[jose] Re: draft-ietf-jose-hpke-encrypt-01
Simo Sorce <simo@redhat.com> Mon, 08 July 2024 20:08 UTC
Return-Path: <simo@redhat.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08A4AC2356F9 for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 13:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0g7d848Oqika for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 13:08:54 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8F7C2356FF for <jose@ietf.org>; Mon, 8 Jul 2024 13:08:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720469333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b+Slgk3as1j5J33hLJQbQSULxB0lrc6iI84ySyLIxGs=; b=OmhCswaK8nlRTjepG4j9UP8rvLAFn9pk7lUHZmluMbQQe99DOra3ZsTY6wTg1J9sYXm0Lv EwlbQn7N9K4ff80A0jm7UY9IXP7F7kbpkAE0N0K2KEBMLaLImdom6SqY4ZIUaoKmf4thIr ISw9TDeEd7jsIjHFipfHGkYYJVbtFUw=
Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-55-luS3lVpyMHqZYGCNzEpNQA-1; Mon, 08 Jul 2024 16:08:51 -0400
X-MC-Unique: luS3lVpyMHqZYGCNzEpNQA-1
Received: by mail-ot1-f69.google.com with SMTP id 46e09a7af769-7035c3667aaso2398097a34.2 for <jose@ietf.org>; Mon, 08 Jul 2024 13:08:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720469331; x=1721074131; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:cc:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=01kZDvSILHL6hMd2gnZIRjUGXu7JU0b/lxlz1rPDMJo=; b=fOJJMnisTT9H+eywSgSnv6+VsAXhE2nnX205cK1CsprVqbom9n528FGtnDuFOe/22i hfyS2re7TQrbR8+wuCScyUDGWMY6B8thAVikzSiuwRnE4Pw5/cy0dwonaSKUazqTiZzS pYvllth9XVr95PJWwKTaj7u+pN7ovvt9jQcJcfmCyk9E39gFbxUMb4lMdo2wFcd8Vozg WaXCsLqbON8UeXFdyXSMNWyeCYlMk9XFdwuCvX1EVi2kPOzamrM4V6WKj81DCuJPJTFS l21AP3Do1nwkCYWSUZY89GbwiH4gBLxq5F/PcNmCSl0/mYu9Us88tEoSkuExIQEO7L3K x/oQ==
X-Gm-Message-State: AOJu0Yy3jW+uEfiRYroyPKaOg7wcRB9Yfs8S+FN2Z8pPaJVr7ivXBLP0 9OBhzkWoNCJ5VbRqQd9zYt+Jf1ntfk4Uqyry44DsfdrUrQbZ17Yfqx30MZd3B1rTKUpxRdqIa8q BNgPKXlQp8Nt9ByehDCBpf/aZHfEwGOzdOXbc/Ztquw==
X-Received: by 2002:a9d:5c01:0:b0:703:60f4:30c6 with SMTP id 46e09a7af769-70375b40131mr541062a34.29.1720469331156; Mon, 08 Jul 2024 13:08:51 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEEDQYgudQ3X2nrCRwQxbAB7G83Ux7RApNJOiqrzUXnLm+orvjPvqAnfa6RAK7J8Y8uvYL/nw==
X-Received: by 2002:a9d:5c01:0:b0:703:60f4:30c6 with SMTP id 46e09a7af769-70375b40131mr541043a34.29.1720469330805; Mon, 08 Jul 2024 13:08:50 -0700 (PDT)
Received: from m8.users.ipa.redhat.com ([2603:7000:9400:fe80::593]) by smtp.gmail.com with ESMTPSA id af79cd13be357-79f19089221sm23339785a.76.2024.07.08.13.08.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jul 2024 13:08:50 -0700 (PDT)
Message-ID: <c28204cc9079079823e2638bb87bf20ebf7edf0c.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Orie Steele <orie@transmute.industries>, Les Hazlewood <lhazlewood@gmail.com>
Date: Mon, 08 Jul 2024 16:08:49 -0400
In-Reply-To: <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com>
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com>
Organization: Red Hat
User-Agent: Evolution 3.52.2 (3.52.2-1.fc40)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ZN47IOD7F4H2WUX3BAIDO3MOHTIG75UJ
X-Message-ID-Hash: ZN47IOD7F4H2WUX3BAIDO3MOHTIG75UJ
X-MailFrom: simo@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/k30KsrsXpayxps5BjZrgv2zo6nE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Mon, 2024-07-08 at 12:58 -0500, Orie Steele wrote: > "alg": "HPKE-P256-SHA256+A128KW" // for key encryption > > and ... > > "alg": "HPKE-P256-SHA256", // for "integrated encryption" > "enc": "A128GCM", > > I'm hoping that "HPKE-P256-SHA256-A128GCM" is ok for both cases, and the > presence of "enc" is sufficient to distinguish them... but if folks > disagree, feel free to propose something that makes this clearer. > Looking at my implementation[1] having something like: "alg": "HPKE", "enc": "HPKE-P256-SHA256-[A128KW/A128GCM]" may avoid a lot of special casing Here is the current simplified sequence of operations: alg = self._jwa_keymgmt(jh.get('alg', None)) enc = self._jwa_enc(jh.get('enc', None)) ... key = key.get_keys(self.jose_header['kid']) ... cek = alg.unwrap(key, enc.wrap_key_size, enckey, header) data = enc.decrypt(cek, aad, iv, ciphertext, tag) self.cek = cek If the alg function was just a way to prepare the inputs internally and pass them all as the "cek", where the enc function actually perform direct vs indirect wrapping, most of the other internal abstractions would remain the same. having only "alg" would require completely special casing everything from deserialization downwards about HPKE with a completely separate parallel path all the way down into the algorithms. If the JWE handling for HPKE makes it too alien, it may be a better path to have a JWH defined that is not a JWE at all ... (including a compact serialization that cannot be mistaken by a JWS or a JWE hopefully) [1]: https://github.com/latchset/jwcrypto/blob/main/jwcrypto/jwe.py -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc
- [jose] draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Michael Jones
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 tirumal reddy
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Simo Sorce
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda