| Network Working Group | M. StJohns |
| Internet-Draft | July 21, 2015 |
| Intended status: Informational | |
| Expires: January 22, 2016 |
Key Derivation Functions with Assignment
draft-stjohns-kdf-with-assignment-00
This document describes a key derivation function (KDF) wrap-around or a meta-KDF that's designed to mix in key assignment parameters to the key stream generation phase. This allows a security module to rely upon and enforce the key assignment parameters during the assigment of key material from the generated key stream to the cryptographic objects.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 22, 2016.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document came about as a result of some analysis by the author of the existing PKCS11 TLS key derivation functions (KDFs). It became apparent that not only were the existing PKCS11 TLS KDF functions severely flawed in that it was possible to extract sensitive key material, but that the actual definition of the TLS key derivation model made it impossible to implement a secure (with regard to key extraction) version of those PKCS11 functions with all current models of KDFs.
Existing KDFs (see for example [SP800-108], [SP800-56C], [RFC5869] and [X9.63]), do an excellent job of producing pseudo-random key streams from a master key and some user supplied mix-in data. Where they fall down is in the assignment of the key stream to cryptographic objects (e.g. keys or public random data such as IVs).
The issue with the above is that the production targets of the KDF call - the specific objects to be produced rather than just the length of the key stream - are not involved in the production of the key stream. That means the keystream does not change with a change in production targets.
In other words, it is possible to run the KDF multiple times with different production targets, the same supplied parameters, and the same master key with the result that different cryptographic objects are constructed from an identical key stream. This is obviously a problem if part of the key stream is assigned in one case to a public object such as an IV, and in another case the same part of the key stream is assigned to an AES key. Note that this is the case for all KDFs used with TLS1.2 ([RFC5246]) and previous versions.
It's also possible to run the KDF multiple times, get the same exact key, but use the key with different modes in ways that can compromise security. In the case of authenticating cryptographic modes such as CCM and GCM vs non-authenticating modes such as Counter, the rules for the authenticating modes require that the plaintext not be released until the message is authenticated. However, it's trivial to use the same key in Counter mode and discard the authentication tag and glean the exact same plain text without every verifying the authentication.
Other issues exist with the use of the same symmetric key both with CMAC and with a key derivation function based on CMAC. The output of CMAC, when not used with a KDF, is a public - an integrity tag. But the direct CMAC mode could be used to replicate the result of using the key with a KDF based on CMAC.
In general, cryptographic guidance is to not use the same key for different purposes. In practice, when such a key is derived from a master secret, or via a key agreement scheme, it's difficult to enforce this guidance. This document describes a scheme which allows for the enforcement of that guidance by the simple expedient of ensuring the key stream changes with any change of mode, key length or key type.
This document uses the term "cryptographic object" to refer to both key material and to other items that various protocols might want to produce from a keyed function. The other various items include at least generic random data and random data that's to be used as an Initialization Vector (IV) or Nonce.
The document is broken up into two different normative parts. The first part is the body of the document which describes the general format for a KDF with assignment, but does not define the on-the-wire, crypto API input values. The second part is Appendix A which defines a concrete set of input values.
This was done somewhat in the same vein as the NIST definition of CBC-MAC Counter Mode (CCM) ([SP800-38C]) where the main body of the document describes the general form of how to use CCM, and where Appendix A of that document defines one specific Nonce formation primitive.
Existing KDFs refer to one or two steps or stages in key derivation: Extraction (which may or may not be present) and expansion. The former is use to extract and concentrate entropy from a master key (and sometime also to provide a length match between the master key and the function used for expansion) and the latter is used to provide a key stream of arbitrary length.
In some KDFs, the extraction phase is subsumed in the key length matching function of the KDF's underlying pseudo-random function. E.g., the description of HMAC provides a means to adapt a key of any length for use with the HMAC function and that adaptation function is computationally similar to that described for discrete expansion functions.
There is a third step - assignment - which is implied, but the process of doing the actual assignment is left as an exercise to the user or protocol designer. This is problematic, as the protocol designer may not realize the implications of this step to the security of keys within a security module. In addition, a security module implementer may have to implement many different assignment functions to satisfy each of the protocol needs.
Existing KDFs have a general model. Specifics will differ, but the calling sequence is similar to:
Note that alternate calling sequences for the above are possible, notably:
But that most KDFs concatenate label and context before input to the underlying pseudo-random function.
This document proposes to wrap the two steps described above into a key derivation construct that adds a mandatory third step: key assignment.
The general form for a KDF with assignment (KDFA) call is:
Where:
Inputs:
Step 0: Select and instantiate an underlying KDF as the key stream generator (KSG).
Step 1:
if required by the KSG then
master_secret = KSG-Extract(master_secret[,seed]);
Step 2:
a) Calculate the length of the key stream to be generated:
L = 0
for (i = 0; i < object_count; i++) {
L += ObjectTemplate[i].length;
}
b) Set up the info field:
// the || operator represents concatenation of the encoded
// bytes of the value
// object_count is the length of the ObjectTemplate[] array and
// represents the number of key templates
// Separator is an optional value - its inclusion is specified by
// the protocol or KDF definition. If present, generally a single
// octet of 0x00.
// Marshall the base mixin data
info = label || [separator ||] user_context;
// Add the count of objects
info = info || object_count;
// append each of the object templates to the info data
for (i = 0; i < object_count; i++) {
info = info || encodeTemplate(ObjectTemplate[i]);
}
c) Calculate the key stream
// key_stream is an array of octets
key_stream = KSG-Expand (master_secret, info, L);
The "encodeTemplate()" function takes an object template and turns it into an array of octets. Each KDFA instantiation specifies the meaning and ordering of octets within the encoding, and specifies the meaning of the values specified for each field within an ObjectTemplate. See Appendix A for a concrete definition of a KDFA for use within IETF specified protocols.
The ordering of subfields within the "info" field are subject to modification by a specific KDFA instantiation. If not otherwise specified, the info field has the ordering specified above and with the inclusion of a single octet of zero as a separator.
Step 3: Assign
// "handles" is an array of cryptographic object handles of
// the same length as ObjectTemplate
ObjectHandles[] handles =
new ObjectHandles[object_count];
offset = 0;
for (i = 0; i < object_count; i++) {
handles[i] =
createObject (key_stream, offset, ObjectTemplate[i]);
offset += ObjectTemplate[i].ObjectLength;
}
The "createObject()" function is expected to create a cryptographic object with attributes as specified or derived from those in the provided ObjectTemplate. In the case of a hardware security module (HSM), the HSM is expected to create an object with enforceable policy based on those attributes. In the case of a software security module, where secret and non-secret data usually share the same memory domain, the attributes tend to be advisory.
Although the ObjectTemplate is specified above as four distinct fields, specific KDFAs may choose to combine one or more of the fields as long as the information about the object type, use mode and length are readily discernable.
For example, a notional KDFA might specify the combination of those three fields into a single field specified by an ASN1 OBJECT IDENTIFIER (OID) which in turn defines the key type, length and use mode: "id-aes-128-ccm: 2.16.840.1.101.3.4.1.7". This notional KDFA might use the ASN1 DER encoding of that OID as the ObjectTemplate mixin data and use a table lookup of the OID to derive object length.
The "ObjectFlags" field may be omitted by any given KDFA. However, as that field provides some information about extractability and sensitivity, such KDFAs might be specified in a manner that does not permit the extraction of produced material from an HSM. This should be discussed by any KDFA definition.
Appendix A provides one concrete definition of the format and meaning of the ObjectTemplate fields for use with IETF protocols.
This document provides a definition of a family of KDFs that allow for the enforcement of policy during the assignment of key material to cryptographic objects. The KDFAs have the property that all of the parameters that describe the derived cryptographic objects are involved in the production of the key stream. That means that any change in the parameters for the cryptographic objects (e.g. length, type, mode, handling restrictions) will result in a change of the complete key stream.
KDFs without this property generally can't prevent the assignment the same key stream material to different cryptographic objects. This can result in weaker protection of the key material.
For example, consider a key stream of 16 octets which is, in one instance. assigned to a single 128 bit AES key and is, in another instance, assigned to two single DES keys. This reduces the brute force attack work factor from a single attack on one 128 bit key into two attacks on 56 bit keys. Once you've recovered the DES keys, you can easily reconstitute the AES key.
If the KDF allows the assigment of some part of the key stream to public data (such as Initialization Vectors) as does the TLS1.2 and earlier KDFs, it's trivial to arrange for part of a putatively secret key to be assigned to the public data.
KDFs with assignment provides a convention for describing a set of values that are involved in both the production of the derived key stream and with the assignment of the keys stream to cryptographic objects. The document does not change any of the underlying cryptographic primitives, but provides a way of ensuring that security modules, especially HSMs can derive objects from key material with enforceable security properties. However, protocols must adopt and define KDFAs in place of their existing KDFs to gain the benefits of this convention.
NIST, in various documents related to key derivation, has prohibited the KDF production of public data (E.g. IVs) from secret key material. That appears to be a necessary restriction since the KDFs specified by NIST do not have an assignment step where the target object parameters and types are mixed into the key stream generation process.
One question for discussion is whether or not the addition of the assignment process described in this document can be used as an argument to remove that restriction. A number of protocols, TLS in particular, have needs for various types of cryptographic material that can be exported from a security module. The author believes the KDFA scheme provides the security guarantees necessary to obviate this restriction.
To be provided. IANA management will be required for the Appendix A values. There are no values in the main body of the document that require IANA management.
This section describes a concrete realization of an KDFA by providing both the encoding process for an ObjectTemplate and providing specific values for the four notional fields of an object template.
An object template consists of the four fields described above and in the order described above, specifically: object type, object mode, object length and object flags.
All four fields are represented as 16 bit unsigned network byte order integers. Object length is specified in octets.
To encode an object template for inclusion in the KSG mixin data, express each field as a two octet network-byte-order integer and concatenate them in order. E.g. to encode a template representing an AES 256 bit CMAC key that is not exportable (AES/CMAC/32/0), you would get (hex): [00 01 00 06 00 20 00 00].
To complete the encoding of the info field of the KDF, concatenate in order the "user_context" data, the number of object template expressed as an unsigned 16 bit network byte order integer, and the encoded object templates in order provided.
The requested key lengths must be compatible with both the key type and mode.
With HMAC and MASTER-HMAC keys, any output length key is acceptable, but shorter keys may be prohibited by security module policy. Note that the extraction step (if any) takes place before (and generally replaces) the normal HMAC key size adjustment step.
With AES-MASTER-CMAC keys, any output key length is acceptable. But note that any length other than 128, 192 and 256 will require an underlying KSG/KDF that has an extraction step. Note this also means the effective security of the KDF is limited to the 128 bit output size of the extraction step.
Master secrets of any type produced by a KDFA compliant with this appendix may only be used with KDFAs of identical formulation (i.e., same underlying KDF and PRF and parameter choices and ordering unless they are produced with the LEGACY usage flag set in the object template.
The object type assignments.
| Mnemonic | Value | Class | Spec. | Notes |
|---|---|---|---|---|
| GENERIC | 0x0000 | Generic | None | Used for any key not otherwised typed |
| AES | 0x0001 | Symmetric | [FIPS197] | Valid with encryption, MAC, master key, and key wrap modes |
| SHA1 | 0x0002 | Hash | [FIPS180] | Valid with MAC and master key modes |
| SHA224 | 0x0003 | Hash | [FIPS180] | Valid with MAC and master key modes |
| SHA256 | 0x0004 | Hash | [FIPS180] | Valid with MAC and master key modes |
| SHA384 | 0x0005 | Hash | [FIPS180] | Valid with MAC and master key modes |
| SHA512 | 0x0006 | Hash | [FIPS180] | Valid with MAC and master key modes |
| Reserved | 0x0007-0x00FF | Symmetric,Hash | Reserved | Reserved for symmetric and hash key types |
| NONCEIV | 0x0100 | Generic | None | Produces random data not meant to be used as key material, generally public/exportable |
| Reserved | 0x0101-0x01FF | Generic | Reserved | Reserved for generic object types |
| ECPRIV | 0x0200 | Private | None | Produces an EC private key using the method described below usable with either ECDH or ECDSA |
| ECDHPRIV | 0x0201 | Private | None | Produces an EC private key using the method described below usable only with ECDH |
| ECDSAPRIV | 0x0202 | Private | None | Produces an EC private key using the method described below usuable only with ECDSA |
| Reserved | 0x0203-0x03FF | Private | Reserved | Reserved for asymmetric key types |
| Reserved | 0x0400-0xFFFF | Any | Reserved | Reserved for future assignment |
Private Elliptic Curve keys may be produced via derivation using the mechanism described in Section B.4.1 of [FIPS186]. Generally, the length of the key to be produced plus 64 bits (i.e., 320 bits for a P256 key) are taken from the derived key stream, expressed as an integer and then taken modulus the prime of the curve. For this KDFA, the ObjectLength term of the private key object is specified as the key length plus 64 bits expressed in terms of complete octets or 40 decimal for a P256 private key.
The key mode assignments. Note that not all combinations are valid with all key types and individual security modules may further restrict valid combinations.
| Mnemonic | Value | Spec | Notes |
|---|---|---|---|
| GENERIC | 0x0000 | None | This data has no enforceable security module mode. Generally only useful in combination with a generic key or a NONCEIV, but could conceivably be used with a symmetric key which can be used with any implemented mode. The use of this mode value with a symmetric key is not recommended and may be prohibited by any given security module. |
| ENCRYPT | 0x0001 | Various | Must be used with a symmetric key object type. Allows the use of any mode permissible for the key type except CMAC or MASTER-CMAC. |
| AEAD | 0x0002 | Various | Must be used with a symmetric key. Allows the use of any AEAD mode. |
| MASTER-CMAC | 0x0003 | Various | Must be used with a symmetric key type that can use CMAC. The key may only be used with CMAC based KDFs |
| MASTER-HMAC | 0x0004 | Various | Must be used with a hash typed object (e.g. SHA1, SHA256 etc). The key may only be used with HMAC based KDFs |
| MASTER-HASH | 0x0005 | Various | Must be used with a hash typed object. The produced key may only be used with hash based KDFs |
| CMAC | 0x0006 | [SP800-38B] [RFC4493] | Must be used with a symmetric key. The produced key may only be used with the CMAC mode. |
| HMAC | 0x0007 | [FIPS198] [RFC2104] | Must be used with a hash key. The produced key may only be used with an HMAC mode consistent with the object type parameter. E.g. if the object type is SHA1, then the permitted mode for the key is HMAC-SHA1 |
| KEYWRAP | 0x0008 | [RFC5649] | Must be used with a symmetric key. The produced key may only be used with the Keywrap mode to wrap other keys. |
| PLACEHOLDER | 0xXXXX | Various | TBD placeholder for other cipher modes such as CCM, GCM, CTR, CBC, etc. |
| Reserved | 0x0009-0x0FFF | None | Reserved for cipher modes |
| ECP256 | 0x1000 | [FIPS186] | May only be used with an EC Private key. Specifies the produced key will be on the NIST P-256 curve. |
| Reserved | 0x1001-0x1FFF | None | Reserved for elliptic curve types |
| Reserved | 0x2000-0x2FFF | None | Reserved for discrete logarithm parameter types |
| Reserved | 0x3000-0xFFFF | None | Reserved for future assignment |
This table specifies a bit mask of options that can modify the handling of a produced object by a security module. Multiple flags (OR'd together) may be specified for any given produced object.
| Mnemonic | Value | Notes |
|---|---|---|
| EXPORTABLE | 0x0001 | This object is exportable from the security module. If the CLEARTXT flag is not also set, this implies that the object is exportable by keywrapping modes only. Use this for objects that are used by other entities. E.g., TLS key exporter keys. |
| CLEARTXT | 0x0002 | This object is non-secret. It may be used in the clear. Use this with GENERIC and NONCEIV to produce initialization vector material. |
| LEGACY | 0x0004 | This flag may only be used with one of the MASTER-* modes. It specifies that the produced key may be used with a KDF that is not a KDFA of this specific type. |
| Reserved | 0xFFF8 | These bits are reserved for future assignment |
An example statement for use with TLS1.3:
An example of how this might be used in TLS follows. It assumes that AES-128-CCM is the negotiated mode and that the CCM nonce is not a fixed value, but also negotiated and has a length of 4 octets. It also assumes that HKDF with SHA256 is being used as the KSG and that the host random is 00 01 02 .. 1F and that the client random is 1F 1E ... 00. Finally, it uses the "key expansion" label.