draft-ietf-cose-msg-13.txt   draft-ietf-cose-msg-14.txt 
COSE Working Group J. Schaad COSE Working Group J. Schaad
Internet-Draft August Cellars Internet-Draft August Cellars
Intended status: Standards Track June 17, 2016 Intended status: Standards Track June 23, 2016
Expires: December 19, 2016 Expires: December 25, 2016
COSE: A Message Based Security Solution for CBOR CBOR Object Signing and Encryption (COSE)
draft-ietf-cose-msg-13 draft-ietf-cose-msg-14
Abstract Abstract
Concise Binary Object Representation (CBOR) is data format designed Concise Binary Object Representation (CBOR) is data format designed
for small code size and small message size. There is a need for the for small code size and small message size. There is a need for the
ability to have the basic security services defined for this data ability to have the basic security services defined for this data
format. This document defines the CBOR Object Signing and Encyption format. This document defines the CBOR Object Signing and Encyption
(COSE) specification. This specification describes how to create and (COSE) specification. This specification describes how to create and
process signature, message authentication codes and encryption using process signature, message authentication codes and encryption using
CBOR for serialization. This specifiction additionally specifies how CBOR for serialization. This specifiction additionally specifies how
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 19, 2016. This Internet-Draft will expire on December 25, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 47 skipping to change at page 2, line 47
5. Encryption Objects . . . . . . . . . . . . . . . . . . . . . 21 5. Encryption Objects . . . . . . . . . . . . . . . . . . . . . 21
5.1. Enveloped COSE Structure . . . . . . . . . . . . . . . . 21 5.1. Enveloped COSE Structure . . . . . . . . . . . . . . . . 21
5.1.1. Recipient Algorithm Classes . . . . . . . . . . . . . 23 5.1.1. Recipient Algorithm Classes . . . . . . . . . . . . . 23
5.2. Single Recipient Encrypted . . . . . . . . . . . . . . . 24 5.2. Single Recipient Encrypted . . . . . . . . . . . . . . . 24
5.3. Encryption Algorithm for AEAD algorithms . . . . . . . . 24 5.3. Encryption Algorithm for AEAD algorithms . . . . . . . . 24
5.4. Encryption algorithm for AE algorithms . . . . . . . . . 26 5.4. Encryption algorithm for AE algorithms . . . . . . . . . 26
6. MAC Objects . . . . . . . . . . . . . . . . . . . . . . . . . 28 6. MAC Objects . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.1. MACed Message with Recipients . . . . . . . . . . . . . . 28 6.1. MACed Message with Recipients . . . . . . . . . . . . . . 28
6.2. MACed Messages with Implicit Key . . . . . . . . . . . . 29 6.2. MACed Messages with Implicit Key . . . . . . . . . . . . 29
6.3. How to compute and verify a MAC . . . . . . . . . . . . . 30 6.3. How to compute and verify a MAC . . . . . . . . . . . . . 30
7. Key Structure . . . . . . . . . . . . . . . . . . . . . . . . 31 7. Key Objects . . . . . . . . . . . . . . . . . . . . . . . . . 31
7.1. COSE Key Common Parameters . . . . . . . . . . . . . . . 32 7.1. COSE Key Common Parameters . . . . . . . . . . . . . . . 32
8. Signature Algorithms . . . . . . . . . . . . . . . . . . . . 35 8. Signature Algorithms . . . . . . . . . . . . . . . . . . . . 35
8.1. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.1. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.1.1. Security Considerations . . . . . . . . . . . . . . . 37 8.1.1. Security Considerations . . . . . . . . . . . . . . . 37
8.2. Edwards-curve Digital Signature Algorithms (EdDSA) . . . 38 8.2. Edwards-curve Digital Signature Algorithms (EdDSA) . . . 38
8.2.1. Security Considerations . . . . . . . . . . . . . . . 39 8.2.1. Security Considerations . . . . . . . . . . . . . . . 39
9. Message Authentication (MAC) Algorithms . . . . . . . . . . . 39 9. Message Authentication (MAC) Algorithms . . . . . . . . . . . 39
9.1. Hash-based Message Authentication Codes (HMAC) . . . . . 40 9.1. Hash-based Message Authentication Codes (HMAC) . . . . . 40
9.1.1. Security Considerations . . . . . . . . . . . . . . . 41 9.1.1. Security Considerations . . . . . . . . . . . . . . . 41
9.2. AES Message Authentication Code (AES-CBC-MAC) . . . . . . 41 9.2. AES Message Authentication Code (AES-CBC-MAC) . . . . . . 41
skipping to change at page 3, line 33 skipping to change at page 3, line 33
12.1.1. Direct Key . . . . . . . . . . . . . . . . . . . . . 56 12.1.1. Direct Key . . . . . . . . . . . . . . . . . . . . . 56
12.1.2. Direct Key with KDF . . . . . . . . . . . . . . . . 57 12.1.2. Direct Key with KDF . . . . . . . . . . . . . . . . 57
12.2. Key Wrapping . . . . . . . . . . . . . . . . . . . . . . 58 12.2. Key Wrapping . . . . . . . . . . . . . . . . . . . . . . 58
12.2.1. AES Key Wrapping . . . . . . . . . . . . . . . . . . 59 12.2.1. AES Key Wrapping . . . . . . . . . . . . . . . . . . 59
12.3. Key Encryption . . . . . . . . . . . . . . . . . . . . . 60 12.3. Key Encryption . . . . . . . . . . . . . . . . . . . . . 60
12.4. Direct Key Agreement . . . . . . . . . . . . . . . . . . 60 12.4. Direct Key Agreement . . . . . . . . . . . . . . . . . . 60
12.4.1. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 61 12.4.1. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 61
12.4.2. Security Considerations . . . . . . . . . . . . . . 64 12.4.2. Security Considerations . . . . . . . . . . . . . . 64
12.5. Key Agreement with KDF . . . . . . . . . . . . . . . . . 65 12.5. Key Agreement with KDF . . . . . . . . . . . . . . . . . 65
12.5.1. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 65 12.5.1. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 65
13. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 13. Key Object Parameters . . . . . . . . . . . . . . . . . . . . 67
13.1. Elliptic Curve Keys . . . . . . . . . . . . . . . . . . 67 13.1. Elliptic Curve Keys . . . . . . . . . . . . . . . . . . 67
13.1.1. Double Coordinate Curves . . . . . . . . . . . . . . 68 13.1.1. Double Coordinate Curves . . . . . . . . . . . . . . 68
13.2. Octet Key Pair . . . . . . . . . . . . . . . . . . . . . 69 13.2. Octet Key Pair . . . . . . . . . . . . . . . . . . . . . 69
13.3. Symmetric Keys . . . . . . . . . . . . . . . . . . . . . 70 13.3. Symmetric Keys . . . . . . . . . . . . . . . . . . . . . 70
14. CBOR Encoder Restrictions . . . . . . . . . . . . . . . . . . 71 14. CBOR Encoder Restrictions . . . . . . . . . . . . . . . . . . 71
15. Application Profiling Considerations . . . . . . . . . . . . 71 15. Application Profiling Considerations . . . . . . . . . . . . 71
16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73
16.1. CBOR Tag assignment . . . . . . . . . . . . . . . . . . 73 16.1. CBOR Tag assignment . . . . . . . . . . . . . . . . . . 73
16.2. COSE Header Parameters Registry . . . . . . . . . . . . 73 16.2. COSE Header Parameters Registry . . . . . . . . . . . . 73
16.3. COSE Header Algorithm Labels Registry . . . . . . . . . 74 16.3. COSE Header Algorithm Labels Registry . . . . . . . . . 74
skipping to change at page 31, line 32 skipping to change at page 31, line 32
3. Obtain the cryptographic key from one of the recipients of the 3. Obtain the cryptographic key from one of the recipients of the
message. message.
4. Call the MAC creation algorithm passing in K (the key to use), 4. Call the MAC creation algorithm passing in K (the key to use),
alg (the algorithm to MAC with) and ToBeMaced (the value to alg (the algorithm to MAC with) and ToBeMaced (the value to
compute the MAC on). compute the MAC on).
5. Compare the MAC value to the 'tag' field of the COSE_Mac 5. Compare the MAC value to the 'tag' field of the COSE_Mac
structure. structure.
7. Key Structure 7. Key Objects
A COSE Key structure is built on a CBOR map object. The set of A COSE Key structure is built on a CBOR map object. The set of
common parameters that can appear in a COSE Key can be found in the common parameters that can appear in a COSE Key can be found in the
IANA "COSE Key Common Parameters" registry (Section 16.5). IANA "COSE Key Common Parameters" registry (Section 16.5).
Additional parameters defined for specific key types can be found in Additional parameters defined for specific key types can be found in
the IANA "COSE Key Type Parameters" registry (Section 16.6). the IANA "COSE Key Type Parameters" registry (Section 16.6).
A COSE Key Set uses a CBOR array object as its underlying type. The A COSE Key Set uses a CBOR array object as its underlying type. The
values of the array elements are COSE Keys. A Key Set MUST have at values of the array elements are COSE Keys. A Key Set MUST have at
least one element in the array. least one element in the array.
skipping to change at page 67, line 14 skipping to change at page 67, line 14
o If the 'alg' field present, it MUST match the Key Agreement o If the 'alg' field present, it MUST match the Key Agreement
algorithm being used. algorithm being used.
o If the 'key_ops' field is present, it MUST include 'derive key' or o If the 'key_ops' field is present, it MUST include 'derive key' or
'derive bits' for the private key. 'derive bits' for the private key.
o If the 'key_ops' field is present, it MUST be empty for the public o If the 'key_ops' field is present, it MUST be empty for the public
key. key.
13. Keys 13. Key Object Parameters
The COSE_Key object defines a way to hold a single key object. It is The COSE_Key object defines a way to hold a single key object. It is
still required that the members of individual key types be defined. still required that the members of individual key types be defined.
This section of the document is where we define an initial set of This section of the document is where we define an initial set of
members for specific key types. members for specific key types.
For each of the key types, we define both public and private members. For each of the key types, we define both public and private members.
The public members are what is transmitted to others for their usage. The public members are what is transmitted to others for their usage.
Private members allow for the archival of keys by individuals. Private members allow for the archival of keys by individuals.
However, there are some circumstances in which private keys may be However, there are some circumstances in which private keys may be
 End of changes. 7 change blocks. 
9 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/