Re: [Suit] Draft-ietf-suit-manifest encryption use
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 10 June 2021 08:37 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C948D3A3A2B for <suit@ietfa.amsl.com>; Thu, 10 Jun 2021 01:37:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_BTC_ID=0.498, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0ZwRgTpI; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0ZwRgTpI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id voGD-jlj0p0Y for <suit@ietfa.amsl.com>; Thu, 10 Jun 2021 01:37:13 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60051.outbound.protection.outlook.com [40.107.6.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 885253A395A for <suit@ietf.org>; Thu, 10 Jun 2021 01:37:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=esBab+ziB3okjhBMuuZBalTIcXQK17zF3poTA2ozgWc=; b=0ZwRgTpInFDbrbEOnP3KkDhXpc3Hq7N/5xi6c+/e/KSHJOaegVq1O0jD/QKUCK2mygv73+/h8DNUcrameE3nBV8G/eK8M4lNgheAAyFO87f+uSmhRYAB1/KferF7FaRY8kWRUtPiJai5RMAEbCMde7QhmFmjuPqTmtxn2Rw5VfY=
Received: from AM5PR0601CA0045.eurprd06.prod.outlook.com (2603:10a6:203:68::31) by VE1PR08MB5632.eurprd08.prod.outlook.com (2603:10a6:800:1b3::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Thu, 10 Jun 2021 08:37:10 +0000
Received: from AM5EUR03FT016.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:68:cafe::70) by AM5PR0601CA0045.outlook.office365.com (2603:10a6:203:68::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.21 via Frontend Transport; Thu, 10 Jun 2021 08:37:10 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT016.mail.protection.outlook.com (10.152.16.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.21 via Frontend Transport; Thu, 10 Jun 2021 08:37:09 +0000
Received: ("Tessian outbound 2977cc564e34:v93"); Thu, 10 Jun 2021 08:37:09 +0000
X-CR-MTA-TID: 64aa7808
Received: from 473f315a300c.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 723BBF69-49D5-4E37-BA39-A5DD937ED7BA.1; Thu, 10 Jun 2021 08:37:02 +0000
Received: from EUR02-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 473f315a300c.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 10 Jun 2021 08:37:02 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gSLeO+lpll0tzE1VVf8gvnyBcW3XMr6i8nVGnJXau284w0TrWh6XKlhKo71QFoFrXrZQgvY1FGGJ8UG9acV0kmgaguqJ67r0BbqFXcinnlBbnso99BkSUsuWmvaiv3pvN774TYuFDkCEsz7sles1lwXX5jPUeGgNHe3QKRC4bEDsRWwzAqgOyUR/Ahh/Ts7uEW6d6LGb73AY2ISdw7V0FVl5uWf2y3mQl1U60CMsmU9DjgXgQc4GFr4XWlgZZJ5bXEJOdRik/OFS/NnCe6fnYLk3nMOZb05M7dxhvZZ9tUXrxoRW0UqdDlmzMAJDdS0MeFKSJjJ00Cqn9Ul6Q+PGmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=esBab+ziB3okjhBMuuZBalTIcXQK17zF3poTA2ozgWc=; b=Lf4U27UXP1NFgJ4uKpfTU4aEwvZWnkmSpsKIhTVJHxVSqf0/9XfcUh24iKt4NPEDrfrMwbq9B2qvMTJ8VLN3hwGNgcfvl6kLLDOlhm+KiV4hhlVKd6kK+oIhNeqH38rh3fiANDNnDLA7k/0CprzA7eJJSh3DUEgfb7tndjowrvDGxk5iR7jSHWqphb8q4FgM/OwtjjE1SrZke3g2PGRX8IUUV5zwcqLFSCiPN04ckEdQ/99HiydpxFOJ9ZzvOlpl2NIJb4m8bK9bWzCrZROxSX9h9eyVzTuij0LPVdFdGAdR9QLyemvXVotFvzHuTbpmJE3m8pY2cT2RR1Ua15Y7pg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=esBab+ziB3okjhBMuuZBalTIcXQK17zF3poTA2ozgWc=; b=0ZwRgTpInFDbrbEOnP3KkDhXpc3Hq7N/5xi6c+/e/KSHJOaegVq1O0jD/QKUCK2mygv73+/h8DNUcrameE3nBV8G/eK8M4lNgheAAyFO87f+uSmhRYAB1/KferF7FaRY8kWRUtPiJai5RMAEbCMde7QhmFmjuPqTmtxn2Rw5VfY=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB6PR0801MB1735.eurprd08.prod.outlook.com (2603:10a6:4:3a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.27; Thu, 10 Jun 2021 08:37:01 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::3405:8699:991d:b2e9]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::3405:8699:991d:b2e9%7]) with mapi id 15.20.4195.030; Thu, 10 Jun 2021 08:37:01 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Russ Housley <housley@vigilsec.com>, Brendan Moran <Brendan.Moran@arm.com>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Draft-ietf-suit-manifest encryption use
Thread-Index: AQHXV5X1RmDYNaTJE0qIMQPcDmnFxKsBJH6AgAvMeTA=
Date: Thu, 10 Jun 2021 08:37:01 +0000
Message-ID: <DBBPR08MB591530F3098CC689FBBD8445FA359@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <478F1F04-9299-4F4E-9B72-15051DBD2975@arm.com> <D04FAE7E-FEC3-48E0-9159-B57C68C8B2F7@vigilsec.com>
In-Reply-To: <D04FAE7E-FEC3-48E0-9159-B57C68C8B2F7@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: AD23E4545538BA41B554E07EA3638F43.0
x-checkrecipientchecked: true
Authentication-Results-Original: vigilsec.com; dkim=none (message not signed) header.d=none; vigilsec.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.119.239]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: a09d7667-646c-4e46-c497-08d92beaeff1
x-ms-traffictypediagnostic: DB6PR0801MB1735:|VE1PR08MB5632:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VE1PR08MB5632C589BBEEB2DC7A2C5633FA359@VE1PR08MB5632.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Xr2c4Y6gxIVoabMNFrY3aj/U/1SpCfsZgcGLkangKSvNBwkphwhFghS1EpyxRNiE1Ipu2gbB+/2FNCyIdYqF+ZLj/Kwx7PpHkKn5QspBPm/SmqdxSySPzjLv8hsOc8x6dmnvpy0PBUTQpVZFfgCCbFwTi8ISIPp7y6R9C4LWjwr+kylXdtzg9FlTM+gl7O3Qq/QgoyeG5cers+jno+ZIR4/VQBw5PKat9DTU23uUD9nLuAnb+c7g1QUISN1nCm/W8Jp+PP5DvHuHHXH6lSfHbXmTi14SvG0sIHUVMB9MUxQ2obprdyxgI+HNQsSW5E4T4YAnydpOgjnWlCo7V/HNoHGrj4xsFJA1s+W9HL2nPFrIvy1BNWukpKgEunjjwf9YmqDPGqafzLKw/5ck8OXv7DW/IrOHaIPS279e8COWu1XsjxQU81kkjne9u8M7BU+R4AxF417/IwGPMcpoyFTv2spwZ5pL6JQvfL2QUiBVNtPALeX5oA98SLuWdBQnCK27LX758eOs7UhAfCtcrWve4F+ZTxidCYovPFwpdJP5NhYNJww3IXAIxd3cllnWEnsW0R2tNHk/+PEsQvva2jpRmpUzgniK6sRjzGr+V3cQswhKZEqtEV95pOV8hmwqYWrLbOrlstcv5guq8tguAGUmrJmwk+xmEm4ZnxRygVyuWE8AH13+u8y2qWX0GPRuom1mqmLmJUbZKZkm1polxeNHJglgvrA5rQTjGUThthfca884bPrtP89M5EPip+RtTnaS
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(366004)(39850400004)(346002)(376002)(186003)(6636002)(19627235002)(53546011)(66476007)(66556008)(4326008)(66446008)(9686003)(64756008)(55016002)(66946007)(316002)(83380400001)(110136005)(86362001)(7696005)(76116006)(966005)(71200400001)(122000001)(33656002)(2906002)(8936002)(52536014)(478600001)(38100700002)(6506007)(26005)(8676002)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: quXIpSIx3wB7hY/1uSYx0CQcxDUGb7ukGp0ChbX13dOVOHdqSJO3yXvASe+jQXbaDIAEmzAC695Dr6MPDDjxhbSly24RqImnw2kudg3w4hVVbmCAIK4xgxXFdd69vewxundd+4WKvK6kLvbOoO/HeMojFA/2A6KNKze3TEApQL/P31Rfli63Uuc9z2I1dHDCFqruj4E+ADgvwhR+p0WslnuPIjf+Yefmfn/CjwwA8JEKCHQnWmNeMQ9633keHRDzVOvhQ9MMlFmp/tOsnj5RLIpFtBjNGSwOe40mNH6VBN+jBVi+gwp3plmTa9ywBdEuHPsx8J28Y92KjKdb0Ua9OshqRbGib8yGH9JwZCxWJi+zX5Yd6kSDDXyVXC1HXZ2jkW6YxAu+l7OkBDl9JfkGgAlndH3A4fvRTHOsFv/8hdPy7UH5L2WueIpeISUENBoTIbT2D+OFTwKSkbj1FKLyE519VLW6GDLbPeMGapHkrNX7BYex+KadCCaNXL3xVSeO/2XKqXm0cPbog9hFX9SN8TVOl1nF5knBjsXYnNJSilgNYvVAhbHwGuSwh2C18YChfSN17N6v5FenibM1GEMgj67go7PXkqSHf7//1d34hFprswzvVW02Ueke3iGy41aZj3XEJgSGAkFldM4gBo576APfb8X3XLvNroKs/2EhQEG+AvYK3aSKE0ywlkfK25caQHKAJByIrqvuhUmI0KS3D0meh1vEhH72ZBumuj8DVcqnhcsUhoN1LQe1ZWa0MquaI/szerbaxobTRuZ9ucoZWki9y9/F5Cde45GQi8NNg1kDcroJkmwZeWeQ7kpWuckGmArkZ9Ig1dxmhPvJZRJnIxyk6vjUOLp8S4Hhi73UG820rIRY1OIR0msUOJmi2hG0Ahv/bV0mrpPHacBslEfzUJiXtGaw7sKh4bG0PkLlH2SeaVYNBl7BCMwIx2DW8hDF4Ta0pZkgFWhdqiLzbo9EPBR18tAx5F12F9V5VGfC1xd1zaRJ9OHeCG8xp5I7cAm9S74qim0KGPcgSJev45JEZ/CN+CQDHa6fmSJUq10GTY/5BwfJrN97lUare8ZBzmO0bhG4OknqSzlIAhgJsxy9+fw5fTT6pOZOP0RQ7bU30ECiWvLFy+JayTdOqbtD3IGVjiKBVvFg1CrdGmdFw4X79SMLeCJHXPAZMiiTCXHURMGhxiQrIxGJczlafS7Xd+LoS/0i2WNIA6J/niztWhaxcVbO2LP63ogKLBm+mrbU5CobChQAOaKMW6Qi9wgMnYys0UKjbeBssg/V85oREeXn82AxAdanb9TCOJRHCimY+kfpsZPpmLreFo5TCFh73wLq
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1735
Original-Authentication-Results: vigilsec.com; dkim=none (message not signed) header.d=none; vigilsec.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT016.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 64e5fd1e-7604-43d7-0d7b-08d92beaead5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: OC/zWdpiWkxEKZvgVjSmVxIJLxVPiSK0w55tc8KYqVJTW1k8XOz8ovsAx/0iSalfyGL8MPi14Kj30afC3p98zPJK92FprF6umTbgRPapGKO0y/5iTqkS75JNDJfwGh4H94bsFxscoxvtWcRGEC5Nmfnx3k8y1lZiRvtL3RHjd1HKax3l6y1LvU7DlzCHk8S78hmClimUlCdU2CW5yg+mGDVn8XRETkwRX4Jn1YjjBxf0dbAc+sDNYGdZTBqFFHLr+zuBv0UJP1f4r9qIJJHWYHI+HX878ANifmUZ7P3ZR58sQMvH69+R3lljrjDIaQCcgXwBFgR7GbeuqDUcqeJkyaezU4hjlsvMQCIzC9V3qgWmq8lbhUa0iqRGyDBq316EgCtj0oLqS2ukOh9L1fgRyrJvmScY4UkQwGfah8V+ZsFF5/1hf422J1RPUqmJEsv6rbgw7gW5WIkNSEvtL2ileIEGdOtwVoFUK8X4OV14WoLb1pTsxbprJ/eMPEcaNLl5vfU/gbTJ2O4CFpSbeuskQiGBbotBS3zh2UsoD7pi6x49Bq0diZX9MCceC5t5ZmLPWePHuM8dr/cIs/JIAbCSql+m9PXvNxGwN/EZkKek1cm4AUumRzd5PJFKMZvBBGI6UQFlhxox9fpd1aJRpYgX8ZTI1a27mi5q+S/lwuZkXRTQYmZPXjCN6UgsXEz/xlLp7Fv8SPB3XXFb9cTGNkiqA34qh7y96OXmo8kDBYUVnynMvMcpBTQq2X5Qaol/vzrYa7ivJG4qWUN+BXiZEnTyC8whf/MlclKHekJ61F+589EkQdrhdox09Hb7O/XjAS8F
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(136003)(396003)(39850400004)(376002)(36840700001)(46966006)(9686003)(8676002)(86362001)(55016002)(52536014)(26005)(110136005)(186003)(356005)(6506007)(6636002)(2906002)(4326008)(316002)(8936002)(70586007)(966005)(47076005)(83380400001)(336012)(36860700001)(19627235002)(7696005)(5660300002)(53546011)(82310400003)(81166007)(70206006)(478600001)(33656002)(82740400003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jun 2021 08:37:09.6756 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a09d7667-646c-4e46-c497-08d92beaeff1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT016.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5632
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1hSqpoHjoTHxr35097q-VOOCzdY>
Subject: Re: [Suit] Draft-ietf-suit-manifest encryption use
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2021 08:37:18 -0000
Hi Russ, Hi Brendan,
Approach #1 below moves the key management outside SUIT. That's not necessarily bad, particularly since we have a solution for carrying this information --> TEEP. However, I would prefer to have the COSE_Encrypt structure attached to the manifest unless we want to re-use a single COSE_Encrypt structure across multiple firmware updates. Although never mentioned explicitly I thought we wanted to use new keys with every update. This would then argue for attaching / embedding the COSE_Encrypt structure to the manifest (or more precisely to the envelope).
I believe during the virtual interim meeting we had a preference for the approach Russ outlined. I hope we are not suggesting that the COSE_Encrypt structure is unauthenticated but rather that it is protected by the distribution network (instead of the firmware author). The main reason is that the firmware author does not necessarily know the keys for all the recipients. Needless to say that we need to describe this in draft-tschofenig-suit-firmware-encryption.
Moving the COSE_Encrypt structure to the envelope, as Russ mentioned below, raises a few issues. One of them is the question about authentication. There is less of a problem with AES key wrap because the CEK is protected by the KEK. However, I would still want to tie the COSE_Encrypt structure to the manifest. The COSE_Encrypt structure is obviously tied to the firmware image. The problem is with the hybrid public key encryption mode, as it is currently defined (since I assumed that there is a signature covering the COSE_Encrypt structure). We would have to extend the description by using one of the authentication options already defined for HPKE.
Before working out the details, let me try to illustrate an example to see whether it matches your understanding? The envelope was enhanced by a new structure (called encryption), which sits in between the authentication-wrapper and the manifest (in this example).
{ / Envelope /
/ authentication-wrapper / 2:bstr .cbor ([
digest: bstr .cbor ([
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes /
h'987eec85fa99fd31d332381b9810f90b05c2e0d4f284a6f4211207ed00fff750'
]),
signature: bstr .cbor (18([
/ protected / bstr .cbor ({
/ alg / 1:-7 / "ES256" /,
}),
/ unprotected / {
},
/ payload / F6 / nil /,
/ signature / h'0008d2678ddda1afd6846cb9272f539a789e4c
ed4c874774e58dbe4cf1607e755668029ad6383d4e14c72083ba43002fe3f5cda48859
90c9b59135976b80ebc9'
]))
]
]),
/ encryption / 4:bstr .cbor (
[
// protected field with alg=AES-GCM-128
h'A10101',
{
// unprotected field with iv
5: h'26682306D4FB28CA01B43B80'
},
// null because of detached ciphertext
null,
[ // recipients array
h'', // protected field
{ // unprotected field
1: -3, // alg=A128KW
4: h'6B69642D31' // key id
},
// CEK encrypted with KEK
h'AF09622B4F40F17930129D18D0CEA46F159C49E7F68B644D'
]
]
),
/ manifest / 3:bstr .cbor ({
/ manifest-version / 1:1,
/ manifest-sequence-number / 2:1,
/ common / 3:bstr .cbor ({
/ components / 2:[
[h'00']
],
/ common-sequence / 4:bstr .cbor ([
/ directive-override-parameters / 20,{
/ vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:bstr .cbor ([
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]),
/ image-size / 14:34768,
} ,
/ condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15
]),
}),
/ install / 9:bstr .cbor ([
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file.bin',
} ,
/ directive-fetch / 21,2 ,
/ condition-image-match / 3,15
]),
/ validate / 10:bstr .cbor ([
/ condition-image-match / 3,15
]),
}),
}
Ciao
Hannes
-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Wednesday, June 2, 2021 10:00 PM
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: suit <suit@ietf.org>
Subject: Re: [Suit] Draft-ietf-suit-manifest encryption use
Brendan:
I thought we talked about moving the whole COSE_Encrypt structure so that it was not covered by the signature. That would allow a party in the distribution path to change the COSE_Recipients without damage to the signature. Since we a re using detached payload, the implementation needs to remember the resulting CEK. Which is still needed in your proposal, I believe.
Russ
> On Jun 2, 2021, at 5:59 AM, Brendan Moran <Brendan.Moran@arm.com> wrote:
>
> During the virtual interim, we raised the point that the COSE_Recipients for a COSE_Encrypt should not be covered by a signature or digest. This prevents a management system from sending each recipient only the COSE_Recipient structure that pertains to it. This is not ideal for the structure of the manifest.
>
> I can see several ways forward:
> 1. Key agreement is explicitly out-of-band. The manifest uses COSE_Encrypt0 exclusively. No changes are needed to the manifest. The kid header parameter is used to distinguish between keys for different payloads.
>
> 2. The manifest references encryption information by URI. The typical approach is to place the encryption info in the SUIT_Envelope, then reference it by a numeric reference. (e.g. 12 for key 12 in the current SUIT_Envelope). This approach permits the distributor to edit the COSE_Recipients, which allows a firmware author to include all recipients. The distributor can then remove all but the intended recipient. Federated distributors are also possible, where the COSE_Recipients is reduced at each level of distribution.
>
> 3. Break COSE’s existing conventions: set COSE_Recipients to nil in order to represent that COSE_Recipients is detached. This is problematic for two reasons: first, it means that we break compatibility with existing COSE libraries, since they will not expect a detached COSE_Recipients; second, it leaves no way to indicate where to find COSE_Recipients. Instead of ’nil’ we could use an int.
>
> I think we should probably discard Option 3. I worry that Option 2 exposes a number of options for tampering with the COSE_Encrypt. It also means that the parser has to advance past the manifest in order to locate the COSE_Encrypt blocks. The envelope should not contain an enormous number of elements, so it may be acceptable to simply hold a table in memory of the key, start, end of each element of the envelope.
>
> We could enable both 1 and 2 by changing the current SUIT Parameter:
> ORIGINAL:
> SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
> PROPOSED:
> SUIT_Encryption_Info = int / COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
>
>
> Alternatively, we could enable both 1 and 2 by adding a new parameter:
>
> SUIT_Parameters //= (suit-parameter-encryption-ref
> => int)
>
> Best Regards,
> Brendan
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] Draft-ietf-suit-manifest encryption use Brendan Moran
- Re: [Suit] Draft-ietf-suit-manifest encryption use Russ Housley
- Re: [Suit] Draft-ietf-suit-manifest encryption use Brendan Moran
- Re: [Suit] Draft-ietf-suit-manifest encryption use Hannes Tschofenig