Re: [COSE] COSE Support for AES-CTR and AES-CBC

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 28 October 2022 11:27 UTC

Message-ID: <a14fb861-5575-1896-0636-478148062562@cs.tcd.ie>
Date: Fri, 28 Oct 2022 12:27:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>, "Arciszewski, Scott" <scottarc=40amazon.com@dmarc.ietf.org>
Cc: "Zundel, Brent" <brent.zundel=40avast.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>
References: <CAGi82uNOmJJdO2HKcE8M491Vv_PLgk8J8vvfsEE88CMZkmALmw@mail.gmail.com> <a69db82e96374a36b1f7164da3c5556e@amazon.com> <CAEEbLAZXLmvQbXkdqJcO2erQLVBic3gfuGPv8XRTSxZRiAaAvQ@mail.gmail.com> <DBBPR08MB59154655A83674320C831E32FA329@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <DBBPR08MB59154655A83674320C831E32FA329@DBBPR08MB5915.eurprd08.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------BUwenOEVjTLdNLRq3eOXlR0v"
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|DB9PR02MB7355:EE_
X-MS-Office365-Filtering-Correlation-Id: 9b377ce1-bd49-4a1f-48db-08dab8d76f09
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eC4/KZFa02wqf/NBvWIGR1zM28nWxniR6z1ROl68KSC6y/bJ7JnoFFZvBXNN6xVczSfIgsg5ACtsNn6iONk52FF3g+kdcgduxAYGFwRkdUrLLIRN4/RwWBzJqmJZwIpEKM/5hb2dUiXItN3cTTewr+hbTvaI6x5FkNMFFTqA8wdiiWmd994YALyb3eMGvdEUpxPIYUjNKYJsSiFMF9T9YTaKXNlNSV0wuCC9YYrXMUOKAOw59joeI2NaiX/+er2btSaFPpoaUOheJnMe/pfmkKWwNSCw9vATwJOtUqoeTH2e63qu2/JZejmlyuv1356v3Zn/x9jt1mf8+Gbn2r6A/u0A6OuFEVBEuAGd3nj4EJ3MIHnZ/1Ni2Fy9Bh5xFOgcyVrt+usvq7tVcQmfiXxsHcWaMNDd+7keOdf2URI0LGD7TssBgHZj0SiJxkxz6QqwzOefZRIxp4tk+RMPRv7O1pzFqC7zDi6t1dmXgSYNbEriNt5A2YTNGrKhSSgA3k2oxynGnTvfwh6YkxnGAifkwZ8OQ1CqeGuOGJsOFyEP9fBtvjKR4uTLmHIgWiRFab+PgYwxVOBNDuHxUn1E8xvgymuLA5itXhvTlxJHV0E2fFzQVuvgRvTv74luncmr4BRZ13si4/VBT1aesMDIhv1tvpth69YT9IchpysRcvZnGmu7oIwB7GShtoa3sdasLm0rP2k9UcXxJ5nKMETKTAiUCfZIEdGiyFgwqHG6Haqm5f4mn+26KvTMgIaSTuFIxlMhgCb99zaKqsI3OWUM65Rryo4NJ0mvDPEL6DRaLTwq/Qr2nzJK8K0Ts/+5PLm6ks8r
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(346002)(396003)(366004)(376002)(39860400002)(451199015)(53546011)(478600001)(36756003)(31686004)(966005)(38100700002)(21480400003)(86362001)(31696002)(2616005)(6512007)(316002)(6506007)(33964004)(786003)(186003)(6486002)(2906002)(5660300002)(44832011)(8936002)(83380400001)(8676002)(66476007)(4326008)(66556008)(110136005)(54906003)(45080400002)(66946007)(41300700001)(235185007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7pMT/hZ6fet/7pQi1MExIKZwSDJL4F0pi1EHTyn6dUY4u4PrfNaxuqMuB5BcC4dgKN6gvUsHz7ECxt0ME5tgv11JqEZHZQyVESCxfSEWLXgWjDfhB1uWuvb51PiyXvKykD/CdQrF67oXIaRIjhcE7uT5SOkzWrGKkp+XMhneitKaoWoKQa0niamDmTo8Iaw9Ucs/D11ScWmiLMZrlzeMT8BHsD6fcoPFbTqCrff8NVEF1RhNvf7k/Q5A3Aqfqn9+Jt2sOFLIfCmst/rMOMrax1raZm1hk/l20FA9lP3YV7fNy2BiJSUIySaM0dpqNLHgXtxVwR5d5NbSbtvnXYug1LVZstjSH8y+DEfsfEpLPlsnBM+UE9f5QlZYuxx4uSLY2Du8McORuQAe4aEc3KzEQqF+zWLSpZV6JIuqzuQHMVl3dE4tn1+TXiU6myovSLpYCKsdmFrX8sktkuiOAUSRsVmv2Xpj9W/22XWv8oyxBUp9m4UAGXSqSlztfNjj2ZISvk27T8Gi9Eg4Zza5EImkwDo98dt6JCyuUyef21OPQ/WxriBIVAi4ZGkO8KiFWGgyHacC7o/pKhkRCChoLi3L3OCabN9EBfmNeo4VALv3kRVdClJhJViHaxrPMLm+UBpOo/Z2NM0oMrKyQXzgzjfdfHbH0+ODEqHINSzGd4wGmJQH/eKgZ4sfV8GUNPNS993xSLtqRO5ZCjufeJOS47AWvPzerK63qK6PzYmxiUeWe3sXvvaXypeDRPvW+tOrUkMreemI3RJUa/oPj8UtwQ+5wONB7OJZui9RDudwJhG9Cp+4QnTll/gIaeXtSI11qENf2008Xjcb0yaYwdc9aVeolj3EfJ+X5wKQnI8YxlaVODLjhkwxDanPtt+XVfxTfke2km8XQSYMQS1ohPe4Y2fbK3/+CB7CWLy5RXX7VWIa3iIBosecG9vgDfckwjTW3RSGa2DIql3jg2Dwz5m7WQniMT7iN2tKz2XcWKVpg0nfgjs1emAJ/BQbV/vJX41eHuwlHScG1AxNH1cb6cAN/DfGXxQhT5cCBxvq+keNLHRWk5UVjB1JBs05hgt1DahtHREl/uSs1SLEVOaj/FJ7xrje9KsJ/a9YfT+AgrL93GYueF4jjABEu6xem1DWOHZeW1B5lpQUtOofwshAwqlefmy5NCgr1Eq7mUeewt0yeU5nLvhyGsKwAyxmSsg4G2ofW8BA18ICzRBO5LuOpuE/2W/VfUemwb2ttmwHBgFsBzTekPk2/xd3ObdPsiaNHmT6yAjHffn1I3Uf5gt3JWKAUvflU8D6HNtSATu5avmpaS8y0K26s74+FCRtQxTxT3Se/0tE4WfKLKOF5DtWYsADCTbLrclOihKtSZOirxS7WxlGdRg06AF52LfvAWLLJF19xuQARZ5xfeQqG5fJLUirjrtkaEKCGmFLsKqeHPBS2H4t4eoaJgN+k7wwZS+yR+JskGkKvzM1YFgKSMuDpchuYOQ86wswWL6pirX/TIAHbfX1vX8G5SyU4muVThT2B31h2sIKON1/uNN4e1Pdj1mzkbPMzNdmzq9nlEq/kS6ssog9KB0ADsUmaD/CmiLH5r72BbLCQw5Iq5ukQreTmoSxF6mX0aCPSorNJyXKv75M7yJ8X96fKxuTIGi6gjnlObyTSQNK
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b377ce1-bd49-4a1f-48db-08dab8d76f09
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 11:27:44.9517 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: TvFeeDY1y7Lxg8+vCspqrRy+d0zFkVstNHhMnEPqprsgMLDdbhJsd7R91L8v6uDj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB7355
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/fVfHQOzSvO8eFz3U4UdAcx6kxTs>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 11:27:56 -0000

Hiya,

I was curious as to how this requirement might arise so I
took a look...

On 28/10/2022 10:44, Hannes Tschofenig wrote:
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-suit-firmware-encryption-09
> provides a more detailed description of the firmware update scenario,
> see particularly Section 8.
That says:

    The ability to restart an interrupted firmware update is often a
    requirement for low-end IoT devices.  To fulfill this requirement it
    is necessary to chunk a firmware image into sectors and to encrypt
    each sector individually using a cipher that does not increase the
    size of the resulting ciphertext (i.e., by not adding an
    authentication tag after each encrypted block).

And then...

  For this purpose ciphers without integrity protection are used to
    encrypt the firmware image.  Integrity protection for the firmware
    image must, however, be provided and the the suit-parameter-image-
    digest, defined in Section 8.4.8.6 of [I-D.ietf-suit-manifest], MUST
    be used.

I'm not convinced by that. Why couldn't you just store
the tag for each chunk wherever the signature is stored?

Overall, I'd say defining non-AEAD modes doesn't seem
like a good trade-off.

S.

Attachment: OpenPGP_0x5AB2FAF17B172BEA.asc
Attachment: OpenPGP_signature

[COSE] Call for adoption of CBOR Object Signing a… Mike Jones
Re: [COSE] Call for adoption of CBOR Object Signi… Hannes Tschofenig
Re: [COSE] Call for adoption of CBOR Object Signi… Russ Housley
Re: [COSE] Call for adoption of CBOR Object Signi… Ken Takayama
Re: [COSE] Call for adoption of CBOR Object Signi… Brendan Moran
Re: [COSE] Call for adoption of CBOR Object Signi… Emmanuel Baccelli
[COSE] Call for adoption of CBOR Object Signing a… David Brown
[COSE] Call for adoption of CBOR Object Signing a… Russ Housley
Re: [COSE] Call for adoption of CBOR Object Signi… Mike Prorock
Re: [COSE] Call for adoption of CBOR Object Signi… Orie Steele
Re: [COSE] Call for adoption of CBOR Object Signi… Blumenthal, Uri - 0553 - MITLL
Re: [COSE] Call for adoption of CBOR Object Signi… Mike Jones
[COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Zundel, Brent
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
Re: [COSE] COSE Support for AES-CTR and AES-CBC Stephen Farrell
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
Re: [COSE] COSE Support for AES-CTR and AES-CBC Ilari Liusvaara
Re: [COSE] COSE Support for AES-CTR and AES-CBC Scott Fluhrer (sfluhrer)
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran

Re: [COSE] COSE Support for AES-CTR and AES-CBC

Attachment: OpenPGP_0x5AB2FAF17B172BEA.asc

Attachment: OpenPGP_signature