IETF Logo Mail Archive

Re: [TLS] Diffie-Hellman: value of Z - the shared secret - without leading zero octets

Russ Housley <housley@vigilsec.com> Thu, 07 April 2016 14:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0E0B12D96D for <tls@ietfa.amsl.com>; Thu, 7 Apr 2016 07:37:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vFgxmhQmZ8z for <tls@ietfa.amsl.com>; Thu, 7 Apr 2016 07:37:19 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 272D412D96C for <tls@ietf.org>; Thu, 7 Apr 2016 07:22:02 -0700 (PDT)
Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 93132F2403D; Thu, 7 Apr 2016 10:22:01 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id mtA5dX5LvWg5; Thu, 7 Apr 2016 10:07:24 -0400 (EDT)
Received: from dhcp-b4d9.meeting.ietf.org (dhcp-b4d9.meeting.ietf.org [31.133.180.217]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 6C76BF24036; Thu, 7 Apr 2016 10:22:00 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CADwHJ+9XCpEDtX6vE+TQXKwz1MEhXHkj5Xbua6vAY_03Q=6LDA@mail.gmail.com>
Date: Thu, 07 Apr 2016 10:21:56 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A58F7462-B9A0-4FFA-AAEB-7C6AA6BCA1C2@vigilsec.com>
References: <CADwHJ+9XCpEDtX6vE+TQXKwz1MEhXHkj5Xbua6vAY_03Q=6LDA@mail.gmail.com>
To: Maarten Bodewes <maarten.bodewes@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/S_taB-lMt_22pWojO2RW0R7vYOw>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] Diffie-Hellman: value of Z - the shared secret - without leading zero octets
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 14:37:21 -0000

I would prefer to always use the full, known-length byte string for Z.  In my experience, it is better to know the lengths of byte strings instead of stripping leading zeroes.  The difference in the speed of the HKDF computation by omitting the leading zeros is not significant.  Alignment with NIST SP 800-56A is nice, but it is not the reason for my preference.

Russ


On Mar 28, 2016, at 11:56 AM, Maarten Bodewes <maarten.bodewes@gmail.com> wrote:

> Hi all,
> 
> I see that the leading zero is stripped off of the value of Z (the shared secret) before it is used as input to HKDF. This seems to be compatible with TLS 1.2. Then again, it is not compatible with e.g. NISP800-56A which uses the value of Z with the same size of the prime in octets. Furthermore, it is also different with regards to handling the coordinate X as used in ECDH.
> 
> Was this a conscious decision to keep compatibility with TLS? Has the use of the value of Z including zero octets been considered?
> 
> Regards,
> Maarten

v2.40.3 | Report a Bug | By Email | System Status