RFC 9053 | COSE Algorithms | July 2021 |
Schaad | Informational | [Page] |
Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).¶
This document is not an Internet Standards Track specification; it is published for informational purposes.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9053.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
There has been an increased focus on small, constrained devices that make up the Internet of Things (IoT). One of the standards that has come out of this process is "Concise Binary Object Representation (CBOR)" [RFC8949]. CBOR extended the data model of JavaScript Object Notation (JSON) [STD90] by allowing for binary data, among other changes. CBOR is being adopted by several of the IETF working groups dealing with the IoT world as their method of encoding data structures. CBOR was designed specifically to be small in terms of both messages transported and implementation size and be a schema-free decoder. A need exists to provide message security services for IoT, and using CBOR as the message-encoding format makes sense.¶
The core COSE specification consists of two documents. [RFC9052] contains the serialization structures and the procedures for using the different cryptographic algorithms. This document provides an initial set of algorithms for use with those structures.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In this document, we use the following terminology:¶
The term "byte string" is used for sequences of bytes, while the term "text string" is used for sequences of characters.¶
The tables for algorithms contain the following columns:¶
Additional columns may be present in a table depending on the algorithms.¶
At the time that [RFC8152] was initially published, the CBOR Data Definition Language (CDDL) [RFC8610] had not yet been published. This document uses a variant of CDDL that is described in [RFC9052].¶
A GitHub project has been created at [GitHub-Examples] that contains a set of testing examples as well. Each example is found in a JSON file that contains the inputs used to create the example, some of the intermediate values that can be used for debugging, and the output of the example. The results are encoded using both hexadecimal and CBOR diagnostic notation format.¶
Some of the examples are designed to test the failure case; these are clearly marked as such in the JSON file. If errors in the examples in this document are found, the examples on GitHub will be updated, and a note to that effect will be placed in the JSON file.¶
Section 8.1 of [RFC9052] contains a generic description of signature algorithms. The document defines signature algorithm identifiers for two signature algorithms.¶
The Elliptic Curve Digital Signature Algorithm (ECDSA) [DSS] defines a signature algorithm using Elliptic Curve Cryptography (ECC). Implementations SHOULD use a deterministic version of ECDSA such as the one defined in [RFC6979]. The use of a deterministic signature algorithm allows systems to avoid relying on random number generators in order to avoid generating the same value of "k" (the per-message random value). Biased generation of the value "k" can be attacked, and collisions of this value lead to leaked keys. It additionally allows performing deterministic tests for the signature algorithm. The use of deterministic ECDSA does not lessen the need to have good random number generation when creating the private key.¶
The ECDSA signature algorithm is parameterized with a hash function (h). In the event that the length of the hash function output is greater than the group of the key, the leftmost bytes of the hash output are used.¶
The algorithms defined in this document can be found in Table 1.¶
Name | Value | Hash | Description |
---|---|---|---|
ES256 | -7 | SHA-256 | ECDSA w/ SHA-256 |
ES384 | -35 | SHA-384 | ECDSA w/ SHA-384 |
ES512 | -36 | SHA-512 | ECDSA w/ SHA-512 |
This document defines ECDSA as working only with the curves P-256, P-384, and P-521. This document requires that the curves be encoded using the "EC2" (two coordinate elliptic curve) key type. Implementations need to check that the key type and curve are correct when creating and verifying a signature. Future documents may define it to work with other curves and points in the future.¶
In order to promote interoperability, it is suggested that SHA-256 be used only with curve P-256, SHA-384 be used only with curve P-384, and SHA-512 be used with curve P-521. This is aligned with the recommendation in Section 4 of [RFC5480].¶
The signature algorithm results in a pair of integers (R, S). These integers will be the same length as the length of the key used for the signature process. The signature is encoded by converting the integers into byte strings of the same length as the key size. The length is rounded up to the nearest byte and is left padded with zero bits to get to the correct length. The two integers are then concatenated together to form a byte string that is the resulting signature.¶
Using the function defined in [RFC8017], the signature is:¶
Signature = I2OSP(R, n) | I2OSP(S, n)¶
where n = ceiling(key_length / 8)¶
When using a COSE key for this algorithm, the following checks are made:¶
The security strength of the signature is no greater than the minimum of the security strength associated with the bit length of the key and the security strength of the hash function.¶
Note: Use of a deterministic signature technique is a good idea even when good random number generation exists. Doing so both reduces the possibility of having the same value of "k" in two signature operations and allows for reproducible signature values, which helps testing. There have been recent attacks involving faulting the device in order to extract the key. This can be addressed by combining both randomness and determinism [CFRG-DET-SIGS].¶
There are two substitution attacks that can theoretically be mounted against the ECDSA signature algorithm.¶
[RFC8032] describes the elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). In that document, the signature algorithm is instantiated using parameters for edwards25519 and edwards448 curves. The document additionally describes two variants of the EdDSA algorithm: Pure EdDSA, where no hash function is applied to the content before signing, and HashEdDSA, where a hash function is applied to the content before signing and the result of that hash function is signed. For EdDSA, the content to be signed (either the message or the prehash value) is processed twice inside of the signature algorithm. For use with COSE, only the pure EdDSA version is used. This is because it is not expected that extremely large contents are going to be needed and, based on the arrangement of the message structure, the entire message is going to need to be held in memory in order to create or verify a signature. Therefore, there does not appear to be a need to be able to do block updates of the hash, followed by eliminating the message from memory. Applications can provide the same features by defining the content of the message as a hash value and transporting the COSE object (with the hash value) and the content as separate items.¶
The algorithm defined in this document can be found in Table 2. A single signature algorithm is defined, which can be used for multiple curves.¶
Name | Value | Description |
---|---|---|
EdDSA | -8 | EdDSA |
[RFC8032] describes the method of encoding the signature value.¶
When using a COSE key for this algorithm, the following checks are made:¶
Public values are computed differently in EdDSA and Elliptic Curve Diffie-Hellman (ECDH); for this reason, the public key should not be used with the other algorithm.¶
If batch signature verification is performed, a well-seeded cryptographic random number generator is REQUIRED (Section 8.2 of [RFC8032]). Signing and nonbatch signature verification are deterministic operations and do not need random numbers of any kind.¶
Section 9.2 of [RFC9052] contains a generic description of MAC algorithms. This section defines the conventions for two MAC algorithms.¶
HMAC [RFC2104] [RFC4231] was designed to deal with length extension attacks. The algorithm was also designed to allow new hash algorithms to be directly plugged in without changes to the hash function. The HMAC design process has been shown to be solid; although the security of hash algorithms such as MD5 has decreased over time, the security of HMAC combined with MD5 has not yet been shown to be compromised [RFC6151].¶
The HMAC algorithm is parameterized by an inner and outer padding, a hash function (h), and an authentication tag value length. For this specification, the inner and outer padding are fixed to the values set in [RFC2104]. The length of the authentication tag corresponds to the difficulty of producing a forgery. For use in constrained environments, we define one HMAC algorithm that is truncated. There are currently no known issues with truncation; however, the security strength of the message tag is correspondingly reduced in strength. When truncating, the leftmost tag-length bits are kept and transmitted.¶
The algorithms defined in this document can be found in Table 3.¶
Name | Value | Hash | Tag Length | Description |
---|---|---|---|---|
HMAC 256/64 | 4 | SHA-256 | 64 | HMAC w/ SHA-256 truncated to 64 bits |
HMAC 256/256 | 5 | SHA-256 | 256 | HMAC w/ SHA-256 |
HMAC 384/384 | 6 | SHA-384 | 384 | HMAC w/ SHA-384 |
HMAC 512/512 | 7 | SHA-512 | 512 | HMAC w/ SHA-512 |
Some recipient algorithms transport the key, while others derive a key from secret data. For those algorithms that transport the key (such as AES Key Wrap), the size of the HMAC key SHOULD be the same size as the output of the underlying hash function. For those algorithms that derive the key (such as ECDH), the derived key MUST be the same size as the underlying hash function.¶
When using a COSE key for this algorithm, the following checks are made:¶
Implementations creating and validating MAC values MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
HMAC has proved to be resistant to attack even when used with weakened hash algorithms. The current best known attack is to brute force the key. This means that key size is going to be directly related to the security of an HMAC operation.¶
AES-CBC-MAC is defined in [MAC]. (Note that this is not the same algorithm as AES Cipher-Based Message Authentication Code (AES-CMAC) [RFC4493].)¶
AES-CBC-MAC is parameterized by the key length, the authentication tag length, and the Initialization Vector (IV) used. For all of these algorithms, the IV is fixed to all zeros. We provide an array of algorithms for various key and tag lengths. The algorithms defined in this document are found in Table 4.¶
Name | Value | Key Length | Tag Length | Description |
---|---|---|---|---|
AES-MAC 128/64 | 14 | 128 | 64 | AES-MAC 128-bit key, 64-bit tag |
AES-MAC 256/64 | 15 | 256 | 64 | AES-MAC 256-bit key, 64-bit tag |
AES-MAC 128/128 | 25 | 128 | 128 | AES-MAC 128-bit key, 128-bit tag |
AES-MAC 256/128 | 26 | 256 | 128 | AES-MAC 256-bit key, 128-bit tag |
Keys may be obtained from either a key structure or a recipient structure. Implementations creating and validating MAC values MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
A number of attacks exist against Cipher Block Chaining Message Authentication Code (CBC-MAC) that need to be considered.¶
Section 9.3 of [RFC9052] contains a generic description of content encryption algorithms. This document defines the identifier and usages for three content encryption algorithms.¶
The Galois/Counter Mode (GCM) is a generic AEAD block cipher mode defined in [AES-GCM]. The GCM is combined with the AES block encryption algorithm to define an AEAD cipher.¶
The GCM is parameterized by the size of the authentication tag and the size of the nonce. This document fixes the size of the nonce at 96 bits. The size of the authentication tag is limited to a small set of values. For this document, however, the size of the authentication tag is fixed at 128 bits.¶
The set of algorithms defined in this document is in Table 5.¶
Name | Value | Description |
---|---|---|
A128GCM | 1 | AES-GCM w/ 128-bit key, 128-bit tag |
A192GCM | 2 | AES-GCM w/ 192-bit key, 128-bit tag |
A256GCM | 3 | AES-GCM w/ 256-bit key, 128-bit tag |
Keys may be obtained from either a key structure or a recipient structure. Implementations that are encrypting and decrypting MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
When using AES-GCM, the following restrictions MUST be enforced:¶
Consideration was given to supporting smaller tag values; the constrained community would desire tag sizes in the 64-bit range. Such use drastically changes both the maximum message size (generally not an issue) and the number of times that a key can be used. Given that Counter with CBC-MAC (CCM) is the usual mode for constrained environments, restricted modes are not supported.¶
CCM is a generic authentication encryption block cipher mode defined in [RFC3610]. The CCM mode is combined with the AES block encryption algorithm to define a commonly used content encryption algorithm used in constrained devices.¶
CCM mode has two parameter choices. The first choice is M, the size of the authentication field. The choice of the value for M involves a trade-off between message growth (from the tag) and the probability that an attacker can undetectably modify a message. The second choice is L, the size of the length field. This value requires a trade-off between the maximum message size and the size of the nonce.¶
It is unfortunate that the specification for CCM specified L and M as a count of bytes rather than a count of bits. This leads to possible misunderstandings where AES-CCM-8 is frequently used to refer to a version of CCM mode where the size of the authentication is 64 bits and not 8 bits. These values have traditionally been specified as bit counts rather than byte counts. This document will follow the convention of using bit counts so that it is easier to compare the different algorithms presented in this document.¶
We define a matrix of algorithms in this document over the values of L and M. Constrained devices are usually operating in situations where they use short messages and want to avoid doing recipient-specific cryptographic operations. This favors smaller values of both L and M. Less-constrained devices will want to be able to use larger messages and are more willing to generate new keys for every operation. This favors larger values of L and M.¶
The following values are used for L:¶
The following values are used for M:¶
Name | Value | L | M | Key Length | Description |
---|---|---|---|---|---|
AES-CCM-16-64-128 | 10 | 16 | 64 | 128 | AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce |
AES-CCM-16-64-256 | 11 | 16 | 64 | 256 | AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce |
AES-CCM-64-64-128 | 12 | 64 | 64 | 128 | AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce |
AES-CCM-64-64-256 | 13 | 64 | 64 | 256 | AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce |
AES-CCM-16-128-128 | 30 | 16 | 128 | 128 | AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce |
AES-CCM-16-128-256 | 31 | 16 | 128 | 256 | AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce |
AES-CCM-64-128-128 | 32 | 64 | 128 | 128 | AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce |
AES-CCM-64-128-256 | 33 | 64 | 128 | 256 | AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce |
Keys may be obtained from either a key structure or a recipient structure. Implementations that are encrypting and decrypting MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
When using AES-CCM, the following restrictions MUST be enforced:¶
[RFC3610] additionally calls out one other consideration of note. It is possible to do a precomputation attack against the algorithm in cases where portions of the plaintext are highly predictable. This reduces the security of the key size by half. Ways to deal with this attack include adding a random portion to the nonce value and/or increasing the key size used. Using a portion of the nonce for a random value will decrease the number of messages that a single key can be used for. Increasing the key size may require more resources in the constrained device. See Sections 5 and 10 of [RFC3610] for more information.¶
ChaCha20 and Poly1305 combined together is an AEAD mode that is defined in [RFC8439]. This is an algorithm defined to be a cipher that is not AES and thus would not suffer from any future weaknesses found in AES. These cryptographic functions are designed to be fast in software-only implementations.¶
The ChaCha20/Poly1305 AEAD construction defined in [RFC8439] has no parameterization. It takes as inputs a 256-bit key and a 96-bit nonce, as well as the plaintext and additional data, and produces the ciphertext as an option. We define one algorithm identifier for this algorithm in Table 7.¶
Name | Value | Description |
---|---|---|
ChaCha20/Poly1305 | 24 | ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag |
Keys may be obtained from either a key structure or a recipient structure. Implementations that are encrypting and decrypting MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
The key and nonce values MUST be a unique pair for every invocation of the algorithm. Nonce counters are considered to be an acceptable way of ensuring that they are unique.¶
A more recent analysis in [ROBUST] indicates that the number of failed decryptions needs to be taken into account as part of determining when a key rollover is to be done. Following the recommendation of for DTLS, the number of failed message decryptions should be limited to 236.¶
[RFC9001] recommends that no more than 224.5 messages be encrypted under a single key.¶
Section 9.4 of [RFC9052] contains a generic description of key derivation functions. This document defines a single context structure and a single KDF. These elements are used for all of the recipient algorithms defined in this document that require a KDF process. These algorithms are defined in Sections 6.1.2, 6.3.1, and 6.4.1.¶
The HKDF key derivation algorithm is defined in [RFC5869] and [HKDF].¶
The HKDF algorithm takes these inputs:¶
HKDF is defined to use HMAC as the underlying PRF. However, it is possible to use other functions in the same construct to provide a different KDF that is more appropriate in the constrained world. Specifically, one can use AES-CBC-MAC as the PRF for the expand step, but not for the extract step. When using a good random shared secret of the correct length, the extract step can be skipped. For the AES algorithm versions, the extract step is always skipped.¶
The extract step cannot be skipped if the secret is not uniformly random -- for example, if it is the result of an ECDH key agreement step. This implies that the AES HKDF version cannot be used with ECDH. If the extract step is skipped, the "salt" value is not used as part of the HKDF functionality.¶
The algorithms defined in this document are found in Table 8.¶
Name | PRF | Description |
---|---|---|
HKDF SHA-256 | HMAC with SHA-256 | HKDF using HMAC SHA-256 as the PRF |
HKDF SHA-512 | HMAC with SHA-512 | HKDF using HMAC SHA-512 as the PRF |
HKDF AES-MAC-128 | AES-CBC-MAC-128 | HKDF using AES-MAC as the PRF w/ 128-bit key |
HKDF AES-MAC-256 | AES-CBC-MAC-256 | HKDF using AES-MAC as the PRF w/ 256-bit key |
Name | Label | Type | Algorithm | Description |
---|---|---|---|---|
salt | -20 | bstr | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Random salt |
The context information structure is used to ensure that the derived keying material is "bound" to the context of the transaction. The context information structure used here is based on that defined in [SP800-56A]. By using CBOR for the encoding of the context information structure, we automatically get the same type and length separation of fields that is obtained by the use of ASN.1. This means that there is no need to encode the lengths for the base elements, as it is done by the encoding used in JSON Object Signing and Encryption (JOSE) (Section 4.6.2 of [RFC7518]).¶
The context information structure refers to PartyU and PartyV as the two parties that are doing the key derivation. Unless the application protocol defines differently, we assign PartyU to the entity that is creating the message and PartyV to the entity that is receiving the message. By defining this association, different keys will be derived for each direction, as the context information is different in each direction.¶
The context structure is built from information that is known to both entities. This information can be obtained from a variety of sources:¶
Name | Label | Type | Algorithm | Description |
---|---|---|---|---|
PartyU identity | -21 | bstr | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party U identity information |
PartyU nonce | -22 | bstr / int | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party U provided nonce |
PartyU other | -23 | bstr | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party U other provided information |
PartyV identity | -24 | bstr | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party V identity information |
PartyV nonce | -25 | bstr / int | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party V provided nonce |
PartyV other | -26 | bstr | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Party V other provided information |
We define a CBOR object to hold the context information. This object is referred to as COSE_KDF_Context. The object is based on a CBOR array type. The fields in the array are:¶
This field holds information about PartyU. The PartyUInfo is encoded as a CBOR array. The elements of PartyUInfo are encoded in the order presented below. The elements of the PartyUInfo array are:¶
This contains the identity information for PartyU. The identities can be assigned in one of two manners. First, a protocol can assign identities based on roles. For example, the roles of "client" and "server" may be assigned to different entities in the protocol. Each entity would then use the correct label for the data it sends or receives. The second way for a protocol to assign identities is to use a name based on a naming system (i.e., DNS or X.509 names).¶
We define an algorithm parameter, "PartyU identity", that can be used to carry identity information in the message. However, identity information is often known to be part of the protocol and can thus be inferred rather than made explicit. If identity information is carried in the message, applications SHOULD have a way of validating the supplied identity information. The identity information does not need to be specified and is set to nil in that case.¶
This contains a nonce value. The nonce can be either implicit from the protocol or carried as a value in the unprotected header bucket.¶
We define an algorithm parameter, "PartyU nonce", that can be used to carry this value in the message; however, the nonce value could be determined by the application and the value determined from elsewhere.¶
This option does not need to be specified; if not needed, it is set to nil.¶
This field contains public information that is mutually known to both parties.¶
The following CDDL fragment corresponds to the text above.¶
PartyInfo = ( identity : bstr / nil, nonce : bstr / int / nil, other : bstr / nil ) COSE_KDF_Context = [ AlgorithmID : int / tstr, PartyUInfo : [ PartyInfo ], PartyVInfo : [ PartyInfo ], SuppPubInfo : [ keyDataLength : uint, protected : empty_or_serialized_map, ? other : bstr ], ? SuppPrivInfo : bstr ]¶
Section 8.5 of [RFC9052] contains a generic description of content key distribution methods. This document defines the identifiers and usage for a number of content key distribution methods.¶
A direct encryption algorithm is defined in Section 8.5.1 of [RFC9052]. Information about how to fill in the COSE_Recipient structure is detailed there.¶
This recipient algorithm is the simplest; the identified key is directly used as the key for the next layer down in the message. There are no algorithm parameters defined for this algorithm. The algorithm identifier value is assigned in Table 11.¶
When this algorithm is used, the "protected" field MUST have zero length. The key type MUST be "Symmetric".¶
Name | Value | Description |
---|---|---|
direct | -6 | Direct use of content encryption key (CEK) |
This recipient algorithm has several potential problems that need to be considered:¶
These recipient algorithms take a common shared secret between the two parties and apply HKDF (Section 5.1), using the context structure defined in Section 5.2 to transform the shared secret into the CEK. The "protected" field can be of nonzero length. Either the "salt" parameter of HKDF or the "PartyU nonce" parameter of the context structure MUST be present. The "salt"/"nonce" parameter can be generated either randomly or deterministically. The requirement is that it be a unique value for the shared secret in question.¶
If the salt/nonce value is generated randomly, then it is suggested that the length of the random value be the same length as the output of the hash function underlying HKDF. While there is no way to guarantee that it will be unique, there is a high probability that it will be unique. If the salt/nonce value is generated deterministically, it can be guaranteed to be unique, and thus there is no length requirement.¶
A new IV must be used for each message if the same key is used. The IV can be modified in a predictable manner, a random manner, or an unpredictable manner (i.e., encrypting a counter).¶
The IV used for a key can also be generated using the same HKDF functionality used to generate the key. If HKDF is used for generating the IV, the algorithm identifier is set to "IV-GENERATION".¶
The set of algorithms defined in this document can be found in Table 12.¶
Name | Value | KDF | Description |
---|---|---|---|
direct+HKDF-SHA-256 | -10 | HKDF SHA-256 | Shared secret w/ HKDF and SHA-256 |
direct+HKDF-SHA-512 | -11 | HKDF SHA-512 | Shared secret w/ HKDF and SHA-512 |
direct+HKDF-AES-128 | -12 | HKDF AES-MAC-128 | Shared secret w/ AES-MAC 128-bit key |
direct+HKDF-AES-256 | -13 | HKDF AES-MAC-256 | Shared secret w/ AES-MAC 256-bit key |
When using a COSE key for this algorithm, the following checks are made:¶
The shared secret needs to have some method of being regularly updated over time. The shared secret forms the basis of trust. Although not used directly, it should still be subject to scheduled rotation.¶
These methods do not provide for perfect forward secrecy, as the same shared secret is used for all of the keys generated; however, if the key for any single message is discovered, only the message or series of messages using that derived key are compromised. A new key derivation step will generate a new key that requires the same amount of work to get the key.¶
Key wrap is defined in Section 8.5.2 of [RFC9052]. Information about how to fill in the COSE_Recipient structure is detailed there.¶
The AES Key Wrap algorithm is defined in [RFC3394]. This algorithm uses an AES key to wrap a value that is a multiple of 64 bits. As such, it can be used to wrap a key for any of the content encryption algorithms defined in this document. The algorithm requires a single fixed parameter, the initial value. This is fixed to the value specified in Section 2.2.3.1 of [RFC3394]. There are no public key parameters that vary on a per-invocation basis. The protected header bucket MUST be empty.¶
Keys may be obtained from either a key structure or a recipient structure. Implementations that are encrypting and decrypting MUST validate that the key type, key length, and algorithm are correct and appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
Name | Value | Key Size | Description |
---|---|---|---|
A128KW | -3 | 128 | AES Key Wrap w/ 128-bit key |
A192KW | -4 | 192 | AES Key Wrap w/ 192-bit key |
A256KW | -5 | 256 | AES Key Wrap w/ 256-bit key |
The shared secret needs to have some method of being regularly updated over time. The shared secret is the basis of trust.¶
Key transport is defined in Section 8.5.3 of [RFC9052]. Information about how to fill in the COSE_Recipient structure is detailed there.¶
The mathematics for ECDH can be found in [RFC6090]. In this document, the algorithm is extended to be used with the two curves defined in [RFC7748].¶
ECDH is parameterized by the following:¶
The curve selected controls not only the size of the shared secret, but the mathematics for computing the shared secret. The curve selected also controls how a point in the curve is represented and what happens for the identity points on the curve. In this specification, we allow for a number of different curves to be used. A set of curves is defined in Table 18.¶
The math used to obtain the computed secret is based on the curve selected and not on the ECDH algorithm. For this reason, a new algorithm does not need to be defined for each of the curves.¶
COSE does not have an Ephemeral-Ephemeral version defined. The reason for this is that COSE is not an online protocol by itself and thus does not have a method of establishing ephemeral secrets on both sides. The expectation is that a protocol would establish the secrets for both sides, and then they would be used as static-static for the purposes of COSE, or that the protocol would generate a shared secret and a direct encryption would be used.¶
The set of direct ECDH algorithms defined in this document is found in Table 14.¶
Name | Value | KDF | Ephemeral-Static | Key Wrap | Description |
---|---|---|---|---|---|
ECDH-ES + HKDF-256 | -25 | HKDF -- SHA-256 | yes | none | ECDH ES w/ HKDF -- generate key directly |
ECDH-ES + HKDF-512 | -26 | HKDF -- SHA-512 | yes | none | ECDH ES w/ HKDF -- generate key directly |
ECDH-SS + HKDF-256 | -27 | HKDF -- SHA-256 | no | none | ECDH SS w/ HKDF -- generate key directly |
ECDH-SS + HKDF-512 | -28 | HKDF -- SHA-512 | no | none | ECDH SS w/ HKDF -- generate key directly |
Name | Label | Type | Algorithm | Description |
---|---|---|---|---|
ephemeral key | -1 | COSE_Key | ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW | Ephemeral public key for the sender |
static key | -2 | COSE_Key | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Static public key for the sender |
static key id | -3 | bstr | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | Static public key identifier for the sender |
This document defines these algorithms to be used with the curves P-256, P-384, P-521, X25519, and X448. Implementations MUST verify that the key type and curve are correct. Different curves are restricted to different key types. Implementations MUST verify that the curve and algorithm are appropriate for the entities involved.¶
When using a COSE key for this algorithm, the following checks are made:¶
There is a method of checking that points provided from external entities are valid. For the "EC2" key format, this can be done by checking that the x and y values form a point on the curve. For the "OKP" format, there is no simple way to perform point validation.¶
Consideration was given to requiring that the public keys of both entities be provided as part of the key derivation process (as recommended in Section 6.4 of [RFC7748]). This was not done, because COSE is used in a store-and-forward format rather than in online key exchange. In order for this to be a problem, either the receiver public key has to be chosen maliciously or the sender has to be malicious. In either case, all security evaporates anyway.¶
A proof of possession of the private key associated with the public key is recommended when a key is moved from untrusted to trusted (either by the end user or by the entity that is responsible for making trust statements on keys).¶
Key Agreement with Key Wrap is defined in Section 8.5.5 of [RFC9052]. Information about how to fill in the COSE_Recipient structure is detailed there.¶
These algorithms are defined in Table 16.¶
ECDH with Key Agreement is parameterized by the same header parameters as for ECDH; see Section 6.3.1, with the following modifications:¶
Name | Value | KDF | Ephemeral-Static | Key Wrap | Description |
---|---|---|---|---|---|
ECDH-ES + A128KW | -29 | HKDF -- SHA-256 | yes | A128KW | ECDH ES w/ Concat KDF and AES Key Wrap w/ 128-bit key |
ECDH-ES + A192KW | -30 | HKDF -- SHA-256 | yes | A192KW | ECDH ES w/ Concat KDF and AES Key Wrap w/ 192-bit key |
ECDH-ES + A256KW | -31 | HKDF -- SHA-256 | yes | A256KW | ECDH ES w/ Concat KDF and AES Key Wrap w/ 256-bit key |
ECDH-SS + A128KW | -32 | HKDF -- SHA-256 | no | A128KW | ECDH SS w/ Concat KDF and AES Key Wrap w/ 128-bit key |
ECDH-SS + A192KW | -33 | HKDF -- SHA-256 | no | A192KW | ECDH SS w/ Concat KDF and AES Key Wrap w/ 192-bit key |
ECDH-SS + A256KW | -34 | HKDF -- SHA-256 | no | A256KW | ECDH SS w/ Concat KDF and AES Key Wrap w/ 256-bit key |
When using a COSE key for this algorithm, the following checks are made:¶
The COSE_Key object defines a way to hold a single key object. It is still required that the members of individual key types be defined. This section of the document is where we define an initial set of members for specific key types.¶
For each of the key types, we define both public and private members. The public members are what is transmitted to others for their usage. Private members allow individuals to archive keys. However, there are some circumstances in which private keys may be distributed to entities in a protocol. Examples include: entities that have poor random number generation, centralized key creation for multicast-type operations, and protocols in which a shared secret is used as a bearer token for authorization purposes.¶
Key types are identified by the "kty" member of the COSE_Key object. In this document, we define four values for the member:¶
Name | Value | Description |
---|---|---|
OKP | 1 | Octet Key Pair |
EC2 | 2 | Elliptic Curve Keys w/ x- and y-coordinate pair |
Symmetric | 4 | Symmetric Keys |
Reserved | 0 | This value is reserved |
Two different key structures are defined for elliptic curve keys. One version uses both an x-coordinate and a y-coordinate, potentially with point compression ("EC2"). This is the traditional elliptic curve (EC) point representation that is used in [RFC5480]. The other version uses only the x-coordinate, as the y-coordinate is either to be recomputed or not needed for the key agreement operation ("OKP").¶
Applications MUST check that the curve and the key type are consistent and reject a key if they are not.¶
Name | Value | Key Type | Description |
---|---|---|---|
P-256 | 1 | EC2 | NIST P-256, also known as secp256r1 |
P-384 | 2 | EC2 | NIST P-384, also known as secp384r1 |
P-521 | 3 | EC2 | NIST P-521, also known as secp521r1 |
X25519 | 4 | OKP | X25519 for use w/ ECDH only |
X448 | 5 | OKP | X448 for use w/ ECDH only |
Ed25519 | 6 | OKP | Ed25519 for use w/ EdDSA only |
Ed448 | 7 | OKP | Ed448 for use w/ EdDSA only |
The traditional way of sending ECs has been to send either both the x-coordinate and y-coordinate or the x-coordinate and a sign bit for the y-coordinate. The latter encoding has not been recommended by the IETF due to potential IPR issues. However, for operations in constrained environments, the ability to shrink a message by not sending the y-coordinate is potentially useful.¶
For EC keys with both coordinates, the "kty" member is set to 2 (EC2). The key parameters defined in this section are summarized in Table 19. The members that are defined for this key type are:¶
For public keys, it is REQUIRED that "crv", "x", and "y" be present in the structure. For private keys, it is REQUIRED that "crv" and "d" be present in the structure. For private keys, it is RECOMMENDED that "x" and "y" also be present, but they can be recomputed from the required elements, and omitting them saves on space.¶
Key Type | Name | Label | CBOR Type | Description |
---|---|---|---|---|
2 | crv | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry |
2 | x | -2 | bstr | x-coordinate |
2 | y | -3 | bstr / bool | y-coordinate |
2 | d | -4 | bstr | Private key |
A new key type is defined for Octet Key Pairs (OKPs). Do not assume that keys using this type are elliptic curves. This key type could be used for other curve types (for example, mathematics based on hyper-elliptic surfaces).¶
The key parameters defined in this section are summarized in Table 20. The members that are defined for this key type are:¶
For public keys, it is REQUIRED that "crv" and "x" be present in the structure. For private keys, it is REQUIRED that "crv" and "d" be present in the structure. For private keys, it is RECOMMENDED that "x" also be present, but it can be recomputed from the required elements, and omitting it saves on space.¶
Name | Key Type | Label | Type | Description |
---|---|---|---|---|
crv | 1 | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry |
x | 1 | -2 | bstr | Public Key |
d | 1 | -4 | bstr | Private key |
Occasionally, it is required that a symmetric key be transported between entities. This key structure allows for that to happen.¶
For symmetric keys, the "kty" member is set to 4 ("Symmetric"). The member that is defined for this key type is:¶
This key structure does not have a form that contains only public members. As it is expected that this key structure is going to be transmitted, care must be taken that it is never transmitted accidentally or insecurely. For symmetric keys, it is REQUIRED that "k" be present in the structure.¶
Name | Key Type | Label | Type | Description |
---|---|---|---|---|
k | 4 | -1 | bstr | Key Value |
Some situations have been identified where identification of capabilities of an algorithm or a key type needs to be specified. One example of this is in [OSCORE-GROUPCOMM], where the capabilities of the counter signature algorithm are mixed into the process of traffic-key derivation. This has a counterpart in the S/MIME specifications, where SMIMECapabilities is defined in Section 2.5.2 of [RFC8551]. This document defines the same concept for COSE.¶
The algorithm identifier is not included in the capabilities data, as it should be encoded elsewhere in the message. The key type identifier is included in the capabilities data, as it is not expected to be encoded elsewhere.¶
Two different types of capabilities are defined: capabilities for algorithms and capabilities for key type. Once defined by registration with IANA, the list of capabilities for an algorithm or key type is immutable. If it is later found that a new capability is needed for a key type or algorithm, it will require that a new code point be assigned to deal with that. As a general rule, the capabilities are going to map to algorithm-specific header parameters or key parameters, but they do not need to do so. An example of this is the HSS-LMS key capabilities defined below, where the hash algorithm used is included.¶
The capability structure is an array of values; the values included in the structure are dependent on a specific algorithm or key type. For algorithm capabilities, the first element should always be a key type value if applicable, but the items that are specific to a key (for example, a curve) should not be included in the algorithm capabilities. This means that if one wishes to enumerate all of the capabilities for a device that implements ECDH, it requires that all of the combinations of algorithms and key pairs be specified. The last example of Section 8.3 provides a case where this is done by allowing for a cross product to be specified between an array of algorithm capabilities and key type capabilities (see the ECDH-ES+A25KW element). For a key, the first element should be the key type value. While this means that the key type value will be duplicated if both an algorithm and key capability are used, the key type is needed in order to understand the rest of the values.¶
For the current set of algorithms in the registry, those in this document as well as those in [RFC8230] and [RFC8778], the capabilities list is an array with one element, the key type (from the "COSE Key Types" registry). It is expected that future registered algorithms could have zero, one, or multiple elements.¶
There are a number of pre-existing key types; the following deals with creating the capability definition for those structures:¶
Capabilities can be used in a key derivation process to make sure that both sides are using the same parameters. This is the approach that is being used by the group communication KDF in [OSCORE-GROUPCOMM]. The three examples below show different ways that one might include things:¶
Algorithm ECDSA 0x8102 / [2 \ EC2 \ ] / Key type EC2 with P-256 curve: 0x820201 / [2 \ EC2 \, 1 \ P-256 \] / ECDH-ES + A256KW with an X25519 curve: 0x8101820104 / [1 \ OKP \],[1 \ OKP \, 4 \ X25519 \] /¶
The capabilities can also be used by an entity to advertise what it is capable of doing. The decoded example below is one of many encodings that could be used for that purpose. Each array element includes three fields: the algorithm identifier, one or more algorithm capabilities, and one or more key type capabilities.¶
[ [-8 / EdDSA /, [1 / OKP key type /], [ [1 / OKP /, 6 / Ed25519 / ], [1 /OKP/, 7 /Ed448 /] ] ], [-7 / ECDSA with SHA-256/, [2 /EC2 key type/], [ [2 /EC2/, 1 /P-256/], [2 /EC2/, 3 /P-521/] ] ], [ -31 / ECDH-ES+A256KW/, [ [ 2 /EC2/], [1 /OKP/ ] ], [ [2 /EC2/, 1 /P-256/], [1 /OKP/, 4 / X25519/ ] ] ], [ 1 / A128GCM /, [ 4 / Symmetric / ], [ 4 / Symmetric /] ] ]¶
Examining the above:¶
The entity does not advertise that it supports any MAC algorithms.¶
This document limits the restrictions it imposes on how the CBOR encoder needs to work. It has been narrowed down to the following restrictions:¶
IANA has updated all COSE registries except for "COSE Header Parameters" and "COSE Key Common Parameters" to point to this document instead of [RFC8152].¶
IANA has added a new column in the "COSE Key Types" registry. The new column is labeled "Capabilities" and has been populated according to the entries in Table 22.¶
Value | Name | Capabilities |
---|---|---|
1 | OKP | [kty(1), crv] |
2 | EC2 | [kty(2), crv] |
3 | RSA | [kty(3)] |
4 | Symmetric | [kty(4)] |
5 | HSS-LMS | [kty(5), hash algorithm] |
IANA has added a new column in the "COSE Algorithms" registry. The new column is labeled "Capabilities" and has been populated with "[kty]" for all current, nonprovisional registrations. It is expected that the documents that define those algorithms will be expanded to include this registration. If this is not done, then the designated expert should be consulted before final registration for this document is done.¶
IANA has updated the Reference column in the "COSE Algorithms" registry to include this document as a reference for all rows where it was not already present.¶
IANA has added a new row to the "COSE Algorithms" registry.¶
Name | Value | Description | Reference | Recommended |
---|---|---|---|---|
IV Generation | IV-GENERATION | For doing IV generation for symmetric algorithms. | RFC 9053 | No |
The Capabilities column for this registration is to be empty.¶
IANA is requested to modify the description to "Public Key" for the line with "Key Type" of 2 and the "Name" of "x". See Table 20, which has been modified with this change.¶
All of the IANA registries established by [RFC8152] are, at least in part, defined as Expert Review. This section gives some general guidelines for what the experts should be looking for, but they are being designated as experts for a reason, so they should be given substantial latitude.¶
Expert reviewers should take into consideration the following points:¶
There are a number of security considerations that need to be taken into account by implementers of this specification. The security considerations that are specific to an individual algorithm are placed next to the description of the algorithm. While some considerations have been highlighted here, additional considerations may be found in the documents listed in the references.¶
Implementations need to protect the private key material for any individuals. Some cases in this document need to be highlighted with regard to this issue.¶
The use of ECDH and direct plus KDF (with no key wrap) will not directly lead to the private key being leaked; the one-way function of the KDF will prevent that. There is, however, a different issue that needs to be addressed. Having two recipients requires that the CEK be shared between two recipients. The second recipient therefore has a CEK that was derived from material that can be used for the weak proof of origin. The second recipient could create a message using the same CEK and send it to the first recipient; the first recipient would, for either static-static ECDH or direct plus KDF, make an assumption that the CEK could be used for proof of origin even though it is from the wrong entity. If the key wrap step is added, then no proof of origin is implied and this is not an issue.¶
Although it has been mentioned before, the use of a single key for multiple algorithms has been demonstrated in some cases to leak information about a key, providing the opportunity for attackers to forge integrity tags or gain information about encrypted content. Binding a key to a single algorithm prevents these problems. Key creators and key consumers are strongly encouraged to not only create new keys for each different algorithm, but include that selection of algorithm in any distribution of key material and strictly enforce the matching of algorithms in the key structure to algorithms in the message structure. In addition to checking that algorithms are correct, the key form needs to be checked as well. Do not use an "EC2" key where an "OKP" key is expected.¶
Before using a key for transmission, or before acting on information received, a trust decision on a key needs to be made. Is the data or action something that the entity associated with the key has a right to see or a right to request? A number of factors are associated with this trust decision. Some highlighted here are:¶
There are a large number of algorithms presented in this document that use nonce values. For all of the nonces defined in this document, there is some type of restriction on the nonce being a unique value for either a key or some other conditions. In all of these cases, there is no known requirement on the nonce being both unique and unpredictable; under these circumstances, it's reasonable to use a counter for creation of the nonce. In cases where one wants the pattern of the nonce to be unpredictable as well as unique, one can use a key created for that purpose and encrypt the counter to produce the nonce value.¶
One area that has been getting exposure is traffic analysis of encrypted messages based on the length of the message. This specification does not provide a uniform method of providing padding as part of the message structure. An observer can distinguish between two different messages (for example, "YES" and "NO") based on the length for all of the content encryption algorithms that are defined in this document. This means that it is up to the applications to document how content padding is to be done, in order to prevent or discourage such analysis. (For example, the text strings could be defined as "YES" and "NO".)¶
The analysis done in [RFC9001] is based on the number of records/packets that are sent. This should map well to the number of messages sent when using COSE, so that analysis should hold here as well. It needs to be noted that the limits are based on the number of messages, but QUIC and DTLS are always pairwise-based endpoints [OSCORE-GROUPCOMM] and use COSE in a group communication. Under these circumstances, it may be that no one single entity will see all of the messages that are encrypted, and therefore no single entity can trigger the rekey operation.¶
This document is a product of the COSE Working Group of the IETF.¶
The following individuals are to blame for getting me started on this project in the first place: Richard Barnes, Matt Miller, and Martin Thomson.¶
The initial draft version of the specification was based to some degree on the outputs of the JOSE and S/MIME Working Groups.¶
The following individuals provided input into the final form of the document: Carsten Bormann, John Bradley, Brian Campbell, Michael B. Jones, Ilari Liusvaara, Francesca Palombini, Ludwig Seitz, and Göran Selander.¶