IETF Logo Mail Archive

[Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

hannes.tschofenig@gmx.net Wed, 13 December 2023 08:38 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 661C8C14EB17; Wed, 13 Dec 2023 00:38:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MK7X4pVlm3Gp; Wed, 13 Dec 2023 00:38:34 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 772BCC14F5F2; Wed, 13 Dec 2023 00:38:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1702456712; x=1703061512; i=hannes.tschofenig@gmx.net; bh=RdkReZ7+TQeOuguVcvBLwDKOCla322owt2dTwtAUTNg=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=dmiYmG1FuwibZ4iJFAxHSywDyI0m2jk+h93j5ivDqzHoD6RDDVmJl4eZZdCMUkB9 bIBNk4UbfLu5YVP+yz+I/OtrllbcZZbxWrg0XjAEnCTIR/e+yGPl6rM2df1rATaY6 peHur/25ai4rnSKQW6HwCi1m/WTmblTSOwyxMbZERm0XNv0IxGoTE1wSFNqPe1hCf YkYamt2J15giHlXqsV8/wiD00hFbATm08UgYmB6qjpcjL6Hrlix1FiQ4rDELnazWW u9MLglWfMDToIuiN4OC3cX1hh/59DbkgkSpfFelY5sLUOK2m8fheWqmR/K4FzvkzD YwNl/Zq+orrxy+cIOg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([62.156.206.16]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Ml6qM-1rcipQ0kGK-00lVE0; Wed, 13 Dec 2023 09:38:32 +0100
From: hannes.tschofenig@gmx.net
To: suit@ietf.org, teep@ietf.org
Cc: 'Ken Takayama' <ken.takayama.ietf@gmail.com>
Date: Wed, 13 Dec 2023 09:38:30 +0100
Message-ID: <08f701da2d9f$c043a6c0$40caf440$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_08F8_01DA2DA8.22080EC0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdotnTWf34zXQwdNRYqQNq6+t6Xhrg==
Content-Language: de-at
X-Provags-ID: V03:K1:gQ8oZFsOqG2/KC5hUdmAunMIHW/565ei0rtxmIMf9qKuAwC0KEJ C4FRNii33Yxkg8gSH5h2mQR1cdcdDOKoJR2sNyrcdTnXhD+Q7xLofMXzPZTRhOxw9rTjqNq S4SvkhtJNiYj40rn8zeelZXmhgKylbt5V1pRsp5tOws+iGpbbq8hpaW+QJiHH+6+d2GysYH nCgV+XNXzbwfq9Gg9hZoQ==
UI-OutboundReport: notjunk:1;M01:P0:TFbyuIsY+6s=;CYzEnbwPujUg8ub//fhxS29xYi4 xEzbv5Klb3IAu26NtXf4uIkpOm+gCsiITfUpXaw5K9xgWJBH92ORpBj83+yPR/Prn08D7cigK zLxvjEYsq218UiYWrjT+2I/jIfh6trtn+6ouFofLBhkKURXb8+PwizXCpYRltjXf22BoZOQfI yPorYrDeNzGVp/nL3HGFrXuPWKo8Ybr/bjzEvTYWNNqpeX8AGeq2bwLu1iHuZc9q+ZQOxl6sJ lGgUp+JcXB5ZmSa3gnpzXsW6OpWUELg5sPhYz1vh34zvXP+81JkqYYQoX50P1VIiCWke7AJ+d HExRyY7GQgz+XLf4Azzo+A65RUkrqDY+L2rocZHnC1sd+bAoCfsgyoa/V4TKL08/6OQoxxF1B PmB4qcd5Lb5H+BzqaZnNw8Bi2yEzNSbfM5hp88iPB2AWB/HbQG5yBeL9ghBVWmS5N1H7ghmmS c/gvVhkyjs9jPiWXaakTNbrUr+9o8hlJ0x7/vGFyLigOC6o5trpsBJGs25SKtsdlDEJI2ewrx bL+d3IJI4j5WR8k/ommnyh40aPQjlPYky5Kn44XfA83b3gy9r8+vp7R2kNWkkd9+lM3THH1ld CRkXdFh8+NQwAR11dfLtS6KvzAfuSQ6e/cJvGLXqoV1nr+913qBnxhIoAW8UUKVDTotFw80A3 UQ5O5yrwh9LKU+mK6QwSTBKWdG+4bfzd+ib3SR1rLprtWqZ47v5b5nExCJ+WbMVpB3z1DuCHE 9vVGlZj23+/b+cGHzlTdufA9N+fokSSn8IuV77cb746+oaPB5Ks8jHMCEiwoNQgcck/6j7nqA OAsD02yFVjQVpJab8sovOH0m+MFxSDtsIFFLH+6VDyHEbSk/j0UcXDR/7u4EOfOHPsf395ogn xSWlLMBLJ6jy3Vsuj6FTIMYmdwSA25m0B9wuExS12nDI53fC0h86//bCiNI1OZi4KPoLFEIKT K1VX36PaY3GKZIwKNEkF0yQOLrs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/bYFEONtpkhFq7LwLytgb5MK1yPY>
Subject: [Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2023 08:38:40 -0000

Hi all,

 

In the SUIT firmware encryption draft we have so far used ECDH-ES + A128KW, which is also what we implemented in t_cose to generate the examples.

 

In a discussion with Ken today we realized that the SUIT-MTI draft has always used ECDH-ES + HKDF-256 instead.

 

Now, the question is: Should we support both, ECDH-ES + A128KW and ECDH-ES + HKDF-256?

 

IHMO we definitely need AES-KW for scenarios where we encrypt a firmware with a CEK once and then distribute that encrypted firmware image to many recipients. In this case, we 

*	randomly generate a CEK, 
*	encrypt the firmware using this CEK, 
*	encrypt this CEK with a KEY unique per recipient with a KEK. The KEK is the result of using ECDH-ES with an KDF, as described in Section 6.4 of RFC 9053. 

 

For scenarios where we send one firmware image to one recipient we could use ECDH-ES + HKDF-256 and currently we have a little bit of overhead here by using ECDH-ES + A128KW.

 

My preference is to leave the SUIT firmware encryption draft as is and to change the SUIT MTI draft to reference ECDH-ES + A128KW instead of ECDH-ES + HKDF-256.

 

Thoughts?

 

Ciao

Hannes

v2.23.0 | Report a Bug | By Email