> On May 8, 2023, at 1:20 AM, Ilari Liusvaara <[email protected]> wrote:
>
> On Sun, May 07, 2023 at 11:10:25AM -0700, Laurence Lundblade wrote:
>> Below is the near-complete text of what I think should be added to
>> the COSE-HPKE draft. The text in blue is copied exactly from RFC
>> 9053 section 6.3.1/6.4.1. The text in black is new.
>>
>> The mapping of KEM ID to curve below is trivial and not a big
>> problem. We’re already doing similar in COSE and HPKE, e.g. KEM ID
>> to HKDF.
>
> I do not think it is trivial.
Took me 10 minutes:
#define HPKE_KEM_RESERVED 0x0000
#define HPKE_KEM_DH_EC_P256_HKDF256 0x0010
#define HPKE_KEM_DH_EC_P384_HKDF384 0x0010
#define HPKE_KEM_DH_EC_P521_HKDF512 0x0010
#define HPKE_KEM_DH_EC_X25519_HKDF256 0x0010
#define HPKE_KEM_DH_EX_X448_HKDF512 0x0010
#define COSE_EC_CURVE_P256 1
#define COSE_EC_CURVE_P384 2
#define COSE_EC_CURVE_P521 3
#define COSE_EC_CURVE_X25519 4
#define COSE_EC_CURVE_X448 6
struct kem_curve_mapping {
uint16_t kem_id;
int32_t curve_id;
};
static const struct kem_curve_mapping kem_curve_table[] = {
{HPKE_KEM_DH_EC_P256_HKDF256, COSE_EC_CURVE_P256},
{HPKE_KEM_DH_EC_P384_HKDF384, COSE_EC_CURVE_P384},
{HPKE_KEM_DH_EC_P521_HKDF512, COSE_EC_CURVE_P521},
{HPKE_KEM_DH_EC_X25519_HKDF256, COSE_EC_CURVE_X25519},
{HPKE_KEM_DH_EX_X448_HKDF512, COSE_EC_CURVE_X448},
{HPKE_KEM_RESERVED, 0}
};
bool
check_kem_against_curve(int16_t kem_id, int32_t curve_id)
{
unsigned i;
for(i = 0; kem_curve_table[i].kem_id != 0; i++) {
if(kem_curve_table[i].kem_id == kem_id &&
kem_curve_table[i].curve_id == curve_id) {
return true;
}
}
return false;
}
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
