IETF Logo Mail Archive

Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 08 March 2022 05:24 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D90D53A102E for <cose@ietfa.amsl.com>; Mon, 7 Mar 2022 21:24:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jffkYi1uJC4s for <cose@ietfa.amsl.com>; Mon, 7 Mar 2022 21:24:01 -0800 (PST)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7143A102A for <cose@ietf.org>; Mon, 7 Mar 2022 21:24:00 -0800 (PST)
Received: by mail-wm1-x334.google.com with SMTP id q7-20020a7bce87000000b00382255f4ca9so705902wmj.2 for <cose@ietf.org>; Mon, 07 Mar 2022 21:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:from:subject:to:cc :references:content-language:in-reply-to:content-transfer-encoding; bh=R81+pWgDohUfMEjvrWc8mTYxbmmS5qqjHfUbRDydjoE=; b=Inwy2eBAsvU9m6Ojs4VCPWZVe9QsOA3EvQZmXDGTGuUDvbvPgiFbH+QkyJkLwSqpja 6vWmEigk13+4dgEkoPbuZBQ/S4pU5SWTpHZtW/GDr/vepn4IFXfQ4n1I/K3OPjgFsdbh FYKXauVl6AQ4LCqlwBvdYdkg2ReA/1WSrjjS1+A5hMX4wOmyOM2nzCkv5jSQsHF3Emk6 sxy4IefQlyz+7byHdCevo51wv2D9UQ6tkRngMxvCk0CWQbeJESUjyahFRAsxTmWnteyg h6lCDCQ0mXm79nzsT9ifXGKPjkHXO7C4vSUzst3n8Ob1XwRDLf0MkUWgxdCrpox20vPO tQ1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:from :subject:to:cc:references:content-language:in-reply-to :content-transfer-encoding; bh=R81+pWgDohUfMEjvrWc8mTYxbmmS5qqjHfUbRDydjoE=; b=0W2nXMJfr0p74nCaEh/f4UxDXht0TbKzn0nLyOCt0VfravhJUCwU15LY4N4e13VOhN QluI+TOWy9yb+vwzB/uyUBIQtA4wERC/B6sHlgeI+x1Ngf0Hu1gQ+gq70uwIqR2NtzfM pEH5SJdv58kmo0mfWOhfSY3AUyaJ6msODEzX5Yvce9W7Z71Lf6sV7TZpzmjkjPm6cJOv ChiiitsWNWLS+Hjj84V7BSVPAtqEKkFWKorLMBv2TEjWuyWdpf5vFh4MGtKEhGT5taju gRGBw03cjZ94o6TiEq0SsZDHx8vOnIId5BNFiMmv1DvCQFDjxZYJt219pIKUGV+h2Sy1 NIRg==
X-Gm-Message-State: AOAM532SuItIyDY46ZKRtYKEFIaEWuDyS4EdCdip6rAKsQywym7bNEmd BJ+r/1lojuGIkNcen9yiKRM=
X-Google-Smtp-Source: ABdhPJxcMgUEaHUabAio+xc03i30PCJ5p057z5c/2KHVkp/sC/iiQbOFuO6XFTaCMTgPeZ/5GwsYpA==
X-Received: by 2002:a1c:6a14:0:b0:383:a58c:3635 with SMTP id f20-20020a1c6a14000000b00383a58c3635mr1941815wmc.129.1646717038844; Mon, 07 Mar 2022 21:23:58 -0800 (PST)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id l126-20020a1c2584000000b00387d4f35651sm1090670wml.10.2022.03.07.21.23.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Mar 2022 21:23:57 -0800 (PST)
Message-ID: <634f9e86-499d-5510-c96c-493ff81f953c@gmail.com>
Date: Tue, 8 Mar 2022 06:23:56 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: Carsten Bormann <cabo@tzi.org>, "cose@ietf.org" <cose@ietf.org>
Cc: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>, Tobias Looker <tobias.looker@mattr.global>
References: <SY4P282MB1274BCAC469DFE3B7284DFB29D039@SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM> <DBBPR08MB5915A5EE40B555A4953E7BA0FA039@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10050EBE6EAB4E80584A31B9F5039@SJ0PR00MB1005.namprd00.prod.outlook.com> <280EEA8E-67E4-4E7A-94A6-8C0A60048F81@island-resort.com> <36e34eb7-ee20-3644-4383-1c3f72279fc3@gmail.com> <DBBPR08MB59154C935195F0ADEFD0EC4BFA049@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10051A6A8F8D3C9F87896899F5049@SJ0PR00MB1005.namprd00.prod.outlook.com> <f4dd91ee-b6e1-2dd4-abaa-21e75b3106b1@gmail.com> <9E9D10FB-54D6-499C-918B-DA6E7D9E1CF1@tzi.org>
Content-Language: en-US
In-Reply-To: <9E9D10FB-54D6-499C-918B-DA6E7D9E1CF1@tzi.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/wPerxnBmnSY33_f6qnfj0dIta40>
Subject: Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2022 05:24:06 -0000

On 2022-03-04 8:08, Carsten Bormann wrote:
> On 2022-03-04, at 07:54, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>>
>> - Collect key and algorithm data from the authorization signature object.
>> - Save and Remove FIDO "authenticatorData" and FIDO "signature" from the CBOR container.
> 
> This is what we called the “transform” in the beloved XMLDSig.
> The complexities of this step can be the basis of interesting vulnerabilities (or interoperability failures).

Since I had not worked with low-level encoders and decoders, I spent a couple of days in the lab (kitchen actually).

To not be dependent on my own stuff (which of course works flawlessly since it was from the beginning designed with FIDO in mind), I applied the more universal CSF (CBOR Signature Format) to Laurence's excellent QCBOR library.  This is what I came up with:
https://github.com/cyberphone/D-CBOR/blob/main/verify-demo/csf-verifier.c
The actual transform part is performed by FOUR LINES of C.  This was a surprise even to me.

Carsten, you should be proud; CBOR is the by far best data interchange format for blending with cool cryptographic constructs!

Could wrapping your precious data in bstr just in order to sign it, be headed for obsolescence? :)


Regarding the other "hot" subject, deterministic serialization, the demo does not depend on that since it operates directly on the CBOR data.  However, high-level CBOR tools that convert streaming CBOR to internal self-serializing objects, do:
https://github.com/cyberphone/openkeystore/blob/9470afdcd4d820489b3351c21b256d994930e422/library/src/org/webpki/cbor/CBORMap.java#L328

Cheers,
Anders

> 
>> - Set "authorizationData" = re-serialized CBOR container.
> 
> (Using deterministic serialization.
> Fortunately, that works much better in CBOR than in other serialization formats.)
> 
>> - Verify signature using ("authenticatorData" || sha256(authorizationData) as signed data.
> 
> Now you have verified a signature as applied to the transformed data.
> COSE differs in design by signing the actual data as interchanged.
> (This is not as expensive to do in CBOR as in serialization formats that cannot efficiently encode byte strings, i.e., binary data.)
> 
> Grüße, Carsten
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.8.7 | Report a Bug | By Email