IETF Logo Mail Archive

Re: [jose] [COSE] HPKE PartyU / PartyV

"lgl island-resort.com" <lgl@island-resort.com> Tue, 27 February 2024 21:05 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26DD1C151088; Tue, 27 Feb 2024 13:05:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNBUQg81AXCz; Tue, 27 Feb 2024 13:05:50 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2130.outbound.protection.outlook.com [40.107.243.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 455D9C14CF12; Tue, 27 Feb 2024 13:05:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gTj/yXKx4hpJbyDegNgLsoDW5IACKCw0sWml/TLhXaxRb37zHThjNhPE0h1VeFBFWY6x1FHlJnW84CMUQ+2BHdcvAMW7yxwalgYzNBHzv/CN7SZDim0TjvI4Oihns8R4jrByy5NpE9uP9TgFMXpK6zXFwPTZbOFdUNfbLgYMsWiW0KJlQCuhXqNO5DjC6iKbYsjDrFNxUW77NJP5Y2VFpRKX2OEAs23mrLpOUlqovxx7evzaT0UrLrmamqEOQc0qz0oApVnUb+pJIqbxnjPZdg91Gk1+hEOdbTyN2+8TyGQwtdPClff80i2/8MyHDsWBK82SqntgONx2HyjdY8iXkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wXzy6ZnmtJRGSJWDm1mdxip2AHfRLgcnxIJEA+dDqLE=; b=TdIJ5Z8mjb+yOA7uiFQdYLQB0znGsrEIVh+nE0f+SJ7r/jH3WhU2kVE8MjQ7oxwx1NuZNAC1TtsFzCLkHBi59QaLx9+EWusOkXVcJls+3uxxazpQCioz741uulYpivSFEAmB84/mkt5SRNXCBtMlWu3pTCkJzVRgS0HZ+jUm6MII3kKCdk2vRgyzvy6eRs4jZUiM2vPKknktb0DBxryyDo4ZpMVxvW8D1kbzx42a4ho8scNDnGdWn4px1vl6j+MY5ydCpKmi4YzyFwEdnQcdvwvEzfkJzmppdBI9fjUihI0HAbx6XK02Eqd15BfbFEyI8CppC9ZMv8fmuVI0jnk37w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by IA0PR22MB4289.namprd22.prod.outlook.com (2603:10b6:208:493::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Tue, 27 Feb 2024 21:05:46 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e%4]) with mapi id 15.20.7316.034; Tue, 27 Feb 2024 21:05:46 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: Orie Steele <orie@transmute.industries>
CC: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Thread-Topic: [COSE] HPKE PartyU / PartyV
Thread-Index: AQHaabgHK0JASQwyj0KB5PMF70PkrLEerfgA
Date: Tue, 27 Feb 2024 21:05:45 +0000
Message-ID: <3EBA25EC-98BC-48A6-B569-9B26E8BA3D47@island-resort.com>
References: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com>
In-Reply-To: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|IA0PR22MB4289:EE_
x-ms-office365-filtering-correlation-id: 3efd4487-e32e-4dc4-5164-08dc37d7dde3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: v6pRCWcE7sp03GxeqNncLrSawa8tHuRKQd5njM1qHwLRDlK8d4ig0RLtz6Sx5r/Yh3TbMjGVdgyhNGM8wFWquv5/bxb/0utGSqFJbmLbFu2nUDxEaoS9C/0yH1sBnEVTaRJbtm+VoNGQlSuDg/t0tYnN0Wd/gtlGDv9LsaxtlrSf+b3AvOgN3OjP4B8NS5GXQrGsiG+K/8a1Ddi/7o1B7oPGQxdmgdTeyAI1algXwbf9EA1Ts+1b0uSeBIPcT/PQregrkARdgR6JzkvHIPHiZUdISckPowWMy8whEJQ54PKsgeVUMaEemOnSxiz9efzva+/JC8/YaMGRUC5IStyJzXwvr8iIgCMftfejfECfF38Iyg3KRZCXAB5tTnxiC88cNdm9BwDB+Km4g4/ZPoNs8IwNz0SUdkegvWLrkF04eeYXRlHIGGFEZIgQutvmbsYw8zXFSSdwuv/8n79nWC55acAZ/CHsTfGh53dBwa+14PDG2NO3C0hJHmuR2RUxKVw46SoHFFk2IA8/TzlNuX2DUBP9AVnMSuAjBEhLY6GzPJAP9WejPZ1g8qYr1uLb2+OwFPObFNHMcpmzD7Xgm9+tZWb9QFNjpfE+6ZOgdOVXqESn43NrPyFjRhAa82GSGF9Wfj9d6FDhaF/gJtXIq3btUp0cV5KL1RAFOuCDYCvkF9tpJaKpQeGF/wLtTrvUG4n4ySRJCDhqEmgvx1IENZY6kouoKzqeM29v6es4z412kz0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009)(3093399003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: g3zfawvMAgjxRhjy/bBsc2wJA92o6XB/XhHcqXHopzCSFIm+CVJuKl577l/MVYBUKpuB80ab28JKQ/jMazbvIdvjQdsJWXty3Wkb7DP1bYYQ/44FaT/z/8w7MUCFb2t5Oks5zPlrzFTCnN2pcxRGq6u5VGRCmozRoGozJXx+L1iCZO5JXk+Sk89ayyqF0HGImu00TTqHGnhm8Ser61NB8h5q6N+ipGGUBbETB8G1UnhlzbZYL75JvvoxU5By014zAwukPnWgc0eBkxtmMs1+LGMHLd/XUg2h872CsX7iCM/r4v5uAI3EeEgRnJXYUGMpXyT1PSE7XbmqwVV9qwWqfdroemqKhFXSbrqN/LG8OYsKUkCBWwFude4XUr/7tH0yQvlIfaeSZ1x/sGUKwcc5veh6ennPoZZQXnhf3l2DhyXANbU2Gf0S9FJUf3cNtg+G9n0ouHHQsrLQWdZ7v9doG5AGhb/pEaxhgp+o/Ew+6m7Fbzc85ZqyYv67Rj7fU3UBJRgfh/x3J6vLe9V6GvptPLQcT5hmEGb9Q8Mk/IivucaID8Lp0Nw5pOi864zwvMbW445B63SzQYyvb+CVz0ShcxE2K5sWoQLS7WsnnpcMV9wPwYXA8ETTNOI86voewluylQbu5EdiFpGcJvjETvNBZu4OYxD+vO6MB6k8T/yFPkyGnPl2wKf1ucJ9dpS+bzEtqr6PXuK8hienFaja+X/9xQx5GsP9+XQhXBfi2TNrlB5phzSZXJWQKHDslsdOeCCZObzv+xpuMt7LHGSgxjuc8oxVYmz5JVuja1qBzyoG/g5hFo+BU0hYfhR0/A9LkFDy6pVXCqwsUnyZTZzE9+cGA0NkB5UENmXhe8B6T2Q6TeAouXHcGDadJzP6UUbKNEVhO8tBj2v1kkpQKUdpyOawSSIU+UTLwZKM6BgEQDJTlvYGCYnRwfPLww1f6jDlG8371ksxit/TfinzzycboQ786lwPpfqw7PLMDml+lQJP5iMZsGeGkhOmSFEdFAtajkQkkn9FcoOdNm/x+BqLfurKQxTodX5BiQspGB3dmtB1PrjwWD9Rk4kdITvobfVSZ9Btlzwqb09Z+zNFkktS/0pbl4oJwUynBVdqdzrfGOkSlB17wDsVsUxl1S2JHDURCUb1k0h2S627ElqHmR6JQcFjSIXo1UNBcLX6382UlbK+D+y+Uzt1LqrQ69EnvOYayR18PbfQT4yAWmprRmrl8Y4oR1teMTNz6/3PSnZrQGXFLB0VkohGdSRmTbsI5R4dBrfz+TVtrqSfrLbVLArMNo4t5EX0XVLXKOYeXU2m+GK3KXHWuUvC/rxmezXW/ci2ty3qDjDeuoNFfkdewB7pMD0jutWLrmbPQmD6A672g9c1/UjRI519RZyzZcs+9s96kiNmAjI1dzXgWWLTsHTUbO/cQBchiDW+j3hHB6oh8tFY6cYka2YeSYsLNbRWmAeCzhcAFNvBaUHnczsbh1Odpv9y/jPyIelPvnz9jTo8yT0LzJPrwVn8CECqLG2CL8jL1EXH2MQQ+MWKX2Bl5uWWnUiQxcjo9dPkSOV6vnRdN6EQ8rfVAK/yhrYLwl5vmAQiN9sWguJyKCQG5Ixps+xYlddh7Q==
Content-Type: multipart/related; boundary="_004_3EBA25EC98BC48A6B5699B26E8BA3D47islandresortcom_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3efd4487-e32e-4dc4-5164-08dc37d7dde3
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2024 21:05:45.9565 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1WY8BeNimlgdQif00h1poGgJlOzwL/34gtXS7jdn/ARmcRWcq2ZPrO1O6fFQXcwDjFEJt5TM1dchpY8sSskG/g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR22MB4289
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Pwu0B9p_ZR3-bACltaEtvvG-3jc>
Subject: Re: [jose] [COSE] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2024 21:05:54 -0000

Here’s API documentation for what I did for t_cose after the San Francisco IETF.

TLDR — PartyU / PartyV are unnecessary; if you are worried about something for your use case, add a random salt to the KDF context.

This was for COSE -29 and -25. COSE-HPKE has even less reason to use these IMO.

LL



t_cose_recipient_enc_esdh_party_info()

Like the documentation for t_cose_recipient_enc_esdh_supp_info() this gives an opinion and recommendation: PartyU and PartyV should be left unset and unused. Don't call this method.

The point of PartyU and PartyV is to bind the content encryption key to the sender and receiver context. These are in COSE because they are in NIST SP800-56A and JOSE. They are justified by academic papers on attacks on key agreement protocols found in Appendix B of NIST SP800-56A. Probably these attacks don't apply because you probably are using a good RNG and because the ephemeral key is generated anew for every encryption. Good RNGs are much more common now (2023) than when these papers were authored.

These data items are described in RFC 9053 section 5.2. This API only allows setting Party*.identity. It doesn't allow setting Party*.nonce or Party*.other. It always sets them to \c NULL. Speaking with opinion, 'nonce' and 'other' seem very unnecessary and complex. Hopefully, no implementation ever uses them. Everything needed can be done with the 'PartyInfo*.identity' data items.

 See t_cose_recipient_enc_esdh_supp_info() where it is recommended to set one of the KDF context inputs and additionally t_cose_recipient_enc_esdh_salt().

 The opinions here were formed from discussions with long-time workers on COSE, CMS, LAMPS, reading of NIST SP800-56A and trying to formulate attacks that these data items defend against.

<https://github.com/laurencelundblade/t_cose/blob/dev/inc/t_cose/t_cose_recipient_enc_esdh.h>
[bd5ad74c-9697-4c62-aec5-84c27ee4494e.png]
t_cose/inc/t_cose/t_cose_recipient_enc_esdh.h at dev · laurencelundblade/t_cose<https://github.com/laurencelundblade/t_cose/blob/dev/inc/t_cose/t_cose_recipient_enc_esdh.h>
github.com<https://github.com/laurencelundblade/t_cose/blob/dev/inc/t_cose/t_cose_recipient_enc_esdh.h>




On Feb 27, 2024, at 1:02 PM, Orie Steele <orie@transmute.industries> wrote:

Hello OSE-Enthusiasts,

As we align JOSE and COSE drafts for adding support for HPKE, we've encountered our old friends:

PartyU and PartyV...

JOSE has this to say: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.2

"""
   The "apv" (agreement PartyVInfo) value for key agreement algorithms
   using it (such as "ECDH-ES"), represented as a base64url encoded
   string.  When used, the PartyVInfo value contains information about
   the recipient.  Use of this Header Parameter is OPTIONAL.  This
   Header Parameter MUST be understood and processed by implementations
   when these algorithms are used.
"""

COSE has this to say: https://datatracker.ietf.org/doc/html/rfc9053#name-context-information-structu

(TLDR... No MUST).

We have an opportunity to maintain parity here, and essentially repeat the support for behavior we have in JOSE and COSE for "ECDH-ES+A128KW", when PartyU and PartyV are present.

HPKE has support for enabling this consistently, and JOSE and COSE have the structures we need to use, already defined.

My question is not if we can do this, it is SHOULD we do this....

I've always found this part of encryption in JOSE troublesome, why is it necessary for HPKE to support this?

Are we passing up an opportunity to simplify things and remove an unused/underutilized feature from being required in a new, and currently not used encryption scheme (HPKE).

Is it time for apu and apv to be ignored when present and not understood?

Regards,

OS

--

ORIE STEELE
Chief Technology Officer
www.transmute.industries
[https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc]<https://transmute.industries/>
_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email