Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
"Gregory S. Chudov" <chudov@cryptopro.ru> Wed, 30 November 2005 15:37 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhU1e-0007Yr-0E; Wed, 30 Nov 2005 10:37:42 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhU1b-0007YZ-Qb for tls@megatron.ietf.org; Wed, 30 Nov 2005 10:37:41 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA01380 for <tls@ietf.org>; Wed, 30 Nov 2005 10:36:54 -0500 (EST)
Received: from mx2.cryptopro.ru ([213.59.158.218]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EhULt-0007Jx-H6 for tls@ietf.org; Wed, 30 Nov 2005 10:58:39 -0500
Received: from fandra2k ([192.168.68.6]) by mx2.cryptopro.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 30 Nov 2005 18:40:03 +0300
Message-ID: <069701c5f5c4$550ce230$0644a8c0@cp.ru>
From: "Gregory S. Chudov" <chudov@cryptopro.ru>
To: Dmitry Belyavsky <beldmit@cryptocom.ru>, tls@ietf.org
References: <20051128190250.C9E7622244D@laser.networkresonance.com><7.0.0.10.2.20051128144717.02c1fc78@vigilsec.com> <Pine.LNX.4.62.0511291734070.23219@manul.lan.cryptocom.ru> <055101c5f50d$ab2b78a0$0644a8c0@cp.ru> <Pine.LNX.4.62.0511301114490.29704@manul.lan.cryptocom.ru>
Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
Date: Wed, 30 Nov 2005 18:40:03 +0300
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="ISO-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.1830
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
X-OriginalArrivalTime: 30 Nov 2005 15:40:03.0937 (UTC) FILETIME=[550F0510:01C5F5C4]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Content-Transfer-Encoding: 7bit
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Greetings.
They use usual HMAC, and i think it makes sense
to use the standard scheme from TLS for them
(Null or standard stream cipher, ch. 6.2.3.1).
I think we can put it this way:
Cipher suites TLS_GOST341094_WITH_NULL_GOSTR3411 and
TLS_GOST34102001_WITH_NULL_GOSTR3411 use the same
record payload protection scheme, as described in section 6.2.3.1
of [TLS]:
MACed_data[seq_num] = seq_num +
TLSCompressed.type +
TLSCompressed.version +
TLSCompressed.length +
TLSCompressed.fragment;
CipherSpec.hash_size = 32
GenericStreamCipher.MAC = HMAC_GOSTR3411 (MACed_data[seq_num])
Cipher suites TLS_GOST341094_WITH_GOST28147_OFB_GOST28147
and TLS_GOST34102001_WITH_GOST28147_OFB_GOST28147 use
IMIT_GOST28147 as MAC function. IMIT_GOST28147 is basicly
a form of GOST28147 cipher. To be robust to attacks based on timing and
EMI analysis, one symmetric key should not be used for large quantities
of
plaintext, so the CryptoPro Key Meshing algorithm from [CPALGS],
section 2.3.2, is applied to the MAC keys. Each record MAC is computed,
using the cipher state resulting from processing the previous record,
which
is equivalent to computing the MAC from concatenation of all previous
records:
CipherSpec.hash_size = 4
GenericStreamCipher.MAC = IMIT_GOST28147 (MACed_data[0] +
... + MACed_data[n])
Good luck and thanks for feedback.
----- Original Message -----
From: "Dmitry Belyavsky" <beldmit@cryptocom.ru>
To: "Gregory S. Chudov" <chudov@cryptopro.ru>
Cc: <tls@ietf.org>
Sent: Wednesday, November 30, 2005 11:26 AM
Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
> Greetings!
...
> Thank you, this paragraph provides enough information for me to understand
> your design decision.
>
> But the section 2 of draft-chudov-cryptopro-cptls-02.txt proposes two
> cipher suites with GOSTR3411-based MAC. Is key meshing applied
> for these cipher suites too or do they use usual HMAC? And what is MACed
> data for them?
...
> --
> SY, Dmitry Belyavsky (ICQ UIN 11116575)
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] WG interest in draft-chudov-cryptopro-cptls… Eric Rescorla
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Russ Housley
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Nikos Mavrogiannopoulos
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- [TLS] Difference between TLS and SSL Ali Fessi
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov