Re: [Teep] [Suit] SUIT MTI: key agreement algorithm to pair with HSSLMS
Akira Tsukamoto <akira.tsukamoto@gmail.com> Thu, 07 September 2023 13:43 UTC
Return-Path: <akira.tsukamoto@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 964B2C1519A3; Thu, 7 Sep 2023 06:43:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUvtvfsPr7_y; Thu, 7 Sep 2023 06:43:44 -0700 (PDT)
Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E32A0C151711; Thu, 7 Sep 2023 06:43:44 -0700 (PDT)
Received: by mail-pg1-x535.google.com with SMTP id 41be03b00d2f7-56f84de64b9so643006a12.1; Thu, 07 Sep 2023 06:43:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694094224; x=1694699024; darn=ietf.org; h=content-transfer-encoding:in-reply-to:content-language:references :to:subject:from:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=o9/rPRlQyL0+OpiPn0vzV1g1rbfZDCuEhS5+YTOREk0=; b=A+8l+bU3BcQa/RN01PEZQUGa8tgb70O3169d5IcuDSsoA9mKoLXKiKDnetgUeAFzK7 hIMyUGbEu48l5S4r8h8SrFZicW9NCIRjgtbwnQ02yGFrAVU5ExY8UoPQrBwoBc7p8i5C DpWEzjoMczhy+xpLnEswtl9AWNlfe3fTxBjit3jwo90pWHb6cwZ7GL/Nu3j+EaaooQqi DVzMiRqbktWh7uK0J0d16Ww0qpk7Cgl5WeAqX/jzLnDVPDmLQIREJODQBHLgrKdiw1ka 25v/LVpgqkGk2M17r3n4GtQGFbA8leMwUe2iJgxGewz2F00qSBikaGB7J71pNtHEdVD4 dnHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694094224; x=1694699024; h=content-transfer-encoding:in-reply-to:content-language:references :to:subject:from:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o9/rPRlQyL0+OpiPn0vzV1g1rbfZDCuEhS5+YTOREk0=; b=aZ/nq0AidqXrmq1Zaj+DyGsyM5LclmcOfk3aDZZh3MT179dHAIE0+5bxQjceEPGRJo y3lkA/gDghdcm/XJHSv7T14kzoZcrbO3yo8YWZZJPejsnwANenzh536QWxTcnjMJazON Vv10J8YQMUbhsAd3pZXK0P8BrxW+e0lz0MyK+bGxKkziioBO740qkOY391EmZO0zHLHq vjhpkaDxYTvZO2vEUjNxwNHN9ERaihFOKM+SU3bpa6sb1HO0jG3QCNyqCkn+DlOgphQH 10innMiu19yOKUYNCVz+mInxb/XVVVvLq9/46xo9P4D9skefy7RePzrP053GT3iSIg2X JNvQ==
X-Gm-Message-State: AOJu0YyETUJPX2MCT8J3TeotdYDdCwkut0EZWS/pfIlcm7gb5coVovG8 HpdHSBkLCw92PtU6wFi0tyw+NnaoQ1n7rw==
X-Google-Smtp-Source: AGHT+IF/pOUDY2fcLv4451BK+uKIyjtICMqTZ+ofYbZMI4fZNo0DCzaFRgUk/d2xSobbQe2lkFaCgw==
X-Received: by 2002:a17:90a:2f65:b0:273:83ac:5eb9 with SMTP id s92-20020a17090a2f6500b0027383ac5eb9mr3545457pjd.4.1694094224044; Thu, 07 Sep 2023 06:43:44 -0700 (PDT)
Received: from [192.168.1.153] (fp96939820.ap.nuro.jp. [150.147.152.32]) by smtp.gmail.com with ESMTPSA id l6-20020a170902eb0600b001b7f40a8959sm12767809plb.76.2023.09.07.06.43.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Sep 2023 06:43:43 -0700 (PDT)
Message-ID: <9ede6b5a-1789-e5a0-3f70-46162e374c62@gmail.com>
Date: Thu, 07 Sep 2023 22:43:38 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0
From: Akira Tsukamoto <akira.tsukamoto@gmail.com>
To: suit@ietf.org, "TEEP@ietf.org" <teep@ietf.org>
References: <CAPmVn1Ph4C2Mj_4=WwXnLYKd0EwtYLRN6R1wH+GEOKHx98w_Lw@mail.gmail.com> <1718.1690811986@localhost> <AS8PR10MB7427218D0F5513836C7923F0EE0AA@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
Content-Language: en-US
In-Reply-To: <AS8PR10MB7427218D0F5513836C7923F0EE0AA@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/GxqUrrBNDABiwF0EnoIN27_Pahg>
Subject: Re: [Teep] [Suit] SUIT MTI: key agreement algorithm to pair with HSSLMS
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 13:43:46 -0000
Resending, forgot to add teep-wg to the recipient. Hi Brendan, Hannes and other TEEPers, I am considering removing the algorithms written in the TEEP Protocol. The TEEP Protocol depends on the SUIT MTI draft for the algorithms in suit format and in the TEEP Protocol draft it specifies the suit-sha256-es256/eddsa-ecdh-a128gcm which were the same on the SUIT MTI until the recent -02 updates. After the SUIT MTI-02 have moved to the suit-sha256-es256/eddsa-ecdh-a128ctr I prefer removing specifying the algorithms in the future TEEP Protocol draft and completely rely on the SUIT MTI for which algorithms to be used in the TEEP also. Appreciate for any comments, Best, Akira On 8/1/2023 4:03 PM, Tschofenig, Hannes wrote: > Hi Michael, > > with item (3) there is just no encryption offered by the given ciphersuite. > With item (2) there is no requirement that every bootloader is provisioned with the same symmetric key. > AES-KW allows you to use device-unique symmetric secrets. > > Ciao > Hannes > > > -----Ursprüngliche Nachricht----- > Von: Suit <suit-bounces@ietf.org> Im Auftrag von Michael Richardson > Gesendet: Montag, 31. Juli 2023 16:00 > An: Brendan Moran <brendan.moran.ietf@gmail.com>; suit <suit@ietf.org> > Betreff: Re: [Suit] SUIT MTI: key agreement algorithm to pair with HSSLMS > > > Brendan Moran <brendan.moran.ietf@gmail.com> wrote: > > There is currently no standardised PQC key agreement (or encapsulation) > > algorithm. This means that a SUIT MTI profile with HSSLMS is left with > > three choices, none of which seems particularly good. > > > 1. Use a classical asymmetric key agreement algorithm 2. Use a > > symmetric key agreement algorithm 3. Use no key agreement algorithm > > I think that I have to vote for (1). > > If I understand (2), then every single instance of the product bootloader will have to have the same symmetric key loaded? I guess there is some process used to derive the actual key. > > I'm not sure I understand (3). Does that mean every firmware is encrypted with exactly the same symmetric key? Or that there is no encryption at all? > > > My initial suggestion was to use classical asymmetric key agreement. I > > wonder if A128KW might be more appropriate. > > I think that to answer this question properly one needds to know what threats are being mitigated by firmware encryption. I think it's mostly covering up poor code, poorly done cloud authentication and other embarassing things that a good SBOM will eventually reveal. > > Is it okay if a ten year old firmware image is decryptable? > (It can't be modified due to signatures, and the anti-rollback means no device will ever load it) > > Are firmware images stored encrypted on the device, or decrypted when they are loaded? This matters, because in the latter case, we could have updates to the encryption algorithm through the normal firmware update process. > (Assuming new firmware is downloaded by the full stack) > > If firmware is decrypted by the boot loader, or by the CPU directly, then we might not be able to update things easily. Of course, in that case, a per-device encrypted key to which the downloaded firmware is re-encrypted might be a better choice in general. >
- Re: [Teep] [Suit] SUIT MTI: key agreement algorit… Akira Tsukamoto