Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Mohit Sethi M <mohit.m.sethi@ericsson.com> Tue, 05 January 2021 16:14 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC2283A0E44; Tue, 5 Jan 2021 08:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.612
X-Spam-Level:
X-Spam-Status: No, score=-2.612 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLw5r5oy2EZq; Tue, 5 Jan 2021 08:14:00 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2086.outbound.protection.outlook.com [40.107.21.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E302E3A0DFB; Tue, 5 Jan 2021 08:13:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gkxNViqaPJdl8JvK+CDRcOluLdwZOps+a8VWEa8JpR28FyrZNv+s3HgKGT5/T43DCmxIkscvzs66Qzjj1PQ3I9G9qFKHZFKKdl4UDDETo2FHpuU+DrMVRtpz2UwoqVugOvNlzlaa7BK1Bql5WFLDlWJsHatQKIM0JJd98XpAH8PCd1XXxVcAUzD/PscxFjJWYzVPHR7Y6qKVyKXi7EeeWY8mk46dcCYA7thDKseC7CIfrzELZAoEY1x6V5/eKkJN9P7uJydMAgE18Mzu6gIglfW4y+bJJa6Chsg9tAZcqXVLGsDPeHEbEZfGn7cdNi9FDh5LCfHtpxoIGOQWe7W2Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9dtd6LM4nVcXkbnn8D8/rwxZ17RRwkNRX3tDm3Eax4U=; b=EjSXIFgSx8TQqhnhJOhb6+2JQ3FytvWzeYP0Zfc3sZdkTSZLtHJQLVZMJNyd78ybxj3DxIaQJ93m0B4TM1yEeRzHMy6El/49knTvPi8zMHCBEmIYQmKgYfBknLanOaiVkdCOPjGS2ZvdLN9t2FalXR6P/BngicckAHq35EtaSIGkaq5UXh7ZqKloFsNsmpAb2T2/PHAkaguqHcLx6RZY8ZHITxp18eB5sHXMO1BFWNHucacpuwW+Gn9ky2GUnvbtnMTwwVTjEhC6X3qqu8bXORmrCGu2Z9B8lah+3pb/2ukXGMFCKsPMpZVS0va6+eqgSG48uIz3U/j4yQWyomGNvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9dtd6LM4nVcXkbnn8D8/rwxZ17RRwkNRX3tDm3Eax4U=; b=YT9c5kdWOtwSWDNVkUsbf0Ha/SMEYPrJyK7k3b6vpdA+HG7M+iARXkJ/+EPKTnUEk660A0xnCC8YwYDorbtHgQmDsJpJB5fjHTBsW3UDEhiXczS0XnrtI2KTB+nMY4ov9Oiqsv7XcyPYXnsn2cT1XMmafZTSFOP0GXJL/9elN2M=
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com (2603:10a6:3:70::13) by HE1PR0702MB3563.eurprd07.prod.outlook.com (2603:10a6:7:80::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4; Tue, 5 Jan 2021 16:13:56 +0000
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7]) by HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7%12]) with mapi id 15.20.3742.006; Tue, 5 Jan 2021 16:13:56 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Alan DeKok <aland@deployingradius.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>
CC: Benjamin Kaduk <kaduk@mit.edu>, "tls@ietf.org" <tls@ietf.org>, EMU WG <emu@ietf.org>
Thread-Topic: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
Thread-Index: AQHW433EhC0VQoQD00eQIvj4fWSy5A==
Date: Tue, 5 Jan 2021 16:13:56 +0000
Message-ID: <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com>
References: <160815821055.25925.15897627611548078426@ietfa.amsl.com> <20201216223842.GR64351@kduck.mit.edu> <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com> <A4BBA31B-8754-4D8C-B0F1-D1C6C859F6AE@deployingradius.com> <CAOgPGoBvBzhA0q4gFqpFSm2HkAs6NoyLc6RVZYLtTYsNd02i8A@mail.gmail.com> <e669002f-caff-1e6e-e28b-d09157eb0c07@ericsson.com> <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com>
In-Reply-To: <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: deployingradius.com; dkim=none (message not signed) header.d=none;deployingradius.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [188.67.160.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 434bdf7e-6ffc-4b1e-4d17-08d8b194e754
x-ms-traffictypediagnostic: HE1PR0702MB3563:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0702MB35634349F4FA19CFF13C91F0D0D10@HE1PR0702MB3563.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fVwotrFSUFAVv8EOrM7LWOkVEptHTDfADaa4Sy+HN16EvIz7zETWEJDCN5Tv+X+HwHrpQJuE3QqzoRG02mSTrK06zLXhBIlCHrYfue5lXLK4eIfTbvb1rvFyL4VPXYkwsJnEHTM8zV/dZOIQV4LNfIeZUVNEqvIRYrTLwyqyvmPRj3o6+plPG9CUiqT9uETWZtfMQBp4QVNK6o8vBcrTrav6UX/X1Kkr/a9mP57OrlOzlDxOtYV5m3unwyD11foj65OpU6GkQIO0l4pmT8CleloEesBs38naO1PPo/0kIRcsrbWddPfX6nSEEny/g8jRZfiEVXhZiRt6FdwWUNYCJT2oaMufgBXF3XwkXAuP9zfA0sqq+43a7t42mDi/Ls2X3iV9fDnHX0Rdu5Q1bgkJJrCwgP0+bL0ntrZ5uoUAX0nQQR0PVm1fTgtJx71YVNkAPa7AYqoVSrYEkU3tdd9jLBPC0aqBN+zGhWmoRqz16fY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2394.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6512007)(6506007)(26005)(186003)(71200400001)(86362001)(31686004)(6486002)(36756003)(8936002)(2906002)(8676002)(31696002)(64756008)(76116006)(66446008)(66946007)(66556008)(66476007)(5660300002)(2616005)(498600001)(110136005)(4326008)(54906003)(45980500001)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?eC9Gc2NUS1lRYTF2aEtyYTZQZThHanE5elFFMVJzMjdHUXhhais2QzZIejNN?= =?utf-8?B?N3U2cERHOVdYTVBVdVVRMEZzZzRILzNlVGQ1M2UrTDJES0ZPOXlGeVRQVi9j?= =?utf-8?B?cXpoeER0L1dFMS90cjNOQWlVVEplK05VQmpaWEJFQlVaWkU3R3JYN0M0ek9i?= =?utf-8?B?WDY5UFduTUZjdW9WbnVqelBZWWZ1RzN5S3gzMFIzRkNPNDRmbWxxQ0d5b1dy?= =?utf-8?B?c2s5YnlBSm56cnI3RTBEaG12NG8vOStVTXpqSElXamZ5YTRtaFRHQVF6bFNR?= =?utf-8?B?WEU1RVBkQVJwcnhtcEx0Y0x0NTExYUR5Z21vYjR4b3ppMUt2ZFFoRjVkZTFZ?= =?utf-8?B?d2ZVQ2VNT2VDMi9nK0NPTGVNTFZnbmk4Smt6dG8wd3hObzJrbWZCMVptRjVy?= =?utf-8?B?S1ZqYkh1d1dqcmhwMVNpNWZlRTNCL0JMSjg3dHBNMnJ2VzRwYnNCSTFhUmpo?= =?utf-8?B?UnNBQllqSjBWV29udjA1blovUlkzb2RhdlZtVkhiSGVTNXFhT2tnQ2Yyd1Br?= =?utf-8?B?NSt1OTFGY3BIMTRnYi9kczVXblJkMGhGS1BpTlJqSjFOaVkrckxYZ1huVHBZ?= =?utf-8?B?QzN3RkVJeXRENlNJZXQwSTF4c3U5SlhybHpNaHp4NExmbE4zU0l1S3ljVllL?= =?utf-8?B?bVRGUEcyam1BUlJWRG5KVUllMmd4ZWVrN1JlaG1KS2plZEE1dXoyYVY3Q1pI?= =?utf-8?B?dkVpSnR0SkVzeTR6dUdIWTNKRTdpU2JOLzlBdld2SnNRaklhcEI5ZmRjeG5Z?= =?utf-8?B?bjdON3Y0bFJ0enZZaElSWnBPK3pQb1k2R3RuR3Q5UTBEZFlKc29QTzNXQ05O?= =?utf-8?B?ZC9sL2hRT2RZcndlYnRueEE1Z2M2SzhWUDl4czZOTEFlci9uVCtlVWJDVGsz?= =?utf-8?B?Q0ltUC8wMzdmVlk3VmZCK2k3MzlERHNmWitVNGcxRjM5WHlncy8yM1FuVEwr?= =?utf-8?B?aVlIcmtJQUxncVNhYzNRSkxYZFF5SUg1VUNlSFkvZWpEVWtZMmh2ZGh3VFBE?= =?utf-8?B?dXlLL0xjOUIrR2J5eUt5UkFYQmZLMUJxeVFvREpWaVBweWxERlQxNFhCZmhQ?= =?utf-8?B?WUZQVE9IV2pNN09oY0M1c3hmRjM2TWFnWkNyTzRPMEFRVFFWb3NxRmVFQXN4?= =?utf-8?B?TFd3cTd5YmkxNko4SjEvWDVPaVRSK1NzQUJGTVpTaTY1ekQxV2FsWlBzNStw?= =?utf-8?B?UDdoNXpodGJsaDVJNVJRTndyQnl5MnFFTXlvTk5WOWVZSTJjTGRCUXRDUGVw?= =?utf-8?B?QUs0VXptNTFvL1lSZytjdTRwUWJZdGVkbnVwUk5XTWRrNXZCVWtWTTVwaVdm?= =?utf-8?Q?a0OgbdsmuaiVw=3D?=
Content-Type: multipart/alternative; boundary="_000_9ddd15933131f5ccd0db74bf3db697bfericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2394.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 434bdf7e-6ffc-4b1e-4d17-08d8b194e754
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2021 16:13:56.6453 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4F6VDRcsXgvom4sd/OqcYfA4jO9fznu30yZnKooYThUNVG9VFPNtinu28WAesjgSAGqL+BS/xrIRFDJ6VVvJVCC336NLf+GsTwfu+FoKnlo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3563
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SJHho42H_umrwFRJps4JGfgpYiY>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 16:14:02 -0000

Hi Alan,

Cleaning up the email. The current draft says the exporter should be called once as:

   Key_Material = TLS-Exporter("EXPORTER_EAP_TLS_Key_Material",
                               Type-Code, 128)

and then split the 128 into MSK (64) and EMSK (64). As said, from initial glance, it seems the exporter is called twice (once in eap_tls_get_emsk and once in eap_tls_getKey). Both the calls are with exactly the same context, context length, and labels. In getKey, the EMSK parts are cleared with

os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);

while in get_emsk, they are read with

                os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
                                  EAP_EMSK_LEN);

Maybe we can live with this. But if exporter is called twice, we should use different labels as suggested by Martin?

Regarding the Enc-Recv-Key and Enc-Send-Key, you obviously know more. I was thrown off by Joe's comment "The mechanism for splitting the MSK into Enc-RECV-Key and Enc-SNED-Key I believe is only used in specific legacy cases (WEP, MPPE?)" and the fact that other EAP methods only export MSK. Other EAP methods leave it to the AAA architecture for splitting up the MSK. Why should EAP-TLS be different?

--Mohit