Everybody undoubtedly knew more issues
would be found with the new security stuff. We have found two more
items. The first needs clarification, the second, seems like we just
did a bad thing with the March approved, 08-158r1.
Issue #1:
The second to last paragraph on page
163 of SPC-4r14:
If the DS_SQN SA parameter
is equal to FFFF FFFF FFFF FFFFh, the device server shall delete the SA.
<<kdbutt: There is confusion about
this statement.
First, I believe that there is
an assumption that the ICV is correct, that should be stated.
Second, does the deletion occur
after processing the command or do you not process the command and just
delete the SA?
Third, should this be at the
end of the section following this paragraph?
---> page 164, SPC-4r14:
If the command is not terminated due to a sequence number error or a mismatch
between the computed integrity
check value and the contents
of the INTEGRITY CHECK VALUE field, then the device server shall copy the
contents of
the received DS_SQN field
to its DS_SQN SA parameter.<---
Fourth, should the converse be
added to item c) above the paragraph "c)
The value in the DS_SQN field is greater than 32 plus the value in the
device server’s DS_SQN SA parameter and
if the DS_SQN SA parameter is not equal to FFFF FFFF FFFF FFFFh."
Fifth, it seems weird to delete
the SA here. What is the thinking or justification for this? Is
it intended to happen only when there is a failure?
>>
Issue #2:
The new reserved field was placed between
two values used in generating the AAD field used for ICV. A lot
of algorithms expect it to be a flat buffer (i.e., contiguous). With
the new reserved fields there is a gap. This would disallow generating
as the buffer is being built.
Table 70 and 71 (and 75 and 76) have
the SAI and SQN contiguous with reserved fields before them. Tables
72 and 73 (and 77 and 78) have a gap between SAI and SQN with that gap
being the new reserved bytes.
SUGGESTED FIX: The reserved bytes
should be before the SAI and SQN.
pg 164 of SPC-4r14 describes how the
SAI and SQN fields are used.:
===============
If the integrity algorithm for the SA
specified by the DS_SAI field is AUTH_COMBINED (see 5.13.7.2), then the
AAD
input to the encryption algorithm is
composed of the following bytes, in order:
1) The bytes in the DS_SAI field; and
2) The bytes in the DS_SQN field;
The INTEGRITY CHECK VALUE field contains
a value that is computed as follows:
a) If the integrity algorithm is not
AUTH_COMBINED, the integrity check value is computed using the
specified integrity algorithm with the
following bytes as inputs, in order:
1) The bytes in the DS_SAI field;
2) The bytes in the DS_SQN field;
3) The bytes in the INITIALIZATION VECTOR
field, if any; and
4) The bytes in the ENCRYPTED OR AUTHENTICATED
DATA field after encryption, if any, has been performed;
or
b) If the integrity algorithm is AUTH_COMBINED,
the integrity check value is computed as an additional
output of the specified encryption algorithm.
================
Thanks,
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-2869 / 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt@us.ibm.com
http://www-03.ibm.com/servers/storage/