Skip to content

Commit

Permalink
Merge pull request #39 from ietf-scitt/artart-34
Browse files Browse the repository at this point in the history
"message imprint" coherency
  • Loading branch information
henkbirkholz authored Jan 9, 2025
2 parents dfa812a + e57dac2 commit 48121c6
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
2 changes: 1 addition & 1 deletion ascii-art/ctt-alt.ascii-art
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
| +---------------+------------' | | | |
| | | | .+. |
| v .---------. | | | L | Clock |
| .---------. .----. | message | | | '+' |
| .---------. .----. | Message | | | '+' |
| | Sign1 +->+ hash +->+ Imprint +-------->| | |
| '-+-------' '----' '---------' | | v |
| | .-------. | | .---------. |
Expand Down
2 changes: 1 addition & 1 deletion ascii-art/ttc-alt.ascii-art
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
| / private-key / | nonce +-------->+ / private-key / |
| '-+-----------' '-------' | | '------+------' |
| | .---------. | | | |
| | .-------. .----. | message | | | | |
| | .-------. .----. | Message | | | | |
| | + datum +->+ hash +->+ Imprint +------->+ .+. |
| | '-+-----' '----' '---------' | | | L | Clock |
| | | | | '+' |
Expand Down
14 changes: 7 additions & 7 deletions draft-birkholz-cose-tsa-tst-header-parameter.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,6 @@ A signed COSE message is then built as follows:
* The obtained timestamp token is added to the protected headers,
* The original datum becomes the payload of the signed COSE message.

The message imprint sent to the TSA ({{Section 2.4 of -TSA}}) MUST be the hash of the payload field of the COSE signed object.

~~~ aasvg
{::include ascii-art/ttc-alt.ascii-art}
~~~
Expand Down Expand Up @@ -140,15 +138,17 @@ The `3161-ttc` COSE _protected_ header parameter MUST be used for the mode descr

The `3161-ttc` protected header parameter contains a DER-encoded RFC3161 TimeStampToken wrapped in a CBOR byte string (Major type 2).

The MessageImprint sent to the TSA ({{Section 2.4 of -TSA}}) MUST be the hash of the payload field of the COSE signed object.

To minimize dependencies, the hash algorithm used for signing the COSE message SHOULD be the same as the algorithm used in the RFC3161 MessageImprint.

## `3161-ctt` {#sec-tst-hdr-ctt}

The `3161-ctt` COSE _unprotected_ header parameter MUST be used for the mode described in {{sec-cose-then-timestamp}}.

The message imprint sent in the request to the TSA MUST be either:
The MessageImprint sent in the request to the TSA MUST be:

* the hash of the signature field of the `COSE_Sign1` message.
* the hash of the signature field of the `COSE_Sign1` message, or
* the hash of the signatures field of the `COSE_Sign` message.

In either case, to minimize dependencies, the hash algorithm SHOULD be the same as the algorithm used for signing the COSE message.
Expand All @@ -160,10 +160,10 @@ The `3161-ctt` unprotected header parameter contains a DER-encoded RFC3161 TimeS

RFC 3161 timestamp tokens use CMS as signature envelope format.
{{-CMS}} provides the details about signature verification, and {{-TSA}} provides the details specific to timestamp token validation.
The payload of the signed timestamp token is the TSTInfo structure defined in {{-TSA}}, which contains the message imprint that was sent to the TSA.
The hash algorithm is contained in the message imprint structure, together with the hash itself.
The payload of the signed timestamp token is the TSTInfo structure defined in {{-TSA}}, which contains the MessageImprint that was sent to the TSA.
The hash algorithm is contained in the MessageImprint structure, together with the hash itself.

As part of the signature verification, the receiver MUST make sure that the message imprint in the embedded timestamp token matches a hash of either the payload, signature, or signature fields, depending on the mode of use and type of COSE structure.
As part of the signature verification, the receiver MUST make sure that the MessageImprint in the embedded timestamp token matches a hash of either the payload, signature, or signature fields, depending on the mode of use and type of COSE structure.

{{Appendix B of -TSA}} provides an example that illustrates how timestamp tokens can be used to verify signatures of a timestamped message when utilizing X.509 certificates.

Expand Down

0 comments on commit 48121c6

Please sign in to comment.