IETF Logo Mail Archive

Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 24 December 2023 16:47 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D624C14F618; Sun, 24 Dec 2023 08:47:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rJ8hfQ__QGDP; Sun, 24 Dec 2023 08:46:58 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1E23C14F5E0; Sun, 24 Dec 2023 08:46:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id DE9AF1800D; Sun, 24 Dec 2023 11:46:56 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id xTGg19kjGx1k; Sun, 24 Dec 2023 11:46:56 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 355471800C; Sun, 24 Dec 2023 11:46:56 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1703436416; bh=D73Xjq1jsxv0RFC5Zw1khRAagCU0psl3jfJLV6P6caw=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=n1XlwK+sr4KfuQyXjcz3+ww1A74QKa+dYdYovv0mRiTnMog2K3aEq03CVrkAtcx+z z4ff6i8BL7McmupdTSPTVGBfg9rVM2UIxykc+SF/Ia/vr3r3gUvgsP+97SKZnR2r5Y uIO4grJfmT65cKoWBQjn+Er+4l62SYz3oDIdn3lqMvQIoCN/DCqGHVlC/2TbnEFmuM tYm4PlfHJ7ay/365zhMrJkgGLgUG+LWUIhEpbECJV7WOaIJc4qeaOY/iKFeBnUfbuv WcytRqicIRCgsbgldf5qci4P4jEaFZ0+WgTBNoXHMoud0NcadpmJjOfeMlbKCUsMsY o/sdiGfCk1Ryw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 21D22A5; Sun, 24 Dec 2023 11:46:56 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <hannes.tschofenig=40gmx.net@dmarc.ietf.org>
cc: "lgl island-resort.com" <lgl@island-resort.com>, Russ Housley <housley@vigilsec.com>, Akira Tsukamoto <akira.tsukamoto@gmail.com>, Brendan Moran <brendan.moran.ietf@gmail.com>, suit <suit@ietf.org>, teep <teep@ietf.org>, Ken Takayama <ken.takayama.ietf@gmail.com>
In-Reply-To: <06e13dea-6e69-4ef6-a496-ced908cfd982@gmx.net>
References: <08f701da2d9f$c043a6c0$40caf440$@gmx.net> <655A0104-EF30-42E4-862D-6D4D6E4FDDD9@vigilsec.com> <843e1218-8847-48cc-ada5-9b9cc50e17cf@gmail.com> <00ba01da2e6e$81f1f910$85d5eb30$@gmx.net> <9F676C9F-1573-4DBE-A12A-A9A63BC77014@island-resort.com> <65A259BD-75EF-4EAE-B255-29EBD1ABC319@vigilsec.com> <5E005DCF-86C5-4359-929D-A60DD1C703E1@island-resort.com> <731ab283-e078-4186-ae60-0725d0bf1356@gmx.net> <76B7A923-CC43-45DC-B8BF-D03D95542874@island-resort.com> <06e13dea-6e69-4ef6-a496-ced908cfd982@gmx.net>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 24 Dec 2023 11:46:56 -0500
Message-ID: <17195.1703436416@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/I1E7_yAzX137eWKsO7TpmHWmtbg>
Subject: Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Dec 2023 16:47:02 -0000

Hannes Tschofenig <hannes.tschofenig=40gmx.net@dmarc.ietf.org> wrote:
    > The delivery of firmware images is a one-shot message, if we ignore the
    > possibility for conveying errors using SUIT report. The SUIT report, at
    > least in my reading, would not give an adversary the information
    > necessary for performing the attack outlined at
    > https://datatracker.ietf.org/meeting/118/materials/slides-118-lamps-attack-against-aead-in-cms.
    > It does not hurt to add a paragraph to the SUIT report draft saying
    > that

Yeah, but my understanding of the attack is that it requires that:
1) the key be used in CMS and non-CMS things
2) that it's enabled because CMS' key derivation process does not have any
   CMS-specific things in it. (And all of our stuff from that era suffer from this)

    > the returned information must not include decrypted payloads in case of
    > a failure. In general, however, SUIT reports behaves like an oracle
    > since it will give different responses depending on the success or
    > failure of the SUIT manifest processing. It might be worthwhile to think
    > about how to mitigate such attacks.

I don't think we need to, since in general COSE has usage specific content as part of
the key derivation process.  But, I guess in constructing our two-layer
approach, we have broken that.

    > COSE-HPKE was mentioned in the mails below, although we do not use it in
    > the SUIT firmware encryption draft. In the COSE-HPKE draft we use a
    > one-layer and a two-layer approach. For the two layer approach, the
    > situation is very similiar to my description above. The algorithm
    > identifier is not included in the KDF at the recipient layer but it is
    > instead included in the Enc_structure structure since the current
    > version of the algorithm id is mandatory in the protected header. (See
    > also the request to make it optional
    > https://github.com/cose-wg/HPKE/issues/39).

    > So, what should we do? We could follow the approach Russ presented at
    > IETF#118 and later described in
    > https://datatracker.ietf.org/doc/draft-housley-lamps-cms-cek-hkdf-sha256/

    > His approach applies a KDF to the CEK and an algorithm id. The result is
    > a new CEK, namely CEK'. CEK' is subsequently used for content
    > encryption. This approach is generic but, on the other hand, a point
    > solution to the specific attack presented to LAMPs. In his presentation
    > Russ mentioned that we should/could include other information into the
    > KDF but his write-up ultimately didn't contain that approach.

I think we should do that if it is not too late.

    > Alternatively, we could also include the algorithm id from the content
    > encryption layer into the KDF already used for ES-DH and HPKE. This
    > approach would not work for AES-KW.

    > Here is the part that worries me a bit: We keep changing the KDFs on a
    > frequent basis and the KDFs used for the different algorithms are not
    > well aligned across the different protocols and "container" formats. I
    > have dropped a mail to Paul Van Oorschot asking him for feedback since
    > he was the first one to come up with the class of attacks we are talking
    > about here.

Hmm.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email