IETF Logo Mail Archive

Re: [COSE] COSE Support for AES-CTR and AES-CBC

David Brown <david.brown@linaro.org> Mon, 14 November 2022 21:38 UTC

Return-Path: <david.brown@linaro.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60FB3C14CF13 for <cose@ietfa.amsl.com>; Mon, 14 Nov 2022 13:38:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dc3IBPbqqT6c for <cose@ietfa.amsl.com>; Mon, 14 Nov 2022 13:38:04 -0800 (PST)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACFDC14CF05 for <cose@ietf.org>; Mon, 14 Nov 2022 13:38:04 -0800 (PST)
Received: by mail-pl1-x62b.google.com with SMTP id p12so11329461plq.4 for <cose@ietf.org>; Mon, 14 Nov 2022 13:38:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=a9DOyNmuX3Y8Ar7l+uobrNrBqvBkTOnRgrKK3L+qQ8M=; b=Wusy6dCD4ovnmJnrgg0afBe7SceH+n1Thqy4B5Mr6EHctoMFZac0J2fEqZnJmmUoNf kgotqPReFU5y/ZhTD1A9bfV4Knr0jclI9d+4kLDKJCvFURhLSRAw8c19+bU7HkfkYw0c RPJIhryU96B0tW8ia427j+VdQ5mzS43lK5ca8/m+i6rz+J2AAS2FKYk2Qfdpauz4iUqC uk3tWj/IgVBGvwhyhk6r+K+kulISCro7nM2hR3Y6PUuDOKqrkZ6pZwJgZVUuAA3asuh0 xB5bCD1Redgr7b6nJYcASUGi/hMYLx1kPHxeNcB60oLV2q8u50/oxeGoQTwSa3aexFXA +Xbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a9DOyNmuX3Y8Ar7l+uobrNrBqvBkTOnRgrKK3L+qQ8M=; b=tQQDNTz4RxDyWO3nQ1R4pqc0hd80ceKPulYGuB46s6iExp68xgx3k3JyNlBE7NSWAW H1Tq/x2TEqDAP4xqp5jo5C8txmPVeQ9OsiviJVxS+2uRFztoFjRaMaPrQK6FTIuMlbXu FUhzD5UNIFr+oSullS0qo8m2FI+zE4hDzswN//ZpAIB+sINHYfVTJ/QqTehtyrUNe64z HURCHop+y/S7odpcOMJmcnRsCUPV5piOs+hCXFKYWx5XDzXalMwdzc5BNrfulxNQ9Xzi CZkTM/LShRyY/9I2qtSRTPEvdfj614lfJOtisOlAKK6UaR5dhpmse5EBv0a94XMHXgct TEsg==
X-Gm-Message-State: ANoB5pnKJWBBxp9k4MJc7bQ4u9N0j3VfHPDgc8wXJ5ASIPAdXcsOiswh /eGSxHuVGLspVlgV+QZQrcyQD9lDGQ0Id6gt4T6V8Q==
X-Google-Smtp-Source: AA0mqf6KC4wM/U/gE5200sYzrXghmIsHr/P5H3lmRGRXIfeG83RZ/ZyrVIw6zGJR1X0kXYf6xbYXNaSfAgLdawOQdAA=
X-Received: by 2002:a17:903:25cd:b0:186:ae32:28bc with SMTP id jc13-20020a17090325cd00b00186ae3228bcmr1132187plb.41.1668461883356; Mon, 14 Nov 2022 13:38:03 -0800 (PST)
MIME-Version: 1.0
References: <CO1PR00MB13086039D60B9997AE5F5928F54E9@CO1PR00MB1308.namprd00.prod.outlook.com> <SA1PR00MB1310AB40F32B3B2E9FC36D31F5239@SA1PR00MB1310.namprd00.prod.outlook.com> <ADE35F26-5BF8-4205-A8B5-36C1F55E8207@vigilsec.com> <32d84d35531543469a4a196a7b137cb1@amazon.com> <39D0918E-F757-4205-9D27-882E4587F95A@vigilsec.com> <CAPmVn1N7brE5SsgTU9n3ubCY3NExZfrgobkubRx7671LbU5Tcg@mail.gmail.com> <CAPmVn1OJgeVGkjBnjh-1zQcvptWDqSnE4YiAd7wM7-Eh-0xg=A@mail.gmail.com> <CH0PR11MB54440ECC855D3FF9ABB28551C13C9@CH0PR11MB5444.namprd11.prod.outlook.com> <0FC770F8-8E4E-44EA-AC55-BB5E1C8EAF27@vigilsec.com> <CAPmVn1OT9sHngCQwbParMdMLH-EVfuJvtsOxqTXF6Ku2d9Dg3A@mail.gmail.com> <6E40DA4A-71A5-4B1B-93A7-EC9C7E298376@vigilsec.com>
In-Reply-To: <6E40DA4A-71A5-4B1B-93A7-EC9C7E298376@vigilsec.com>
From: David Brown <david.brown@linaro.org>
Date: Mon, 14 Nov 2022 14:37:26 -0700
Message-ID: <CACTP9nvAHGxQYrwt0hX=KuUH4AY+-fU67=GRW+XhtXqX6xUpOw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Brendan Moran <brendan.moran.ietf@gmail.com>, Scott Fluhrer <sfluhrer@cisco.com>, "Arciszewski, Scott" <scottarc@amazon.com>, "cose@ietf.org" <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e112fa05ed750da1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/mFpteUkdBoCxFBl5z4FYjF62a6A>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 21:38:08 -0000

I'm not sure this is quite right. As I understand what Scott/Brendan is
suggesting in #2 is that we use AES-GCM, and we verify the tag when the
initial message is received. Then, when we piece-by-piece decrypt it, the
tag is not verified, because we are not verifying the entire image.

I like this approach, because we don't have to say that it is AES-CTR. But,
I'm a little concerned that our implementation is effectively implementing
this after the tag has been verified. I think we limit damage from
ciphertext modification because after the entire image is decrypted, we
validate a signature over the plaintext.

This gives us the best of both, and would be acceptable to mcuboot.

David

On Tue, Nov 8, 2022 at 4:20 AM Russ Housley <housley@vigilsec.com> wrote:

> I am not sure that #2 meets the requirement.  At least one bootloader
> implementer has said that it is hard enough to finds space for the
> signature value, but adding authentication tags on top of that is too hard.
>
> Russ
>
> On Nov 8, 2022, at 5:24 AM, Brendan Moran <brendan.moran.ietf@gmail.com>
> wrote:
>
> Am I correct in understanding that we have three options as far as the
> SUIT use case goes?
>
>    1. We register an algorithm identifier for AES-CTR, mark it as
>    deprecated.
>    2. We take a variant of AES-GCM to cfrg; one where plaintext data
>    explicitly IS returned before the tag is verified. If cfrg review
>    determines it is appropriate, we register an algorithm identifier, and mark
>    it as deprecated.
>    3. We use a block-wise AEAD that is already in COSE and accept that
>    there is a payload inflation due to the additional tags.
>
> Best Regards,
> Brendan
>
> On Mon, Nov 7, 2022 at 6:29 PM Russ Housley <housley@vigilsec.com> wrote:
>
>> Scott:
>>
>> The AES-CCM specification says:
>>
>>    If the T value is not correct, the receiver MUST NOT reveal any
>>    information except for the fact that T is incorrect.  The receiver
>>    MUST NOT reveal the decrypted message, the value T, or any other
>>    information.
>>
>> My reading of the NIST AES-GCM specification has a similar requirement:
>>
>>    If T = T′, then return P; else return FAIL.
>>
>> So, your technique works from a math perspective, but it does not honor
>> this requirement.
>>
>> Russ
>>
>>
>> On Nov 7, 2022, at 8:46 AM, Scott Fluhrer (sfluhrer) <
>> sfluhrer=40cisco.com@dmarc.ietf.org> wrote:
>>
>> Here’s how out-of-order GCM works:
>>
>> The decryption part is easy; if you know where the ciphertext fragement
>> falls within the overall message, then it is obvious how to select the AES
>> input to decrypt it properly.
>>
>> What’s less obvious is the integrity piece; that is, how to compute the
>> GCM tag (so that you can compare the value you compute to the tag included
>> with the ciphertext).  Yes, it can be done; to see how it is done, we need
>> to explore how GCM tags are computed:
>>
>> With GCM, we take the ciphertext (and the AAD), and convert them into a
>> series of 16 byte values M_n, M_{n-1}, M_{n-2}, …, M_1; this mapping is
>> quite simple (so 16 bytes of the ciphertext are placed into a single M_i
>> value).  Once we do that, we compute:
>>
>>    M_n H**n + M_{n-1} H**{n-1} + … + M_1 H**1
>>
>> (and then, we add in a value that depends on the nonce, and that’s the
>> tag – that part isn’t affected by out-of-the-order processing.
>>
>> Now, the multiplication operations (both in evaluating H**n and
>> multiplying M_n with H**n), and the addition operations are both in
>> GF(2**128); these are not the traditional schoolbook operations, instead,
>> the multiplication looks odd, and the addition operation can be implemented
>> by bitwise xor’ing the two values together); however all the traditional
>> ways of rearranging operations work (and any GCM implementation will
>> already have the appropriate multiplication logic already).
>>
>> So, when we need to implement out-of-order evaluation of the above
>> polynomial, that is, if we get the parts of the ciphertext that corresponds
>> to M_a, M_{a-1}, …, M_b, (where c = a-b), what we can do is evaluate the
>> intermediate polynomial:
>>
>> M_a H**c + M_{a-1} H**{c-1} + ... + M_b H**0.
>>
>> Once we have that, we can compute H**b (which can be done with log(b)
>> multiplications), and multiply the polynomial with that.  The result of
>> that is:
>>
>> M_a H**a + M_{a-1} H**{a-1} + … + M_b H**b.
>>
>> We can add that to the running sum.
>>
>> Once we have all the fragments, we have the sum; if you add them all
>> together, that’s the formula GCM expects, and so we can compute the
>> expected tag.
>>
>> Just some notes:
>>
>>
>>    - If the ciphertext fragment you have doesn’t happen to fall on nice
>>    16 byte boundaries, you can zero fill in the first and last word and it
>>    still works.  For example, if you have a two byte fragment that falls
>>    across a 16 byte boundary ABCD, you would process this as the two words
>>    0000000000000AB and CD00000000000000
>>    - One thing that this depends on is that you get all the fragments,
>>    and you get each one exactly once; if you get one of the fragments twice
>>    and add both to the running sum, well, this doesn’t work.
>>
>>
>> *From:* Brendan Moran <brendan.moran.ietf@gmail.com>
>> *Sent:* Monday, November 7, 2022 6:33 AM
>> *To:* Russ Housley <housley@vigilsec.com>; Scott Fluhrer (sfluhrer) <
>> sfluhrer@cisco.com>
>> *Cc:* Arciszewski, Scott <scottarc@amazon.com>; cose@ietf.org;
>> s.fluhrer@cisco.com
>> *Subject:* Re: [COSE] COSE Support for AES-CTR and AES-CBC
>>
>> Sorry, I had the wrong email address for Scott.
>>
>> I’m trying to understand some of the concerns that have been raised. I
>> understand that AES-GCM is not exposed to the concerns that Sophie and has
>> raised?
>>
>> If we used AES-GCM with out of order reception and on-the-fly decryption,
>> would that mitigate the risks?
>>
>> Best Regards,
>> Brendan
>>
>> On Mon, 7 Nov 2022 at 11:03, Brendan Moran <brendan.moran.ietf@gmail.com>
>> wrote:
>>
>> I talked with Scott Fluhrer today about this use case and he’s pointed
>> out that GCM can be processed out of order.
>>
>> Scott, would you be able to elaborate on this?
>>
>> Best Regards,
>> Brendan
>>
>> On Wed, 26 Oct 2022 at 22:51, Russ Housley <housley@vigilsec.com> wrote:
>>
>> Scott:
>>
>>
>> Introducing AES-CTR and/or AES-CBC into COSE tokens that already support
>> AES-GCM will open the GCM implementations to new security issues. Namely,
>> potential padding oracle vulnerabilities.
>>
>>
>> I think that adding a reference to the existing paragraph in the Security
>> Considerations will address this concern:
>>
>>    With AES-CBC mode, implementers SHOULD perform integrity checks prior
>>    to decryption to avoid padding oracle vulnerabilities [Vaudenay].
>>
>>
>> At minimum, the Security Considerations section of
>> draft-ietf-cose-aes-ctr-and-cbc-01 needs to call this risk out:
>> Applications that encrypt or decrypt with AES-GCM *MUST NOT* support
>> AES-GCM or AES-CTR with the same cryptographic materials, due to the
>> existence of cross-protocol issues. One way to safeguard users from
>> potential misuse is to use a separate "type" for keys used with
>> unauthenticated encryption modes; similar to how COSE distinguishes MACs
>> from Signatures.
>>
>>
>> I suggest an addition paragraph in the Security Considerations:
>>
>>    To avoid cross-protocol concerns, implementations MUST NOT use the
>>    same keying material with AES-CTR and AES-GCM.  Likewise,
>>    implementations MUST NOT use the same keying material with AES-CTR
>>    and AES-CCM.
>>
>>
>> Additionally, I'd like to recommend sharing this draft with the CFRG
>> mailing list to ensure it has the appropriate level of oversight from the
>> IETF's cryptography experts.
>>
>>
>> AES-CTR and AES-CBC are not new cryptographic modes.  New techniques
>> deserve CFRG review, but AES-CTR and AES-CBC have been included in RFCs for
>> many years.
>>
>> Russ
>>
>> _______________________________________________
>> COSE mailing list
>> COSE@ietf.org
>> https://www.ietf.org/mailman/listinfo/cose
>>
>> _______________________________________________
>> COSE mailing list
>> COSE@ietf.org
>> https://www.ietf.org/mailman/listinfo/cose
>>
>>
>> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>

v2.23.0 | Report a Bug | By Email