IETF Logo Mail Archive

Re: [COSE] [Rats] RAM requirements for COSE/CWT

Laurence Lundblade <lgl@island-resort.com> Thu, 24 February 2022 01:46 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 077253A129A for <cose@ietfa.amsl.com>; Wed, 23 Feb 2022 17:46:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9IvykUYxOP5P for <cose@ietfa.amsl.com>; Wed, 23 Feb 2022 17:46:23 -0800 (PST)
Received: from p3plsmtpa09-06.prod.phx3.secureserver.net (p3plsmtpa09-06.prod.phx3.secureserver.net [173.201.193.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9315C3A1289 for <cose@ietf.org>; Wed, 23 Feb 2022 17:46:23 -0800 (PST)
Received: from [192.168.1.4] ([75.80.148.139]) by :SMTPAUTH: with ESMTPA id N3D4nbtM5jLSON3D4nKQQA; Wed, 23 Feb 2022 18:46:22 -0700
X-CMAE-Analysis: v=2.4 cv=P6v/OgMu c=1 sm=1 tr=0 ts=6216e36e a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=IkcTkHD0fZMA:10 a=l70xHGcnAAAA:8 a=48vgC7mUAAAA:8 a=aBs-JvV7DiDbmdfAWIEA:9 a=QEXdDO2ut3YA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <10215.1645656178@localhost>
Date: Wed, 23 Feb 2022 17:46:21 -0800
Cc: "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5A9AB23C-6FD7-4F59-BE1E-378F8C6D939A@island-resort.com>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com> <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com> <1a16c80d-40cd-baba-b1ce-2033dd0db294@gmail.com> <D22D0D63-F76C-48B3-A034-F8B5B2BB6005@tzi.org> <2c8be442-9899-d117-155c-f6f2096b7055@gmail.com> <92C7CF7C-ED23-41B3-AB32-8438C4C88C20@tzi.org> <14c8d106-3b4b-f973-94b8-018852ff4769@gmail.com> <8C2C6592-D5B9-430A-B878-E1009E9BCF22@tzi.org> <AB9F0C55-9C23-43F1-A83F-91D4159C888F@island-resort.com> <10215.1645656178@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfCI3pBQjOCplECYCJ5z31hvdlEInY+Htf9dfr0LJkQxJGx19jjaoSgIGt9km/lTkcJFA/VzgTXV7BwExm20CS4wJBNOUWWaBwE/uf0NQRIQ/Hpv0IRlk DcYesFVv8RmFydlNQyOccln1OKgYWZpaJ/8WH0tMoLMhoXWPD97kF+BZgYSpWoGR4riuaag8pRLuinuX3j9b4w97QS/l3b3fiqU1Uoj6wd2nXVPMtGoC1ccl WeNesk72RIhpablhdAeW7A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/p1gMVqBvjmrrKqYGKVa0X_isTdU>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2022 01:46:28 -0000

I believe the targets motivating full encoding variance for EAT are pure hardware implementations. Think of a TPM-like chip that outputs EAT. Or a HW IP core that ARM sells for your SoC.

I’m pretty sure this is quite possible without any SW (except the driver SW for the EAT attestation core, network stack and such that doesn’t need to be secure).

Experience with SW implementation like QCBOR is not particularly relevant.

LL




> On Feb 23, 2022, at 2:42 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> I've read the exchange between Laurence and Carsten and Anders.
> 
> If we accept that the only constrained part will be the Attesting Environment
> on the Attester, and that all other systems (Verifier, RP) are at least >
> class 2 (RFC7228), then we clearly should be optimizing for ease of encoding.
> 
> While my experiences with Op-Tee is rather shallow (I compiled it once),
> my impression is that it is at least class 2 in size.  A bit of memory
> allocation won't be a problem, or pre-allocating a few kilobytes for the CWT
> won't be a problem.
> 
> I have experience with QCBOR, TinyCBOR and NanoCBR.
> My experience is that indefinite length strings are not really needed as long
> as one is encoding into a memory buffer.  Noting where the length box is and
> filling it in later isn't impossible, but it certainly is harder if one
> doesn't have an estimate of the size to know which integer size to use.
> Worst case, one can assume that the strings can't exceed the size of the
> output buffer!
> 
> My claim that an output buffer is needed is that we are going to sign it all,
> and while one can construct SHA256 hash calculators that don't need the bytes all
> in a row, it's such a pain to do generically, that if one is doing it, one is
> creating a bespoke hasher.
> 
> I see no strong reason to rule indefinite encodings out: Verifiers and RPs should be
> prepared to process them.  I would not encourage their use by encoders.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.8.7 | Report a Bug | By Email