Re: [Teep] Use of AES-CTR in TEEP?
Dave Thaler <dthaler@microsoft.com> Mon, 09 October 2023 15:13 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA62C1519A9; Mon, 9 Oct 2023 08:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.112
X-Spam-Level:
X-Spam-Status: No, score=-2.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0SMbenNL7d6k; Mon, 9 Oct 2023 08:13:48 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2132.outbound.protection.outlook.com [40.107.223.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4287FC14CE44; Mon, 9 Oct 2023 08:13:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RAkfm1gnbjNAGCsyFK+TujkJMAwxwyRaOj3qoEWvvuOaO7nXfQkhmEtUnDjgn8SMuvTrnwpaYg9uHtTs9BWZCt6IjzuGLFW9hEgktbKqL+r7F3fme1+9L2Bb5iu+W7zlzsb/huUIELGMAU/lutSdlEtplcHVghVuYVybiYLB+Bl+k4dK7BUTve7dnHsDaAYW/S2uNb1/+cgqZWU9XVVtzRxHj+6N+kifN1Wfw+adwHCKLPMYNf2Vy/2iGlniJCYtDnLDIoJAPpfyOh+GCn8WYilyWwTbAK7fnZs233IzZiaQc+gaKtMpc+PhtuGEih/A5DodVjU4ezOh1j7dRqLXWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=amJZAqq0rO4dqpz6h91MlG6aE9/kaLfGy129YhdKpbs=; b=bxlN7CLw+xznaEFWoKdeSG2EY9kjN3Kbi923/4dXSMswbKgo/62LBX8hSR4Jy0US9+M5yvsHVKZNSiU+FiSHQl0gmc/HDm0Hx5sc6DjePqRFiycayZjaPo0MXIJLGDc2UAOyBocAGpTAkJCJGfkRIfquuyNgDhyoRHtbvwwS0ppPB5PJV3RxcHpDrW+RS9fkzN+RQoaD74fg05qXdGvb8Y+nPNr4SzWk9JpmRv+/NOFCGWNfiwPLuiAxJQhuYqgnrXUtNMwPgWQSxSEtarmyVt6B6uE4+rmtm/tPaxMF1fC+1x+mJT+GFBQqexFggQiwhP+ytD8AecaEvVEYBZOzdQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=amJZAqq0rO4dqpz6h91MlG6aE9/kaLfGy129YhdKpbs=; b=P9/PhnDmvxphcC5969N8olkr5TOVFAuYRczIPOVJONASB2uHEJ/+8Acu8tKAJlWoXydF8z4csWVeAdHApLyu+QLO5leg0ZKj5GfGCnl1frRw7fDUfOjdLI8R03tDBNlE9wYDajJE7T7jH+5CRq1NlVEnNzhD5K2jm70HGNo4Fzw=
Received: from PH7PR21MB3878.namprd21.prod.outlook.com (2603:10b6:510:243::22) by CY8PR21MB4060.namprd21.prod.outlook.com (2603:10b6:930:61::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.2; Mon, 9 Oct 2023 15:13:45 +0000
Received: from PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::a9ea:70b4:adf3:9b08]) by PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::a9ea:70b4:adf3:9b08%4]) with mapi id 15.20.6886.016; Mon, 9 Oct 2023 15:13:44 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "TEEP@ietf.org" <teep@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Teep] Use of AES-CTR in TEEP?
Thread-Index: Adn4ckgIvxtwnCseTReGWgz3PV4GiACS5uoAAAFKB8A=
Date: Mon, 09 Oct 2023 15:13:44 +0000
Message-ID: <PH7PR21MB387889BB6C524006BD889B07A3CEA@PH7PR21MB3878.namprd21.prod.outlook.com>
References: <PH7PR21MB3878F05953BAF6113F429396A3C9A@PH7PR21MB3878.namprd21.prod.outlook.com> <488eb665-30fc-4be9-832d-0ccc8409db36@gmx.net>
In-Reply-To: <488eb665-30fc-4be9-832d-0ccc8409db36@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e434e77c-cf27-48ea-b49b-c73f853d466d; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-10-09T15:12:40Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR21MB3878:EE_|CY8PR21MB4060:EE_
x-ms-office365-filtering-correlation-id: e961ae92-bf96-4ce2-fe03-08dbc8da5438
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +9dz14O6YxhtpIYd9Qc8yO+o/HHNnpLgqvLD9Z9v9Es16+nmFzPVSvuPAisHh2PscOUDR4jgx0x6JLwgRIZCxnjH3ZqVveW+BHCm7Q71u90KIGITBrO9Jix5VKQH6+0zsie8CyCUE4lcBZY6u69nfBbUXuLcxTrx7kNkQzPOt54Uek2nmuBZVBxcz46OlIi3dMz1muX8Z65WGHAm1DYR+i4cE6VeL7uiiZcT9t+STAxxMGBX3ZdADSok3y7kNhBvmkyeghHgx4OhY0RLq+7/p2b7zRNOx6pkxY+3xCllEIh+z6yjryaVmqO4oRy/gZU+RfR0DG8D5B3r1Hfh0fGYiYQL1Q43e9mvWQSKNCazmHzaVJe26Kb1YEWFGUdOazNIqz7BzyIjfrU4XYmBS+GL/Fy8guXypBl/rz7gt7i4BR8t2F6bAjRZVFpsi25xk41z8gKSRt901/5Qct1+WHYM8sW367yIB6BzypG4K7l1WqlsKCXqpymHmFpbegyrzZkqlnvyNyB0KOpk0b46UN3Ctsc5gX/rsZSSspn0AVPUX1AYKVKgY74qmuSZNvxWyBeHUGKuCXflJeC8XEoRNUyn7cYMGxj9LGKULkbS09d9usU+zmTGKP3L/ic4Mk6orH09W2PLfuCILplARY8ziwbSOizjzJR06v5Kx3BEoQ2aYC8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR21MB3878.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(39860400002)(346002)(366004)(376002)(396003)(230922051799003)(451199024)(64100799003)(1800799009)(186009)(55016003)(64756008)(83380400001)(8990500004)(316002)(26005)(66946007)(66556008)(66476007)(110136005)(66446008)(76116006)(8676002)(5660300002)(52536014)(6506007)(8936002)(53546011)(7696005)(2906002)(966005)(9686003)(478600001)(41300700001)(10290500003)(82950400001)(71200400001)(33656002)(38070700005)(38100700002)(82960400001)(86362001)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: e73jYjRpthxpvsxHzDmanbp39o+PiOl0LBwJh98dDiOlcKPJZR1VF7BFLOqxgWm2mXYSjoeIAcBearTfUElprlxXGH75cfHTAuuJu+2Y99ya2TK2gzucOkz6UE9ay6FExofUe9Oy1c6CzNWn067Mm3/6K0Nmv4fz9l3P4pdNFSduWbn29ScD1Uu7dYJkf8q92QyGCMZJIami+JhbqcfT8inJtquUQ/s/Rdf+ssZ8sGqRk7N/WmKm3bgxJy0sKkmvMlnniA4gahe27gi+Hl//xmjssLC3jmIQID8Fia/Uii3X24bshJi6R0THmTV63DFGDYehXmmXNmQ/TpFHDUr49AbyKMB3FOKZPcUt4DBgT6mLSpd2VOGoEhLGceSwVuLhiZsXXJ/yjfQDAlBggCTzHI9IKr7ECrbcAofOJ9KwDiYirCEui0yFh45pZ3c/XnBpRf4v4g7u+GMetL8FvHsXu66Ys2f9wE6KJUrGXYfsIf4jflSDGnKLmvBHojNw5gd3dzmTrEH6sWO7lMMcmL1Fm2RhwPs/GZcd8vbShsvLVSAfFvcSrsjQpd1MYVEMjvKIEoRcxob56RcegiaqRaHA6Ih0AA0undTehdOeK3tNKK2A5jc2spnSBM4/PlZszhxDXNWaTubM2LL+jT+EKypGT2rw9PMAkohBdvza5DtA/X6/JXnh2LWTdzpbKv2F7Twx7t0VQfBei82RClZ0GRA9DwJJTtMOU3RVsM0yLYFSJ62hUPxaIJLeiA3Zi6zIdZZZHksL4QE3PBbMIRu3TJKrpqFf/xBc+hjv+S1pvyFCQ8MhEmxFzg9goQy5NuNHV1aOzzG01LpPn8BcRCIA6ep5fdzDpOw8zz6h9UTTJ3UCwDzOyo+Vd+1OKIaH+Xf45ZiKFRZQgS2YM++bdnAjHeKjMqAHl+jcLEW+ys0jOb4swM+eyJrHtAYHxpl0hl/PTTpQDpTRWstfeF1BuXjcK5FL1qvp0xfIhk6WqPi+ElhbRVoqSjrZ5PPKW+FBmlG+o18AS3Aq9NdgtjJLS5La0pLf3xH/jCOKOlXL9oc6gUs+atxt4ET4unRAtcQCq6hp5LMt0xiTmXrMtx7ZpcQ899tJYKMP8dgtAm2gKlnilMddOdODGCpQTDIpKk2/aH+wAYPSQONABtJNi9aNatGnDc1J6wFwmPlroiaSJMsqX4Xe+bz7Egn8T6e59ZxG+F6ugUgohAktG8xam51mDUu+Xr3ImnPPWJqUk/G/AF4Aszpb2jPqDZmBJsluFG5bzPARQKhOI7w4yAV1S3lRzAcHVMPsRnlf3EOeoF/llOlWsjdz+9dYU/G2YIzaWRdB/nIwM0d6LJwL48x5BGNRfMc2uzqG1bgBgD5lH89Skd2Ur4Z4CooLhtqEzZQR8Vs1+mAOwDlllxQlXN5e9PXV9/ShSfCwfnGOp/xWVizL0F2f4+WSHIyDZ3NPDnMv9NP2TApNBPEH9woyEvjas5LkcdKGnFn9HzPtGSeneWC+FW5taZcg4SRNKGi1rLuURrQ2OXuzZxYyV+KCHQSbkYXzBx5iX0ajajKWaGhgqj621DM+5erNB+QzdYuNdswwdynJ5R7++24YApBmxWlGavWmfwV1gqjAyw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR21MB3878.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e961ae92-bf96-4ce2-fe03-08dbc8da5438
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2023 15:13:44.3897 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Yb+yFh/QG/++YLeQxKvI8RLlOndLzfT0BHK3lnxddIlE4V0sZoWuGBpjNd5I5LfuU5BVdhd0E383R6NS2zsuygwyttiqI9dyzMiypSo2AkU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR21MB4060
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/3Oem5rH3WHd1BoK2GhCGJgE1UnQ>
Subject: Re: [Teep] Use of AES-CTR in TEEP?
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2023 15:13:50 -0000
So you argue that we need multiple crypto algorithms mandatory in constrained devices? I can't comment on specific algorithms, but I'm curious to know why the extra code space is required. Do others in the WG agree? > -----Original Message----- > From: Hannes Tschofenig <hannes.tschofenig@gmx.net> > Sent: Monday, October 9, 2023 7:36 AM > To: Dave Thaler <dthaler@microsoft.com>; TEEP@ietf.org; suit@ietf.org > Subject: Re: [Teep] Use of AES-CTR in TEEP? > > We should create two algorithm profiles, one for firmware updates of IoT devices > and another one for use with TA/config data update in TEEs. > > > I believe these use cases are different enough to justify having two algorithm > profiles. > > > Ciao > > Hannes > > > > Am 06.10.2023 um 18:29 schrieb Dave Thaler: > > In the TEEP WG, I believe we had consensus to reuse profiles from > > draft-ietf-suit-mti in the TEEP protocol (not just for SUIT manifests). > > > > draft-ietf-suit-mti recently replaced the use of GCM with AES-CTR, and > > Ken filed > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > ub.com%2Fietf-teep%2Fteep- > protocol%2Fissues%2F356&data=05%7C01%7Cdthal > > > er%40microsoft.com%7C626557262f6c4d7e0b6808dbc8d50831%7C72f988bf86f > 141 > > > af91ab2d7cd011db47%7C1%7C0%7C638324589530894110%7CUnknown%7CT > WFpbGZsb3 > > > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > %7 > > > C3000%7C%7C%7C&sdata=lNxKlv26DY%2B8Drt%2BaXtkvEoKNiqiuK0m8xBGBM > TS5SE%3 > > D&reserved=0 accordingly, proposing replacing GCM with AES-CTR in > > TEEP, which we discussed at the interim last month. The minutes say > > at > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrack > er.ietf.org%2Fmeeting%2Finterim-2023-suit-01%2Fmaterials%2Fminutes-interim- > 2023-suit-01-202309111500- > 00&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808 > dbc8d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638324589 > 530894110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2 > luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=P%2Fd > 85ycZ2pYo7r3Qfjtr7%2BOI0DOwunpe4SdNAoz4dCw%3D&reserved=0: > > > >> Noting: #356, there are no objections to replacing each of them. > >> Brendan: for the use case of SUIT (TEEP+RATS), using AES-CTR makes > >> sense, but in general, this is not the right mode. > >> * > >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmai > >> larchive.ietf.org%2Farch%2Fmsg%2Fcose%2F9smwFXNpbd6Fci8-mIeaT2xPP- > E%2 > >> > F&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808d > bc8 > >> > d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383245895308 > 9411 > >> > 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > BTiI > >> > 6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=X50myuNdHSHwyV > W3GzsUtXI > >> AR3UEf4xYTD2T2V77yHw%3D&reserved=0 > >> * > >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmai > >> > larchive.ietf.org%2Farch%2Fmsg%2Fcose%2F0Dj5yp4mptZUBiw7FWb5PcXGJAg% > 2 > >> > F&data=05%7C01%7Cdthaler%40microsoft.com%7C626557262f6c4d7e0b6808d > bc8 > >> > d50831%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383245895308 > 9411 > >> > 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > BTiI > >> > 6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=a5dVms2qZNcaowd > xP0ulivW > >> vPIeXS4xkABMxMuZ8fcw%3D&reserved=0 > >> RH: APIs are not supposed to return any plaintext if the integrity > >> check fails, so the ability to break the image into chunks is an > >> important aspect, so that's why it does not fit into AES-GCM. > > However, in a discussion with Hannes this week, he said > >> We should not use AES-CTR mode in TEEP. The registration of AES-CTR / > >> AES-CBC in COSE was done to support low-end IoT devices that use > >> flash memory. It is not an algorithm that should be used in other > >> places where not needed. I don't see a use case for it in TEEP > > I look to others to provide guidance here... should we > > a) make TEEP and SUIT diverge so that a TEEP implementation has to > > implement two different things > > b) use AES-CTR in TEEP > > c) add GCM back to suit-mti > > d) something else because Dave is confused :) > > > > Dave > > > > _______________________________________________ > > TEEP mailing list > > TEEP@ietf.org > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > > > ietf.org%2Fmailman%2Flistinfo%2Fteep&data=05%7C01%7Cdthaler%40microsof > > > t.com%7C626557262f6c4d7e0b6808dbc8d50831%7C72f988bf86f141af91ab2d7c > d01 > > > 1db47%7C1%7C0%7C638324589530894110%7CUnknown%7CTWFpbGZsb3d8ey > JWIjoiMC4 > > > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C% > 7C%7 > > > C&sdata=9h4QnUJfVSEgeAzR6PLcx%2BEG%2BzSirCfWpLU3WXBfJPs%3D&reserv > ed=0
- [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? Hannes Tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
- Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
- Re: [Teep] Use of AES-CTR in TEEP? Tschofenig, Hannes
- Re: [Teep] [Suit] Use of AES-CTR in TEEP? dthaler1968
- Re: [Teep] [Suit] Use of AES-CTR in TEEP? Hannes Tschofenig