Re: [COSE] COSE Support for AES-CTR and AES-CBC
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 28 October 2022 11:27 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A651AC14CE23 for <cose@ietfa.amsl.com>; Fri, 28 Oct 2022 04:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnFDlLlWXKnP for <cose@ietfa.amsl.com>; Fri, 28 Oct 2022 04:27:52 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2091.outbound.protection.outlook.com [40.107.20.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF916C14CF02 for <cose@ietf.org>; Fri, 28 Oct 2022 04:27:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hstIU1VRLTNbpteUcy6o9qXuRzZOGJqguJuorSz5bsxv5CVm4BA9tjVweoz1tq4y1l5tJwUQks2yP3PA6RHj7xTv76KGCebN7kupV3SX7cdEz/sYDD530JzxUcA+C9DzdkplkyrPlQzN82d3CX4Raoe5AAWaM+GYg3EWTMHer7nTjsbh+cgAa1pvFXeZCGzkCwWwl3Q8mIsoaN2vDaSE1Ptqq3E8Umt2QiQLjZT+Ld4Ipwsdw1S4JCSFcBIjE2w+dTZXOwAbm5cn8kpnnRV/aeScjtmx3qdXnmRRTEvsUsb+X575fH6Zlz7mEFBYNcn1Jvk2t6qI+VFGY4rskqEQ7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vuezip1cWFHM1lA7hqGvxqdeKN4AOJKjZSeUYtowank=; b=HgrM7lwP2ASb1zyIl0KhtQ8ch/eOmYsh+P0hFSpLSTTvvyksq4gAS5K0es2oeopxyWNGivSEsnkkqd3ZxDrKyuPv4LnaE0aE/YrcjGhHa3iyNl6Mlrrrb8NDcRE/ZDsupWdkmmNSb42IZnefzeatvcgeinqzkExS6/GRnb7mbzZmoi1fsC4PM0AiU4IfZ5i4Ydhv2YrdGhGHqWKSHY3svtOH87adFSPIg4iTqMBDjtGCaWVpR/7X0phBQClqIXwBliyLNwyCgqpE5+h/fIm4NQQ3tC08bc2C2KkevNs2rQdih5mU6FdZDgvI0HMjpQOEJ7GtmHMJVBquzh9A6zhY+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vuezip1cWFHM1lA7hqGvxqdeKN4AOJKjZSeUYtowank=; b=o3BIll1KqVIdEGlrJmLcHJIaDCOthR/s4PK74mG0cN9eMB4gxlS6WJWB/yWKZViWJeuxnuaFA8kYSnF/4bSGTf2qtJKWSy00ZuTQ0fXUwygKSW3Tf5kwcnamGZP3XnydRSr0LdIzVBOAM6PmLG8V0ggjXLTke4Ut6fRhBzN19paUi5TbCf2G2n+3BnzUeZ+AP7IfkDSnlvTszAc8WuQ1GeHJSH4N/m6YcXtY+F+k5a42mqvn0d57vq+SE7xURMsJ8hVMRGFPz3ztXq/KAzRpZX3MVsagfVm/zQy+r+4/MuTzrkSwR7fc2Y6NDAtC3hpDXjOLItbs1uwcVxNmpLo1HA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB9PR02MB7355.eurprd02.prod.outlook.com (2603:10a6:10:24a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14; Fri, 28 Oct 2022 11:27:45 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ab27:b708:ed83:b088]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ab27:b708:ed83:b088%6]) with mapi id 15.20.5746.028; Fri, 28 Oct 2022 11:27:45 +0000
Message-ID: <a14fb861-5575-1896-0636-478148062562@cs.tcd.ie>
Date: Fri, 28 Oct 2022 12:27:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>, "Arciszewski, Scott" <scottarc=40amazon.com@dmarc.ietf.org>
Cc: "Zundel, Brent" <brent.zundel=40avast.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>
References: <CAGi82uNOmJJdO2HKcE8M491Vv_PLgk8J8vvfsEE88CMZkmALmw@mail.gmail.com> <a69db82e96374a36b1f7164da3c5556e@amazon.com> <CAEEbLAZXLmvQbXkdqJcO2erQLVBic3gfuGPv8XRTSxZRiAaAvQ@mail.gmail.com> <DBBPR08MB59154655A83674320C831E32FA329@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <DBBPR08MB59154655A83674320C831E32FA329@DBBPR08MB5915.eurprd08.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------BUwenOEVjTLdNLRq3eOXlR0v"
X-ClientProxiedBy: DB3PR08CA0019.eurprd08.prod.outlook.com (2603:10a6:8::32) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|DB9PR02MB7355:EE_
X-MS-Office365-Filtering-Correlation-Id: 9b377ce1-bd49-4a1f-48db-08dab8d76f09
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eC4/KZFa02wqf/NBvWIGR1zM28nWxniR6z1ROl68KSC6y/bJ7JnoFFZvBXNN6xVczSfIgsg5ACtsNn6iONk52FF3g+kdcgduxAYGFwRkdUrLLIRN4/RwWBzJqmJZwIpEKM/5hb2dUiXItN3cTTewr+hbTvaI6x5FkNMFFTqA8wdiiWmd994YALyb3eMGvdEUpxPIYUjNKYJsSiFMF9T9YTaKXNlNSV0wuCC9YYrXMUOKAOw59joeI2NaiX/+er2btSaFPpoaUOheJnMe/pfmkKWwNSCw9vATwJOtUqoeTH2e63qu2/JZejmlyuv1356v3Zn/x9jt1mf8+Gbn2r6A/u0A6OuFEVBEuAGd3nj4EJ3MIHnZ/1Ni2Fy9Bh5xFOgcyVrt+usvq7tVcQmfiXxsHcWaMNDd+7keOdf2URI0LGD7TssBgHZj0SiJxkxz6QqwzOefZRIxp4tk+RMPRv7O1pzFqC7zDi6t1dmXgSYNbEriNt5A2YTNGrKhSSgA3k2oxynGnTvfwh6YkxnGAifkwZ8OQ1CqeGuOGJsOFyEP9fBtvjKR4uTLmHIgWiRFab+PgYwxVOBNDuHxUn1E8xvgymuLA5itXhvTlxJHV0E2fFzQVuvgRvTv74luncmr4BRZ13si4/VBT1aesMDIhv1tvpth69YT9IchpysRcvZnGmu7oIwB7GShtoa3sdasLm0rP2k9UcXxJ5nKMETKTAiUCfZIEdGiyFgwqHG6Haqm5f4mn+26KvTMgIaSTuFIxlMhgCb99zaKqsI3OWUM65Rryo4NJ0mvDPEL6DRaLTwq/Qr2nzJK8K0Ts/+5PLm6ks8r
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(346002)(396003)(366004)(376002)(39860400002)(451199015)(53546011)(478600001)(36756003)(31686004)(966005)(38100700002)(21480400003)(86362001)(31696002)(2616005)(6512007)(316002)(6506007)(33964004)(786003)(186003)(6486002)(2906002)(5660300002)(44832011)(8936002)(83380400001)(8676002)(66476007)(4326008)(66556008)(110136005)(54906003)(45080400002)(66946007)(41300700001)(235185007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7pMT/hZ6fet/7pQi1MExIKZwSDJL4F0pi1EHTyn6dUY4u4PrfNaxuqMuB5BcC4dgKN6gvUsHz7ECxt0ME5tgv11JqEZHZQyVESCxfSEWLXgWjDfhB1uWuvb51PiyXvKykD/CdQrF67oXIaRIjhcE7uT5SOkzWrGKkp+XMhneitKaoWoKQa0niamDmTo8Iaw9Ucs/D11ScWmiLMZrlzeMT8BHsD6fcoPFbTqCrff8NVEF1RhNvf7k/Q5A3Aqfqn9+Jt2sOFLIfCmst/rMOMrax1raZm1hk/l20FA9lP3YV7fNy2BiJSUIySaM0dpqNLHgXtxVwR5d5NbSbtvnXYug1LVZstjSH8y+DEfsfEpLPlsnBM+UE9f5QlZYuxx4uSLY2Du8McORuQAe4aEc3KzEQqF+zWLSpZV6JIuqzuQHMVl3dE4tn1+TXiU6myovSLpYCKsdmFrX8sktkuiOAUSRsVmv2Xpj9W/22XWv8oyxBUp9m4UAGXSqSlztfNjj2ZISvk27T8Gi9Eg4Zza5EImkwDo98dt6JCyuUyef21OPQ/WxriBIVAi4ZGkO8KiFWGgyHacC7o/pKhkRCChoLi3L3OCabN9EBfmNeo4VALv3kRVdClJhJViHaxrPMLm+UBpOo/Z2NM0oMrKyQXzgzjfdfHbH0+ODEqHINSzGd4wGmJQH/eKgZ4sfV8GUNPNS993xSLtqRO5ZCjufeJOS47AWvPzerK63qK6PzYmxiUeWe3sXvvaXypeDRPvW+tOrUkMreemI3RJUa/oPj8UtwQ+5wONB7OJZui9RDudwJhG9Cp+4QnTll/gIaeXtSI11qENf2008Xjcb0yaYwdc9aVeolj3EfJ+X5wKQnI8YxlaVODLjhkwxDanPtt+XVfxTfke2km8XQSYMQS1ohPe4Y2fbK3/+CB7CWLy5RXX7VWIa3iIBosecG9vgDfckwjTW3RSGa2DIql3jg2Dwz5m7WQniMT7iN2tKz2XcWKVpg0nfgjs1emAJ/BQbV/vJX41eHuwlHScG1AxNH1cb6cAN/DfGXxQhT5cCBxvq+keNLHRWk5UVjB1JBs05hgt1DahtHREl/uSs1SLEVOaj/FJ7xrje9KsJ/a9YfT+AgrL93GYueF4jjABEu6xem1DWOHZeW1B5lpQUtOofwshAwqlefmy5NCgr1Eq7mUeewt0yeU5nLvhyGsKwAyxmSsg4G2ofW8BA18ICzRBO5LuOpuE/2W/VfUemwb2ttmwHBgFsBzTekPk2/xd3ObdPsiaNHmT6yAjHffn1I3Uf5gt3JWKAUvflU8D6HNtSATu5avmpaS8y0K26s74+FCRtQxTxT3Se/0tE4WfKLKOF5DtWYsADCTbLrclOihKtSZOirxS7WxlGdRg06AF52LfvAWLLJF19xuQARZ5xfeQqG5fJLUirjrtkaEKCGmFLsKqeHPBS2H4t4eoaJgN+k7wwZS+yR+JskGkKvzM1YFgKSMuDpchuYOQ86wswWL6pirX/TIAHbfX1vX8G5SyU4muVThT2B31h2sIKON1/uNN4e1Pdj1mzkbPMzNdmzq9nlEq/kS6ssog9KB0ADsUmaD/CmiLH5r72BbLCQw5Iq5ukQreTmoSxF6mX0aCPSorNJyXKv75M7yJ8X96fKxuTIGi6gjnlObyTSQNK
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b377ce1-bd49-4a1f-48db-08dab8d76f09
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 11:27:44.9517 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: TvFeeDY1y7Lxg8+vCspqrRy+d0zFkVstNHhMnEPqprsgMLDdbhJsd7R91L8v6uDj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB7355
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/fVfHQOzSvO8eFz3U4UdAcx6kxTs>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 11:27:56 -0000
Hiya, I was curious as to how this requirement might arise so I took a look... On 28/10/2022 10:44, Hannes Tschofenig wrote: > > https://datatracker.ietf.org/doc/html/draft-ietf-suit-firmware-encryption-09 > provides a more detailed description of the firmware update scenario, > see particularly Section 8. That says: The ability to restart an interrupted firmware update is often a requirement for low-end IoT devices. To fulfill this requirement it is necessary to chunk a firmware image into sectors and to encrypt each sector individually using a cipher that does not increase the size of the resulting ciphertext (i.e., by not adding an authentication tag after each encrypted block). And then... For this purpose ciphers without integrity protection are used to encrypt the firmware image. Integrity protection for the firmware image must, however, be provided and the the suit-parameter-image- digest, defined in Section 8.4.8.6 of [I-D.ietf-suit-manifest], MUST be used. I'm not convinced by that. Why couldn't you just store the tag for each chunk wherever the signature is stored? Overall, I'd say defining non-AEAD modes doesn't seem like a good trade-off. S.
- [COSE] Call for adoption of CBOR Object Signing a… Mike Jones
- Re: [COSE] Call for adoption of CBOR Object Signi… Hannes Tschofenig
- Re: [COSE] Call for adoption of CBOR Object Signi… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Ken Takayama
- Re: [COSE] Call for adoption of CBOR Object Signi… Brendan Moran
- Re: [COSE] Call for adoption of CBOR Object Signi… Emmanuel Baccelli
- [COSE] Call for adoption of CBOR Object Signing a… David Brown
- [COSE] Call for adoption of CBOR Object Signing a… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Prorock
- Re: [COSE] Call for adoption of CBOR Object Signi… Orie Steele
- Re: [COSE] Call for adoption of CBOR Object Signi… Blumenthal, Uri - 0553 - MITLL
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Jones
- [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Zundel, Brent
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Stephen Farrell
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Ilari Liusvaara
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Scott Fluhrer (sfluhrer)
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran