> On Nov 10, 2022, at 2:48 PM, Ilari Liusvaara <[email protected]> wrote:
>
> On Thu, Nov 10, 2022 at 12:39:38PM +0000, Laurence Lundblade wrote:
>> Hi Ilari,
>>
>> If you look at Appendix Example C.3.1 in RFC 9052
>> <https://www.rfc-editor.org/rfc/rfc9052.html#name-direct-ecdh>
>> (and pasted below) you can see what I’m talking about in when I say
>> that the AEAD algorithm is identified in the body header parameter
>> and that it is separate from the recipient algorithm ID. In this
>> example, there are two algorithm IDs, one in the body for AES-GCM
>> 128 and one in the COSE_Recipient for ECDH-ES + HKDF-256.
>
> I see only one layer of encryption in the example, and since HPKE
> combines key derivation and one layer of encryption, that would
> translate into one-layer structure with HPKE.
I mentioned two algorithm IDs (in red in the example below), not two layers of
encryption.
From reading the PR#9 more carefully I see that you put HPKE as the algorithm
ID in both the body header and recipient headers. This kind of bypasses the
COSE design intent as I understand it. Don’t have a comment on that yet.
So I do think there are two algorithm IDs in the example, but maybe you can say
there is just one in HPKE because both instances are the same in HPKE.
LL
96(
[
/ protected h'a10101' / << {
/ alg / 1:1 / AES-GCM 128 /
} >>,
/ unprotected / {
/ iv / 5:h'c9cf4df2fe6c632bf7886413'
},
/ ciphertext / h'7adbe2709ca818fb415f1e5df66f4e1a51053ba6d65a1a0
c52a357da7a644b8070a151b0',
/ recipients / [
[
/ protected h'a1013818' / << {
/ alg / 1:-25 / ECDH-ES + HKDF-256 /
} >>,
/ unprotected / {
/ ephemeral / -1:{
/ kty / 1:2,
/ crv / -1:1,
/ x / -2:h'98f50a4ff6c05861c8860d13a638ea56c3f5ad7590bbf
bf054e1c7b4d91d6280',
/ y / -3:true
},
/ kid / 4:'[email protected]'
},
/ ciphertext / h''
]
]
]
)_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
