All, In the context of SUIT we did some analysis how to 'map' SUIT Manifest and Payload into some COSE Crypto Containers with the focus on usage of Algorithms, with the following properties:
(1) Usage of FIPS Approved Algorithms AND (2) Usage of Cipher (AES) Based Algorithms Below are some observations, potential suggestions based on our current understanding we would like to share, in case others have interest in usage of AES Based/FIPS Approved Algorithms in COSE. A. Cipher Based MAC [COSE-9.2] Currently AES-CBC-MAC is specified in COSE. Algorithm Identifier for AES-CMAC as specified in [800-38B]/[RFC4493] would allow the FIPS approved AES-CMAC Algorithm for usage in COSE MAC Crypto Containers. B. Key Derivation Functions [COSE-11] For KDF Usage of Secrets that are _uniformly random_: _PRF_ Algorithm Identifier(s) based on CMAC, as specified in [800-38B]/[RFC4493] and approved in [800-108] would allow for an FIPS Approved Cipher based PRF. _KDF_ Algorithm Identifier(s) (specifying Modes of Iteration) that refer to [800-108] FIPS Approved KDF Algorithm would present a preferred option to allow the Cipher based FIPS Approved KDFs in COSE, since [800-108] seems to be the relevant FIPS Approved KDF Spec for the use case of secrets that are _uniformly random_. C. Content Key Distribution 'Direct Key with KDF' [COSE-12.1.2] Algorithm Identifiers for Direct Key with KDF using the KDFs from Point B. above would allow Cipher based FIPS Approved 'Direct Key with KDF' in Content Key Distribution/ Recipient Algorithms in COSE. D. AES Key Wrap [COSE-12.2.1] COSE Key Wrap is referring to [RFC3394], which is satisfying NIST Key Wrap Requirements. My understanding is that COSE usage of [RFC3394] supports AES Key Wrap (KW) Mode of [800-38F], but does not support AES Key Wrap with Padding (KWP) Mode of [800-38F]. Algorithm Identifier for KWP would provide and additional Approved Key Wrap Mode within COSE. Thanks, Markus [COSE-9.2] https://tools.ietf.org/html/rfc8152#section-9.2 [COSE-ref] https://tools.ietf.org/html/rfc8152#ref-MAC [COSE-11] https://tools.ietf.org/html/rfc8152#section-11 [COSE-12.1.2] https://tools.ietf.org/html/rfc8152#section-12.1.2 [COSE-12.2.1] https://tools.ietf.org/html/rfc8152#section-12.2.1 [RFC4493] https://tools.ietf.org/html/rfc4493 [800-38B] https://csrc.nist.gov/publications/detail/sp/800-38b/final [800-108] https://csrc.nist.gov/publications/detail/sp/800-108/final [800-38F] https://csrc.nist.gov/publications/detail/sp/800-38f/final _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
