Short AES GCM Tags?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Short AES GCM Tags?

Mike Duigou-2
I've discovered that the Java 8 JSSE doesn't allow 64 or 32 bit tags to
be used with AES GCM. (Enforced in CipherCore) I had hoped to use short
tags per the guidance of NIST Special Publication 800-38D Appendix C.
The Javadoc for GCMParameterSpec mentions 32 and 64 bit tags but I can't
find an explanation of why small tags are not supported by Java 8 JSSE.

Is there a reason that the short tags aren't offered?

Thanks,

Mike
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Short AES GCM Tags?

Valerie Peng

The short tag length is not for general applications and their usage
comes with additional requirements such as length of input data and
lifetime of the key which SunJCE provider does not implement. Thus,
SunJCE provider limits the supported tag length to the 5 values defined
for general-purpose applications.

Regards,
Valerie

On 4/13/2017 1:58 PM, Mike Duigou wrote:

> I've discovered that the Java 8 JSSE doesn't allow 64 or 32 bit tags
> to be used with AES GCM. (Enforced in CipherCore) I had hoped to use
> short tags per the guidance of NIST Special Publication 800-38D
> Appendix C. The Javadoc for GCMParameterSpec mentions 32 and 64 bit
> tags but I can't find an explanation of why small tags are not
> supported by Java 8 JSSE.
>
> Is there a reason that the short tags aren't offered?
>
> Thanks,
>
> Mike

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Short AES GCM Tags?

Bernd Eckenfels-4
Hello,

I also think there is no short version for TLS anyway. RFC 5288 states that the Tag is 128 bit and the hmac truncation extension (which would allow 80 bit) is not valid for GCM.


From: security-dev <[hidden email]> on behalf of Valerie Peng <[hidden email]>
Sent: Monday, April 17, 2017 10:31:29 PM
To: [hidden email]
Subject: Re: Short AES GCM Tags?
 

The short tag length is not for general applications and their usage
comes with additional requirements such as length of input data and
lifetime of the key which SunJCE provider does not implement. Thus,
SunJCE provider limits the supported tag length to the 5 values defined
for general-purpose applications.

Regards,
Valerie

On 4/13/2017 1:58 PM, Mike Duigou wrote:
> I've discovered that the Java 8 JSSE doesn't allow 64 or 32 bit tags
> to be used with AES GCM. (Enforced in CipherCore) I had hoped to use
> short tags per the guidance of NIST Special Publication 800-38D
> Appendix C. The Javadoc for GCMParameterSpec mentions 32 and 64 bit
> tags but I can't find an explanation of why small tags are not
> supported by Java 8 JSSE.
>
> Is there a reason that the short tags aren't offered?
>
> Thanks,
>
> Mike

Loading...