[OpenTRV-dev] Fwd: Comments on proposed securable OpenTRV frame format very welcome...
Damon Hart-Davis
damon at opentrv.uk
Mon Dec 21 17:44:26 GMT 2015
Comments on the frame format, echoing what some of you have already said.
Rgds
Damon
> Begin forwarded message:
>
> From: Paul Galwas
> Subject: Re: Comments on proposed securable OpenTRV frame format very welcome...
> Date: 21 December 2015 at 15:33:27 GMT
>
> Hi Damon,
>
> Things look to be progressing well. A couple of comments:-
>
> 1) ‘tr else security info (such as authentication tag) and possibly
> padding’:
> I’m concerned that with no CRC when the payload is encrypted there will be
> no way to detect corruption of the header fields, and the bodyLength
> (‘bl’) in particular. However, I’ve not thought through in detail the
> possibly ramifications and impact - especially from malicious corruption.
>
> 2) 'Construction and use of IV/nonce’:
> I’m concerned that this construction of IV may be flawed, and suggest
> checking against Appendix A, Recommendation
> for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC,
> NIST Special Publication 800-38D, November 2007, NIST
> http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
>
> I believe that the uniqueness condition is not met. One alternate approach
> would be to XOR with a random nonce, e.g. see Sect 9.1, AES-GCM
> Authenticated Encryption in Secure RTP (SRTP),
> draft-ietf-avtcore-srtp-aes-gcm-16, 5 June 2015,
> https://tools.ietf.org/pdf/draft-ietf-avtcore-srtp-aes-gcm-16.pdf
More information about the OpenTRV-dev
mailing list