On Sun, Jul 21, 2024 at 10:16:20AM +0900, Ken Takayama wrote: > Understand. We have to consider what the COSE library implementers are > facing. > > I've attached a chart describing the decryption procedure, including the > current key distribution methods in COSE 9053 and cose-hpke, and the > approach proposed by Hannes. (Please fix it if I'm wrong.) > The actual implementations have to "correctly" set the Context Information > Structure but its explanation in RFC 9053 is ambiguous, especially the > AlgorithmID.
I find AlgorithmID mostly clear: When deriving keys, it is alg of the layer the key is used on. - So if it is combined KDF+KW, it is alg of this layer. - Otherwise, it is alg of next layer. Things get bit hairy when deriving IVs. Clearly AlgorithmID=34 (0x18 0x22) when deriving IVs, but what exactly triggers IV derivation[1]? And then things get really hairy with PartyUInfo and PartyVInfo. Those are by far the most difficult part of the CIS. [1] What I think is most sensible is that IV derivation is triggered when: - The algorithm needs IV or nonce, and - No IV parameter is present, and - The layer is keyed by KDF output. -Ilari _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
