backed keys … Ilari Liusvaara