Re: [TLS] where IVs come from (and other mysteries ...)
Stephen Kent <kent@bbn.com> Tue, 18 March 2014 16:05 UTC
Return-Path: <kent@bbn.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 231D91A0410 for <tls@ietfa.amsl.com>; Tue, 18 Mar 2014 09:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhT8U4bTPsmM for <tls@ietfa.amsl.com>; Tue, 18 Mar 2014 09:05:27 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 69D321A040A for <tls@ietf.org>; Tue, 18 Mar 2014 09:05:27 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:53086) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1WPwW2-00077z-7s; Tue, 18 Mar 2014 12:05:22 -0400
Message-ID: <53286EBA.5090308@bbn.com>
Date: Tue, 18 Mar 2014 12:05:14 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Sandeep Kumar <ietf@sandeep.de>
References: <5318A8A6.50201@bbn.com> <CACsn0cmXj+t4_k=V4u4JGfZBVzbgQiKzMw8mMPzvtZHaGS2ZtQ@mail.gmail.com> <CADMpkcK8UEnCX59=CBvhLsbU4TPAEyBaPnv1-WwPdwufDx8csA@mail.gmail.com> <CAH51uSctbShOktV8NaSWjVzXe6YohwNWSeY8j4CwZwoLNEfK4g@mail.gmail.com>
In-Reply-To: <CAH51uSctbShOktV8NaSWjVzXe6YohwNWSeY8j4CwZwoLNEfK4g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/keRJXHIHDM_eCUKrP533CczfF4Q
Cc: "tls@ietf.org" <tls@ietf.org>, Steve Kent <kent@bbn.com>
Subject: Re: [TLS] where IVs come from (and other mysteries ...)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 16:05:29 -0000
Sandeep, Sorry to be so late in replying. > .... > > RFC5288 states that > struct { > opaque salt[4]; > opaque nonce_explicit[8]; > } GCMNonce; > > ...the salt is generated as part of the handshake > process: it is either the client_write_IV (when the client is > sending) or the server_write_IV (when the server is sending). > > Does it mean that the module generates the nonce_explicit or the whole > GCMNonce. If it's the latter then the sequence number checking on > the TLS packet will not help. The part of the structure labeled "salt" above is called the "fixed field" in NIST 800-38. The FIPS 140-2 implementation guidance doc says that if one generates the explicit nonce deterministically, e.g., using a counter or LFSR, then the fixed field represents the "name" of the module and the name needs to be long enough to allow for at least 2**32 distinct values. The name need not be generated internal to the module; according to Additional Comment #2, page 136, this field may be assigned by a user. So, in the context of interest, TLS could supply the salt to an evaluated module, but the module would generate the explicit nonce internally. There is separate test guidance if the whole IV were to be generated randomly, but we're not discussing that approach here, based on the RFC 5288 description you cited above. Steve
- [TLS] where IVs come from (and other mysteries ..… Stephen Kent
- Re: [TLS] where IVs come from (and other mysterie… Watson Ladd
- Re: [TLS] where IVs come from (and other mysterie… Dr Stephen Henson
- Re: [TLS] where IVs come from (and other mysterie… Salz, Rich
- Re: [TLS] where IVs come from (and other mysterie… Watson Ladd
- Re: [TLS] where IVs come from (and other mysterie… Bodo Moeller
- Re: [TLS] where IVs come from (and other mysterie… Sandeep Kumar
- Re: [TLS] where IVs come from (and other mysterie… Dr Stephen Henson
- Re: [TLS] where IVs come from (and other mysterie… Salz, Rich
- Re: [TLS] where IVs come from (and other mysterie… Bodo Moeller
- Re: [TLS] where IVs come from (and other mysterie… Salz, Rich
- Re: [TLS] where IVs come from (and other mysterie… Stephen Kent
- Re: [TLS] where IVs come from (and other mysterie… Stephen Kent