[TLS] About TLS 1.2 AEAD ciphers definition
Juho Vähä-Herttua <juhovh@iki.fi> Thu, 27 May 2010 15:29 UTC
Return-Path: <juhovh@iki.fi>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A8DF03A6947 for <tls@core3.amsl.com>; Thu, 27 May 2010 08:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.699
X-Spam-Level:
X-Spam-Status: No, score=-3.699 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9K-WB1lkrd+v for <tls@core3.amsl.com>; Thu, 27 May 2010 08:29:28 -0700 (PDT)
Received: from smtp-3.hut.fi (smtp-3.hut.fi [130.233.228.93]) by core3.amsl.com (Postfix) with ESMTP id 234F53A6955 for <tls@ietf.org>; Thu, 27 May 2010 08:29:27 -0700 (PDT)
Received: from localhost (katosiko.hut.fi [130.233.228.115]) by smtp-3.hut.fi (8.13.6/8.12.10) with ESMTP id o4RFTEDI028872 for <tls@ietf.org>; Thu, 27 May 2010 18:29:14 +0300
Received: from smtp-3.hut.fi ([130.233.228.93]) by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024) with LMTP id 21577-970 for <tls@ietf.org>; Thu, 27 May 2010 18:29:14 +0300 (EEST)
Received: from [130.233.194.249] (vbwin.cs.hut.fi [130.233.194.249]) by smtp-3.hut.fi (8.13.6/8.12.10) with ESMTP id o4RFTAut028851 for <tls@ietf.org>; Thu, 27 May 2010 18:29:10 +0300
Message-ID: <4BFE8FC5.4070509@iki.fi>
Date: Thu, 27 May 2010 18:29:09 +0300
From: Juho Vähä-Herttua <juhovh@iki.fi>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fi; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Subject: [TLS] About TLS 1.2 AEAD ciphers definition
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 15:29:29 -0000
Hi, I'm implementing TLS (including v1.2) and went through the 6.2.3.3. chapter of AEAD ciphers definition. The following puzzles me: additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length; AEADEncrypted = AEAD-Encrypt(write_key, nonce, plaintext, additional_data) TLSCompressed.fragment = AEAD-Decrypt(write_key, nonce, AEADEncrypted, additional_data This seems to be strange in case of AEAD-Decrypt, because additional_data contains TLSCompressed information, which is not available before decryption. I started to trace it down and found out it was changed in draft-ietf-tls-rfc4346-bis-05 back in 2007. To find some reason for this change, I noticed the following email: http://www.ietf.org/mail-archive/web/tls/current/msg01870.html It seems to me that the change was made after this email and probably as a response to it. Before the change AEAD-Encrypt was using TLSCompressed.length and AEAD-Decrypt was using TLSCiphertext.length, which may be different if the AEAD cipher adds some own padding to it. So I'm curious to know how is AEAD actually handled and how to find out the TLSCompressed.length when constructing additional_data for AEAD-Decrypt? I'm sure there are more experienced people here who can tell me the answer. Thank you in advance. Juho
- [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Adam Langley
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Adam Langley
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Joshua Davies
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Martin Rex
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Michael Gray
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Rob P Williams
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Russ Housley