Re: [jose] Platform Support for JWA Crypto Algorithms

<Axel.Nennker@telekom.de> Mon, 29 October 2012 13:03 UTC

Return-Path: <Axel.Nennker@telekom.de>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF53721F866D for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 06:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.248
X-Spam-Level:
X-Spam-Status: No, score=-3.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91FM3EppfoQ6 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 06:03:21 -0700 (PDT)
Received: from tcmail53.telekom.de (tcmail53.telekom.de [217.5.214.110]) by ietfa.amsl.com (Postfix) with ESMTP id 7398421F866C for <jose@ietf.org>; Mon, 29 Oct 2012 06:03:17 -0700 (PDT)
Received: from he101251.emea1.cds.t-internal.com ([10.125.92.154]) by tcmail51.telekom.de with ESMTP/TLS/AES128-SHA; 29 Oct 2012 14:03:09 +0100
Received: from HE113558.emea1.cds.t-internal.com (10.125.65.100) by HE101251.emea1.cds.t-internal.com (10.125.92.154) with Microsoft SMTP Server (TLS) id 8.3.245.1; Mon, 29 Oct 2012 14:03:09 +0100
Received: from HE111541.emea1.cds.t-internal.com ([10.125.90.94]) by HE113558.emea1.cds.t-internal.com ([2002:7cd:4164::7cd:4164]) with mapi; Mon, 29 Oct 2012 14:03:09 +0100
From: Axel.Nennker@telekom.de
To: Michael.Jones@microsoft.com, jose@ietf.org
Date: Mon, 29 Oct 2012 14:03:08 +0100
Thread-Topic: Platform Support for JWA Crypto Algorithms
Thread-Index: Ac21npPqwtcuERVxRaibRdRS35KObwANGVoQ
Message-ID: <CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55@HE111541.emea1.cds.t-internal.com>
References: <4E1F6AAD24975D4BA5B168042967394366880D09@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366880D09@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: multipart/alternative; boundary="_000_CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55HE111541eme_"
MIME-Version: 1.0
Cc: public-webcrypto@w3.org
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 13:03:22 -0000

As one can see from this table the KDF is unsupported on all platforms (except one).
http://self-issued.info/presentations/Platform_Support_for_JWA-04_Crypto_Algorithms.xlsx

JWE

kdf

CS256

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS384

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS512

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO


Isn't this an indication that we should look at alternatives?

e.g.: we could generate the integrity protection key randomly instead of deriving it from the content encryption key.
This would add some more bytes (e.g. about 32) to the jwt but is very easy to implement on all platforms.


One way to do it would be to generate enough bytes "Bytes" in "JWE Encrypted Key" for encryption and integrity.
The CEK is then "Bytes[0 .. cekLength-1]" and the CIK "Bytes[cekLength .. cekLength+cikLength-1]"


Axel

[On some platforms (Firefox/NSS) it might even be nearly impossible to implement (without extending the platform's functions) because the build-in digest function is always reset when finalize (doFinal) is called. The spec of the Concat-KDF says that bytes are generated in a loop but the digest is NOT reset in the loop.]


From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Monday, October 29, 2012 7:28 AM
To: jose@ietf.org
Subject: [jose] Platform Support for JWA Crypto Algorithms

FYI, I posted the table describing support for the JWA algorithms in common Web development platforms that we discussed at IETF 84.  See http://self-issued.info/?p=884.

                                                            -- Mike