IETF Logo Mail Archive

[Lake] Re: LAKE-EDHOC-PSK Potential Issue

John Mattsson <john.mattsson@ericsson.com> Tue, 18 February 2025 21:22 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3505EC1CAF38 for <lake@ietfa.amsl.com>; Tue, 18 Feb 2025 13:22:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.251
X-Spam-Level:
X-Spam-Status: No, score=-2.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwV_0kI911b2 for <lake@ietfa.amsl.com>; Tue, 18 Feb 2025 13:22:41 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060.outbound.protection.outlook.com [40.107.20.60]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F378CC1CAE97 for <lake@ietf.org>; Tue, 18 Feb 2025 13:22:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=I3i5XrUeOoHJRI5RsLErpt4zTAivwAI6eeZIMyeSQOWI+VuCJvpy6PUEIdm2ZQwqji3N0RLrI0O/9HJcDgsm9OoFAPYKQTtbdr5jve6pO1zrw+XUvX0kAgTW3JksV+54nB+jE7LVSCmcuti1x/T38GqDYQmhOB8YMxP7vxsvrWdaYwVAyFEfBXTxDc2qswuYiMkxKBH2Lk5BNUGk5DzMqE+a9fbZKv7cdvJIR/Y6EnWLKExNnDNj/5bz3KeGur3tUnWc4bsttq5i/28kZUnsuMVySg2UL75q42FtFop6TzgK38xYRmhwG29we54iapZdihqG52qTcsjA+WgTRoPiAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/bm7fmhOHkq1SYYpHEDw4G6H4oUZC1PIlwD/AH0Edas=; b=qN2qJQkx8HclWlvHTs2BLjG5VifZfh/Us4CWwOZcE6vVu99OXaqRgF1NSe3MUi86aGgnRWyVVlTLfjPB7zbFgathrp9qRHSgx/QBgmwLb/39wZb9wx8m0hIRrQM0FLlUm/DbZUEhjLdsxcEVmNwhFWlu8YqzCfm+CbUb7Jt7vnp8l7FBT7xIEA155n2/N6YfZFs0V1Xz1O8DP/ciMu7bCINdmeiBY3xKh5hdaFsEFpLtrQpFeqm5zPFgUfrWVjLguorTriw05fX06rbB9ahReSQ1VszWhPKyTiXPaTSc1ZhJ+EXhc54TgovRGq1G7E/Mlu5se6dcqq7NJEEXIbTHMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/bm7fmhOHkq1SYYpHEDw4G6H4oUZC1PIlwD/AH0Edas=; b=iMtFyZ5kffwxq7Qg5HzAHpPGR5Lr78nDU/GJI+U/uLtKPAtdQ3Ijw622rJ6qoGqLAXscBkwhoj3oT6ctrj6jUxcpb4G5XAkbTVAjErjCTC3bcpBLX+ECCwRn/fuOdhxhGBgUaFgeis/t+QqgdqSQgw/a7+Mnuuog+6d25zqK9c0zRU38krTzCwXGvQGQWrftbmfwemOA+caLIPCHY/WYNVWDR3DG3rnlUtMFFJS6dM/uas+T/UzHWSPqpbW+hLMSN8+FSfXhGAR5RpAEsvC6uLpeHjNvl2Kam0EvIAGL2BZI+98p7fF2v3N/WBVIto9b0r64CNYhD9pp7/TpyqmCRA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AS8PR07MB9160.eurprd07.prod.outlook.com (2603:10a6:20b:566::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.20; Tue, 18 Feb 2025 21:22:38 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%6]) with mapi id 15.20.8445.017; Tue, 18 Feb 2025 21:22:38 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: FRANCISCO LOPEZ GOMEZ <francisco.lopezg@um.es>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: LAKE-EDHOC-PSK Potential Issue
Thread-Index: AQHbgg4IC+mAJpbFjUKQBezFVt6j/bNNkjPW
Date: Tue, 18 Feb 2025 21:22:38 +0000
Message-ID: <GVXPR07MB967876C592A272ABB578C17989FA2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <VI1PR08MB5309FF38C971B67FDAD9D1E691FA2@VI1PR08MB5309.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB5309FF38C971B67FDAD9D1E691FA2@VI1PR08MB5309.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AS8PR07MB9160:EE_
x-ms-office365-filtering-correlation-id: 915fee37-10f8-453e-3275-08dd50625ec2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018|7053199007|8096899003;
x-microsoft-antispam-message-info: dr6bMpPjwUP8bFBWiWl9IhSFeKdvA/xA1Q+veenJofHSbkk8WDjfI0hGZjsqjK7UMGU/Yd/bE2l4JyYbg/FpePLY0IBD9swAkUL2K4NSL3Lsgl0tKgJbMKm8CAsdccJWbBiC+ozoTKR9DrP1ThStGQvkE+RTbuAJMmaVTVBrIKgJ+eZMeUDPN3tTR95mpgKp4o6ROk+QhdJhB/gXi5ZvAagS+52K1ETlGPig40iDuVOucFuP9x+yxm5LP+7QxyMYS7BQRgOJEX3VFxGJggOlq0pOI6s+3H4A4atjlOlUMCVhr66ZGbwDxl2SP1MGrB5TaHP+F2Gmfwe04+dfFQm0NR77Q2JyHKmgaeG0q/JMUmamNa8MLsmA9GYP74hxzPE1zWV2cbjS1ummqL5P95/pepx/B1JG389OptJ8PhthIiOMg3DgG+c+gfs/d/opw4ttBFPIIllBexLRZ8rdM2omgkXN7sSqdOjcob7OYc1M9itzKxI9G60p3YWr9zb2y4a9KV7Ab3FFj3Gnsuw4EQ3TFlb5kNa8utRWldgsAGM+rBPZ9F1EEKUQ/jmJdD2uGzeCMK0zrBni1umiI+hbkXikh/UVESwHuUp60r+48b2Fg1o/seMVs5xfaAPn6tKipAS3b678LewZw+igr5d8uxyXdPOHJ3cgglmMbwNJpap42oWfkjwNzhDKhMnB1EniYkSraTeE84HqdjqO1f5SQvLkiIKTGCjvOu0L+b+hujJZJxUtn13ZShV0anB5Tue/pIb2ir09qlJiY2EfdyZXJum4UKEMrZX4be2BKiWsdElZhYVHXZags8QKRFiDx8V7vBuj+mYVs4O9xWlyQY1yuDdHjNgiqZb/0vUNf5N4bqQN2O3JLGlS3pqKdpKbH/8LBdkRUz4al+QY1ctlOYSsHEt+9VKEZCxw+hEnnDVHdz241S0ZWHx2CnmQ2PkJQJTZTYaiCrGJ7WN+LHWyt4FPxFcYcxYk8j9pyREssvs0qZUd9rkN4xojA6iM2qsKdFFBtvaVOb1Mub//e2+UiNTmCV4o+avb+UEX15hXbcli0EU73uqYHAIfJVm1wPHrMJAX5QzmexrsJlqdaM/n7M23JNmfvZY7YpcDMEHk8A/yCIM8V7EOyPx4ssfRTTw+HFoSlv6U4wVMpwyC/wydm7dB3dTkwLmu4YEWFbpljXKiLLdkz77r5q4/xJse/eyAdyU9TDldIdonlTX9lcoYvXBx5zDLgWsO/n4xQOQtFsBS6Mni+mMB79bgx/QvHguLwzrI6XC95NJLFTO0ept2fl+Ch7uVKUJTJI6kUkj7wxCXRHh3adaD0hIXa+naEc8aHLAr15ZS6YEIhjLpoeqTw1o449iobf2TWTlknkpMix8GTS8/VspMLo+YTdwryGCGPU2We1PP8KCExO3Hxu+SVz3LRQwCLiFPNsoxq5hS+rbN0r4X0tobAT+buKxFzsRv8rENDDNa
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018)(7053199007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8uYfUUdF8r+2wvyWb/sJ509FS3a5LbOzjV234rE+BXJSy2aW/QboJnfb+CvZZgy3qHC64Zn96chh10FQPru/mwOgRgXZNhrM98uP2sF0DRYDrpiHAxa4ZVliIXRY7u352J8atotAYwaYFujZztlCS7tjIW7LMmVeqhjYK5SmgHRtkHjLxjOQ769e7UFn7WtHPGloCf3cKE8J4743H2oQ2E1HRtCWposqhiMti/fY8pe00fID9XmsTHihoCV8KYL02qy/l4JdFlY1WDzwWZAW27Rb6e8iE8L7rPW7YNT173w8tHnfdxVdiaKqYPBTszLkk7FpVT2wuE+4pdH9NASKoOnB4cxMD5UIq8wKvOuhC31MNag6OMovufCaQdYi1zdLMn+z2kxMoTr8OolKEY1qdG3dNeZSoP06J3nlgvxH+Y7/FLQvKqZDWH4/hco360xngyoc7+TF3+qyrUnT7hJjFU89yANLLvIE9ZxlRKyvwS78b8ryGiaNMRngmNI2g7nUlCoSH8jbFk4E8BP1KgjhVyv1JcPU9o94CUN6kzBGP6BhSD0TyACbD4qsTB0QhF98742IMMxVg0lpYP5PUzinu4IR1XL5XF1obmwxiFVszC67D71Ym4b1nAftfbmZJYUxNKOMWHZ4IgI4H4a7YBtGNetrXRfvWHxzlb0+zhxjevwP7xgagGl/94OVZ3ux7wvKN9fBJ7ITYpL+J6neghl7FWCcXewsS7lE2CIPYhEsssBbD54C3a//EApXPcNB2UqYjbznbFo2PlWPhXSuc1BUOeVJOe4k8AURRMK/qTwoJVXK+dcLIrHeDtijXYeEPtRvw6mbfm6ogtJELgWsTCdjOxdLIwAfzaI6wkgZFcdXeynxjaJM4CtQtYc3cDDeH+LzviFUweQzzU1ZijubUh5RjSlIbijEN4hquZheQui4hCBJEnuQymHohQZ8/xGiA/C6RiZ9X5xptlJuMljw4GKUpjhiF7bShKUf/ZRy9BLAs58Oh9br871SRIwcl4o1ekk39liGIvhHx9Xbfe8XH5rW76ZpWsrV1GRjFQKBKECvsN4AZ8bwS70iNd3+OCx7SDdzIK7oD6pNjDd3RBgImyBri7gSl5c9U71rKy4h0pKyqtjEHFN/hAOz+G7NC9lqM0lI2tv6+kSeBBw9jQjpujVtehwW5aIGJyJCrNODAA1izk9L9NWqsU6hKGuwvrtv7hoY39CR5PkgRLIcnCp5sM8I50mrzxvKG8Tr0Su+plRAjzzJlEjycOKCUoQy4eEvoC7saBj0F8ZQUTsV+KfezDqCjlua51c+It7V4evNwjNa0rvIaAQaVI9/ZTtfcFpUb93ZpU2Oo4aQj6EvrylOuiJUAolzK+kvWRYtyKHGMCEqipPFA8xWhXTNws03e9tunoijgj2LwZBj/fUmpEHypR3wo3siSSNA6vJNYnoYkDvtfw3uAsRGfJAIY5TKqAlguO6tTeTx13KqRzy2nOoVS1Sp+6BWcZM5wZL7dObi/Y8iN5AHGDXY596wEZIMQKftAdJoJpivTnJGpqyHgudnEIeIuLlw7gxqoyLg8bCe4CVIaBCUReEVgBrnVuk9cIF4QNtWAlo/LpQxcdNZb8bL8QZRR6ofRP7MgskAoIFKy3li5GI=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB967876C592A272ABB578C17989FA2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 915fee37-10f8-453e-3275-08dd50625ec2
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2025 21:22:38.2699 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HpJNOB0jN9fre50KHPQp+UmstYJ7KW+rD7lmWZQD8shnhko7raFNujXRc1Dlyj5HV1quZiCJ7g79xzt4oBEXMIoNcRNXSxgc00+OOZsmFDk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB9160
Message-ID-Hash: VV5E5ZNIKSO2BIELEP4B4HBTFXPWM6DA
X-Message-ID-Hash: VV5E5ZNIKSO2BIELEP4B4HBTFXPWM6DA
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: LAKE-EDHOC-PSK Potential Issue
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/sz8qzTC5xgokzgI-s_OmpEBZkQc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>

Thanks Francisco,

That seems correct. We will fix that in the next version.

Cheers,
John

From: FRANCISCO LOPEZ GOMEZ <francisco.lopezg@um.es>
Date: Tuesday, 18 February 2025 at 15:09
To: lake@ietf.org <lake@ietf.org>
Subject: [Lake] LAKE-EDHOC-PSK Potential Issue
Hi all,
I have identified a potential issue in the EDHOC-PSK draft specification (draft-ietf-lake-edhoc-psk-02).
The issue is in the calculation of Transcript Hash 3 (TH_3), which is defined as follows:
TH_3 = H( TH_2, PLAINTEXT_2, CRED_PSK )
TH_3 is then used to generate KEYSTREAM_3:
KEYSTREAM_3 = EDHOC_KDF( PRK_3e2m, TBD, TH_3, ID_CRED_PSK length )
KEYSTREAM_3 is used by the Initiator to encrypt ID_CRED_PSK before sending it in message_3. Consequently, the Responder needs to derive the same KEYSTREAM_3 to decrypt ID_CRED_PSK when processing message_3.
The issue is that TH_3 already includes CRED_PSK. However, the Responder requires KEYSTREAM_3 to decrypt ID_CRED_PSK and determine which PSK should be used. This creates a circular dependency:

  1.  To derive KEYSTREAM_3, the Responder must first compute TH_3.
  2.  Computing TH_3 requires CRED_PSK, which depends on knowing the correct PSK.

  1.  However, the Responder can only determine the correct PSK after decrypting ID_CRED_PSK using KEYSTREAM_3.
Best regards,
Francisco.

v2.31.3 | Report a Bug | By Email | System Status