[lamps] Re: Independent Crypto Review - Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis

Thom Wiggers <thom@thomwiggers.nl> Mon, 22 July 2024 10:48 UTC

Return-Path: <thom@thomwiggers.nl>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B375C18DB9D for <spasm@ietfa.amsl.com>; Mon, 22 Jul 2024 03:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLJ52zgFvEcq for <spasm@ietfa.amsl.com>; Mon, 22 Jul 2024 03:48:22 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7636C15108F for <spasm@ietf.org>; Mon, 22 Jul 2024 03:48:21 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5a156556fb4so3078733a12.3 for <spasm@ietf.org>; Mon, 22 Jul 2024 03:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1721645300; x=1722250100; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=uAImgA+lH0i6HvTkZ9O78fFG3/UK6OiL/URW5MqtvZ4=; b=OvXTQ+TlVwgiDamMAMCvmCjASe9dG2DT3F6uG570NaR7tSUqEGClrwJCRLMH1VBbJk shavABO+CUh1FSNa+XkgBumSFhb8CC1AOFYrz2HU4pg/hEaoH1fRJOjqgvRIXawBoYB8 0cfC/YyPRW4fttqvA1kjK10vzVmUCZ9oxCVu4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721645300; x=1722250100; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uAImgA+lH0i6HvTkZ9O78fFG3/UK6OiL/URW5MqtvZ4=; b=vJfQKz/5F/ML8gncpd3HbrG7N+HRWgI6UDJU45gmdh+fE6e2M8KzSRvmeL0w8Yw0X9 8PkH4mCBM68QKr9JLjuftsHeohNPv/c0RyQzR5Vqiedsr5i2q2wmmeNaeBnP3+zZSGsJ iBCth4/+e4lkwNVjgGvzvQXemYIKCuFJlOCFljyaTVclRzb5EMHyGhItZ4eG+PXn3tFw yixzIcComrEJ+dvI2SlEc0dejXhyCH/gpJ9lRtgw+1DJICGsD/95N/8qEfqDQprfEWQx Wusc6qy3Ae+Tz8GDXMNV/Su675sDmaBZrGnupYeroaZbfALvEeONaTz4HNfPZU3AwhfE RnLw==
X-Forwarded-Encrypted: i=1; AJvYcCVju/MhsNVQkRB7b7RoON1ZTTfZwBB/vMop3cfcLpD8x4DjdZVIOGZPioq5S0h1PCY24dudhCYzU0qpermnPg==
X-Gm-Message-State: AOJu0YyfBerW2U25HVgb8idftvD783flGpZx+u/0hjliCQlLCc7clUDp tRwXLnDqu3NCNNhIKfyrD3YzSAeFIEJvkhmMNed6DvDQXJ9xQ3M+4FpPBS9Vj8M=
X-Google-Smtp-Source: AGHT+IF3AQYt6gnL26XU8FVjEtN/pHXe0Oaa9YjLLAnQtzUlyUAvytOp/TXl+GSaBzUUyXxo0typQQ==
X-Received: by 2002:a05:6402:350e:b0:5a2:1693:1a2f with SMTP id 4fb4d7f45d1cf-5a479d6257amr4452664a12.12.1721645299246; Mon, 22 Jul 2024 03:48:19 -0700 (PDT)
Received: from smtpclient.apple (139-165-187-31.ftth.glasoperator.nl. [31.187.165.139]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5a30a4d73cesm5856298a12.16.2024.07.22.03.48.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jul 2024 03:48:18 -0700 (PDT)
From: Thom Wiggers <thom@thomwiggers.nl>
Message-Id: <74FE0A87-20DD-472A-AD34-005A6E367325@thomwiggers.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0D171048-4A65-4A8F-A6CF-141B8FF44AEC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Date: Mon, 22 Jul 2024 12:48:07 +0200
In-Reply-To: <DB9PR10MB5715D15A2EEC03DDBE38EEA5FEA62@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
References: <C61AE8CA-3692-43E0-ACE4-8BB0DEDB6D8B@vigilsec.com> <892AD35F-3414-43FE-BC8E-C16DD0B70E88@vigilsec.com> <58358274-8ED6-4608-B185-F2630D0163ED@vigilsec.com> <CH0PR11MB5739E0741CA4E55246B51B569FCF2@CH0PR11MB5739.namprd11.prod.outlook.com> <DB9PR10MB57156F204929734566CD1C99FEC82@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <DB9PR10MB5715E32FC5C1F9DD323DDA36FEDB2@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <7DE1701A-37E3-4CA8-9005-AE79035454C9@thomwiggers.nl> <DB9PR10MB5715D15A2EEC03DDBE38EEA5FEA62@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: A5YR47YVG6P4CIETFKVRXVD5AL4MEUQ4
X-Message-ID-Hash: A5YR47YVG6P4CIETFKVRXVD5AL4MEUQ4
X-MailFrom: thom@thomwiggers.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Mike Ounsworth <Mike.Ounsworth@entrust.com>, LAMPS <spasm@ietf.org>, Russ Housley <housley@vigilsec.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [lamps] Re: Independent Crypto Review - Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tGPpvBysazCwZSsrShLW0_ztBbo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Hi all,

I think that the main thing that remains between my comments and Hendrik’s answers is up to the authors and the working group to decide whether anything warrants (editorial) changes. If you’re all happy, I’m happy :-)

Cheers,

Thom

> Op 12 jul 2024, om 16:49 heeft Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> het volgende geschreven:
> 
> Thom
>  
> Thank you for your sniff-test of our specification regarding KEM-support for POP and message protection.
> See my feedback below. @Mike Ounsworth <mailto:Mike.Ounsworth@entrust.com>, do you want to add something?
> I added the LAMPS email list to make others aware of the discussion.
>  
> Hendrik
>  
> Von: Thom Wiggers <thom@thomwiggers.nl <mailto:thom@thomwiggers.nl>>
> Gesendet: Mittwoch, 10. Juli 2024 11:39
> An: Brockhaus, Hendrik (T CST SEA-DE) <hendrik.brockhaus@siemens.com <mailto:hendrik.brockhaus@siemens.com>>
> Cc: Mike Ounsworth <Mike.Ounsworth@entrust.com <mailto:Mike.Ounsworth@entrust.com>>; Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>
> Betreff: Re: Independent Crypto Review - Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis
>  
> Hi Hendrik, Russ, and Mike,
>  
> The following is my (time-limited) review of the draft, in which I focused on the KEM-based message protection and proof-of-possession mechanisms. The following should be considered a “sniff-test”, not a comprehensive cryptographic review as that would require considerably more time than I have available. 
>  
> Overall, my main points are questions of clarification.
>  
> On message protection:
>  
> - In the KemBMParameters structure, does the AlgorithmIdentifier structure for the kdf parameter carry the required salt and/or other labels necessary to derive the same shared secret? (Seems weird that those parameters would be part of an AlgorithmIdentifier, but that might just be convention that I’m less familiar with). I did note that the running text does say that ‘kdf’ should contain any necessary parameters.
> [HB] If kdf parameter are required they are given in the parameters component of the AlgorithmIdentifier, e.g., RFC 8018 for PBKDF2. For HKDF the parameters component is left empty, see RFC 8619, accommodating operation without salt.
> - I noticed that the key for the MAC is derived using optional, algorithm-specific KemContext information. I’m assuming that this information is present in part to prevent re-encapsulation attacks for algorithms that are not ciphertext-binding [https://eprint.iacr.org/2023/1933] (I have not evaluated if this protocol can be vulnerable to such attacks—but eliminating them can’t hurt). If this is an implicit design requirement/desirable property, this might be worth including in the security considerations? Mike probably has more informed ideas about this.
> [HB] We followed the discussion on cms-kemri if the public key or the ct shall be used as additional input to the kdf. As ML-KEM (Kyber) already uses the ct with an internal kdf it was decided not to add it again in the cms-kemri but leave it to the algorithm profiling for CMS to require it or not. The authors of rfc4210bis have followed this path. If people think adding ct as standard input to the kdf to be on the safe side, it can be considered. If there is anything else to add to the input of the kdf, e.g., the AlgorithmIdentifier of the MAC, please speak up.
> - My main question is: what is the message input to the MAC? I could not easily find this in the document, and the input to the MAC is relevant to the ability of shared key ssk being re-used for further PKI transactions (i.e. inputs likely must not collide).
> [HB] The message input to the MAC is the sequence of PKIHeader and the PKIBody as specified in Section 5.1.3.
> - With the large caveat that my review was limited in time and I did not properly model any details, the key agreement scheme in this section seems to pass the sniff test: Alice and Bob will have a shared secret after executing this that should only be known to them.
>  
> On proof of possession:
>  
> - The generic mechanisms of both indirect and direct challenges seem to pass the sniff test, with some caveat on the direct challenges described below.
> - I am having a hard time figuring out how the shared secret between EE and RA/CA is computed; there should presumably be some KDF involved like in message protection. Am I just missing where this is specified? 
> [HB] The RA/CA provides the encrypted Rand (a random integer together with the sender’s name) in an EnvelopedData structure. If cms-kemri is used, this also involves a kdf. The integer is returned in clear by the EE.
> - The same comments regarding (implicitly) avoiding KEM re-encapsulation attacks apply here. Again, I’m not sure if these attacks are theoretically applicable and/or actually a problem, but seem worth briefly looking into (if only to ease any modeling).
> [HB] We use standards CMS EnvelopedData incl. cms-kemri as is.
> - Regarding security consideration 8.2, have you considered returning H(rand) instead of rand to further avoid these decryption oracles? However, arguably the derivation of challenge encryption key should be set up in a way to sufficiently domain-separate this. Again, this comes back to how the challenge encryption keys are set up.
> [HB] If no signature-based POP is possible the preferred method in CMP is the indirect method. Therefore, the direct method is a sideline. When updating the text on the direct POP method we intended to change as little as possible to the current text and only introduced EnvelopedData instead of the challenge filed containing the plain encrypted Rand as OCTET STRING. If people think, we should return hash of Rand instead of the plain integer, this can be considered of course..
>  
> I hope this feedback is helpful.
>  
> Cheers,
>  
> Thom Wiggers
>  
> Op 9 jul 2024, om 13:55 heeft Brockhaus, Hendrik <hendrik.brockhaus@siemens.com <mailto:hendrik.brockhaus@siemens.com>> het volgende geschreven:
>  
> Thom
>  
> I know that you already did a review the KEM-support for message protection a year ago.
> May I ask you again to provide a crypto review of the support of managing KEM-certificates, as the document is now complete and the WG would like to get some external feedback.
>  
> BTW, I submitted a version 12 yesterday. The current links for my email below are the following:
> Message protection: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc4210bis-12#section-5.1.3.4
> POP: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc4210bis-12#section-4.3.4
> Github repro: https://github.com/lamps-wg/cmp-updates
>  
> Many thanks in advance,
> Hendrik
>  
> Von: Brockhaus, Hendrik <hendrik.brockhaus=40siemens.com@dmarc.ietf.org <mailto:hendrik.brockhaus=40siemens.com@dmarc.ietf.org>>
> Gesendet: Donnerstag, 20. Juni 2024 07:58
> An: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>>; Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>; LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>; k.tirumaleswar_reddy@nokia.com <mailto:k.tirumaleswar_reddy@nokia.com>; Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com <mailto:Tomas.Gustavsson@keyfactor.com>>; David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>; Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>>
> Betreff: [lamps] Re: [EXTERNAL] Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis
>  
> Russ, Mike
>  
> Thank you for requesting this review. I would also feel much better to have another review of the KEM-support.
> The KEM support for message protection is specified in https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc4210bis-11#section-5.1.3.4. In short, the approach derives a symmetric key for MAC-based message protection from an authentic KEM shared secret.
> The KEM support for POP utilizes existing mechanisms, see https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc4210bis-11#section-4.3.4.
>  
> @Sean Turner <mailto:sean@sn3rd.com> You mentioned during last IETF, that you are considering adding KEM support in you CMC Update. Could you have a look on the approach we took in CMP and provide a review?
>  
> Hendrik
>  
>  
> Von: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>>
> Gesendet: Mittwoch, 19. Juni 2024 21:18
> An: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>; LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>; k.tirumaleswar_reddy@nokia.com <mailto:k.tirumaleswar_reddy@nokia.com>; Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com <mailto:Tomas.Gustavsson@keyfactor.com>>; David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>
> Betreff: [lamps] Re: [EXTERNAL] Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis
>  
> Russ, I agree. I am uncomfortable with this passing WGLC until it receives independent crypto review.
>  
> I’m gonna start poking people.
>  
> @k.tirumaleswar_reddy@nokia.com <mailto:k.tirumaleswar_reddy@nokia.com>
> You promised me that Nokia would provide a cryptographic review of how we are supporting KEMs in CMP. I’m calling in any favours that you owe me! 😝
>  
> Also @Tomas Gustavsson <mailto:Tomas.Gustavsson@keyfactor.com> and @David Hook <mailto:David.Hook@keyfactor.com> are people with CMP implementations who could provide review.
>  
> ---
> Mike Ounsworth
>  
> From: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>
> Sent: Wednesday, June 19, 2024 2:14 PM
> To: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>
> Subject: [EXTERNAL] [lamps] Re: WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis
> Importance: High
>  
> I have only seen comments from me so far. On one hand, the vast bulk of the changes are from the already approved -updates documents. On the other hand, rfc4210bis adds support for certificates that contain KEM public keys. Please review! Russ
>  
> I have only seen comments from me so far.  On one hand, the vast bulk of the changes are from the already approved -updates documents.  On the other hand, rfc4210bis adds support for certificates that contain KEM public keys.  Please review!
>  
> Russ
>  
>  
> > On Jun 5, 2024, at 11:50 AM, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> > 
> > Title: Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP)
> > Authors: H. Brockhaus, D. von Oheimb, M. Ounsworth, and J. Gray
> > Datatracker: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc4210bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X81_9yqch$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-rfc4210bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X81_9yqch$> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6712bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X80xkeWvk$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-rfc6712bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X80xkeWvk$>>
> > 
> > Title: Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP)
> > Authors: H. Brockhaus, D. von Oheimb, M. Ounsworth, and J. Gray
> > Datatracker: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6712bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X80xkeWvk$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-rfc6712bis/__;!!FJ-Y8qCqXTj2!ZfglpvZO2Y3mBLWRXUoDUaN1hOLay7j2uwWMW_rntVjbNGcOxV4_Td8D3-6I3U6KfRBd-3ZHALhIx_HVsn1X80xkeWvk$>
> > 
> > 
> > Should the LAMPS WG ask the IESG to publish these two documents as Standards-Track RFCs?  Please respond to this WG Last Call by 20 June 2024.
> > 
> > For the LAMPS WG Chairs,
> > Russ
> > 
>  
> _______________________________________________
> Spasm mailing list -- spasm@ietf.org <mailto:spasm@ietf.org>
> To unsubscribe send an email to spasm-leave@ietf.org <mailto:spasm-leave@ietf.org>
>