< draft-hallambaker-mesh-dare-02.txt   draft-hallambaker-mesh-dare-03.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft July 3, 2019 Internet-Draft July 8, 2019
Intended status: Informational Intended status: Informational
Expires: January 4, 2020 Expires: January 9, 2020
Mathematical Mesh 3.0 Part III : Data At Rest Encryption (DARE) Mathematical Mesh 3.0 Part III : Data At Rest Encryption (DARE)
draft-hallambaker-mesh-dare-02 draft-hallambaker-mesh-dare-03
Abstract Abstract
This document describes the Data At Rest Encryption (DARE) Envelope This document describes the Data At Rest Encryption (DARE) Envelope
and Container syntax. and Container syntax.
The DARE Envelope syntax is used to digitally sign, digest, The DARE Envelope syntax is used to digitally sign, digest,
authenticate, or encrypt arbitrary content data. authenticate, or encrypt arbitrary content data.
The DARE Container syntax describes an append-only sequence of The DARE Container syntax describes an append-only sequence of
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2020. This Internet-Draft will expire on January 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 9 skipping to change at page 3, line 9
3.6.1. Field: kwd . . . . . . . . . . . . . . . . . . . . . 20 3.6.1. Field: kwd . . . . . . . . . . . . . . . . . . . . . 20
4. DARE Container Architecture . . . . . . . . . . . . . . . . . 21 4. DARE Container Architecture . . . . . . . . . . . . . . . . . 21
4.1. Container Navigation . . . . . . . . . . . . . . . . . . 21 4.1. Container Navigation . . . . . . . . . . . . . . . . . . 21
4.1.1. Tree . . . . . . . . . . . . . . . . . . . . . . . . 22 4.1.1. Tree . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1.2. Position Index . . . . . . . . . . . . . . . . . . . 22 4.1.2. Position Index . . . . . . . . . . . . . . . . . . . 22
4.1.3. Metadata Index . . . . . . . . . . . . . . . . . . . 22 4.1.3. Metadata Index . . . . . . . . . . . . . . . . . . . 22
4.2. Integrity Mechanisms . . . . . . . . . . . . . . . . . . 23 4.2. Integrity Mechanisms . . . . . . . . . . . . . . . . . . 23
4.2.1. Digest Chain calculation . . . . . . . . . . . . . . 23 4.2.1. Digest Chain calculation . . . . . . . . . . . . . . 23
4.2.2. Binary Merkle tree calculation . . . . . . . . . . . 23 4.2.2. Binary Merkle tree calculation . . . . . . . . . . . 23
4.2.3. Signature . . . . . . . . . . . . . . . . . . . . . . 23 4.2.3. Signature . . . . . . . . . . . . . . . . . . . . . . 23
5. DARE Message Schema . . . . . . . . . . . . . . . . . . . . . 24 5. DARE Schema . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.1. Message Classes . . . . . . . . . . . . . . . . . . . . . 24 5.1. Message Classes . . . . . . . . . . . . . . . . . . . . . 24
5.1.1. Structure: DareMessageSequence . . . . . . . . . . . 24 5.1.1. Structure: DareEnvelopeSequence . . . . . . . . . . . 24
5.2. Header and Trailer Classes . . . . . . . . . . . . . . . 25 5.2. Header and Trailer Classes . . . . . . . . . . . . . . . 25
5.2.1. Structure: DareTrailer . . . . . . . . . . . . . . . 25 5.2.1. Structure: DareTrailer . . . . . . . . . . . . . . . 25
5.2.2. Structure: DareHeader . . . . . . . . . . . . . . . . 25 5.2.2. Structure: DareHeader . . . . . . . . . . . . . . . . 25
5.3. Cryptographic Data . . . . . . . . . . . . . . . . . . . 27 5.3. Cryptographic Data . . . . . . . . . . . . . . . . . . . 27
5.3.1. Structure: DareSigner . . . . . . . . . . . . . . . . 27 5.3.1. Structure: DareSigner . . . . . . . . . . . . . . . . 27
5.3.2. Structure: X509Certificate . . . . . . . . . . . . . 27 5.3.2. Structure: X509Certificate . . . . . . . . . . . . . 27
5.3.3. Structure: DareSignature . . . . . . . . . . . . . . 27 5.3.3. Structure: DareSignature . . . . . . . . . . . . . . 27
5.3.4. Structure: DareRecipient . . . . . . . . . . . . . . 28 5.3.4. Structure: DareRecipient . . . . . . . . . . . . . . 28
6. DARE Container Schema . . . . . . . . . . . . . . . . . . . . 28 6. DARE Container Schema . . . . . . . . . . . . . . . . . . . . 28
6.1. Container Headers . . . . . . . . . . . . . . . . . . . . 28 6.1. Container Headers . . . . . . . . . . . . . . . . . . . . 28
skipping to change at page 17, line 31 skipping to change at page 17, line 31
Encryption and integrity protections MAY be applied to any DARE Encryption and integrity protections MAY be applied to any DARE
Envelope Payload and Annotations. Envelope Payload and Annotations.
The following is an encrypted version of the message shown earlier. The following is an encrypted version of the message shown earlier.
The payload and annotations have both increased in size as a result The payload and annotations have both increased in size as a result
of the block cipher padding. The header now includes Recipients and of the block cipher padding. The header now includes Recipients and
Salt fields to enable the content to be decoded. Salt fields to enable the content to be decoded.
[{ [{
"enc":"A256CBC", "enc":"A256CBC",
"Salt":"EshYX1Y0cYSUq8LfTh4Fvw", "Salt":"1yar8uEuI4EuncLCO3-LKA",
"cty":"application/example-mail", "cty":"application/example-mail",
"Annotations":["iAEBiCAaX0DGhdZpeaC_HL5oQbZ7TotGPzRit2svzpfRfgYX "Annotations":["iAEBiCCKgGLHHsxdpvGblD8DK0T-KwKzBgAgxn-KIysGeu8c
UA", JA",
"iAECiCBQ-Q4zWmIMnNKe9GCufR_6E9iXryHc4hfIMqwBXovfYg", "iAECiCBXxyGLLaAwp2Ors9xUwe-JCJlh8AfWj0bBmEdh2dvTcg",
"iAEDiDCSyMOzrZ6XFn0BUVoHpsG6QQ5ShgUEwL6ru-Ss_UUXc2NFixDt3mCr "iAEDiDBPFSF5bjzBBso_CKuu-4pciBOccVJRBuuQOkhBba9c3h9z0WGCwvZB
w1sHb-r6WY0" 5gXJyhBQH8k"
], ],
"recipients":[{ "recipients":[{
"kid":"MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid":"MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk":{ "epk":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Public":"9RDXSE936LEXqiRd7TDIKp8dqWSlyhe3uxwzZKmdK_U"}}, "Public":"CLChDsgiK_TRwSbNRpRhpWz_ZKU9lPhP_Uol7Su8FAo"}},
"wmk":"sqmCWgeebzKrMa-MuUaj8ddgK3RWayVEt8_-e7PCtFST3g1shucO "wmk":"Hq37806YKSo98_66t02Zw6FTNEtz9mjE923IP5HtLjvsSW5lpT40
7g"} cQ"}
]}, ]},
"_pCLaNXBOTT4rut3TZ9g4fjHeUnuJmQtUJEIqm0BNrwGGcBkchNqeNaF8mu8zMRN "devgznyt0uIljanjJ7CexSww6KxLF_V_blMXS9jyx7UwD8pvaQV-wpiGHz_Od0aS
AzPowgk0xUWMd-YDZmStig" 07AON1He9Zp-KjnlDLsMyg"
] ]
3.4.1. Key Exchange 3.4.1. Key Exchange
The DARE key exchange is based on the JWE key exchange except that The DARE key exchange is based on the JWE key exchange except that
encryption modes are intentionally limited and the output of the key encryption modes are intentionally limited and the output of the key
exchange is the DARE Master Key rather than the Content Encryption exchange is the DARE Master Key rather than the Content Encryption
Key. Key.
A DARE Key Exchange MAY contain any number of Recipient entries, each A DARE Key Exchange MAY contain any number of Recipient entries, each
skipping to change at page 24, line 24 skipping to change at page 24, line 24
If the typ parameter is absent, the value Payload is implied. If the typ parameter is absent, the value Payload is implied.
A frame MAY contain multiple signatures created with the same signing A frame MAY contain multiple signatures created with the same signing
key and different typ values. key and different typ values.
The use of signatures over chain and tree digest values permit The use of signatures over chain and tree digest values permit
multiple frames to be validated using a single signature verification multiple frames to be validated using a single signature verification
operation. operation.
5. DARE Message Schema 5. DARE Schema
A DARE Message consists of a Header, an Enhanced Data Sequence (EDS) A DARE Envelope consists of a Header, an Enhanced Data Sequence (EDS)
and an optional trailer. This section describes the JSON data fields and an optional trailer. This section describes the JSON data fields
used to construct headers, trailers and complete messages. used to construct headers, trailers and complete messages.
Wherever possible, fields from JWE, JWS and JWK have been used. In Wherever possible, fields from JWE, JWS and JWK have been used. In
these cases, the fields have the exact same semantics. Note however these cases, the fields have the exact same semantics. Note however
that the classes in which these fields are presented have different that the classes in which these fields are presented have different
structure and nesting. structure and nesting.
5.1. Message Classes 5.1. Message Classes
A DARE Message contains a single DAREMessageSequence in either the A DARE Message contains a single DAREMessageSequence in either the
JSON or Compact serialization as directed by the protocol in which it JSON or Compact serialization as directed by the protocol in which it
is applied. is applied.
5.1.1. Structure: DareMessageSequence 5.1.1. Structure: DareEnvelopeSequence
A DARE Message containing Header, EDS and Trailer in JSON object A DARE Message containing Header, EDS and Trailer in JSON object
encoding. Since a DAREMessage is almost invariably presented in JSON encoding. Since a DAREMessage is almost invariably presented in JSON
sequence or compact encoding, use of the DAREMessage subclass is sequence or compact encoding, use of the DAREMessage subclass is
preferred. preferred.
Although a DARE Message is functionally an object, it is serialized Although a DARE Message is functionally an object, it is serialized
as an ordered sequence. This ensures that the message header field as an ordered sequence. This ensures that the message header field
will always precede the body in a serialization, this allowing will always precede the body in a serialization, this allowing
processing of the header information to be performed before the processing of the header information to be performed before the
skipping to change at page 34, line 48 skipping to change at page 34, line 48
12. Appendix A: DARE Envelope Examples and Test Vectors 12. Appendix A: DARE Envelope Examples and Test Vectors
13. Test Examples 13. Test Examples
In the following examples, Alice's encryption private key parameters In the following examples, Alice's encryption private key parameters
are: are:
{ {
"PrivateKeyECDH":{ "PrivateKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Private":"pL1Td_SjZbgKQwMkr11GICpVujinWV0VSjHcSpIEdpI"}} "Private":"0010U7hq2doyH5mcAW7IOwSWmtEBOoui0NPjMDWgzhE"}}
Alice's signature private key parameters are: Alice's signature private key parameters are:
{ {
"PrivateKeyECDH":{ "PrivateKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Private":"utQgSqlZkGD_hd-Qm_Kznx-NVZGyLZu3yIjaGGRYg2g"}} "Private":"bg3EBLIPaBnpxrf7EMpTMM205GahpJwwbr-QHhxdkHE"}}
The body of the test message is the UTF8 representation of the The body of the test message is the UTF8 representation of the
following string: following string:
"This is a test long enough to require multiple blocks" "This is a test long enough to require multiple blocks"
The EDS sequences, are the UTF8 representation of the following The EDS sequences, are the UTF8 representation of the following
strings: strings:
"Subject: Message metadata should be encrypted" "Subject: Message metadata should be encrypted"
skipping to change at page 36, line 5 skipping to change at page 36, line 5
"iAECiAoyMDE4LTAyLTAxiAA" "iAECiAoyMDE4LTAyLTAxiAA"
]}, ]},
"VGhpcyBpcyBhIHRlc3QgbG9uZyBlbm91Z2ggdG8gcmVxdWlyZSBtdWx0aXBsZS "VGhpcyBpcyBhIHRlc3QgbG9uZyBlbm91Z2ggdG8gcmVxdWlyZSBtdWx0aXBsZS
BibG9ja3M" BibG9ja3M"
]} ]}
13.3. Encrypted Message 13.3. Encrypted Message
The creator generates a master session key: The creator generates a master session key:
7C 84 59 B5 09 DE 9A 84 AE 15 DC E9 9D 08 1A BB E8 05 EC BE 68 65 64 5C A9 EE EF D7 6C 8A 1D 7F
2A 67 65 F6 FC D5 B4 0F 61 84 75 2C E1 85 C3 06 44 D5 06 7C 19 F4 4C 69 66 06 76 15 17 83 21 E0
For each recipient of the message: For each recipient of the message:
The creator generates an ephemeral key: The creator generates an ephemeral key:
{ {
"PrivateKeyECDH":{ "PrivateKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Private":"LWZrmAXsjR2VVJB4u009kFfI8nTx4awTXqL1HMkgkHk"}} "Private":"w4MGsqG25drlx2c_-kFU0xj3FhOsRH1pZ5b7p_zwbuQ"}}
The key agreement value is calculated: The key agreement value is calculated:
39 16 01 2A 0F 20 0F 6C 53 93 A4 4D 02 89 4F E0 C9 D8 28 3B 0B E6 CD 89 EA 1A B3 27 9A 92 F2 BD
7B 65 F6 C9 CA 25 5D B4 0A 09 3C CD 63 4D E0 73 90 34 A3 F8 2C 60 37 E1 94 91 3A A4 F1 92 2B 55
The key agreement value is used as the input to a HKDF key derivation The key agreement value is used as the input to a HKDF key derivation
function with the info parameter master to create the key used to function with the info parameter master to create the key used to
wrap the master key: wrap the master key:
9F C1 77 32 4F C6 A2 0E B4 B1 FF F8 70 15 E7 1E D0 1A CD 52 28 CA 3F BB FB 1E 3B C7 7C C1 D7 0F
46 4F 5E 5B 16 F0 7E 93 48 CA F5 13 06 8A 06 FE AF B3 5C 3E 29 34 0E 10 DB E0 FC 07 71 CD 83 39
The wrapped master key is: The wrapped master key is:
E4 5D A9 11 B2 B3 F2 F6 68 9A AC F7 C6 A5 22 CD E0 99 45 98 B2 F7 DD B8 F3 C1 DF AC 96 D7 A4 66
F8 A8 5C 8D 6C C6 40 FB 77 90 8F 3E 18 31 F2 14 EB 73 DE BF 94 2E 85 4B 8D 0D 62 DF 63 B0 CE B3
CD 5F 99 75 76 87 88 4C 61 B7 06 1D 15 B4 CC CF
This information is used to calculate the Recipient information shown This information is used to calculate the Recipient information shown
in the example below. in the example below.
To encrypt a message, we first generate a unique salt value: To encrypt a message, we first generate a unique salt value:
21 69 5A 7A 3B 55 B3 64 74 FA 48 FD 9C E2 29 A6 7A FA 51 D6 D9 52 83 FD CD D8 40 77 C6 F9 27 43
The salt value and master key are used to generate the payload The salt value and master key are used to generate the payload
encryption key: encryption key:
80 AA F5 E4 F0 35 74 EB 1A 97 14 43 07 81 14 BE 90 B0 FE BF 81 45 B1 07 2C 93 C5 5D 20 11 E4 C9
2B 7F 5E CC A8 0F 09 ED 2F 00 0F 60 6A 50 13 E0 8D B7 07 CB 14 1E A8 B8 1E 6B DA 77 76 D4 F5 71
Since AES is a block cipher, we also require an initializarion Since AES is a block cipher, we also require an initializarion
vector: vector:
C4 90 BB A0 89 63 A4 E2 C7 75 88 42 60 B6 0B 15 49 B5 07 6F 29 9D 6D 0E 5F 4C 41 58 3D 19 B4 35
The output sequence is the encrypted bytes: The output sequence is the encrypted bytes:
8B 45 26 DD D2 29 48 4B 3B FF 70 81 4F FB 15 27 D6 F8 01 E7 65 86 14 DB 37 91 48 60 5D 94 74 54
A6 CE 37 26 8E 4A D5 93 90 25 91 43 DF CF EF 3B BE 99 62 27 E9 0D BC 12 86 6A 80 DD 91 8F EC D8
44 CA F2 EB 74 F6 DA 69 BB A9 41 2A 01 8D 3C 1B 87 4B 63 22 B1 7F D2 1A A4 DE CD 79 06 1E 8A 75
3E F7 27 EC F9 9A 1E 1E 83 43 60 C6 79 7D 43 54 FD 7C 41 86 0D 72 38 49 F6 3E E5 18 4F B6 21 4A
Since the message is not signed, there is no need for a trailer. The Since the message is not signed, there is no need for a trailer. The
completed message is: completed message is:
{ {
"DareEnvelope":[{ "DareEnvelope":[{
"enc":"A256CBC", "enc":"A256CBC",
"Salt":"IWlaejtVs2R0-kj9nOIppg", "Salt":"evpR1tlSg_3N2EB3xvknQw",
"recipients":[{ "recipients":[{
"kid":"MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid":"MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk":{ "epk":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Public":"caH_trHCVnZAPg0d1fkMruORm-L8vCQVzSiZHrzQ6ao"}}, "Public":"3slijATJracBxS1kJK9NkmM_OQt5AiVaKbUbhrDy2fg"}},
"wmk":"5F2pEbKz8vZomqz3xqUizfioXI1sxkD7d5CPPhgx8hTNX5l1do "wmk":"4JlFmLL33bjzwd-sltekZutz3r-ULoVLjQ1i32OwzrNhtwYdFb
eITA"} TMzw"}
]}, ]},
"i0Um3dIpSEs7_3CBT_sVJ6bONyaOStWTkCWRQ9_P7ztEyvLrdPbaabupQSoBjT "1vgB52WGFNs3kUhgXZR0VL6ZYifpDbwShmqA3ZGP7NiHS2MisX_SGqTezXkGHo
wbPvcn7PmaHh6DQ2DGeX1DVA" p1_XxBhg1yOEn2PuUYT7YhSg"
]} ]}
13.4. Signed Message 13.4. Signed Message
Signed messages specify the digest algorithm to be used in the header Signed messages specify the digest algorithm to be used in the header
and the signature value in the trailer. Note that the digest and the signature value in the trailer. Note that the digest
algorithm is not optional since it serves as notice that a decoder algorithm is not optional since it serves as notice that a decoder
should digest the payload value to enable signature verification. should digest the payload value to enable signature verification.
{ {
"DareEnvelope":[{ "DareEnvelope":[{
"dig":"S512"}, "dig":"S512"},
"VGhpcyBpcyBhIHRlc3QgbG9uZyBlbm91Z2ggdG8gcmVxdWlyZSBtdWx0aXBsZS "VGhpcyBpcyBhIHRlc3QgbG9uZyBlbm91Z2ggdG8gcmVxdWlyZSBtdWx0aXBsZS
BibG9ja3M", BibG9ja3M",
{ {
"signatures":[{ "signatures":[{
"signature":"-O-Wb7Pi2APad40loUjY9Nt752eEUap6h3QlbRc91Env "signature":"QDHtlnTnraUhIMSgsMwW8JRgE7o_HhDGq4aIPdIsrGml
pLa0yIBVKdjhA6NZy4h3j7HyavbmpGsfrOYfntEOAg"} xCwcuiF827rAOURqmzr3075d8gcMpRtteL2uD6szAQ"}
], ],
"PayloadDigest":"raim8SV5adPbWWn8FMM4mrRAQCO9A2jZ0NZAnFXWlG0x "PayloadDigest":"raim8SV5adPbWWn8FMM4mrRAQCO9A2jZ0NZAnFXWlG0x
F6sWGJbnKSdtIJMmMU_hjarlIPEoY3vy9UdVlH5KAg"} F6sWGJbnKSdtIJMmMU_hjarlIPEoY3vy9UdVlH5KAg"}
]} ]}
13.5. Signed and Encrypted Message 13.5. Signed and Encrypted Message
A signed and encrypted message is encrypted and then signed. The A signed and encrypted message is encrypted and then signed. The
signer proves knowledge of the payload plaintext by providing the signer proves knowledge of the payload plaintext by providing the
plaintext witness value. plaintext witness value.
{ {
"DareEnvelope":[{ "DareEnvelope":[{
"enc":"A256CBC", "enc":"A256CBC",
"dig":"S512", "dig":"S512",
"Salt":"XaMZ2mkbCFsiS4CAH_gbfA", "Salt":"2zyk-tgQTd-vxOSoOMOMNQ",
"recipients":[{ "recipients":[{
"kid":"MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid":"MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk":{ "epk":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Public":"PSPSJGaCeiMsolP05AHVYhHU5Mb_ss-6V2fxWPM76Fw"}}, "Public":"muIeuoJKt-QBiPgmKYJkqvzlvybdidxnQ3EVfPLHOGc"}},
"wmk":"F4lY4Yi3d0Og3NoUh_VzFeumhFGaBn0mNana3GjbUlSkqCjacx "wmk":"eTMPAU1wLBdh0dBzuZeF6nk-FdN6pTRtMREz3mXeEGGfjgszti
u3_Q"} PITA"}
]}, ]},
"5VCyJCXq1a7wRcoLgfqQgagkjLV9k-ljRBZ217R2iLH4WaDTUZI8i2_iBBz-Sf "9OfYXx5QpJVmbXAi0pgNkdaaR4OglRj35POxKjBN_aZzMF76TGcTjb7AbuKh55
BDiikJ_JTaQuOyHDVAw8nLgQ", E0xQQNU10FgUksT7_5ScxQeQ",
{ {
"signatures":[{ "signatures":[{
"signature":"DTLadbjNopoWfY0vf8lTwqkH_fNuw_4h7TqJaj74n0S4 "signature":"rSHVYYUXKXQY2zxQ6xGqUYJmcAgbkWZjMk3hMYtTukBp
3dYktssoBSix917VX2xDBdRyEn8Khmd3-ba627tBBw", 0mrVgaQSVzHOOWmTCi2Z8xcNG8vfXAV8faZr7BNNBA",
"witness":"lXO0qec5JKM4M5tAUT1nkEgKyZEZkL0ccn4pL8Cm4hc"} "witness":"2j4zKpLY9PFBuIsnthlnKHZ4CIn9gZO9OrMwou6ZjRA"}
], ],
"PayloadDigest":"20QMWpBwQmKnIEPaGGw_M9w6WKnowSzPZLXWz5MSClRr "PayloadDigest":"fURpTxrZtuUDppoecrmr5xvSolZr2EsfZeIqhKDp7RII
vYOqYDQJkozNfM3uUwZq2PFnLNEnbWNGbbbiH8YQ-w"} VxOlmSIri2JFgDxvVIXs49KbCTIS7hRn2_rxDUVtMw"}
]} ]}
14. Appendix B: DARE Container Examples and Test Vectors 14. Appendix B: DARE Container Examples and Test Vectors
The data payloads in all the following examples are identical, only The data payloads in all the following examples are identical, only
the authentication and/or encryption is different. the authentication and/or encryption is different.
o Frame 1..n consists of 300 bytes being the byte sequence 00, 01, o Frame 1..n consists of 300 bytes being the byte sequence 00, 01,
02, etc. repeating after 256 bytes. 02, etc. repeating after 256 bytes.
skipping to change at page 43, line 13 skipping to change at page 43, line 13
Z0mdr65Ka-HF0Qx8gg_DAoiJwUrwADDXyxVJOg"} Z0mdr65Ka-HF0Qx8gg_DAoiJwUrwADDXyxVJOg"}
14.4. Signed container 14.4. Signed container
The following example shows a tree container with a signature in the The following example shows a tree container with a signature in the
final record. The signing key parameters are: final record. The signing key parameters are:
{ {
"PrivateKeyECDH":{ "PrivateKeyECDH":{
"crv":"Ed25519", "crv":"Ed25519",
"Private":"utQgSqlZkGD_hd-Qm_Kznx-NVZGyLZu3yIjaGGRYg2g"}} "Private":"bg3EBLIPaBnpxrf7EMpTMM205GahpJwwbr-QHhxdkHE"}}
The container headers and trailers are: The container headers and trailers are:
Frame 0 Frame 0
{ {
"Index": 0, "Index": 0,
"ContainerType": "Merkle", "ContainerType": "Merkle",
"ContentMeta": {}, "ContentMeta": {},
"DataEncoding": "JSON"} "DataEncoding": "JSON"}
skipping to change at page 44, line 15 skipping to change at page 44, line 15
14.5. Encrypted container 14.5. Encrypted container
The following example shows a container in which all the frame The following example shows a container in which all the frame
payloads are encrypted under the same master secret established in a payloads are encrypted under the same master secret established in a
key agreement specified in the first frame. key agreement specified in the first frame.
Frame 0 Frame 0
{ {
"enc": "A256CBC", "enc": "A256CBC",
"Salt": "VDnGR20aCOw81vKkoZ1B3g", "Salt": "VUkvKcUljfhCXRdwOIUKXw",
"recipients": [{ "recipients": [{
"kid": "MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid": "MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk": { "epk": {
"PublicKeyECDH": { "PublicKeyECDH": {
"crv": "Ed25519", "crv": "Ed25519",
"Public": "1LsW7q7UM_dlcglNPDTl7FQCQJ_ygPB-eRRLJ9U_KJE"}}, "Public": "uQ_tso7yyIfT_iWkKF99RdyT2nr09AMFsBunz_Nn1Rs"}},
"wmk": "yOMdZnE4OoZrkBmjvhow6O7NxH3L_RGg3RMwS1pAiIg4nIYelqEl3Q"}], "wmk": "Vf7Bm8mlfaCVHCw2WQKVap6gqEQNUs8a6crfVUSocZf1p3h8fwQXag"}],
"Index": 0, "Index": 0,
"ContainerType": "List", "ContainerType": "List",
"ContentMeta": {}, "ContentMeta": {},
"DataEncoding": "JSON"} "DataEncoding": "JSON"}
[Empty trailer] [Empty trailer]
Frame 1 Frame 1
{ {
"enc": "A256CBC", "enc": "A256CBC",
"Salt": "qlf6ppXoDFgb_sYaXehrRQ", "Salt": "TiYLR8rcEcQ5PBo9sfFxOA",
"Index": 1} "Index": 1}
[Empty trailer] [Empty trailer]
Frame 2 Frame 2
{ {
"enc": "A256CBC", "enc": "A256CBC",
"Salt": "d7UNbWSW49p6jd-xt9aQHw", "Salt": "6uLkyxmQXH9RpSvzSoLvcw",
"Index": 2} "Index": 2}
[Empty trailer] [Empty trailer]
Here are the container bytes. Note that the content is now encrypted Here are the container bytes. Note that the content is now encrypted
and has expanded by 25 bytes. These are the salt (16 bytes), the AES and has expanded by 25 bytes. These are the salt (16 bytes), the AES
padding (4 bytes) and the JSON-B framing (5 bytes). padding (4 bytes) and the JSON-B framing (5 bytes).
f5 01 c0 f5 01 c0
f1 01 ab f1 01 ab
skipping to change at page 45, line 36 skipping to change at page 45, line 36
"ContainerType": "List", "ContainerType": "List",
"ContentMeta": {}, "ContentMeta": {},
"DataEncoding": "JSON"} "DataEncoding": "JSON"}
[Empty trailer] [Empty trailer]
Frame 1 Frame 1
{ {
"enc": "A256CBC", "enc": "A256CBC",
"Salt": "APYGT9HjAI6C5ju7Q1ls4A", "Salt": "e0YcTvqJes01YzetVlqGHw",
"recipients": [{ "recipients": [{
"kid": "MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid": "MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk": { "epk": {
"PublicKeyECDH": { "PublicKeyECDH": {
"crv": "Ed25519", "crv": "Ed25519",
"Public": "Ral0xlpE8Oj_2pZQjGSDXanH1oML4ERA84Xep8hR98k"}}, "Public": "nSY_Igk_Z206hWsJlRDoqqVvPuzlQgErXoysr-PQAFg"}},
"wmk": "IzFcpxJRo2q2N_SaEdVj17pJAF4cDThgLy4X9xv99IKcorXvKYbuwQ"}], "wmk": "ph6_MrXLOAikbkk7yaIQA-tmqe2yecNC0b0P_1_ANpVo06bFDlQr6Q"}],
"Index": 1} "Index": 1}
[Empty trailer] [Empty trailer]
Frame 2 Frame 2
{ {
"enc": "A256CBC", "enc": "A256CBC",
"Salt": "Evqro4DJy6USJcuI0lLp3w", "Salt": "jtPTRwi1Kgfem7JHLavl2A",
"recipients": [{ "recipients": [{
"kid": "MBNZ-GJFZ-OLGQ-Q6J6-OAGS-JYLE-OQNH", "kid": "MBNC-3DR6-VILB-CGQL-BEB7-55EU-EZZY",
"epk": { "epk": {
"PublicKeyECDH": { "PublicKeyECDH": {
"crv": "Ed25519", "crv": "Ed25519",
"Public": "QrWpxH4l_RCs7LMVbd8G6iv4yeq-Wr5NlKinvhEvUKE"}}, "Public": "FqsZguMDMTkqTtIgQ5gPJwHyltHKZUl4Z4BTBfSiUt4"}},
"wmk": "D9fWgLeROP5erSODAjXhm1RAtmFIGH3-neXcMEIjPOxHsjyFF-iR9w"}], "wmk": "JY_GaZkr7LdSCuYwYH7zB0tesLouy2wu7tBwwUChnqfZ828XUELUYg"}],
"Index": 2} "Index": 2}
[Empty trailer] [Empty trailer]
15. Appendix C: Previous Frame Function 15. Appendix C: Previous Frame Function
public long PreviousFrame (long Frame) { public long PreviousFrame (long Frame) {
long x2 = Frame + 1; long x2 = Frame + 1;
long d = 1; long d = 1;
skipping to change at page 47, line 36 skipping to change at page 47, line 36
17. References 17. References
17.1. Normative References 17.1. Normative References
[draft-hallambaker-jsonbcd] [draft-hallambaker-jsonbcd]
Hallam-Baker, P., "Binary Encodings for JavaScript Object Hallam-Baker, P., "Binary Encodings for JavaScript Object
Notation: JSON-B, JSON-C, JSON-D", draft-hallambaker- Notation: JSON-B, JSON-C, JSON-D", draft-hallambaker-
jsonbcd-14 (work in progress), April 2019. jsonbcd-14 (work in progress), April 2019.
[draft-hallambaker-mesh-architecture] [draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh Part I: Architecture Hallam-Baker, P., "Mathematical Mesh 3.0 Part I:
Guide", draft-hallambaker-mesh-architecture-07 (work in Architecture Guide", draft-hallambaker-mesh-
progress), April 2019. architecture-08 (work in progress), July 2019.
[draft-hallambaker-mesh-security] [draft-hallambaker-mesh-security]
Hallam-Baker, P., "Mathematical Mesh Part VII: Security Hallam-Baker, P., "Mathematical Mesh Part VII: Security
Considerations", draft-hallambaker-mesh-security-00 (work Considerations", draft-hallambaker-mesh-security-00 (work
in progress), April 2019. in progress), April 2019.
[draft-hallambaker-mesh-udf] [draft-hallambaker-mesh-udf]
Hallam-Baker, P., "Mathematical Mesh Part II: Uniform Data Hallam-Baker, P., "Mathematical Mesh 3.0 Part II: Uniform
Fingerprint.", draft-hallambaker-mesh-udf-02 (work in Data Fingerprint.", draft-hallambaker-mesh-udf-03 (work in
progress), April 2019. progress), July 2019.
[IANAJOSE] [IANAJOSE]
"[Reference Not Found!]". "[Reference Not Found!]".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997. DOI 10.17487/RFC2119, March 1997.
[RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax
Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998. Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998.
 End of changes. 50 change blocks. 
83 lines changed or deleted 83 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/