[jose] Variant definitions of RSA-OAEP-256

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 20 April 2019 03:42 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8D3C1203DB for <jose@ietfa.amsl.com>; Fri, 19 Apr 2019 20:42:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_RQ9iG40Fdt for <jose@ietfa.amsl.com>; Fri, 19 Apr 2019 20:42:01 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 908F21203C1 for <jose@ietf.org>; Fri, 19 Apr 2019 20:42:01 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id g3so8884795wrx.9 for <jose@ietf.org>; Fri, 19 Apr 2019 20:42:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=V5HKog5z58v/kUw5RDXNuINxKpJhi/K+p9+P+wPKYyg=; b=pdO3LWVRuDZPiZIOdWG5NKnOh/rpaW7ESnr5I1NNMrbocj05Gc57Oa1sL7/LT0nvtA tb1vxuLkitIlIHuPHYe2eTZabdHgB51hwedto+NOvjpuROhlAgqbboDZj5syomu3e9Fg TaIae2LlWwtj6WAGHC5yGXqGbzTsxTud2v1QnTifq46xzw/8P19EV6REiqtmKyi1eEA1 PvXBOrZ7ouO5vQVebKOVe8S/1jdP1d2l4KdPprYWyqa47jkcAM57TtBPVHIVmfzZh7/F WsBfKoQ/2IpABhSWOSB5+p3PDU2px+5xMBogiKaru1zS+vFsUveeq655+KeyKRfSW5Y7 EDtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=V5HKog5z58v/kUw5RDXNuINxKpJhi/K+p9+P+wPKYyg=; b=hXME3GLZr3blIfy8Sa3Lqy5GWZfL2fdu3l/VklUr+PA7F2FWAdDe0cStowiD1G6Omd sghqiOTwsItn0xU874RyEful0Vl06ahr2zIOJlT0+M7O4l4tt94b38mMRwtrpMC+VkQX 3NbwGe9Ek3ojYWUCAJjHhhEPS6eBmXM4wF1FV5Md178CTSwnL5yNkI3pa3hnG+X89qx4 xhUCq4fxwPyAIjy4si0AA8IGcZ6qTVJJKb0m1KDFSlZitJz/VSnAQfARtfXdzcPCKgQR mSSXdMkaiNI1D7D9jVdCCQZW5YUi6qQxBaaPXLsWZXYWdO4UJ5nKEXk6MVWZVwDncy6W SDiA==
X-Gm-Message-State: APjAAAVkpL8enDe8/onwJYYZRxfZ80QH3wQTngq6n4i3m0svr0m6l5Wr D0e4Ga+hA4EI9hapHvGHXVqzHdPf0w8=
X-Google-Smtp-Source: APXvYqx7DmKj22TyqJEMbfajhDuWr0SRAsTGT82EnxwyTrQAgv3Oak4GLo+s8vtadoKRAo5eV6ddhg==
X-Received: by 2002:adf:e407:: with SMTP id g7mr5044942wrm.47.1555731719642; Fri, 19 Apr 2019 20:41:59 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id d3sm11370792wmf.46.2019.04.19.20.41.56 for <jose@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Apr 2019 20:41:57 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "jose@ietf.org" <jose@ietf.org>
Message-ID: <11b34aa8-a5fd-c299-584a-f8296a9e2979@gmail.com>
Date: Sat, 20 Apr 2019 05:41:54 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/calrEL5TqHFayEPEs5lzqa-yjus>
Subject: [jose] Variant definitions of RSA-OAEP-256
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2019 03:42:04 -0000

F.Y.I.

After converting the "Saturn" payment authorization scheme to use the hardware-backed "AndroidKeyStore", the JUnit test suite used for verifying the crypto responded with the following error message:
java.security.InvalidAlgorithmParameterException: Unsupported MGF1 digest: SHA-256. Only SHA-1 supported

This came as a surprise since the excellent Bouncycastle library used by most Java developers (including myself) not only supports SHA-256 but also has it as default.

Apparently only a part of RFC3447 was considered when the JOSE algorithms were defined https://tools.ietf.org/html/rfc7518#section-4.3

Fortunately the need for this kind of decryption on the client side is probably rather limited.  Existing applications like S/MIME presumably use RFC3447 "as is".

thanx,
Anders
https://cyberphone.github.io/doc/saturn/saturn-authorization.pdf