Re: [Suit] Introducing draft-moran-suit-manifest-04

Kvamtrø, Frank Audun <frank.kvamtro@nordicsemi.no> Fri, 12 April 2019 09:48 UTC

Return-Path: <frank.kvamtro@nordicsemi.no>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3699612022B for <suit@ietfa.amsl.com>; Fri, 12 Apr 2019 02:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nordicsemi.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-oNQQbZ0pGl for <suit@ietfa.amsl.com>; Fri, 12 Apr 2019 02:48:23 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40063.outbound.protection.outlook.com [40.107.4.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 205A812022A for <suit@ietf.org>; Fri, 12 Apr 2019 02:48:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nordicsemi.onmicrosoft.com; s=selector1-nordicsemi-no; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZZYpr37kAOUoFMLowIYdF47seZG4JH0HetkqfeTc+pE=; b=Xift9LlHViNJu78y66lbor62YUazhOo4vrpS1MY/d+M0UJbGKi96pVyuBZ1v5EsATtz5hE8J13+NcmYHxsjVTQdl/ZeVLO32Y5GLeT+EzVpa0FpiAAFb66nXachb2OnlmokuLvRT+VsSXay+iIsMAsejuT+giTS7xCjqxio1fo8=
Received: from AM6PR05MB6375.eurprd05.prod.outlook.com (20.179.5.214) by AM6PR05MB6406.eurprd05.prod.outlook.com (20.179.6.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.14; Fri, 12 Apr 2019 09:48:20 +0000
Received: from AM6PR05MB6375.eurprd05.prod.outlook.com ([fe80::98d9:6e05:1b71:2090]) by AM6PR05MB6375.eurprd05.prod.outlook.com ([fe80::98d9:6e05:1b71:2090%4]) with mapi id 15.20.1792.009; Fri, 12 Apr 2019 09:48:20 +0000
From: =?iso-8859-1?Q?Kvamtr=F8=2C_Frank_Audun?= <frank.kvamtro@nordicsemi.no>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, =?iso-8859-1?Q?R=F8nningstad=2C_=D8yvind?= <Oyvind.Ronningstad@nordicsemi.no>, Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Introducing draft-moran-suit-manifest-04
Thread-Index: AQHU2L81dzELNCQKcEaCHfQ8cPehA6Y2x2+wgABw2OCAAAtb8IABCyQg
Date: Fri, 12 Apr 2019 09:48:20 +0000
Message-ID: <AM6PR05MB6375945D76E05467970B9358FC280@AM6PR05MB6375.eurprd05.prod.outlook.com>
References: <16EC7DB9-1649-4A86-A370-F77CB03305AC@arm.com> <HE1PR05MB32285B66AB7015921D83F852882F0@HE1PR05MB3228.eurprd05.prod.outlook.com> <HE1PR05MB32285EE3C40D73345D217935882F0@HE1PR05MB3228.eurprd05.prod.outlook.com> <SN6PR09MB3264D424FEEFFA6D998C6998F02F0@SN6PR09MB3264.namprd09.prod.outlook.com>
In-Reply-To: <SN6PR09MB3264D424FEEFFA6D998C6998F02F0@SN6PR09MB3264.namprd09.prod.outlook.com>
Accept-Language: nb-NO, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=frank.kvamtro@nordicsemi.no;
x-originating-ip: [194.19.86.146]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ebd6fa7b-a427-427f-3f2d-08d6bf2bff38
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:AM6PR05MB6406;
x-ms-traffictypediagnostic: AM6PR05MB6406:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <AM6PR05MB6406AAA1215A0BF118BEBF5AFC280@AM6PR05MB6406.eurprd05.prod.outlook.com>
x-forefront-prvs: 0005B05917
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39850400004)(136003)(346002)(396003)(366004)(199004)(13464003)(189003)(26005)(6116002)(71200400001)(446003)(33656002)(11346002)(305945005)(14454004)(76176011)(2501003)(25786009)(186003)(102836004)(74316002)(5660300002)(99286004)(106356001)(105586002)(45776006)(966005)(478600001)(6506007)(53546011)(93886005)(68736007)(7696005)(97736004)(7736002)(3846002)(6436002)(81156014)(9686003)(316002)(110136005)(8936002)(6246003)(8676002)(14444005)(55016002)(6306002)(486006)(229853002)(52536014)(53936002)(256004)(74482002)(2906002)(66066001)(71190400001)(66574012)(476003)(86362001)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR05MB6406; H:AM6PR05MB6375.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nordicsemi.no does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: n2xNWKYSQFzzEyr/8n4Rv/4kdjoj+21FBo+elzoDjs49VNzqNhOgSURAS3aJMqyr/RA/Auqz6ANEXoyxhMfMAM31TteFwiCluR1uOsqEYCmnozZm7wImCWEYfu45Ql3ss/mjJzatkhtC3S8mXO8+J7cE6aytqdZGB27zWxjO3qWG9YHEBCycr56F2Ogs+OW3HgEIPewJfgf4HQ8iKdMHC6O4oxM3o8AM/QReg1A4AGJ0h65KNy/GueD69vUdTYwGoGrKt6N89JBRJQOzVMqMpO8xG7VNvq7cQSwwefi0s10QP2HQfYNxLPOv+Ax5Jx2Ib1syj4bAhtpTNk6RfR07ivCLppnEfS93y+uL/6Id/a79ZpmpNPwD0uUqiK5lNK7fRfKimom6DV8jCW0wpqd46m5eWRhdLiCXEbkEekT9twY=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nordicsemi.no
X-MS-Exchange-CrossTenant-Network-Message-Id: ebd6fa7b-a427-427f-3f2d-08d6bf2bff38
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 09:48:20.4017 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 28e5afa2-bf6f-419a-8cf6-b31c6e9e5e8d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR05MB6406
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/SUbn_1c661VnaY2UfWLjUS9vgJ4>
Subject: Re: [Suit] Introducing draft-moran-suit-manifest-04
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 09:48:27 -0000

Do note that there are no valid use-cases for heavily truncated hashes
in our information model. All hashes are exclusively used for security.
This makes me want to limit non-standard definitions that can be misused
and/or misunderstood.

When the RFC talks about the truncated hash they mention security specifically:

  "... Therefore, we use different hash algorithm strings in these cases, 
  such as sha-256-32 for a 32-bit truncation of a sha-256 output.  A 32-bit 
  truncated hash is essentially useless for security in almost all cases but 
  might be useful for naming."


Where we source the list to use in manifest of the hash types is the big 
question...

I often times go to the following web-page to find the latest on recommended
hashes etc: https://www.keylength.com/en/4/

This page lists the approved hashes as sourced from NIST specs:

>From FIPS 180-4:
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256

(Where SHA-384 is essentially SHA-512/384)

>From FIPS 202:
SHA3-224,SHA3-256, SHA3-384,SHA3-512, SHAKE128, SHAKE256.


I would like to reference the Cryptographic Algorithm Object Registration
from NIST for the ASN.1 encoding of approved cryptographic algorithms.

https://csrc.nist.rip/groups/ST/crypto_apps_infra/csor/algorithms.html

SHA-1 (Externally assigned)
SHA-2 family
id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }

SHA-3 family
id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }


Using this should provide the complete list of recommended and approved
hashes, formatted as the IETF SUIT spec, semi-conformant to the 
"Named Information Hash Algorithm Registry":

algorithm-id-sha-256        = 1
algorithm-id-sha-384        = 2
algorithm-id-sha-512        = 3
algorithm-id-sha-224        = 4
algorithm-id-sha-512-224    = 5
algorithm-id-sha-512-256    = 6
algorithm-id-sha3-224       = 7
algorithm-id-sha3-256       = 8
algorithm-id-sha3-384       = 9
algorithm-id-sha3-512       = 10

digest-algorithm-ids /= algorithm-id-sha-256    
digest-algorithm-ids /= algorithm-id-sha-384    
digest-algorithm-ids /= algorithm-id-sha-512    
digest-algorithm-ids /= algorithm-id-sha-224    
digest-algorithm-ids /= algorithm-id-sha-512-224
digest-algorithm-ids /= algorithm-id-sha-512-256
digest-algorithm-ids /= algorithm-id-sha3-224
digest-algorithm-ids /= algorithm-id-sha3-256
digest-algorithm-ids /= algorithm-id-sha3-384
digest-algorithm-ids /= algorithm-id-sha3-512

Note that SHA-1 is removed from this list due to being a "legacy" type hash
(known to be broken). SHAKE is also removed as it isn't directly approved
due to the complexity of use.

Note that I've added a dash between "sha" and "256" according to spec
and consistent with "Named Information Hash Algorithm Registry".

Additional hashes may also be easy to add, like KECCAC.

I recommend reusing the algorithm IDs from ASN.1 in lack of any
meaningful listing, elsewhere.

-Frank Audun

> -----Original Message-----
> From: Waltermire, David A. (Fed) <david.waltermire@nist.gov>
> Sent: 11. april 2019 17:49
> To: Rønningstad, Øyvind <Oyvind.Ronningstad@nordicsemi.no>no>; Brendan Moran
> <Brendan.Moran@arm.com>om>; suit@ietf.org
> Cc: Kvamtrø, Frank Audun <frank.kvamtro@nordicsemi.no>
> Subject: RE: Introducing draft-moran-suit-manifest-04
> 
> Some comments on Øyvind's comments below as a WG participant.
> 
> > -----Original Message-----
> > From: Suit <suit-bounces@ietf.org> On Behalf Of Rønningstad, Øyvind
> > Sent: Thursday, April 11, 2019 11:03 AM
> > To: Brendan Moran <Brendan.Moran@arm.com>om>; suit@ietf.org
> > Cc: Kvamtrø, Frank Audun <frank.kvamtro@nordicsemi.no>
> > Subject: [Suit] FW: Introducing draft-moran-suit-manifest-04
> >
> > I did a full pass through the document today, and wrote down (quite a
> > few) comments, see below. I think this document is very exciting!
> >
> > - Øyvind
> >
> >
> > The digest-algorithm-ids list is missing the following SHA-2 family
> functions:
> >  - SHA224
> >  - SHA512/224
> >  - SHA512/256
> > Also, the functions that are truncated to 128 and fewer bits will not
> > be secure against brute-force attacks, so I question their inclusion here.
> 
> RFC 6920, which this draft references, defines the IANA "Named Information
> Hash Algorithm Registry". It would be good if this draft directly references
> the "Named Information Hash Algorithm Registry" directly to provide for
> future agility as new algorithms are added and use of specific algorithms
> fall out of practice. The "status" field of the registry provides guidance
> for the later. Algorithm agility should also be discussed in the security
> considerations.
> 
> It would also be useful to allow non-enumerated integer values to be used in
> the format to ensure that new entries added to the "Named Information Hash
> Algorithm Registry" are also allowed to be used in the format.
> 
> Regards,
> Dave