Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Mon, 07 Mar 2022 21:24:22 -0800 

On 2022-03-04 8:08, Carsten Bormann wrote:

On 2022-03-04, at 07:54, Anders Rundgren <[email protected]> wrote:


- Collect key and algorithm data from the authorization signature object.
- Save and Remove FIDO "authenticatorData" and FIDO "signature" from the CBOR 
container.


This is what we called the “transform” in the beloved XMLDSig.
The complexities of this step can be the basis of interesting vulnerabilities 
(or interoperability failures).


Since I had not worked with low-level encoders and decoders, I spent a couple 
of days in the lab (kitchen actually).

To not be dependent on my own stuff (which of course works flawlessly since it 
was from the beginning designed with FIDO in mind), I applied the more 
universal CSF (CBOR Signature Format) to Laurence's excellent QCBOR library.  
This is what I came up with:
https://github.com/cyberphone/D-CBOR/blob/main/verify-demo/csf-verifier.c
The actual transform part is performed by FOUR LINES of C.  This was a surprise 
even to me.

Carsten, you should be proud; CBOR is the by far best data interchange format 
for blending with cool cryptographic constructs!

Could wrapping your precious data in bstr just in order to sign it, be headed 
for obsolescence? :)


Regarding the other "hot" subject, deterministic serialization, the demo does 
not depend on that since it operates directly on the CBOR data.  However, high-level CBOR 
tools that convert streaming CBOR to internal self-serializing objects, do:
https://github.com/cyberphone/openkeystore/blob/9470afdcd4d820489b3351c21b256d994930e422/library/src/org/webpki/cbor/CBORMap.java#L328

Cheers,
Anders




- Set "authorizationData" = re-serialized CBOR container.


(Using deterministic serialization.
Fortunately, that works much better in CBOR than in other serialization 
formats.)


- Verify signature using ("authenticatorData" || sha256(authorizationData) as 
signed data.


Now you have verified a signature as applied to the transformed data.
COSE differs in design by signing the actual data as interchanged.
(This is not as expensive to do in CBOR as in serialization formats that cannot 
efficiently encode byte strings, i.e., binary data.)

Grüße, Carsten

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose


_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose






















					Reply via email to