IETF Logo Mail Archive

Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

"lgl island-resort.com" <lgl@island-resort.com> Wed, 13 December 2023 14:15 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0591EC14F5F1; Wed, 13 Dec 2023 06:15:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93QNQRVUx0CO; Wed, 13 Dec 2023 06:15:41 -0800 (PST)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2129.outbound.protection.outlook.com [40.107.212.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 768AEC14F616; Wed, 13 Dec 2023 06:14:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QzB1Mr2QHJBRBiA9KQp4f1xsX2vi3Wc3mnOFkrRbi04gVy7XkDtKmOssCa4KQ4I6NlajrRrd75r+86sM3GK6sWBdRKRJdV1uTEyk6z4KlJGBObnfruk8vgxiUdgUzsHokObla3tmHWxDfCBHYvRf9RhuoUwlnaHlpvBTwHqY0O93ccGlaa1X1+Kd+ODQpU/qvvf6DQFSAY0AX4RtvnuM13ljsSOR9oK8UeNhfoCmy40ShdCJkbszHHxy7tuctJ6w5QjwqC9eawvYgdI33WDsD5QsUhWAuCLzRJiScKILj1PAxYRSlI0RtsEBvw9Pld+nTyeFq9uQ5nw+/p36AtqhOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sIsHj3K/Kl1MeU3np4YsHMtXrXvQt9v0Qg2Y9ojcr4g=; b=VNokdQyAPjQT0jR8nnGtxLgLN6MuEEgWktF0UmXwvS1Y/0/fZRQDAQMfvVVL1rm+5n95e4WtP3TjoY1q7xU6f+Ji8aZL1b5FhuKDkIhNi1URneRA5YrfAY0aRqUeM1I8Tz+mVG9iiEKcPP4n5zoyjzw5kfanKFSCzRn63WhiW8fI4UfGCVLPMbGn4PhnyLfQRKXMf8q8ZkT/R2fh1odThpUq6k9admk9LUvLSQ/OOsDtxJVgJxPtyZ+fCwETS/nGX9EE6Sz8fENhXhdc0fo+F0TofiyvH72Gzkfar6IX4gC9QHXDE4rwdHejuIeos7RVxyApfG9fOS7wb+U59EcfsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by MW3PR22MB2185.namprd22.prod.outlook.com (2603:10b6:303:49::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.26; Wed, 13 Dec 2023 14:14:49 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::353a:75f1:88a7:5f90]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::353a:75f1:88a7:5f90%6]) with mapi id 15.20.7091.022; Wed, 13 Dec 2023 14:14:49 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>
CC: suit <suit@ietf.org>, teep <teep@ietf.org>, Ken Takayama <ken.takayama.ietf@gmail.com>
Thread-Topic: [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
Thread-Index: AdotnTWf34zXQwdNRYqQNq6+t6XhrgAMYUYA
Date: Wed, 13 Dec 2023 14:14:49 +0000
Message-ID: <2ABAE543-9F71-457B-88C5-2D494A438FFA@island-resort.com>
References: <08f701da2d9f$c043a6c0$40caf440$@gmx.net>
In-Reply-To: <08f701da2d9f$c043a6c0$40caf440$@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|MW3PR22MB2185:EE_
x-ms-office365-filtering-correlation-id: 5e95db9a-e55d-4250-cf72-08dbfbe5ddfd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JjZ1WHMBVBuuEZ6xXETrptVJmx70BwNFQkb/n/LkROrMC+B50sbUcaacwJyhS7B41pROt9XlKMpyAziu2441X1tg6Bgh4H00u6UPxUyf/IlcqIfZ3En3ZN4v4kJWGtkgDnVgT1LWR0+X4vWtzk4o++fnpkd4Enl+pK/Cjy1js3idVXFaWvUhL5Rsha63fUvG8XxN7ibNqOrGVHd9Ow9rybtZYEi4gw1QP899C4xL8PK7QYNTUpSUwbg5goLsrIN5EJHKOScDIqYJjjvmUcVf/ZB2fWfIpcYYDkP9QvA0c4BtOkoZs5CUrM9/OCZCZrrwW8L6cTKzkZ5XpVTsY30ypOB6G91lu68bC6vNZVFGyzOq2TeqNa84eHMQY2B0/XtVCrz9xJ63Hs+QesirvgoDmJP6SpXl2pwxd5muCSe/szkNbgIAo91jg5mL64srtQMf+BbMSFdVJpbLWquNHs5l4th5rqQOWvloumOry5OSzOPhnkTC76BDZCjvnTxTof9r1wG2Hk/6EMq55TNeOnGDu/LU7iLedl7luc74dZGj56/+cBXM3XIdKZuU4mGgA7GRsGzrsq9bNWyP7kyEuo7Pdne2PaaHt3cexXWOUU/qnD0uzSFny5EJzZvn23vLJUmPgHYSjC19EDtSD+3IHvKuGQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(366004)(346002)(39830400003)(136003)(230922051799003)(1800799012)(451199024)(64100799003)(186009)(26005)(6512007)(53546011)(2616005)(6506007)(5660300002)(4326008)(8676002)(8936002)(41300700001)(2906002)(6486002)(966005)(71200400001)(478600001)(64756008)(316002)(54906003)(66946007)(76116006)(66476007)(66556008)(33656002)(36756003)(86362001)(66446008)(122000001)(166002)(38100700002)(38070700009)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: CnYT4AwmZ6Vi2QpazW0CDnJ46f2PBVe0EEm6Bs6B4QUUSKbj1fyGm1fCA8NZ2C63bT5i0mhV19oeBmegE/HlgbIleORMF/Oy5HIXN239i+L0i+nxOWy+vZYCNmv7pZgxgVxF/BzQnnqs9VBe73j+94Nsg/Srk2ITFcDcqntWeLwLpvr57R//2+V0p7NnJedXccLSowMjlhvpk3K0hN3eidQG3EITlpwam9Izq7jXJr9viM8op5xGgi0JqE+qTBLrAL90poayeEOioITwXMq5xDzOYWE5oqZH10rqS/dXJZbxouuCFCHAaFjbgVTO1RYhDZtY5owc3AmRY9KY2MXJXwj/WDW8x6dPcOz6Pw2fqqxzC8BWU3K68yVbgaw8s5GRyngWAFuTQ48eVLX5DZ+D2cTD5RODd7RFejuV4qE49VI1B8xAO2tY310PJFK2JbZ59pMICiu+StX4sLKTNvmepVhqicFN1TzQhIXDcedBYEjsXd0JfNojY+MRsuV0YpEaIVvcBsTreQxBFJ8hg40Vjkhg/GEAHOdtOwQsmZafR37/WQuwp+o410WnIkdvJ3bcYRWvcIfjwYtU5IygJyF1NclLRuOFRIGaOIw/SyB69nmc2UCTttPmS+dh1AxlBApccvy/oIRvO+J5zvkNtpz+CP7OYmz4qBUxGiG169GMfvDsN4lMkLKOsqQW1nQMfDqX0M3QzaF3A5uQu7gsAc2NAXv1PkpNrPzkR7bJl4fFdVlJoIBIKyc9Q+HzRwkkV7DkSTc0Y0eAR8HtCDUzZ7ucOFL0fw2W0F74FQJcMWHUjFGf9ds//jTFsM9P7vQudFORNO4etg2lejAEw49LDYZXt7wH7jap0TqFfbEo+7XN1ieW6nBM9eCrp8+ldbt8xaYclp8Q2zK8jbXam7o7nzTRr+dDdzAqlDqJI2uzNr7MdEAK/iI2idb9nMnLA7ymVE4b/z4dWekoxubEaXqjeMj5HrAh6pdTzUNW1RAgPUYwqNWOmw/qiF9E+ITMxCQJHshDswW7ZWNn4E0N1kNuKD4GZ37UkKGMhydIpTTqVnHpt8zlYoQDUfWrULGLL2G4dM1ioYOxL6PZ/Er0gZJsUpxwrie6bwgQxUo+9GSxJUZ6ezoEl+G3ffZne9yJD32xnqODo26jkmKTl/NiBug5dsvwuZaLM78RUdMc7DantHJbuKHonXa3VSXGk2KnkvuzeSBqT6E5PW2MYvsfqyQlvxFQQ3HbAK5O49MCFT9njawzbP994RBFjJDIpVKOvsm/a/aCHuswXLWKj9aQMaQFwsA+6tgwLBOXcSJDF8EK4YECYtSdxpvYr0AOduDn2ljdK7qjbELJtoInvpCn8qsFhM4F/dTGYi80JqOICYuWVkRuICgPZscLxhbImg94ebigskqPPrLmvwlPoY7dzSUjyT6fXfM76F7dTXWTZVzCv6rRXwsI13xVywSvsw5gVK5d+9NogiuDBnWkejh46IT2sLh30wTSZ7LKSpy/sRm6MzTuwlHXeQOpidc+6bvGSmnZ0Y4XJNIpevrFmkrU53Zjs7qJBb8ImA7S0gIdgBkTA8KDZXFAp6E1aNU5ek2tJRhZ+cytKpn99l4uNvvCPZ964SrFUA==
Content-Type: multipart/alternative; boundary="_000_2ABAE5439F71457B88C52D494A438FFAislandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e95db9a-e55d-4250-cf72-08dbfbe5ddfd
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2023 14:14:49.2995 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kGPajQdbkANdu3zV3PQdh5JH47WR9bVPKA4EbKmtO7dadDVnw2SzemqZlddqa7uTt6rgw5/UQrIUI026oWepLw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR22MB2185
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/cjz9RxaEzGGJJBxxJKWwF4K_w18>
Subject: Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2023 14:15:44 -0000

Unless you can largely rule out use cases that need ECDH-ES + A128KW, it seems better to make it the MTI because it can cover both use cases. ECDH-ES + HKDF-256 can’t cover both use cases.

I don’t think the overhead of ECDH-ES + A128KW is that high. You already have AES for the payload. AES KeyWrap isn’t that complicated so it won’t add that much object code. You are only encrypting one little key, so the CPU and memory overhead isn’t much.

Also, to be clear:
   ECDH-ES + HKDF-256 = RFC 9053 section 6.3, alg id -25
   ECDH-ES + A128KW = RFC 9053 section 6.4, alg id -29

LL


On Dec 13, 2023, at 1:38 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org<mailto:hannes.tschofenig=40gmx.net@dmarc.ietf.org> wrote:

Hi all,

In the SUIT firmware encryption draft we have so far used ECDH-ES + A128KW, which is also what we implemented in t_cose to generate the examples.

In a discussion with Ken today we realized that the SUIT-MTI draft has always used ECDH-ES + HKDF-256 instead.

Now, the question is: Should we support both, ECDH-ES + A128KW and ECDH-ES + HKDF-256?

IHMO we definitely need AES-KW for scenarios where we encrypt a firmware with a CEK once and then distribute that encrypted firmware image to many recipients. In this case, we

  *   randomly generate a CEK,
  *   encrypt the firmware using this CEK,
  *   encrypt this CEK with a KEY unique per recipient with a KEK. The KEK is the result of using ECDH-ES with an KDF, as described in Section 6.4 of RFC 9053.


For scenarios where we send one firmware image to one recipient we could use ECDH-ES + HKDF-256and currently we have a little bit of overhead here by using ECDH-ES + A128KW.

My preference is to leave the SUIT firmware encryption draft as is and to change the SUIT MTI draft to reference ECDH-ES + A128KW instead of ECDH-ES + HKDF-256.

Thoughts?

Ciao
Hannes



_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email