IETF Logo Mail Archive

Re: [COSE] [Rats] RAM requirements for COSE/CWT

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 23 February 2022 22:43 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194363A1047; Wed, 23 Feb 2022 14:43:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4O3chWUy3SpG; Wed, 23 Feb 2022 14:43:02 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 867243A1040; Wed, 23 Feb 2022 14:43:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 026B43909D; Wed, 23 Feb 2022 17:51:35 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id qgcsfSY61WK2; Wed, 23 Feb 2022 17:51:33 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7B08839095; Wed, 23 Feb 2022 17:51:33 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1645656693; bh=oJtYUBosO37MRiuZqpKJh3seOZM4wI714Yi6cOLbmos=; h=From:To:Subject:In-Reply-To:References:Date:From; b=kiAZIUdCDOa1E8w9tEKotsUdfVL2cqQKBts1yfu2q+O7cjt7wflhQglqX/7yzUiyu TI50D/gSknhTOabL2FnE2vt45xq4f7y+QC/lmZgdl3quyHj5SGpN1v4C9csPgnqO6G lIpzWpRV9iEhwItf2O4QL2LCod/uUVrsZ/d8tGU/hRiPpwSWML/CG1eM4qiXZIQ/sR 2NgaUY6mP6iiEr3HbWW41Pvjc2jRLLnSD/0DUAEu9UNJtYycHXwN+AXsFzmmbWPBj7 g74eAj5l6hxYBtZ2M/4acAmAjmfxo4s/ea6HfbFGhKFFrNhT62GmCqprGsAIRIAOX3 WfJ96kObgpukg==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 43006537; Wed, 23 Feb 2022 17:42:58 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "rats\@ietf.org" <rats@ietf.org>, "cose\@ietf.org" <cose@ietf.org>
In-Reply-To: <AB9F0C55-9C23-43F1-A83F-91D4159C888F@island-resort.com>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com> <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com> <1a16c80d-40cd-baba-b1ce-2033dd0db294@gmail.com> <D22D0D63-F76C-48B3-A034-F8B5B2BB6005@tzi.org> <2c8be442-9899-d117-155c-f6f2096b7055@gmail.com> <92C7CF7C-ED23-41B3-AB32-8438C4C88C20@tzi.org> <14c8d106-3b4b-f973-94b8-018852ff4769@gmail.com> <8C2C6592-D5B9-430A-B878-E1009E9BCF22@tzi.org> <AB9F0C55-9C23-43F1-A83F-91D4159C888F@island-resort.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Wed, 23 Feb 2022 17:42:58 -0500
Message-ID: <10215.1645656178@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/51dd4BG97i6jNE5tZCSvcXqFLmE>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2022 22:43:08 -0000

I've read the exchange between Laurence and Carsten and Anders.

If we accept that the only constrained part will be the Attesting Environment
on the Attester, and that all other systems (Verifier, RP) are at least >
class 2 (RFC7228), then we clearly should be optimizing for ease of encoding.

While my experiences with Op-Tee is rather shallow (I compiled it once),
my impression is that it is at least class 2 in size.  A bit of memory
allocation won't be a problem, or pre-allocating a few kilobytes for the CWT
won't be a problem.

I have experience with QCBOR, TinyCBOR and NanoCBR.
My experience is that indefinite length strings are not really needed as long
as one is encoding into a memory buffer.  Noting where the length box is and
filling it in later isn't impossible, but it certainly is harder if one
doesn't have an estimate of the size to know which integer size to use.
Worst case, one can assume that the strings can't exceed the size of the
output buffer!

My claim that an output buffer is needed is that we are going to sign it all,
and while one can construct SHA256 hash calculators that don't need the bytes all
in a row, it's such a pain to do generically, that if one is doing it, one is
creating a bespoke hasher.

I see no strong reason to rule indefinite encodings out: Verifiers and RPs should be
prepared to process them.  I would not encourage their use by encoders.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.8.7 | Report a Bug | By Email