[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: gcm
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: gcm |
Date: |
Mon, 05 Oct 2020 14:58:24 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 7653d41 gcm
7653d41 is described below
commit 7653d417abc4f30906c252484b003229156ab857
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
AuthorDate: Mon Oct 5 14:51:32 2020 +0200
gcm
---
draft-schanzen-gns.xml | 63 +++++++++++++++++++++++++-------------------------
1 file changed, 31 insertions(+), 32 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 3ef601b..7f89014 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -552,7 +552,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
extraction phase and HMAC-SHA256 for the expansion phase.
The output keying material is 32 octets (256 bits) for the symmetric
key and 4 octets (32 bits) for the nonce.
- The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key:
+ The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key.
</t>
<t>
The nonce is combined with a 64-bit initialization vector and a
@@ -722,13 +722,19 @@ SB == R + SHA512(R, zk', M) * A'
<!-- FIXME: here we SHOULD consider standardizing AES-GCM
instead. Please review this choice when implementing
EDKEY support! -->
- The S-Encrypt() and S-Decrypt() functions use AES in counter mode
- as defined in <xref target="MODES" /> (CTR-AES-256):
+ The S-Encrypt() and S-Decrypt() functions use AES in galois
+ counter mode as defined in <xref target="GCM" /> (GCM-AES-256):
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-RDATA := CTR-AES256(K, IV, BDATA)
-BDATA := CTR-AES256(K, IV, RDATA)
- ]]></artwork>
+RDATA := GCM-AES-256(K, IV, BDATA)
+BDATA := C|T = GCM-AES-256(K, IV, RDATA)
+ ]]></artwork>
+ <t>
+ The result of the GCM encryption function is the encrypted
+ ciphertext "C" concatenated with the GCM authentication tag "T".
+ Accordingly, the length of BDATA equals the legnth of the
+ RDATA plus the length of the GCM authentication tag.
+ </t>
<t>
The key "K" and counter "IV" are derived from
the record "label" and the zone key "zk" as follows:
@@ -737,39 +743,16 @@ BDATA := CTR-AES256(K, IV, RDATA)
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
K := HKDF-Expand (PRK_k, label, 256 / 8);
-NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
+IV := HKDF-Expand (PRK_n, label, 16 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
extraction phase and HMAC-SHA256 for the expansion phase.
The output keying material is 32 octets (256 bits) for the symmetric
- key and 4 octets (32 bits) for the nonce.
- The symmetric key "K" is a 256-bit AES <xref target="RFC3826" />
key:
- </t>
- <t>
- The nonce is combined with a 64-bit initialization vector and a
- 32-bit block counter as defined in <xref target="RFC3686" />.
- The block counter begins with the value of 1, and it is incremented
- to generate subsequent portions of the key stream.
- The block counter is a 32-bit integer value in network byte order.
- The initialization vector is the expiration time of the
- resource record block in network byte order.
- The resulting counter ("IV") wire format is as follows:
+ key and 16 octets (128 bits) for the IV.
+ The symmetric key "K" is a 256-bit AES <xref target="RFC3826" />
key.
</t>
- <figure anchor="figure_hkdf_ivs_edkey">
- <artwork name="" type="" align="left" alt=""><![CDATA[
-0 8 16 24 32
-+-----+-----+-----+-----+
-| NONCE |
-+-----+-----+-----+-----+
-| EXPIRATION |
-| |
-+-----+-----+-----+-----+
-| BLOCK COUNTER |
-+-----+-----+-----+-----+
- ]]></artwork>
- </figure>
</section>
<section anchor="gnsrecords_gns2dns" numbered="true" toc="default">
@@ -2282,6 +2265,22 @@ ee83f0cc79c4c5ea
</abstract>
</front>
</reference>
+ <reference anchor="GCM"
target="https://doi.org/10.6028/NIST.SP.800-38D">
+ <front>
+ <title>Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC</title>
+ <author initials="M." surname="Dworkin" fullname="Morris Dworkin">
+ <organization>NIST</organization>
+ </author>
+
+ <date year="2007" month="November"/>
+ <abstract>
+ <t>
+ This Recommendation specifies the Galois/Counter Mode (GCM), an
algorithm for authenticated encryption with associated data, and its
specialization, GMAC, for generating a message authentication code (MAC) on
data that is not encrypted. GCM and GMAC are modes of operation for an
underlying approved symmetric key block cipher.
+ </t>
+ </abstract>
+ </front>
+ </reference>
+
<reference anchor="ed25519"
target="http://link.springer.com/chapter/10.1007/978-3-642-23951-9_9">
<front>
<title>High-Speed High-Security Signatures</title>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: gcm,
gnunet <=