IETF Logo Mail Archive

Re: [jose] [COSE] HPKE PartyU / PartyV

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 01 March 2024 12:01 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13DFDC1516F3; Fri, 1 Mar 2024 04:01:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJPFoQbOkWAL; Fri, 1 Mar 2024 04:01:03 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4b.welho.com [83.102.41.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14265C1516E1; Fri, 1 Mar 2024 04:01:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id D18256CBD2; Fri, 1 Mar 2024 14:01:00 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id NSIFMehd36CG; Fri, 1 Mar 2024 14:01:00 +0200 (EET)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 586BF2316; Fri, 1 Mar 2024 14:00:58 +0200 (EET)
Date: Fri, 01 Mar 2024 14:00:58 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Message-ID: <ZeHDevMI4GvdOEnq@LK-Perkele-VII2.locald>
References: <CAN8C-_J+mMABCa2HPWv5zJ=u1HSb+saq_mn5kB0Wq5upWUyM9Q@mail.gmail.com> <Zd-NRA2kH4fc_d-X@LK-Perkele-VII2.locald> <CAN8C-_+tG9845bn986Anr89ObNpUCzOAuiEJMPh4KGK3ixB+uQ@mail.gmail.com> <Zd-colj_jF47gLQP@LK-Perkele-VII2.locald> <CAN8C-_Jw2J6OY6N7gRVepVuHiC5NqgH36dXQ6krZ1U-Spqq7fQ@mail.gmail.com> <ZeCZJK76cQNZp7q9@LK-Perkele-VII2.locald> <CAN8C-_+_nzGCWV6zNny1j_9TTikW8rBtw9388YB7UGzSwEzoTw@mail.gmail.com> <ZeDih4he5eZ1y3PO@LK-Perkele-VII2.locald> <CAN8C-_LpNbCfe3FDF=4nnGEAnZku3+z51J1VcfxuGVqQab=xZg@mail.gmail.com> <8A6C56DD-F66E-4EBD-9BA1-01971E381D46@island-resort.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <8A6C56DD-F66E-4EBD-9BA1-01971E381D46@island-resort.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/3GOk6jkeIOKNR4eB1jqnW11qhBc>
Subject: Re: [jose] [COSE] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 12:01:08 -0000

On Fri, Mar 01, 2024 at 03:39:11AM +0000, lgl island-resort.com wrote:
> So here’s a possible new Enc_structure Orie suggested. I’m calling
> it Rec_structure. It is just for COSE_Recipients.
> 
> 
> Rec_structure = [
>     context :  “Enc_Recipient” / “Rec_Recipient",
>     protected : empty_or_serialized_map,
>     next_alg : int/tstr
> ]
> 
> - protected is for the protected headers from the COSE_Recpient
> - No external_aad since COSE_Recipient doesn’t have that
> - Pass this as the aad parameter to Seal() as Ilari suggests
> - next_alg is the COSE algorithm ID from the COSE layer below and is
>   mandatory

I would use a single context and add explicit uint depth. Even if I
expect this to always have depth=1 in practice.

The problem with that kind of thing is all the legacy stuff used for
key management that is not AEAD-capable. Even if one redoes all the ECDH
stuff for fully specified algorithms, there is still some other key
management stuff that is fully specified, but can not bind the next
algorithm. And that gets into security relying on optional stuff
territory real fast.


> I've intentionally chose only the algorithm ID, not all the protected
> headers from layer 0.  This is because of implementation complexity
> and memory use. My COSE implementation can handle arbitrarily large
> blocks of header parameters (plus arbitrarily large external_aad)
> without allocating memory through use of incremental hashing. I don’t
> want to have multiple incremental hashes in flight at once, one for
> each recipient, nor do I want to put a cap on the size of header
> parameters or use malloc. Passing only the algorithm ID across layers
> is simpler and cleaner.

And in the COSE library API I showed earlier, one could easily add a
method (TODO: Compile-check and add documentation):

fn get_alg(&self) -> Algorithm<'static> { self.alg }

To get the algorithm. Which is semver minor, so not a breaking change.


And if doing file to file on hardware that has a memory managment unit,
why not memory map the input and output files? :-)



-Ilari

v2.23.0 | Report a Bug | By Email