Re: [jose] Platform Support for JWA Crypto Algorithms

Axel Nennker <ignisvulpis@gmail.com> Mon, 29 October 2012 23:41 UTC

Return-Path: <ignisvulpis@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23ED21F8673 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:41:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qk3JT5nC0VT8 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:41:14 -0700 (PDT)
Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) by ietfa.amsl.com (Postfix) with ESMTP id CC4B921F863F for <jose@ietf.org>; Mon, 29 Oct 2012 16:41:13 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id fm10so1732210wgb.1 for <jose@ietf.org>; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=HSw4AhBH8HnEnfu5qQIGgN947RyFL65GAOTtBPIhjr8=; b=Y7okV0Qkzv+NwpOwYxsTsrgebJomBxSMO5bGROsseqO8R+4CSKGKV0bDVw50+G1RU7 t+UmPNjdhd0/bgcAsfQiJLRBQ1YyQT0LO3U/PLHPOOgkG7qXYad6dnbMxypLZwBwMvF5 aqayc+kE9hLgWkAiajmO8MH7Iq2wCuXL/2RIAkyoIzVIy+u5NDorb0jZEO+s0zL119V0 uUr+g5LxBQjIWc0K3urhg50KiF1PbB3EmvHnOVODa58cVDosde9Ch8ok5XlWEE7pqQ28 HgGDIXgSNOkMusybyVGp5YP7KJ+8USRY8GiiI/iu8NlCqDIf2gY3DKZmJlFlNt2NZSEa 44zw==
MIME-Version: 1.0
Received: by 10.216.207.170 with SMTP id n42mr16812340weo.173.1351554072793; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
Received: by 10.216.54.130 with HTTP; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436688296F@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B168042967394366880D09@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55@HE111541.emea1.cds.t-internal.com> <4E1F6AAD24975D4BA5B16804296739436688123A@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252199B9114@HE111541.emea1.cds.t-internal.com> <BF7E36B9C495A6468E8EC573603ED94115076832@xmb-aln-x11.cisco.com> <4E1F6AAD24975D4BA5B16804296739436688296F@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Tue, 30 Oct 2012 00:41:12 +0100
Message-ID: <CAHcDwFwAD-EJBytkYE0q0GPZduKJUnvO8s69wTbZjZt2Cgo+Lg@mail.gmail.com>
From: Axel Nennker <ignisvulpis@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, jose@ietf.org
Content-Type: multipart/alternative; boundary="0016e6dd8bd967536904cd3b34b1"
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 23:41:14 -0000

Maybe that is the way to go then:

In
  http://tools.ietf.org/id/draft-ietf-jose-json-web-algorithms
simply state there that the CIK is

  CIK = SHA256(0, 0, 0, 1, CMK, 0, 0, 1, 0, 65, 49, 57, 50, 67, 66, 67, 43,
72, 83, 50, 53, 54, 73, 110, 116, 101, 103, 114, 105, 116, 121)[0-255]
  CEK = SHA256(0, 0, 0, 1, CMK, 0, 0, 1, 0, 65, 50, 53, 54, 67, 66, 67, 43,
72, 83, 50, 53, 54, 69, 110, 99, 114, 121, 112, 116, 105, 111, 110)[0-255]
Similar for SHA512. General rule: use a digest that produces enough or more
bits as needed for the cik or cek.

NOTE (non normative) that this happens to be the same as the concat KDF as
defined in NIST.800-56A for the given bit lengths

Axel


2012/10/29 Mike Jones <Michael.Jones@microsoft.com>
>
> The "PB" in PBKDF2 is "Password Based".  This and related KDFs generate
keys from passwords rather than other keys, and so are not applicable for
this use case.
>
> For lack of a commonly implemented key-based KDF, we chose a very simple
one that only requires support for SHA-256 and SHA-512 to build for our use
cases.  (Heck, for our use cases, implementations don't even require a loop
- just a single hash calculation over the input.)  I already know of 5
interoperable implementations at this point.  It's just not that hard.
>
> See the example calculations in
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.4and
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.5to
see how simple it actually is.
>
>                                 -- Mike