IETF Logo Mail Archive

Re: [COSE] [jose] HPKE PartyU / PartyV

"lgl island-resort.com" <lgl@island-resort.com> Wed, 03 April 2024 22:43 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A450C14F6B6 for <cose@ietfa.amsl.com>; Wed, 3 Apr 2024 15:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 548vYOidhPDz for <cose@ietfa.amsl.com>; Wed, 3 Apr 2024 15:43:00 -0700 (PDT)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2098.outbound.protection.outlook.com [40.107.95.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96E55C14F6AD for <cose@ietf.org>; Wed, 3 Apr 2024 15:43:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F92vjBVgRORDngxSc+LZMGGaWyja+M6dspvaZeULdM7bJs9du2HD0wTB0+UxlOmcPTZukH7W2+x4TCkxQcKPPSOSG6dEMe5hkv8TzsXk1OHGZG6VcpJA+9+ar9Ayio9KvomFp0KhjPDJO6npwcUAmoesIl03Ry6QeOlJli1T1Hh0LByj7kXMGGBiW+qAaTsRqE1LXGWQqKqes0PGhG3WHh9E1LsYclkVVyGdtLdrIboSuOWYxIYmQg1kkV8XdcIrDABPUw1uhdCsiV+KvrpPytRuBkfOS3NLveIDS1Umf9MobvjAcrmCPTnR5M7p8w8cbsIG4U/HP/gw9fDjOLkw7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aiK014ZTl3dZfDIufnMvT0dn7KhMIjHik2bS+Ftx9Qk=; b=lGN8+CAftXp3byrPJwgtYlvePQqJq3+3Ksq+aCZDrZzuDtsbFrBrGrau1Aj4nTpxg/T5wbperIBmTSaAFkHxuhUJVZZLtzKylV9TMgPzIRn+y4DqxZ/B0AUzoFGleSGdGd2v1yIo68o/XTXFnndrX/vGzXFEUHzimgo9QKdRtV5OC4WieZOGcTZ1eer121P4udsb+pCpAIbIbO6mizdjrv33fXoh/8gFpMsBC8H9yG99YlwToGpP8PpAbrquHZ8E2/VIXxeOMjuOzjMoh8oSx9FGGGyI5y5xRVUSUEKekMrPsZP+wlmcSXQ5d6Wh+bldKZceznXQDCOq79VmgWfiZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SJ0PR22MB3379.namprd22.prod.outlook.com (2603:10b6:a03:3eb::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Wed, 3 Apr 2024 22:42:56 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e%5]) with mapi id 15.20.7409.042; Wed, 3 Apr 2024 22:42:56 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
CC: cose <cose@ietf.org>
Thread-Topic: [COSE] [jose] HPKE PartyU / PartyV
Thread-Index: AQHaeLqobEXWyBU1aUaEzEnRI3t5JbE9J0eAgABRDACAAEpqAIAAVIaAgAFWWICAAGA5gIABGIwAgAA5tQCAAn1EAIAAL1iAgACK1YCAABpHAIABJ7QAgAA494CAAN3WAIAAvXmAgAAb24CAALZ3gIAO/u+A
Date: Wed, 03 Apr 2024 22:42:56 +0000
Message-ID: <15D237F4-BD29-47EF-B61F-E87131CD7560@island-resort.com>
References: <CAN8C-_KgZmFMkg_GsF0YgzgS+jCJKWAOZdytZKVwgbirrDUc_Q@mail.gmail.com> <Zf1jjGx2ZimgRqAD@LK-Perkele-VII2.locald> <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com> <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com> <CAFWvErWKs0gzfvPymsOGfQXjMuAQRUJNaodvVfAbUWiwbuNMwg@mail.gmail.com> <Zf8N0hhwhhFJuFlI@LK-Perkele-VII2.locald> <AF75EFD3-F7FF-4F64-830F-E69B1C250335@island-resort.com> <Zf_3ssDYfnEh1qIW@LK-Perkele-VII2.locald> <2EA56DC2-D0B4-4BCA-9149-0C348B16E4D0@island-resort.com> <CAN8C-_K4ndbbOUg6JShf5psgLwjJdAPnXsVTKVPvjGUenBEX4A@mail.gmail.com> <ZgFHETkHxGevTsY5@LK-Perkele-VII2.locald>
In-Reply-To: <ZgFHETkHxGevTsY5@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|SJ0PR22MB3379:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: M77cyinzHWIxw1vdw9V1IJ4mO9oZC1lWkhg7PfuXkKuJOUj9J9QpQm/4XE4MBudR994ZGqhuX43hBqdK183MOIjX9HTZAQlEKBUTDcMoPpJgqFlyadJIoCoKpc50l7rcxTTgQE7+vEw9hvZ/geT4hRSl0iM/86BKteF4DqWLvQTzkbe9ZaP8kpgdnmDh55HK8kDepQVzgGjlb9vXu2gmUgn6IoEVjQva3aCWwllaA1VwIvOWbPoaOuOP8i8xcBR/spOsu6fHW0maM+ttnfa6rK2kw1HkfYlI5fQbbNT47bczOEU/Mtxy3yJKDWSxrnwtDqPCl/UjuAkhpjR9PbC+QwHtBdu8AeDJ2odngOOlGlBzH23gHx7LG/it1Zn/c+Y9nt7HB243xu/5gLMjSFlgjErdttoQobHfaJnGFjD5kH9Pb9b2ByAPjo1GEvSKQFA2unk5QsFwBwhfniXheNYMzsS65vjcuD7Ax2nrcvmkSx1LT27FaSiorCuitdLQCmQ+2877OmMSXwr+gHMs3/ZOEOyRWadqm4wYmx+GaDnKyTdPihXwBe8bzxW4wjLEMA6VkKtfsztpEAwl2pjRwS8R5GxWA71nPUQB4J4Uo/wgGNU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PQPhUjAKgB6+08YFezJXLnZhLPZJLnNuhFptjHr2UnKcCJymW/Ff8YUiry/6TPSVvWtNiFkbEbNefAAdNIQoFi6BSJrDCNcjQl5N8hRTeOyPeCTHqR4Mp9QdPIHZre7kMI5IaZSbQ91bV/Kwlr0M+1PvpMTtEl+rD7hNbY9Z5Xd0jhIbwEsrfG4nnaZRtpX5abo63QvXE7DImatk2kMvajBG+A/xJ7dyFYaRWuyWVoAiUOh0+vOGi8lek77wgvJtwnF7lgA2LmYNLqaadVK/Sa6ie9sF1kzmsSlED6SC2o5He8DTXwsJ7XnAKa126+CDd9D5AzxKILnzHW+YHp/fO9AlVdsm7YUJT6vcaxcomquDTd2JjTbXuvkvOwipXmqMUqQR8mbBQv4jwJFrsa2ZUNkplzsruEURzcVq6sA7YQg/Qsg93eEhQRUY7qCkjejpUdfsRim3A7F6GUMEiT3zOMru0oyJqNZGmAHLmTT9ymymoLVB1ivxiuTv1DWL1xze0/ZCli8OKLFpaAaZaUEcAFqGLVYTZ32vxS+t8G3YADVlGL0eiANQtUIjF8/kvFhT/3zOQkbNSELZp0U8DUk5AItOy65yGo8gke0P8VrEr5I5+fv6ebBNgjKCxjoMQvUNSXUuOdTJc3gAshoyyP9ZCP1kZqV7xo8MP1zE1JWlOgOPgxqGsJ6rONOEVr1pzzxeA4D8Lip5jf2exnrwJrz0wH0I1jJ7vtRlvSsjo7T0tBzERt6Dz2GS4DX6HPSWT+FV9ttzABvQmVMxEjTAEWDHMZMFSNt5DXd586GtLpJrDgmbWP8Z9xYgG8WodoL/mZjLrQrPDZJybceXqzMPLvHy39mtG42THCGBvy2VlDqrzF6vKTdZFI6wZz9V1Do2IOCYKZToQYmwDSOILeS3QnaNa/QU9IdrES3GNcb2jP+N7bFCM6J+jlOCrTAlrIca2TxKe7B6dxCwfaog8ln2xPV3O9R409GyhAs5yUYlVxMWsFomw/h0JHHwG/UzaUYsLJcNT1iJM8AryKgQqqVvHWuli3UIIZOY+/sptmdX/pWynpfV05UlPXDMPqAWMdioX3/QiWSvFyhYq3/5qvNt42A15ueo+FUa7URDDCitUaeYLIyDCxwOPhvzWJV2oSWdnuGetBLc6UBSsCsEHGwO31aOjKEx3+2uhkN/7EAn1w/2x8+43lMX6cCvEVXIMM/dqVcziNFmUNL0W6J/kCvdX8Z0xKkBf929LRwIXY/QtoQw2u4Sh/DVvmMPI6M0pJrwKNSLbhrGdG9cWQcLUr8fVlme8JDlu+BcgNTUhe883WXqI0Ad2iYFmV4GGHkyjmKGrwEOadrSzdY8juuT0uAUZTGkLcs1G3m/ZO41DeOd5KtlI8G5dcOY0IcXWqlMsKWJLRFO1Eq9vmHf42LDA0Q7ZA+jTBYoPRbjizkJ4+yX8vns20mOH0/tRB7o3xs1umGLSZUaKfI6lEyengnelSymq3no6ANhbFEtZdGFZRIyEQSPg7TBeoXbGzsHa5dDJTBaoaShcvrpNNdfEHZ3+6ElmiEMxqbotaTvp8ARuu2WdWitVZz8eKARhUO6iLCeevDvNTJbaSSoB/II/jDbxbK1LSuu0Q==
Content-Type: multipart/alternative; boundary="_000_15D237F4BD2947EFB61FE87131CD7560islandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ac4447fe-016b-44af-2d0d-08dc542f67d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2024 22:42:56.1719 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pVjajtCbr0+NUmmNw2/S10VBnhqtyC4JX7TWl25/VNwINrrv5Hc1r8dIBUI71IRYCAk+JvBCUsrwwoCq1TcZrA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR22MB3379
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Mo1xG5EnGAk_CXDL7lBqhDsbOIg>
Subject: Re: [COSE] [jose] HPKE PartyU / PartyV
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 22:43:04 -0000

This<https://github.com/cose-wg/HPKE/pull/58> is my attempt at the outcome of the discussion between Ori, Illari and myself on the list.

I went back to “next_alg" so it can be used with multiple layers of COSE_Recipient, but specify that it is always for the next COSE layer down. It is expected that when a COSE_Recipient employs multiple algorithms like HPKE and -29 do that they lock down all the algorithms they use internally, so it makes sense that this is for the next COSE layer. It was unclear what the alg ID in COSE_KDF_Context was for.

I haven't implemented this, but I'm pretty confident about doing so. I also haven't updated the examples.

I believe it will be possible to re-use Recipient_structure for the -29 replacement.

LL


On Mar 25, 2024, at 2:42 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:

On Sun, Mar 24, 2024 at 05:49:37PM -0500, Orie Steele wrote:
Essentially, every case where we use COSE KDF context to derive a key that
does not commit to the content encryption algorithm, we would need to use a
new context that did commit to the content encryption algorithm, and we
would want to deprecate all the algorithms that were vulnerable to the
cross mode attack at the same time.

Unfortunately, that would mean deprecating some algorithms with no
replacement (mainly Key Transport and Key Wrap class).


Doing what CMS did would work as well.

Basically, add new header parameter (I call it "pcm" for Per-Cipher
Material):

- Specifies a KDF to apply.
- Derives the key to use for symmetric algorithm from input key.
- If base iv is required, also derives that.
- There is no explicit key length, so recipient algorithm MUST NOT
 be Direct Key Agreement or Direct Key with KDF.
- The KDF context looks something like:

 * context: tstr
 * depth: uint/null (null for COSE_Encrypt0)
 * alg: int/tstr (from headers)
 * salt: bstr (from headers)
 * keyflag: bool (true for keys, false for iv)
 * length: uint (number of bytes of key material).


This would also be useful for using Direct Key for bulk encryption.
Currently, there is no great way to do that in COSE (all AEAD algorithms
are unsafe, AES-KW is very slow, and dir+KDF is another layer).


We might as well fully specify the new entries at that rate as well.

ECDH-ES+A128KW+A128GCM
ECDH-ES+HKDF-256+A128GCM

Or fully specified:

ECDH-ES-P384+A128KW+A128GCM
ECDH-ES-P384+HKDF-256+A128GCM

That's a lot of work, and certainly belongs in a separate draft, which I
would be happy to review, but probably don't have time to author at this
point.

A fundamental assumption in COSE is that algorithms can be mixed and
matched in any way that has sensible keyflow.

This would break that assumption, making this extremely bad idea.




-Ilari

_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email