Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
"Gregory S. Chudov" <chudov@cryptopro.ru> Wed, 30 November 2005 15:37 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhU1e-0007Yr-0E; Wed, 30 Nov 2005 10:37:42 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhU1b-0007YZ-Qb for tls@megatron.ietf.org; Wed, 30 Nov 2005 10:37:41 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA01380 for <tls@ietf.org>; Wed, 30 Nov 2005 10:36:54 -0500 (EST)
Received: from mx2.cryptopro.ru ([213.59.158.218]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EhULt-0007Jx-H6 for tls@ietf.org; Wed, 30 Nov 2005 10:58:39 -0500
Received: from fandra2k ([192.168.68.6]) by mx2.cryptopro.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 30 Nov 2005 18:40:03 +0300
Message-ID: <069701c5f5c4$550ce230$0644a8c0@cp.ru>
From: "Gregory S. Chudov" <chudov@cryptopro.ru>
To: Dmitry Belyavsky <beldmit@cryptocom.ru>, tls@ietf.org
References: <20051128190250.C9E7622244D@laser.networkresonance.com><7.0.0.10.2.20051128144717.02c1fc78@vigilsec.com> <Pine.LNX.4.62.0511291734070.23219@manul.lan.cryptocom.ru> <055101c5f50d$ab2b78a0$0644a8c0@cp.ru> <Pine.LNX.4.62.0511301114490.29704@manul.lan.cryptocom.ru>
Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
Date: Wed, 30 Nov 2005 18:40:03 +0300
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="ISO-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.1830
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
X-OriginalArrivalTime: 30 Nov 2005 15:40:03.0937 (UTC) FILETIME=[550F0510:01C5F5C4]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Content-Transfer-Encoding: 7bit
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Greetings. They use usual HMAC, and i think it makes sense to use the standard scheme from TLS for them (Null or standard stream cipher, ch. 6.2.3.1). I think we can put it this way: Cipher suites TLS_GOST341094_WITH_NULL_GOSTR3411 and TLS_GOST34102001_WITH_NULL_GOSTR3411 use the same record payload protection scheme, as described in section 6.2.3.1 of [TLS]: MACed_data[seq_num] = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment; CipherSpec.hash_size = 32 GenericStreamCipher.MAC = HMAC_GOSTR3411 (MACed_data[seq_num]) Cipher suites TLS_GOST341094_WITH_GOST28147_OFB_GOST28147 and TLS_GOST34102001_WITH_GOST28147_OFB_GOST28147 use IMIT_GOST28147 as MAC function. IMIT_GOST28147 is basicly a form of GOST28147 cipher. To be robust to attacks based on timing and EMI analysis, one symmetric key should not be used for large quantities of plaintext, so the CryptoPro Key Meshing algorithm from [CPALGS], section 2.3.2, is applied to the MAC keys. Each record MAC is computed, using the cipher state resulting from processing the previous record, which is equivalent to computing the MAC from concatenation of all previous records: CipherSpec.hash_size = 4 GenericStreamCipher.MAC = IMIT_GOST28147 (MACed_data[0] + ... + MACed_data[n]) Good luck and thanks for feedback. ----- Original Message ----- From: "Dmitry Belyavsky" <beldmit@cryptocom.ru> To: "Gregory S. Chudov" <chudov@cryptopro.ru> Cc: <tls@ietf.org> Sent: Wednesday, November 30, 2005 11:26 AM Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt > Greetings! ... > Thank you, this paragraph provides enough information for me to understand > your design decision. > > But the section 2 of draft-chudov-cryptopro-cptls-02.txt proposes two > cipher suites with GOSTR3411-based MAC. Is key meshing applied > for these cipher suites too or do they use usual HMAC? And what is MACed > data for them? ... > -- > SY, Dmitry Belyavsky (ICQ UIN 11116575) _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] WG interest in draft-chudov-cryptopro-cptls… Eric Rescorla
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Russ Housley
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Nikos Mavrogiannopoulos
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- [TLS] Difference between TLS and SSL Ali Fessi
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov