On Sat, Mar 18, 2017 at 09:08:09PM +0100, Samuel Erdtman wrote:
> Thanks Jim and Ilari for the quick replies.
>
> So if I understand it correctly RFC 5116 defines AE and AEAD with the
> requirement to bundle the tag with the ciphertext, so it would not be
> allowed to put the tag in the COSE headers.
Yes.
> Section 10 Content Encryption Algorithms, gives a hint of where to find the
> tag, 'normally' appended. Forgive me my ignorance, but does GCM have a more
> normative requirement on the location of the tag in a ciphertext?
RFC 5116 gives the tag location for AEAD_AES_{128,256}_GCM: It is
appended.
AEAD_CHACHA20_POLY1305 initially got it wrong, the document has
errata that the tag is also appended.
But there are RFC 5116-framework AEAD algorithms that don't append
the tag. E.g AEAD_AES_SIV_CMAC_* prepends the equivalent of tag,
not appends.
> If GCM does not mandate the location of the tag in the ciphertext and we
> cannot put it in a header attribute then I would like more explicit
> language about where to find/put the tag.
Funkily enough, COSE has AES-192-GCM, but there is no registered AEAD
cipher for that. And then COSE has plenty of CCM ciphers, which
probably don't have registed counterparts.
Also, I didn't find any reference based on quick look that would
say that the tags are definitely appended (but that's the only
sane way).
-Ilari
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
