Re: [Teep] Use of AES-CTR in TEEP?
hannes.tschofenig@gmx.net Tue, 10 October 2023 05:28 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 897EAC1AE9D5; Mon, 9 Oct 2023 22:28:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgD8xIQ6pbz2; Mon, 9 Oct 2023 22:28:29 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC68FC151071; Mon, 9 Oct 2023 22:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1696915706; x=1697520506; i=hannes.tschofenig@gmx.net; bh=7ChEZBa8Wd6UAYDkhAuAI6wWu93XJO69xnlm6oOh2xk=; h=X-UI-Sender-Class:From:To:References:In-Reply-To:Subject:Date; b=rLEGh4GDqkdaBV9CTRTW6/hdPN3tvoxqX7nN6wFtTroV2Ue9tpaGPMYn+9YOr208Ibfm4loAg/w ArXsskcyz9hM6AKALkQG5LbALMjH7NJM5tJYh+7Wja/PmeIJxUQ/5kzasy5i3CHOmFKf41EIctXIl zp8VqXBJ2RJpGF6ako4vS6mwSQbwmFIC14WrmKc0BgLSr4fix3+zljKTMikoqhJJ5pBFeD9pxKM/Y 90fvp0gOYM4r9WD2mp7I9Ezi7MvSB9ACE7D8bFJdnZyAxfDskxJeNqkRyVCKh6vWM4barmiQ8GOnf 6TJEIkC7fYRqDzPIUwg1PQWcwecQZUpjXd0Q==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([213.142.96.35]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MNswE-1rEEuQ2RSq-00ODpN; Tue, 10 Oct 2023 07:28:26 +0200
From: hannes.tschofenig@gmx.net
To: 'Dave Thaler' <dthaler=40microsoft.com@dmarc.ietf.org>, teep@ietf.org, suit@ietf.org
References: <PH7PR21MB3878F05953BAF6113F429396A3C9A@PH7PR21MB3878.namprd21.prod.outlook.com> <488eb665-30fc-4be9-832d-0ccc8409db36@gmx.net> <PH7PR21MB387889BB6C524006BD889B07A3CEA@PH7PR21MB3878.namprd21.prod.outlook.com>
In-Reply-To: <PH7PR21MB387889BB6C524006BD889B07A3CEA@PH7PR21MB3878.namprd21.prod.outlook.com>
Date: Tue, 10 Oct 2023 07:28:31 +0200
Message-ID: <02e701d9fb3a$9bf15660$d3d40320$@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJ9CCLBr7EgUokC17mAn/qb7dmiWQMhVu8BAV7uXFmu2GD5gA==
Content-Language: de-at
X-Provags-ID: V03:K1:GxXHAh3o99EbHqZvKYVqm6KLD3QEbyTn/c76mAJbJWnA1gWm3Re qT3az5vpPJjPQrrBLSyD0KyD6lPw4JC08nJm9n1nrdnVWNxga79J0IaFAmiBNCZI/OndoPF SD8/d+lALNi3NntulLo4MkNdhDXsnnJFYH73ARkES5rY5Sq/NCBavwtckbn3O/M9JTQlOqS 7Z1sZ6JxFEqI+ucenxFVA==
UI-OutboundReport: notjunk:1;M01:P0:E6w+KjcHOKg=;0UqGikdfa2O8TyhccO++gwLYQK3 pCto3sW3lLXpRuONw5BoF3BNAY4eDJ9rhp6BVwPXZeuaReOkYeeZhgdD/+jik5z5b39I8GvHN BG85n28DB0z3ZIp7Wu5sLZuV2wkXBcRXPn5fZ0LTNPoY1SdBkDEj1SEDQJKY41DhpuQsxop2T UUiZjW3WALay8FguuVhWp7jc04e1j5BX2pcIcsG5ONInXLfwDuT3HJNOTo/TULbuBvLRO+4cG aYKIq0X+xveLXnlCWXrHadmHQLpj5VzM8gK7BDhr7UdeYu5vYJJXxi5DqaTSvXfW8wFyyiJQ1 D5X7eTc9McbykK9jMsdD9RQyhM6waAhD7TqaA23OMwnNBnkP0XvrraxV2X/WCX6wVaZeZohJI XVWvVc9G0N5pXDeUUlO4s9VNRo73aCauq2VS2pWgl9NQrUvFK9/4sUFKXyTwaMe9mTiBqBymS sIVR6e4sS0n00ssItRVlDcqnRx+9eY8U/qOmhqqybFK0R8UpAe70lXBsXhNf/3HqGIkIwNT4a mKN5U5eikPSWKxzWXOpv153yZoWucTiqqgDVT5Chl6HlBDCBd1wzWBCWezf40/qyfoMxb/LEl jpSqO7fjxjJ1LGXtm4p6UIWwrlYFf9bD01oN6Nc2877aHfSuew3js5J21eB2pHZESK+vHAb5/ PaTuT+avzjmHhXj2wP1lqf3/110x2yKo6goOkYxOm93RKxXzUDbgqHOBQolIpDewwHdSodZOy Qhr0CSfmxbnd0/gxVmhXsxEahlxL0du4ovY9VDwq9Uf/h7z6+ndXE2N3J8dSdboSJoFiTou4i VmIamSFV6EXNVS2CjCRC0c0A+Nj2IBSJR4u7jlAfdFQO0Znpq/+5acxejalamqx6ShwvBVE69 CoxO/CmVibea61HgMuQuO/sMDUBwzU14Sls3XMli1oqP6fWs1aQ42sG4kxbJTlVEnho5nBb/a MmgnKzlyb75n5bdnGA9s1u9Phn8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/1cAtvromVZl-Mt9zW-msY9-Xc28>
Subject: Re: [Teep] Use of AES-CTR in TEEP?
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 05:28:30 -0000
Hi Dave, Let me clarify how my suggestion looks like. Section 3 of https://datatracker.ietf.org/doc/draft-ietf-suit-mti/ currently defines 5 profiles. I would like to have a new profile added that defines suit-sha256-es256-ecdh-a128gcm for use with TEEP. This should be the default profile for use in TEEP. This adds new requirements to constrained IoT devices. Constrained IoT devices should use one of the other 5 profiles already defined. Ciao Hannes -----Original Message----- From: TEEP <teep-bounces@ietf.org> On Behalf Of Dave Thaler Sent: Montag, 9. Oktober 2023 17:14 To: Hannes Tschofenig <hannes.tschofenig@gmx.net>; teep@ietf.org; suit@ietf.org Subject: Re: [Teep] Use of AES-CTR in TEEP? So you argue that we need multiple crypto algorithms mandatory in constrained devices? I can't comment on specific algorithms, but I'm curious to know why the extra code space is required. Do others in the WG agree? > -----Original Message----- > From: Hannes Tschofenig <hannes.tschofenig@gmx.net> > Sent: Monday, October 9, 2023 7:36 AM > To: Dave Thaler <dthaler@microsoft.com>; TEEP@ietf.org; suit@ietf.org > Subject: Re: [Teep] Use of AES-CTR in TEEP? > > We should create two algorithm profiles, one for firmware updates of > IoT devices and another one for use with TA/config data update in TEEs. > > > I believe these use cases are different enough to justify having two > algorithm profiles. > > > Ciao > > Hannes > > > > Am 06.10.2023 um 18:29 schrieb Dave Thaler: > > In the TEEP WG, I believe we had consensus to reuse profiles from > > draft-ietf-suit-mti in the TEEP protocol (not just for SUIT manifests). > > > > draft-ietf-suit-mti recently replaced the use of GCM with AES-CTR, > > and Ken filed > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > th > > ub.com%2Fietf-teep%2Fteep- > protocol%2Fissues%2F356&data=05%7C01%7Cdthal > > > er%40microsoft.com%7C626557262f6c4d7e0b6808dbc8d50831%7C72f988bf86f > 141 > > > af91ab2d7cd011db47%7C1%7C0%7C638324589530894110%7CUnknown%7CT > WFpbGZsb3 > > > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > %7 > > > C3000%7C%7C%7C&sdata=lNxKlv26DY%2B8Drt%2BaXtkvEoKNiqiuK0m8xBGBM > TS5SE%3 > > D&reserved=0 accordingly, proposing replacing GCM with AES-CTR in > > TEEP, which we discussed at the interim last month. The minutes say > > at > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata > track > er.ietf.org%2Fmeeting%2Finterim-2023-suit-01%2Fmaterials%2Fminutes-int > erim- > 2023-suit-01-202309111500- > 00&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808 > dbc8d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638324589 > 530894110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2 > luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=P%2Fd > 85ycZ2pYo7r3Qfjtr7%2BOI0DOwunpe4SdNAoz4dCw%3D&reserved=0: > > > >> Noting: #356, there are no objections to replacing each of them. > >> Brendan: for the use case of SUIT (TEEP+RATS), using AES-CTR makes > >> sense, but in general, this is not the right mode. > >> * > >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fm > >> ai > >> larchive.ietf.org%2Farch%2Fmsg%2Fcose%2F9smwFXNpbd6Fci8-mIeaT2xPP- > E%2 > >> > F&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808d > bc8 > >> > d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383245895308 > 9411 > >> > 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > BTiI > >> > 6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=X50myuNdHSHwyV > W3GzsUtXI > >> AR3UEf4xYTD2T2V77yHw%3D&reserved=0 > >> * > >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fm > >> ai > >> > larchive.ietf.org%2Farch%2Fmsg%2Fcose%2F0Dj5yp4mptZUBiw7FWb5PcXGJAg% > 2 > >> > F&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808d > bc8 > >> > d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383245895308 > 9411 > >> > 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > BTiI > >> > 6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=a5dVms2qZNcaowd > xP0ulivW > >> vPIeXS4xkABMxMuZ8fcw%3D&reserved=0 > >> RH: APIs are not supposed to return any plaintext if the integrity > >> check fails, so the ability to break the image into chunks is an > >> important aspect, so that's why it does not fit into AES-GCM. > > However, in a discussion with Hannes this week, he said > >> We should not use AES-CTR mode in TEEP. The registration of AES-CTR > >> / AES-CBC in COSE was done to support low-end IoT devices that use > >> flash memory. It is not an algorithm that should be used in other > >> places where not needed. I don't see a use case for it in TEEP > > I look to others to provide guidance here... should we > > a) make TEEP and SUIT diverge so that a TEEP implementation has to > > implement two different things > > b) use AES-CTR in TEEP > > c) add GCM back to suit-mti > > d) something else because Dave is confused :) > > > > Dave > > > > _______________________________________________ > > TEEP mailing list > > TEEP@ietf.org > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > > > ietf.org%2Fmailman%2Flistinfo%2Fteep&data=05%7C01%7Cdthaler%40microsof > > > t.com%7C626557262f6c4d7e0b6808dbc8d50831%7C72f988bf86f141af91ab2d7c > d01 > > > 1db47%7C1%7C0%7C638324589530894110%7CUnknown%7CTWFpbGZsb3d8ey > JWIjoiMC4 > > > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C% > 7C%7 > > > C&sdata=9h4QnUJfVSEgeAzR6PLcx%2BEG%2BzSirCfWpLU3WXBfJPs%3D&reserv > ed=0 _______________________________________________ TEEP mailing list TEEP@ietf.org https://www.ietf.org/mailman/listinfo/teep
- [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? Hannes Tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? Tschofenig, Hannes
- Re: [Teep] [Suit] Use of AES-CTR in TEEP? dthaler1968
- Re: [Teep] [Suit] Use of AES-CTR in TEEP? Hannes Tschofenig