[Teep] Use of AES-CTR in TEEP?

Dave Thaler <dthaler@microsoft.com> Fri, 06 October 2023 16:29 UTC

From: Dave Thaler <dthaler@microsoft.com>
To: "TEEP@ietf.org" <teep@ietf.org>, "suit@ietf.org" <suit@ietf.org>
CC: Hannes Tschofenig <hannes.tschofenig@gmail.com>
Thread-Topic: Use of AES-CTR in TEEP?
Thread-Index: Adn4ckgIvxtwnCseTReGWgz3PV4GiA==
Date: Fri, 06 Oct 2023 16:29:32 +0000
Message-ID: <PH7PR21MB3878F05953BAF6113F429396A3C9A@PH7PR21MB3878.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=818bb9f9-37c0-4a6b-af83-a3c9e9d386e5; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-10-06T16:18:04Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR21MB3878:EE_|SA3PR21MB3890:EE_
x-ms-office365-filtering-correlation-id: 1505079a-3575-4ef4-efbc-08dbc6896bd3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: j1o1jpudoIDHupv0j/iB0D8CXaYJwNf/NfFxvKgqh0qnYi49le2qlcj9aN9GPhz5pPB1sOyCfXYK0rM/0CPs8LkgYj+thSEvfEsBtubHF4h6oQMYnuSuD9eXemZCIx2NOcxSBthV4Jqyj2HPYu8j+038sbkgLZHu3J0HXxdg441orfWJVSBeg9Rf12CjQPT6AdZC7+IosjI+bIocZmixRkndUBA0ViqW1RzWtoDRjdccDHA9qialiYlhRN6hNBzbqsdiqFCrBC9mDuPqvBO8iJnjurMJVpSocEig9ucRPGJv0GU/RwvAR+AciDhwj31MWJD4t/n4EZKPBz75pIbmPwiyDHoTBWvJKtQkO+opwys4DUxfq8WGKxPE2R/DcuTlkOJ5c3WAKc0iYaZCU1PyKtGJ3R06EOU3APYG5HeE2shmP0i0Hf6n5hTHSllf+YBtVO/vo23FiZMfuOdy9l6cueOK/r7SWQhK8rf3tTJAnXF/ZoTW2vm6/g1+YRrefziLsz0ZBIFo7L+XeS5KUHHAcm+cPOHVTA2WDluRo2LJdMMNdNLgyvHJUSMpvyg3pxjgj81RfMBkFpHMllSv/FxuWIOzMne0F49uvaduN2He5n4kee3b97AZBwKdjH/zbXTUgqgG4g8tpxAWkvN4CyV0iUtqwIZ7hFomCvmuQdbxXncpcgTbKGejKpri7Ept0m0z
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR21MB3878.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(136003)(376002)(346002)(396003)(366004)(230922051799003)(1800799009)(451199024)(64100799003)(186009)(966005)(71200400001)(478600001)(6506007)(7696005)(10290500003)(9686003)(83380400001)(26005)(8936002)(2906002)(8990500004)(41300700001)(316002)(76116006)(110136005)(66946007)(64756008)(66556008)(4326008)(66476007)(66446008)(5660300002)(52536014)(33656002)(8676002)(38070700005)(86362001)(82950400001)(82960400001)(122000001)(38100700002)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZEBTBvf+ynI/RqRQEyEXobUQpSVZc0+7THuLpzTED7E0q4JQvI8AiUtNSxE0GJfd4Nz8yaXM22PqnIvZWMkFCbfTzkZDuAD1vsWz0+M7ZXgqhNKW38kdUonf8E+ZN4eT7aRCv10ZE3byekrsy/zY2bn4eFusjROj7Sr78OTeW5JynmLLNsQ+YCjBlnA3874j0UbbLokKqFvAMAG6gd8+w41iz5zGIYU9h2gL4zLMBFGc9poIr/0R1VCkDtyuVH0ap5MVxAkdlmBTT/lxNeU+rzmybfaA6utoP4oJTd+WiRobyEyV7/lSCU0cQ82r05I/ayzb8OjATlJJ5+S88sSEejcuvi5MkwzfXt8qIRq9Kf4JA/fJwts/2VDVmw43Z/CpXuPiNM+RWsMlqWRgNTz8haSOKKlY5BQl65CymxWJtfWwnXTAGmgRwG+XGteJgNIzoiqYwAOpEWdneD3k0vzk+le2YZwnggsk2PZeRvJItUYj1/jHx7VTR8rB2myYx//qnpHN2VHrCsbUXRY07HNolLIRxR51Z8cKr/1MHe+0VSsdvKPbnnn1kVnvty85evRMUrVdXc0oEecQMITDRN7TPnvPrcXxJ2NC8ZU8PFqOXINGM8FCLuarAcbuI3Lfg6twsNHszDMhtL0VqVSWD2KzN2mWkSLX1MsVThz+4FYXccbyZC29xhq8W8b8u/eitC+kM8FJqkd7HrbpPFW6KJDmWFQt9kryJG9IN9e6tmuquCbYrDdC+5k6sIjx3liEox+JaABXeOowcEKoAuva4KVWa8V7IAdBmRBZL5ukCE6aYdWqhqYjiEhhIoOlS9ThaHRj9uY7uwuAdocRssMXXtXBkMspCpj9aSHp4C02gyRfORccdSVIIgTLpHECsUKN+rBddv8c9WQZq5BnbFRzvId7FhRQGHiYkTj2yK12wvtNPc1D/GEAgFrvrsktobM4jBL0dFA3KpUWVqEUbq+WQ7YHM8QQneJB38YMlekikxwTKTPWvzkucivsHI34GGhvG9b9ry9khgdvF0hDFMRbhTBUHudfczDQwNzGrc6R8NqmSGOkDHMnFAfATTS3p8t+NglrHL1Cpxr0rxEYY0TEXbZprnpx8kL1a1dklhSD0qcCF59VEPUq5msN9GpBfr/4NYwEAPdaQwWdcJzST2GiyqUOsvW2d9TeeWZX7nhtii2zf0fGyzT0F9N42WLO3n6joaPwY3ifY5KHb9ZWDootfeQlCtQGzfgQ4BoLL8cfRP6fdSS5go8fvihbYldeQwwXcv8V+RH01iHHbPsfP4E/04fDHc1Pc0fSYcNpNa3u8VRbVPlmvZcLd+eFMPzffOiZy6kOXxAvplSdgvqbD83E1YsdPyRBg1d/KhtUEqeboiz7Re2gcXbci17/DJyErs0YeFl5vUEpsLI7RPhN7qwrWX7OeJa7F6LQHCQugdfU+ocpG+jDTVEca6H5cKV8l4lGKE9KHD/hA20/JYNkluEezkxa/IG2Wg7VQV4IMPmTKqqoeRZdbJYclFtY9uujrmsVNOKx5l/wTMzwqC1rbZGcCOq162UVZGkwKlcJbyRH5O7XI634lEWbpS3nh8THEl1m1IwzhY2ZGdg3s62i6Ye42dXulg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR21MB3878.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1505079a-3575-4ef4-efbc-08dbc6896bd3
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2023 16:29:32.4296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JpStDvC/xx1UfOUpPv9Ldar88sOe0VfptJ30Okq6ufq6zpO3VYSKAF1MQKoTeSR4EFxo0jBG/mpdl99Kcqj6aZtXmysEl/xdKF+2kCB3Qv4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR21MB3890
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/vhf2_bvxPWOmiREioh52_9Kn6PU>
Subject: [Teep] Use of AES-CTR in TEEP?
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2023 16:29:36 -0000

In the TEEP WG, I believe we had consensus to reuse profiles from draft-ietf-suit-mti
in the TEEP protocol (not just for SUIT manifests).

draft-ietf-suit-mti recently replaced the use of GCM with AES-CTR, and Ken filed
https://github.com/ietf-teep/teep-protocol/issues/356
accordingly, proposing replacing GCM with AES-CTR in TEEP, which we discussed at
the interim last month.  The minutes say at
https://datatracker.ietf.org/meeting/interim-2023-suit-01/materials/minutes-interim-2023-suit-01-202309111500-00:

> Noting: #356, there are no objections to replacing each of them.
> Brendan: for the use case of SUIT (TEEP+RATS), using AES-CTR makes
> sense, but in general, this is not the right mode.
> * https://mailarchive.ietf.org/arch/msg/cose/9smwFXNpbd6Fci8-mIeaT2xPP-E/
> * https://mailarchive.ietf.org/arch/msg/cose/0Dj5yp4mptZUBiw7FWb5PcXGJAg/
> RH: APIs are not supposed to return any plaintext if the integrity check
> fails, so the ability to break the image into chunks is an important
> aspect, so that's why it does not fit into AES-GCM.

However, in a discussion with Hannes this week, he said
> We should not use AES-CTR mode in TEEP. The registration of AES-CTR / AES-CBC in COSE was done
> to support low-end IoT devices that use flash memory. It is not an algorithm that should be used in
> other places where not needed. I don't see a use case for it in TEEP

I look to others to provide guidance here... should we
a) make TEEP and SUIT diverge so that a TEEP implementation has to implement two different things
b) use AES-CTR in TEEP
c) add GCM back to suit-mti
d) something else because Dave is confused :)

Dave

[Teep] Use of AES-CTR in TEEP? Dave Thaler
Re: [Teep] Use of AES-CTR in TEEP? Hannes Tschofenig
Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
Re: [Teep] Use of AES-CTR in TEEP? hannes.tschofenig
Re: [Teep] Use of AES-CTR in TEEP? Dave Thaler
Re: [Teep] Use of AES-CTR in TEEP? Tschofenig, Hannes
Re: [Teep] [Suit] Use of AES-CTR in TEEP? dthaler1968
Re: [Teep] [Suit] Use of AES-CTR in TEEP? Hannes Tschofenig