Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore COSE Algorithms registrations #24

Merged
merged 2 commits into from
Oct 15, 2024
Merged

Restore COSE Algorithms registrations #24

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
30d1fa3
Restore COSE Algorithms registrations
emlun Oct 15, 2024
7aed36f
Note that two-party alg IDs should eventually move
emlun Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 75 additions & 15 deletions draft-bradleylundberg-cfrg-arkg.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -939,7 +939,8 @@ An ARKG public seed is represented as a COSE_Key structure [RFC9052]
with `kty` value TBD (placeholder value -65537).
This key type defines key type parameters -1 and -2 for the `BL` and `KEM` public key, respectively.

The `alg` parameter defines the `alg` parameter of ARKG derived public keys derived from this ARKG public seed.
The `alg` parameter, when present,
defines the `alg` parameter of ARKG derived public keys derived from this ARKG public seed.

The following CDDL [RFC8610] example represents an `ARKG-P256ADD-ECDH` public seed
restricted to generating derived public keys for use with the ESP256 [fully-spec-algs] signature algorithm:
Expand Down Expand Up @@ -975,18 +976,20 @@ restricted to generating derived public keys for use with the ESP256 [fully-spec
The following is the same example encoded as CBOR:

~~~
h'a50139fbb402582060b6dfddd31659598ae5de49acb220d8704949e84d484b68
344340e2565337d2032820a40102200121582069380fc1c3b09652134feefba6
1776f97af875ce46ca20252c4165102966ebc52258208b515831462ccb0bd55c
ba04bfd50da63faf18bd845433622daf97c06a10d0f121a4010220012158205c
099bec31faa581d14e208250d3ffda9ec7f543043008bc84967a8d875b5d7822
5820539d57429fcb1c138da29010a155dca14566a8f55ac2f1780810c49d4ed7
2d58'
h'a5013a0001000002582060b6dfddd31659598ae5de49acb220d8704949e84d48
4b68344340e2565337d2032820a40102200121582069380fc1c3b09652134fee
fba61776f97af875ce46ca20252c4165102966ebc52258208b515831462ccb0b
d55cba04bfd50da63faf18bd845433622daf97c06a10d0f121a4010220012158
205c099bec31faa581d14e208250d3ffda9ec7f543043008bc84967a8d875b5d
78225820539d57429fcb1c138da29010a155dca14566a8f55ac2f1780810c49d
4ed72d588'
~~~


## COSE key reference types {#cose-key-refs}

TODO: This should eventually move to a separate "algoritm IDs for two-party signing" spec, see: [](https://mailarchive.ietf.org/arch/msg/cose/BjIO9qDNbuVinxAph7F-Z88GpFY/)

While keys used by many other algorithms can usually be referenced by a single atomic identifier,
such as that used in the `kid` parameter in a COSE_Key object or in the unprotected header of a COSE_Recipient,
users of the function `ARKG-Derive-Secret-Key` need to represent
Expand All @@ -1013,7 +1016,7 @@ and restricted for use with the ESP256 [fully-spec-algs] signature algorithm:
; kid: Opaque identifier of ARKG-pub
2: h'60b6dfddd31659598ae5de49acb220d8
704949e84d484b68344340e2565337d2',
3: -9, ; alg: ESP256
3: -65539, ; alg: ESP256-ARKG

; ARKG-P256ADD-ECDH key handle
; (HMAC-SHA-256-128 followed by
Expand All @@ -1032,10 +1035,11 @@ and restricted for use with the ESP256 [fully-spec-algs] signature algorithm:
The following is the same example encoded as CBOR:

~~~
h'a40139fbb502582060b6dfddd31659598ae5de49acb220d8704949e84d484b68
344340e2565337d20328205851ae079e9c52212860678a7cee25b6a6d4048219
d973768f8e1adb8eb84b220b0ee3a2532828b9aa65254fe3717a29499e9baee7
0cea75b5c8a2ec2eb737834f7467e37b3254776f65f4cfc81e2bc4747a84'
h'a5013a0001000102582060b6dfddd31659598ae5de49acb220d8704949e84d48
4b68344340e2565337d2033a00010002205851ae079e9c52212860678a7cee25
b6a6d4048219d973768f8e1adb8eb84b220b0ee3a2532828b9aa65254fe3717a
29499e9baee70cea75b5c8a2ec2eb737834f7467e37b3254776f65f4cfc81e2b
c4747a842158184578616d706c65206170706c69636174696f6e20696e666f'
~~~


Expand Down Expand Up @@ -1090,6 +1094,8 @@ $COSE_kty_ref /= -2 ; Value TBD

## COSE Key Type Parameters Registrations

TODO: These should eventually move to a separate "algoritm IDs for two-party signing" spec, see: [](https://mailarchive.ietf.org/arch/msg/cose/BjIO9qDNbuVinxAph7F-Z88GpFY/)

This section registers the following values in the IANA "COSE Key Type Parameters" registry [IANA.COSE].

- Key Type: TBD (ARKG-pub, placeholder -65537)
Expand Down Expand Up @@ -1121,6 +1127,61 @@ This section registers the following values in the IANA "COSE Key Type Parameter
- Reference: {{cose-key-refs}} of this document


## COSE Algorithms Registrations

TODO: These should eventually move to a separate "algoritm IDs for two-party signing" spec, see: [](https://mailarchive.ietf.org/arch/msg/cose/BjIO9qDNbuVinxAph7F-Z88GpFY/)

This section registers the following values in the IANA "COSE Algorithms" registry [IANA.COSE].

- Name: ESP256-ARKG
- Value: TBD (Placeholder -65539)
- Description: ESP256 with key derived by ARKG-P256ADD-ECDH
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [fully-spec-algs], {{ARKG-P256ADD-ECDH}} of this document
- Recommended: Yes

- Name: ESP384-ARKG
- Value: TBD (Placeholder -65540)
- Description: ESP384 with key derived by ARKG-P384ADD-ECDH
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [fully-spec-algs], {{ARKG-P384ADD-ECDH}} of this document
- Recommended: Yes

- Name: ESP512-ARKG
- Value: TBD (Placeholder -65541)
- Description: ESP512 with key derived by ARKG-P521ADD-ECDH
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [fully-spec-algs], {{ARKG-P521ADD-ECDH}} of this document
- Recommended: Yes

- Name: ES256K-ARKG
- Value: TBD (Placeholder -65542)
- Description: ES256K with key derived by ARKG-P256kADD-ECDH
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [RFC8812], {{ARKG-P256kADD-ECDH}} of this document
- Recommended: Yes

- Name: Ed25519-ARKG
- Value: TBD (Placeholder -65543)
- Description: Ed25519 with key derived by ARKG-edwards25519ADD-X25519
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [fully-spec-algs], {{ARKG-edwards25519ADD-X25519}} of this document
- Recommended: Yes

- Name: Ed448-ARKG
- Value: TBD (Placeholder -65544)
- Description: Ed448 with key derived by ARKG-edwards448ADD-X448
- Capabilities: \[kty\]
- Change Controller: TBD
- Reference: [fully-spec-algs], {{ARKG-edwards448ADD-X448}} of this document
- Recommended: Yes


# Design rationale

## Using a MAC {#design-rationale-mac}
Expand Down Expand Up @@ -1206,7 +1267,6 @@ TODO
- Renamed section "Using HMAC to adapt a KEM without {integrity protection => ciphertext integrity}".
- Fixed info argument to HMAC in section "Using HMAC to adapt a KEM without ciphertext integrity".
- Added reference to Shoup for definition of key encapsulation mechanism.
- Added CDDL definition of COSE_Key_Ref.
- Added CDDL definition of COSE_Key_Ref
- Editorial fixes to references.
- Renamed proposed COSE Key Types.
- Removed proposed COSE Algorithms registrations.
Loading