idnits 2.17.1 draft-ietf-lake-edhoc-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 06, 2020) is 1389 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '5' on line 1385 -- Looks like a reference, but probably isn't: '6' on line 1385 -- Looks like a reference, but probably isn't: '7' on line 1385 -- Looks like a reference, but probably isn't: '9' on line 1381 == Outdated reference: A later version (-14) exists of draft-ietf-core-echo-request-tag-09 == Outdated reference: A later version (-09) exists of draft-ietf-cose-x509-06 ** Downref: Normative reference to an Informational RFC: RFC 5869 ** Downref: Normative reference to an Informational RFC: RFC 6090 ** Downref: Normative reference to an Informational RFC: RFC 6979 ** Obsolete normative reference: RFC 7049 (Obsoleted by RFC 8949) ** Downref: Normative reference to an Informational RFC: RFC 7748 ** Obsolete normative reference: RFC 8152 (Obsoleted by RFC 9052, RFC 9053) == Outdated reference: A later version (-46) exists of draft-ietf-ace-oauth-authz-35 == Outdated reference: A later version (-19) exists of draft-ietf-ace-oscore-profile-11 == Outdated reference: A later version (-28) exists of draft-ietf-core-resource-directory-24 == Outdated reference: A later version (-07) exists of draft-ietf-lwig-security-protocol-comparison-04 == Outdated reference: A later version (-43) exists of draft-ietf-tls-dtls13-38 == Outdated reference: A later version (-05) exists of draft-selander-ace-ake-authz-01 Summary: 6 errors (**), 0 flaws (~~), 9 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Selander 3 Internet-Draft J. Mattsson 4 Intended status: Standards Track F. Palombini 5 Expires: January 7, 2021 Ericsson AB 6 July 06, 2020 8 Ephemeral Diffie-Hellman Over COSE (EDHOC) 9 draft-ietf-lake-edhoc-00 11 Abstract 13 This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a 14 very compact, and lightweight authenticated Diffie-Hellman key 15 exchange with ephemeral keys. EDHOC provides mutual authentication, 16 perfect forward secrecy, and identity protection. EDHOC is intended 17 for usage in constrained scenarios and a main use case is to 18 establish an OSCORE security context. By reusing COSE for 19 cryptography, CBOR for encoding, and CoAP for transport, the 20 additional code footprint can be kept very low. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on January 7, 2021. 39 Copyright Notice 41 Copyright (c) 2020 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Rationale for EDHOC . . . . . . . . . . . . . . . . . . . 4 58 1.2. Terminology and Requirements Language . . . . . . . . . . 5 59 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 3. EDHOC Overview . . . . . . . . . . . . . . . . . . . . . . . 7 61 3.1. Transport and Message Correlation . . . . . . . . . . . . 8 62 3.2. Authentication Keys and Identities . . . . . . . . . . . 9 63 3.3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . 10 64 3.4. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 10 65 3.5. Communication/Negotiation of Protocol Features . . . . . 11 66 3.6. Auxiliary Data . . . . . . . . . . . . . . . . . . . . . 12 67 3.7. Ephemeral Public Keys . . . . . . . . . . . . . . . . . . 12 68 3.8. Key Derivation . . . . . . . . . . . . . . . . . . . . . 12 69 4. EDHOC Authenticated with Asymmetric Keys . . . . . . . . . . 15 70 4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 15 71 4.2. EDHOC Message 1 . . . . . . . . . . . . . . . . . . . . . 17 72 4.3. EDHOC Message 2 . . . . . . . . . . . . . . . . . . . . . 19 73 4.4. EDHOC Message 3 . . . . . . . . . . . . . . . . . . . . . 22 74 5. EDHOC Authenticated with Symmetric Keys . . . . . . . . . . . 25 75 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 25 76 5.2. EDHOC Message 1 . . . . . . . . . . . . . . . . . . . . . 26 77 5.3. EDHOC Message 2 . . . . . . . . . . . . . . . . . . . . . 27 78 5.4. EDHOC Message 3 . . . . . . . . . . . . . . . . . . . . . 28 79 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 28 80 6.1. EDHOC Error Message . . . . . . . . . . . . . . . . . . . 28 81 7. Transferring EDHOC and Deriving an OSCORE Context . . . . . . 30 82 7.1. Transferring EDHOC in CoAP . . . . . . . . . . . . . . . 30 83 8. Security Considerations . . . . . . . . . . . . . . . . . . . 33 84 8.1. Security Properties . . . . . . . . . . . . . . . . . . . 33 85 8.2. Cryptographic Considerations . . . . . . . . . . . . . . 34 86 8.3. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 35 87 8.4. Unprotected Data . . . . . . . . . . . . . . . . . . . . 35 88 8.5. Denial-of-Service . . . . . . . . . . . . . . . . . . . . 36 89 8.6. Implementation Considerations . . . . . . . . . . . . . . 36 90 8.7. Other Documents Referencing EDHOC . . . . . . . . . . . . 37 91 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 92 9.1. EDHOC Cipher Suites Registry . . . . . . . . . . . . . . 37 93 9.2. EDHOC Method Type Registry . . . . . . . . . . . . . . . 38 94 9.3. The Well-Known URI Registry . . . . . . . . . . . . . . . 39 95 9.4. Media Types Registry . . . . . . . . . . . . . . . . . . 39 96 9.5. CoAP Content-Formats Registry . . . . . . . . . . . . . . 40 97 9.6. Expert Review Instructions . . . . . . . . . . . . . . . 40 98 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 99 10.1. Normative References . . . . . . . . . . . . . . . . . . 41 100 10.2. Informative References . . . . . . . . . . . . . . . . . 42 101 Appendix A. Use of CBOR, CDDL and COSE in EDHOC . . . . . . . . 45 102 A.1. CBOR and CDDL . . . . . . . . . . . . . . . . . . . . . . 45 103 A.2. COSE . . . . . . . . . . . . . . . . . . . . . . . . . . 46 104 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 46 105 B.1. Test Vectors for EDHOC Authenticated with Signature Keys 106 (x5t) . . . . . . . . . . . . . . . . . . . . . . . . . . 46 107 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 60 108 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 60 110 1. Introduction 112 Security at the application layer provides an attractive option for 113 protecting Internet of Things (IoT) deployments, for example where 114 transport layer security is not sufficient 115 [I-D.hartke-core-e2e-security-reqs] or where the protection needs to 116 work over a variety of underlying protocols. IoT devices may be 117 constrained in various ways, including memory, storage, processing 118 capacity, and energy [RFC7228]. A method for protecting individual 119 messages at the application layer suitable for constrained devices, 120 is provided by CBOR Object Signing and Encryption (COSE) [RFC8152]), 121 which builds on the Concise Binary Object Representation (CBOR) 122 [RFC7049]. Object Security for Constrained RESTful Environments 123 (OSCORE) [RFC8613] is a method for application-layer protection of 124 the Constrained Application Protocol (CoAP), using COSE. 126 In order for a communication session to provide forward secrecy, the 127 communicating parties can run an Elliptic Curve Diffie-Hellman (ECDH) 128 key exchange protocol with ephemeral keys, from which shared key 129 material can be derived. This document specifies Ephemeral Diffie- 130 Hellman Over COSE (EDHOC), a lightweight key exchange protocol 131 providing perfect forward secrecy and identity protection. 132 Authentication is based on credentials established out of band, e.g. 133 from a trusted third party, such as an Authorization Server as 134 specified by [I-D.ietf-ace-oauth-authz]. EDHOC supports 135 authentication using pre-shared keys (PSK), raw public keys (RPK), 136 and public key certificates. After successful completion of the 137 EDHOC protocol, application keys and other application specific data 138 can be derived using the EDHOC-Exporter interface. A main use case 139 for EDHOC is to establish an OSCORE security context. EDHOC uses 140 COSE for cryptography, CBOR for encoding, and CoAP for transport. By 141 reusing existing libraries, the additional code footprint can be kept 142 very low. Note that this document focuses on authentication and key 143 establishment: for integration with authorization of resource access, 144 refer to [I-D.ietf-ace-oscore-profile]. 146 EDHOC is designed to work in highly constrained scenarios making it 147 especially suitable for network technologies such as Cellular IoT, 148 6TiSCH [I-D.ietf-6tisch-dtsecurity-zerotouch-join], and LoRaWAN 149 [LoRa1][LoRa2]. These network technologies are characterized by 150 their low throughput, low power consumption, and small frame sizes. 151 Compared to the DTLS 1.3 handshake [I-D.ietf-tls-dtls13] with ECDH 152 and connection ID, the number of bytes in EDHOC + CoAP is less than 153 1/4 when PSK authentication is used and less than 1/6 when RPK 154 authentication is used, see 155 [I-D.ietf-lwig-security-protocol-comparison]. Typical message sizes 156 for EDHOC with pre-shared keys, raw public keys with static Diffie- 157 Hellman keys, and two different ways to identify X.509 certificates 158 with signature keys are shown in Figure 1. Further reductions of 159 message sizes are possible by eliding redundant length indications. 161 ===================================================================== 162 PSK RPK x5t x5chain 163 --------------------------------------------------------------------- 164 message_1 38 37 37 37 165 message_2 44 46 117 110 + Certificate 166 message_3 10 20 91 84 + Certificate 167 --------------------------------------------------------------------- 168 Total 92 103 245 231 + Certificates 169 ===================================================================== 171 Figure 1: Typical message sizes in bytes 173 The ECDH exchange and the key derivation follow known protocol 174 constructions such as [SIGMA], NIST SP-800-56A [SP-800-56A], and HKDF 175 [RFC5869]. CBOR [RFC7049] and COSE [RFC8152] are used to implement 176 these standards. The use of COSE provides crypto agility and enables 177 use of future algorithms and headers designed for constrained IoT. 179 This document is organized as follows: Section 2 describes how EDHOC 180 authenticated with digital signatures builds on SIGMA-I, Section 3 181 specifies general properties of EDHOC, including message flow, 182 formatting of the ephemeral public keys, and key derivation, 183 Section 4 specifies EDHOC with signature key and static Diffie- 184 Hellman key authentication, Section 5 specifies EDHOC with symmetric 185 key authentication, Section 6 specifies the EDHOC error message, and 186 Section 7 describes how EDHOC can be transferred in CoAP and used to 187 establish an OSCORE security context. 189 1.1. Rationale for EDHOC 191 Many constrained IoT systems today do not use any security at all, 192 and when they do, they often do not follow best practices. One 193 reason is that many current security protocols are not designed with 194 constrained IoT in mind. Constrained IoT systems often deal with 195 personal information, valuable business data, and actuators 196 interacting with the physical world. Not only do such systems need 197 security and privacy, they often need end-to-end protection with 198 source authentication and perfect forward secrecy. EDHOC and OSCORE 199 [RFC8613] enables security following current best practices to 200 devices and systems where current security protocols are impractical. 202 EDHOC is optimized for small message sizes and can therefore be sent 203 over a small number of radio frames. The message size of a key 204 exchange protocol may have a large impact on the performance of an 205 IoT deployment, especially in constrained environments. For example, 206 in a network bootstrapping setting a large number of devices turned 207 on in a short period of time may result in large latencies caused by 208 parallel key exchanges. Requirements on network formation time in 209 constrained environments can be translated into key exchange 210 overhead. In network technologies with duty cycle, each additional 211 frame significantly increases the latency even if no other devices 212 are transmitting. 214 Power consumption for wireless devices is highly dependent on message 215 transmission, listening, and reception. For devices that only send a 216 few bytes occasionally, the battery lifetime may be impacted by a 217 heavy key exchange protocol. A key exchange may need to be executed 218 more than once, e.g. due to a device rebooting or for security 219 reasons such as perfect forward secrecy. 221 EDHOC is adapted to primitives and protocols designed for the 222 Internet of Things: EDHOC is built on CBOR and COSE which enables 223 small message overhead and efficient parsing in constrained devices. 224 EDHOC is not bound to a particular transport layer, but it is 225 recommended to transport the EDHOC message in CoAP payloads. EDHOC 226 is not bound to a particular communication security protocol but 227 works off-the-shelf with OSCORE [RFC8613] providing the necessary 228 input parameters with required properties. Maximum code complexity 229 (ROM/Flash) is often a constraint in many devices and by reusing 230 already existing libraries, the additional code footprint for EDHOC + 231 OSCORE can be kept very low. 233 1.2. Terminology and Requirements Language 235 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 236 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 237 "OPTIONAL" in this document are to be interpreted as described in BCP 238 14 [RFC2119] [RFC8174] when, and only when, they appear in all 239 capitals, as shown here. 241 Readers are expected to be familiar with the terms and concepts 242 described in CBOR [RFC7049], CBOR Sequences [RFC8742], COSE 243 [RFC8152], and CDDL [RFC8610]. The Concise Data Definition Language 244 (CDDL) is used to express CBOR data structures [RFC7049]. Examples 245 of CBOR and CDDL are provided in Appendix A.1. 247 2. Background 249 EDHOC specifies different authentication methods of the Diffie- 250 Hellman key exchange: digital signatures, static Diffie-Hellman keys 251 and symmetric keys. This section outlines the digital signature 252 based method. 254 SIGMA (SIGn-and-MAc) is a family of theoretical protocols with a 255 large number of variants [SIGMA]. Like IKEv2 [RFC7296] and (D)TLS 256 1.3 [RFC8446], EDHOC authenticated with digital signatures is built 257 on a variant of the SIGMA protocol which provide identity protection 258 of the initiator (SIGMA-I), and like IKEv2 [RFC7296], EDHOC 259 implements the SIGMA-I variant as Mac-then-Sign. The SIGMA-I 260 protocol using an authenticated encryption algorithm is shown in 261 Figure 2. 263 Initiator Responder 264 | G_X | 265 +-------------------------------------------------------->| 266 | | 267 | G_Y, AEAD( K_2; ID_CRED_R, Sig(R; CRED_R, G_X, G_Y) ) | 268 |<--------------------------------------------------------+ 269 | | 270 | AEAD( K_3; ID_CRED_I, Sig(I; CRED_I, G_Y, G_X) ) | 271 +-------------------------------------------------------->| 272 | | 274 Figure 2: Authenticated encryption variant of the SIGMA-I protocol. 276 The parties exchanging messages are called Initiator (I) and 277 Responder (R). They exchange ephemeral public keys, compute the 278 shared secret, and derive symmetric application keys. 280 o G_X and G_Y are the ECDH ephemeral public keys of I and R, 281 respectively. 283 o CRED_I and CRED_R are the credentials containing the public 284 authentication keys of I and R, respectively. 286 o ID_CRED_I and ID_CRED_R are data enabling the recipient party to 287 retrieve the credential of I and R, respectively. 289 o Sig(I; . ) and S(R; . ) denote signatures made with the private 290 authentication key of I and R, respectively. 292 o AEAD(K; . ) denotes authenticated encryption with additional data 293 using a key K derived from the shared secret. 295 In order to create a "full-fledged" protocol some additional protocol 296 elements are needed. EDHOC adds: 298 o Explicit connection identifiers C_I, C_R chosen by I and R, 299 respectively, enabling the recipient to find the protocol state. 301 o Transcript hashes (hashes of message data) TH_2, TH_3, TH_4 used 302 for key derivation and as additional authenticated data. 304 o Computationally independent keys derived from the ECDH shared 305 secret and used for authenticated encryption of different 306 messages. 308 o Verification of a common preferred cipher suite: 310 * The Initiator lists supported cipher suites in order of 311 preference 313 * The Responder verifies that the selected cipher suite is the 314 first supported cipher suite 316 o Method types and error handling. 318 o Transport of opaque auxiliary data. 320 EDHOC is designed to encrypt and integrity protect as much 321 information as possible, and all symmetric keys are derived using as 322 much previous information as possible. EDHOC is furthermore designed 323 to be as compact and lightweight as possible, in terms of message 324 sizes, processing, and the ability to reuse already existing CBOR, 325 COSE, and CoAP libraries. 327 To simplify for implementors, the use of CBOR in EDHOC is summarized 328 in Appendix A and test vectors including CBOR diagnostic notation are 329 given in Appendix B. 331 3. EDHOC Overview 333 EDHOC consists of three messages (message_1, message_2, message_3) 334 that maps directly to the three messages in SIGMA-I, plus an EDHOC 335 error message. EDHOC messages are CBOR Sequences [RFC8742], where 336 the first data item (METHOD_CORR) of message_1 is an int specifying 337 the method and the correlation properties of the transport used, see 338 Section 3.1. The method specifies the authentication methods used 339 (signature, static DH, symmetric), see Section 9.2. An 340 implementation may support only Initiator or Responder. An 341 implementation may support only a single method. The Initiator and 342 the Responder need to have agreed on a single method to be used for 343 EDHOC. 345 While EDHOC uses the COSE_Key, COSE_Sign1, and COSE_Encrypt0 346 structures, only a subset of the parameters is included in the EDHOC 347 messages. The unprotected COSE header in COSE_Sign1, and 348 COSE_Encrypt0 (not included in the EDHOC message) MAY contain 349 parameters (e.g. 'alg'). After creating EDHOC message_3, the 350 Initiator can derive symmetric application keys, and application 351 protected data can therefore be sent in parallel with EDHOC 352 message_3. The application may protect data using the algorithms 353 (AEAD, hash, etc.) in the selected cipher suite and the connection 354 identifiers (C_I, C_R). EDHOC may be used with the media type 355 application/edhoc defined in Section 9. 357 Initiator Responder 358 | | 359 | ------------------ EDHOC message_1 -----------------> | 360 | | 361 | <----------------- EDHOC message_2 ------------------ | 362 | | 363 | ------------------ EDHOC message_3 -----------------> | 364 | | 365 | <----------- Application Protected Data ------------> | 366 | | 368 Figure 3: EDHOC message flow 370 3.1. Transport and Message Correlation 372 Cryptographically, EDHOC does not put requirements on the lower 373 layers. EDHOC is not bound to a particular transport layer, and can 374 be used in environments without IP. The transport is responsible to 375 handle message loss, reordering, message duplication, fragmentation, 376 and denial of service protection, where necessary. The Initiator and 377 the Responder need to have agreed on a transport to be used for 378 EDHOC. It is recommended to transport EDHOC in CoAP payloads, see 379 Section 7. 381 EDHOC includes connection identifiers (C_I, C_R) to correlate 382 messages. The connection identifiers C_I and C_R do not have any 383 cryptographic purpose in EDHOC. They contain information 384 facilitating retrieval of the protocol state and may therefore be 385 very short. The connection identifier MAY be used with an 386 application protocol (e.g. OSCORE) for which EDHOC establishes keys, 387 in which case the connection identifiers SHALL adhere to the 388 requirements for that protocol. Each party choses a connection 389 identifier it desires the other party to use in outgoing messages. 391 If the transport provides a mechanism for correlating messages, some 392 of the connection identifiers may be omitted. There are four cases: 394 o corr = 0, the transport does not provide a correlation mechanism. 396 o corr = 1, the transport provides a correlation mechanism that 397 enables the Responder to correlate message_2 and message_1. 399 o corr = 2, the transport provides a correlation mechanism that 400 enables the Initiator to correlate message_3 and message_2. 402 o corr = 3, the transport provides a correlation mechanism that 403 enables both parties to correlate all three messages. 405 For example, if the key exchange is transported over CoAP, the CoAP 406 Token can be used to correlate messages, see Section 7.1. 408 3.2. Authentication Keys and Identities 410 The EDHOC message exchange may be authenticated using pre-shared keys 411 (PSK), raw public keys (RPK), or public key certificates. The 412 certificates and RPKs can contain signature keys or static Diffie- 413 Hellman keys. In X.509 certificates, signature keys typically have 414 key usage "digitalSignature" and Diffie-Hellman keys typically have 415 key usage "keyAgreement". EDHOC assumes the existence of mechanisms 416 (certification authority, trusted third party, manual distribution, 417 etc.) for distributing authentication keys (public or pre-shared) and 418 identities. Policies are set based on the identity of the other 419 party, and parties typically only allow connections from a small 420 restricted set of identities. 422 o When a Public Key Infrastructure (PKI) is used, the trust anchor 423 is a Certification Authority (CA) certificate, and the identity is 424 the subject whose unique name (e.g. a domain name, NAI, or EUI) is 425 included in the other party's certificate. Before running EDHOC 426 each party needs at least one CA public key certificate, or just 427 the public key, and a set of identities it is allowed to 428 communicate with. Any validated public-key certificate with an 429 allowed subject name is accepted. EDHOC provides proof that the 430 other party possesses the private authentication key corresponding 431 to the public authentication key in its certificate. The 432 certification path provides proof that the subject of the 433 certificate owns the public key in the certificate. 435 o When public keys are used but not with a PKI (RPK, self-signed 436 certificate), the trust anchor is the public authentication key of 437 the other party. In this case, the identity is typically directly 438 associated to the public authentication key of the other party. 439 For example, the name of the subject may be a canonical 440 representation of the public key. Alternatively, if identities 441 can be expressed in the form of unique subject names assigned to 442 public keys, then a binding to identity can be achieved by 443 including both public key and associated subject name in the 444 protocol message computation: CRED_I or CRED_R may be a self- 445 signed certificate or COSE_Key containing the public 446 authentication key and the subject name, see Figure 2. Before 447 running EDHOC, each party need a set of public authentication 448 keys/unique associated subject names it is allowed to communicate 449 with. EDHOC provides proof that the other party possesses the 450 private authentication key corresponding to the public 451 authentication key. 453 o When pre-shared keys are used the information about the other 454 party is carried in the PSK identifier field of the protocol, 455 ID_PSK. The purpose of ID_PSK is to facilitate retrieval of the 456 pre-shared key, which is used to authenticate and assert trust. 457 In this case no other identities or trust anchors are used. 459 3.3. Identifiers 461 One byte connection and credential identifiers are realistic in many 462 scenarios as most constrained devices only have a few keys and 463 connections. In cases where a node only has one connection or key, 464 the identifiers may even be the empty byte string. 466 3.4. Cipher Suites 468 EDHOC cipher suites consist of an ordered set of COSE algorithms: an 469 EDHOC AEAD algorithm, an EDHOC hash algorithm, an EDHOC ECDH curve, 470 an EDHOC signature algorithm, an EDHOC signature algorithm curve, an 471 application AEAD algorithm, and an application hash algorithm from 472 the COSE Algorithms and Elliptic Curves registries. Each cipher 473 suite is identified with a pre-defined int label. This document 474 specifies four pre-defined cipher suites. 476 0. ( 10, -16, 4, -8, 6, 10, -16 ) 477 (AES-CCM-16-64-128, SHA-256, X25519, EdDSA, Ed25519, 478 AES-CCM-16-64-128, SHA-256) 480 1. ( 30, -16, 4, -8, 6, 10, -16 ) 481 (AES-CCM-16-128-128, SHA-256, X25519, EdDSA, Ed25519, 482 AES-CCM-16-64-128, SHA-256) 484 2. ( 10, -16, 1, -7, 1, 10, -16 ) 485 (AES-CCM-16-64-128, SHA-256, P-256, ES256, P-256, 486 AES-CCM-16-64-128, SHA-256) 488 3. ( 30, -16, 1, -7, 1, 10, -16 ) 489 (AES-CCM-16-128-128, SHA-256, P-256, ES256, P-256, 490 AES-CCM-16-64-128, SHA-256) 492 The different methods use the same cipher suites, but some algorithms 493 are not used in some methods. The EDHOC signature algorithm and the 494 EDHOC signature algorithm curve are not used is methods without 495 signature authentication. 497 The Initiator need to have a list of cipher suites it supports in 498 order of preference. The Responder need to have a list of cipher 499 suites it supports. 501 3.5. Communication/Negotiation of Protocol Features 503 EDHOC allows the communication or negotiation of various protocol 504 features during the execution of the protocol. 506 o The Initiator proposes a cipher suite (see Section 3.4), and the 507 Responder either accepts or rejects, and may make a counter 508 proposal. 510 o The Initiator decides on the correlation parameter corr (see 511 Section 3.1). This is typically given by the transport which the 512 Initiator and the Responder have agreed on beforehand. The 513 Responder either accepts or rejects. 515 o The Initiator decides on the method parameter, see Section 9.2. 516 The Responder either accepts or rejects. 518 o The Initiator and the Responder decide on the representation of 519 the identifier of their respective credentials, ID_CRED_I and 520 ID_CRED_R. The decision is reflected by the label used in the 521 CBOR map, see for example Section 4.1. 523 3.6. Auxiliary Data 525 In order to reduce round trips and number of messages, and in some 526 cases also streamline processing, certain security applications may 527 be integrated into EDHOC by transporting auxiliary data together with 528 the messages. One example is the transport of third-party 529 authorization information protected outside of EDHOC 530 [I-D.selander-ace-ake-authz]. Another example is the embedding of a 531 certificate enrolment request or a newly issued certificate. 533 EDHOC allows opaque auxiliary data (AD) to be sent in the EDHOC 534 messages. Unprotected Auxiliary Data (AD_1, AD_2) may be sent in 535 message_1 and message_2, respectively. Protected Auxiliary Data 536 (AD_3) may be sent in message_3. 538 Since data carried in AD1 and AD2 may not be protected, and the 539 content of AD3 is available to both the Initiator and the Responder, 540 special considerations need to be made such that the availability of 541 the data a) does not violate security and privacy requirements of the 542 service which uses this data, and b) does not violate the security 543 properties of EDHOC. 545 3.7. Ephemeral Public Keys 547 The ECDH ephemeral public keys are formatted as a COSE_Key of type 548 EC2 or OKP according to Sections 13.1 and 13.2 of [RFC8152], but only 549 the 'x' parameter is included in the EDHOC messages. For Elliptic 550 Curve Keys of type EC2, compact representation as per [RFC6090] MAY 551 be used also in the COSE_Key. If the COSE implementation requires an 552 'y' parameter, any of the possible values of the y-coordinate can be 553 used, see Appendix C of [RFC6090]. COSE [RFC8152] always use compact 554 output for Elliptic Curve Keys of type EC2. 556 3.8. Key Derivation 558 EDHOC uses HKDF [RFC5869] with the EDHOC hash algorithm in the 559 selected cipher suite to derive keys. HKDF-Extract is used to derive 560 fixed-length uniformly pseudorandom keys (PRK) from ECDH shared 561 secrets. HKDF-Expand is used to derive additional output keying 562 material (OKM) from the PRKs. The PRKs are derived using HKDF- 563 Extract [RFC5869]. 565 PRK = HKDF-Extract( salt, IKM ) 567 PRK_2e is used to derive key and IV to encrypt message_2. PRK_3e2m 568 is used to derive keys and IVs produce a MAC in message_2 and to 569 encrypt message_3. PRK_4x3m is used to derive keys and IVs produce a 570 MAC in message_3 and to derive application specific data. 572 PRK_2e is derived with the following input: 574 o The salt SHALL be the PSK when EDHOC is authenticated with 575 symmetric keys, and the empty byte string when EDHOC is 576 authenticated with asymmetric keys (signature or static DH). The 577 PSK is used as 'salt' to simplify implementation. Note that 578 [RFC5869] specifies that if the salt is not provided, it is set to 579 a string of zeros (see Section 2.2 of [RFC5869]). For 580 implementation purposes, not providing the salt is the same as 581 setting the salt to the empty byte string. 583 o The input keying material (IKM) SHALL be the ECDH shared secret 584 G_XY (calculated from G_X and Y or G_Y and X) as defined in 585 Section 12.4.1 of [RFC8152]. 587 Example: Assuming the use of SHA-256 the extract phase of HKDF 588 produces PRK_2e as follows: 590 PRK_2e = HMAC-SHA-256( salt, G_XY ) 592 where salt = 0x (the empty byte string) in the asymmetric case and 593 salt = PSK in the symmetric case. 595 The pseudorandom keys PRK_3e2m and PRK_4x3m are defined as follow: 597 o If the Reponder authenticates with a static Diffie-Hellman key, 598 then PRK_3e2m = HKDF-Extract( PRK_2e, G_RX ), where G_RX is the 599 ECDH shared secret calculated from G_R and X, or G_X and R, else 600 PRK_3e2m = PRK_2e. 602 o If the Initiator authenticates with a static Diffie-Hellman key, 603 then PRK_4x3m = HKDF-Extract( PRK_3e2m, G_IY ), where G_IY is the 604 ECDH shared secret calculated from G_I and Y, or G_Y and I, else 605 PRK_4x3m = PRK_3e2m. 607 Example: Assuming the use of curve25519, the ECDH shared secrets 608 G_XY, G_RX, and G_IY are the outputs of the X25519 function 609 [RFC7748]: 611 G_XY = X25519( Y, G_X ) = X25519( X, G_Y ) 613 The keys and IVs used in EDHOC are derived from PRK using HKDF-Expand 614 [RFC5869] where the EDHOC-KDF is instantiated with the EDHOC AEAD 615 algorithm in the selected cipher suite. 617 OKM = EDHOC-KDF( PRK, transcript_hash, label, length ) 618 = HKDF-Expand( PRK, info, length ) 620 where info is the CBOR encoding of 622 info = [ 623 edhoc_aead_id : int / tstr, 624 transcript_hash : bstr, 625 label : tstr, 626 length : uint 627 ] 629 where 631 o edhoc_aead_id is an int or tstr containing the algorithm 632 identifier of the EDHOC AEAD algorithm in the selected cipher 633 suite encoded as defined in [RFC8152]. Note that a single fixed 634 edhoc_aead_id is used in all invocations of EDHOC-KDF, including 635 the derivation of K_2e and invocations of the EDHOC-Exporter. 637 o transcript_hash is a bstr set to one of the transcript hashes 638 TH_2, TH_3, or TH_4 as defined in Sections 4.3.1, 4.4.1, and 639 3.8.1. 641 o label is a tstr set to the name of the derived key or IV, i.e. 642 "K_2m", "IV_2m", "K_2e", "K_2ae", "IV_2ae", "K_3m", "IV_3m", 643 "K_3ae", or "IV_2ae". 645 o length is the length of output keying material (OKM) in bytes 647 K_2ae and IV_2ae are derived using the transcript hash TH_2 and the 648 pseudorandom key PRK_2e. K_2m and IV_2m are derived using the 649 transcript hash TH_2 and the pseudorandom key PRK_3e2m. K_3ae and 650 IV_3ae are derived using the transcript hash TH_3 and the 651 pseudorandom key PRK_3e2m. K_3m and IV_3m are derived using the 652 transcript hash TH_3 and the pseudorandom key PRK_4x3m. IVs are only 653 used if the EDHOC AEAD algorithm uses IVs. 655 3.8.1. EDHOC-Exporter Interface 657 Application keys and other application specific data can be derived 658 using the EDHOC-Exporter interface defined as: 660 EDHOC-Exporter(label, length) 661 = EDHOC-KDF(PRK_4x3m, TH_4, label, length) 663 where label is a tstr defined by the application and length is an 664 uint defined by the application. The label SHALL be different for 665 each different exporter value. The transcript hash TH_4 is a CBOR 666 encoded bstr and the input to the hash function is a CBOR Sequence. 668 TH_4 = H( TH_3, CIPHERTEXT_3 ) 670 where H() is the hash function in the selected cipher suite. Example 671 use of the EDHOC-Exporter is given in Sections 3.8.2 and 7.1.1. 673 3.8.2. EDHOC PSK Chaining 675 An application using EDHOC may want to derive new PSKs to use for 676 authentication in future EDHOC exchanges. In this case, the new PSK 677 and the ID_PSK 'kid_value' parameter SHOULD be derived as follows 678 where length is the key length (in bytes) of the EDHOC AEAD 679 Algorithm. 681 PSK = EDHOC-Exporter( "EDHOC Chaining PSK", length ) 682 kid_psk = EDHOC-Exporter( "EDHOC Chaining kid_psk", 4 ) 684 4. EDHOC Authenticated with Asymmetric Keys 686 4.1. Overview 688 This section specifies authentication method = 0, 1, 2, and 3, see 689 Section 9.2. EDHOC supports authentication with signature or static 690 Diffie-Hellman keys in the form of raw public keys (RPK) and public 691 key certificates with the requirements that: 693 o Only the Responder SHALL have access to the Responder's private 694 authentication key, 696 o Only the Initiator SHALL have access to the Initiator's private 697 authentication key, 699 o The Initiator is able to retrieve the Responder's public 700 authentication key using ID_CRED_R, 702 o The Responder is able to retrieve the Initiator's public 703 authentication key using ID_CRED_I, 705 where the identifiers ID_CRED_I and ID_CRED_R are COSE header_maps, 706 i.e. CBOR maps containing COSE Common Header Parameters, see 707 Section 3.1 of [RFC8152]). ID_CRED_I and ID_CRED_R need to contain 708 parameters that can identify a public authentication key. In the 709 following paragraph we give some examples of possible COSE header 710 parameters used. 712 Raw public keys are most optimally stored as COSE_Key objects and 713 identified with a 'kid' parameter: 715 o ID_CRED_x = { 4 : kid_x }, where kid_x : bstr, for x = I or R. 717 Public key certificates can be identified in different ways. Several 718 header parameters for identifying X.509 certificates are defined in 719 [I-D.ietf-cose-x509]: 721 o by a bag of certificates with the 'x5bag' parameter; or 723 * ID_CRED_x = { 32 : COSE_X509 }, for x = I or R, 725 o by a certificate chain with the 'x5chain' parameter; 727 * ID_CRED_x = { 33 : COSE_X509 }, for x = I or R, 729 o by a hash value with the 'x5t' parameter; 731 * ID_CRED_x = { 34 : COSE_CertHash }, for x = I or R, 733 o by a URL with the 'x5u' parameter; 735 * ID_CRED_x = { 35 : uri }, for x = I or R, 737 In the first two examples, ID_CRED_I and ID_CRED_R contain the actual 738 credential used for authentication. The purpose of ID_CRED_I and 739 ID_CRED_R is to facilitate retrieval of a public authentication key 740 and when they do not contain the actual credential, they may be very 741 short. It is RECOMMENDED that they uniquely identify the public 742 authentication key as the recipient may otherwise have to try several 743 keys. ID_CRED_I and ID_CRED_R are transported in the ciphertext, see 744 Section 4.3.2 and Section 4.4.2. 746 The authentication key MUST be a signature key or static Diffie- 747 Hellman key. The Initiator and the Responder MAY use different types 748 of authentication keys, e.g. one uses a signature key and the other 749 uses a static Diffie-Hellman key. When using a signature key, the 750 authentication is provided by a signature. When using a static 751 Diffie-Hellman key the authentication is provided by a Message 752 Authentication Code (MAC) computed from an ephemeral-static ECDH 753 shared secret which enables significant reductions in message sizes. 754 The MAC is implemented with an AEAD algorithm. When using a static 755 Diffie-Hellman keys the Initiator's and Responder's private 756 authentication keys are called I and R, respectively, and the public 757 authentication keys are called G_I and G_R, respectively. 759 The actual credentials CRED_I and CRED_R are signed or MAC:ed by the 760 Initiator and the Responder respectively, see Section 4.4.1 and 761 Section 4.3.1. The Initiator and the Responder MAY use different 762 types of credentials, e.g. one uses RPK and the other uses 763 certificate. When the credential is a certificate, CRED_x is end- 764 entity certificate (i.e. not the certificate chain) encoded as a CBOR 765 bstr. When the credential is a COSE_Key, CREX_x is a CBOR map only 766 contains specific fields from the COSE_Key. For COSE_Keys of type 767 OKP the CBOR map SHALL only include the parameters 1 (kty), -1 (crv), 768 and -2 (x-coordinate). For COSE_Keys of type EC2 the CBOR map SHALL 769 only include the parameters 1 (kty), -1 (crv), -2 (x-coordinate), and 770 -3 (y-coordinate). If the parties have agreed on an identity besides 771 the public key, the indentity is included in the CBOR map with the 772 label "subject name", otherwise the subject name is the empty text 773 string. The parameters SHALL be encoded in decreasing order with int 774 labels first and text string labels last. An example of CRED_x when 775 the RPK contains a X25519 static Diffie-Hellman key and the parties 776 have agreed on an EUI-64 identity is shown below: 778 CRED_x = { 779 1: 1, 780 -1: 4, 781 -2: h'b1a3e89460e88d3a8d54211dc95f0b90 782 3ff205eb71912d6db8f4af980d2db83a', 783 "subject name" : "42-50-31-FF-EF-37-32-39" 784 } 786 Initiator Responder 787 | METHOD_CORR, SUITES_I, G_X, C_I, AD_1 | 788 +------------------------------------------------------------------>| 789 | message_1 | 790 | | 791 | C_I, G_Y, C_R, Enc(K_2e; ID_CRED_R, Signature_or_MAC_2, AD_2) | 792 |<------------------------------------------------------------------+ 793 | message_2 | 794 | | 795 | C_R, AEAD(K_3ae; ID_CRED_I, Signature_or_MAC_3, AD_3) | 796 +------------------------------------------------------------------>| 797 | message_3 | 799 Figure 4: Overview of EDHOC with asymmetric key authentication. 801 4.2. EDHOC Message 1 803 4.2.1. Formatting of Message 1 805 message_1 SHALL be a CBOR Sequence (see Appendix A.1) as defined 806 below 807 message_1 = ( 808 METHOD_CORR : int, 809 SUITES_I : [ selected : suite, supported : 2* suite ] / suite, 810 G_X : bstr, 811 C_I : bstr_identifier, 812 ? AD_1 : bstr, 813 ) 815 suite = int 816 bstr_identifier = bsrt / int 818 where: 820 o METHOD_CORR = 4 * method + corr, where method = 0, 1, 2, or 3 (see 821 Section 9.2) and the correlation parameter corr is chosen based on 822 the transport and determines which connection identifiers that are 823 omitted (see Section 3.1). 825 o SUITES_I - cipher suites which the Initiator supports in order of 826 (decreasing) preference. The list of supported cipher suites can 827 be truncated at the end, as is detailed in the processing steps 828 below. One of the supported cipher suites is selected. If a 829 single supported cipher suite is conveyed then that cipher suite 830 is selected and the selected cipher suite is encoded as an int 831 instead of an array. 833 o G_X - the ephemeral public key of the Initiator 835 o C_I - variable length connection identifier. An bstr_identifier 836 is a byte string with special encoding. Byte strings of length 837 one is encoded as the corresponding integer - 24, i.e. h'2a' is 838 encoded as 18. 840 o AD_1 - bstr containing unprotected opaque auxiliary data 842 4.2.2. Initiator Processing of Message 1 844 The Initiator SHALL compose message_1 as follows: 846 o The supported cipher suites and the order of preference MUST NOT 847 be changed based on previous error messages. However, the list 848 SUITES_I sent to the Responder MAY be truncated such that cipher 849 suites which are the least preferred are omitted. The amount of 850 truncation MAY be changed between sessions, e.g. based on previous 851 error messages (see next bullet), but all cipher suites which are 852 more preferred than the least preferred cipher suite in the list 853 MUST be included in the list. 855 o Determine the cipher suite to use with the Responder in message_1. 856 If the Initiator previously received from the Responder an error 857 message to a message_1 with diagnostic payload identifying a 858 cipher suite that the Initiator supports, then the Initiator SHALL 859 use that cipher suite. Otherwise the first supported (i.e. the 860 most preferred) cipher suite in SUITES_I MUST be used. 862 o Generate an ephemeral ECDH key pair as specified in Section 5 of 863 [SP-800-56A] using the curve in the selected cipher suite and 864 format it as a COSE_Key. Let G_X be the 'x' parameter of the 865 COSE_Key. 867 o Choose a connection identifier C_I and store it for the length of 868 the protocol. 870 o Encode message_1 as a sequence of CBOR encoded data items as 871 specified in Section 4.2.1 873 4.2.3. Responder Processing of Message 1 875 The Responder SHALL process message_1 as follows: 877 o Decode message_1 (see Appendix A.1). 879 o Verify that the selected cipher suite is supported and that no 880 prior cipher suites in SUITES_I are supported. 882 o Pass AD_1 to the security application. 884 If any verification step fails, the Initiator MUST send an EDHOC 885 error message back, formatted as defined in Section 6, and the 886 protocol MUST be discontinued. If V does not support the selected 887 cipher suite, then SUITES_R MUST include one or more supported cipher 888 suites. If the Responder does not support the selected cipher suite, 889 but supports another cipher suite in SUITES_I, then SUITES_R MUST 890 include the first supported cipher suite in SUITES_I. 892 4.3. EDHOC Message 2 894 4.3.1. Formatting of Message 2 896 message_2 and data_2 SHALL be CBOR Sequences (see Appendix A.1) as 897 defined below 899 message_2 = ( 900 data_2, 901 CIPHERTEXT_2 : bstr, 902 ) 903 data_2 = ( 904 ? C_I : bstr_identifier, 905 G_Y : bstr, 906 C_R : bstr_identifier, 907 ) 909 where: 911 o G_Y - the ephemeral public key of the Responder 913 o C_R - variable length connection identifier 915 4.3.2. Responder Processing of Message 2 917 The Responder SHALL compose message_2 as follows: 919 o If corr (METHOD_CORR mod 4) equals 1 or 3, C_I is omitted, 920 otherwise C_I is not omitted. 922 o Generate an ephemeral ECDH key pair as specified in Section 5 of 923 [SP-800-56A] using the curve in the selected cipher suite and 924 format it as a COSE_Key. Let G_Y be the 'x' parameter of the 925 COSE_Key. 927 o Choose a connection identifier C_R and store it for the length of 928 the protocol. 930 o Compute the transcript hash TH_2 = H(message_1, data_2) where H() 931 is the hash function in the selected cipher suite. The transcript 932 hash TH_2 is a CBOR encoded bstr and the input to the hash 933 function is a CBOR Sequence. 935 o Compute an inner COSE_Encrypt0 as defined in Section 5.3 of 936 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 937 suite, K_2m, IV_2m, and the following parameters: 939 * protected = << ID_CRED_R >> 941 + ID_CRED_R - identifier to facilitate retrieval of CRED_R, 942 see Section 4.1 944 * external_aad = << TH_2, CRED_R, ? AD_2 >> 946 + CRED_R - bstr containing the credential of the Responder, 947 see Section 4.1. 949 + AD_2 = bstr containing opaque unprotected auxiliary data 951 * plaintext = h'' 953 COSE constructs the input to the AEAD [RFC5116] as follows: 955 * Key K = EDHOC-KDF( PRK_3e2m, TH_2, "K_2m", length ) 957 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_2, "IV_2m", length ) 959 * Plaintext P = 0x (the empty string) 961 * Associated data A = 963 [ "Encrypt0", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >> ] 965 MAC_2 is the 'ciphertext' of the inner COSE_Encrypt0. 967 o If the Reponder authenticates with a static Diffie-Hellman key 968 (method equals 1 or 3), then Signature_or_MAC_2 is MAC_2. If the 969 Reponder authenticates with a signature key (method equals 0 or 970 2), then Signature_or_MAC_2 is the 'signature' of a COSE_Sign1 971 object as defined in Section 4.4 of [RFC8152] using the signature 972 algorithm in the selected cipher suite, the private authentication 973 key of the Responder, and the following parameters: 975 * protected = << ID_CRED_R >> 977 * external_aad = << TH_2, CRED_R, ? AD_2 >> 979 * payload = MAC_2 981 COSE constructs the input to the Signature Algorithm as: 983 * The key is the private authentication key of the Responder. 985 * The message M to be signed = 987 [ "Signature1", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >>, 988 MAC_2 ] 990 o CIPHERTEXT_2 is the ciphertext resulting from XOR encrypting a 991 plaintext with the following common parameters: 993 * plaintext = ( ID_CRED_R / bstr_identifier, Signature_or_MAC_2, 994 ? AD_2 ) 996 + Note that if ID_CRED_R contains a single 'kid' parameter, 997 i.e., ID_CRED_R = { 4 : kid_R }, only the byte string kid_R 998 is conveyed in the plaintext encoded as an bstr_identifier, 999 see Section 4.1. 1001 * CIPHERTEXT_2 = plaintext XOR K_2e 1003 * K_2e = EDHOC-KDF( PRK_2e, TH_2, "K_2e", length ), where length 1004 is the length of the plaintext. 1006 o Encode message_2 as a sequence of CBOR encoded data items as 1007 specified in Section 4.3.1. 1009 4.3.3. Initiator Processing of Message 2 1011 The Initiator SHALL process message_2 as follows: 1013 o Decode message_2 (see Appendix A.1). 1015 o Retrieve the protocol state using the connection identifier C_I 1016 and/or other external information such as the CoAP Token and the 1017 5-tuple. 1019 o Decrypt CIPHERTEXT_2. The decryption process depends on the 1020 method, see Section 4.3.2. 1022 o Verify that the identity of the Responder is among the allowed 1023 identities for this connection. 1025 o Verify Signature_or_MAC_2 using the algorithm in the selected 1026 cipher suite. The verification process depends on the method, see 1027 Section 4.3.2. 1029 o Pass AD_2 to the security application. 1031 If any verification step fails, the Responder MUST send an EDHOC 1032 error message back, formatted as defined in Section 6, and the 1033 protocol MUST be discontinued. 1035 4.4. EDHOC Message 3 1037 4.4.1. Formatting of Message 3 1039 message_3 and data_3 SHALL be CBOR Sequences (see Appendix A.1) as 1040 defined below 1042 message_3 = ( 1043 data_3, 1044 CIPHERTEXT_3 : bstr, 1045 ) 1046 data_3 = ( 1047 ? C_R : bstr_identifier, 1048 ) 1050 4.4.2. Initiator Processing of Message 3 1052 The Initiator SHALL compose message_3 as follows: 1054 o If corr (METHOD_CORR mod 4) equals 2 or 3, C_R is omitted, 1055 otherwise C_R is not omitted. 1057 o Compute the transcript hash TH_3 = H(TH_2 , CIPHERTEXT_2, data_3) 1058 where H() is the hash function in the the selected cipher suite. 1059 The transcript hash TH_3 is a CBOR encoded bstr and the input to 1060 the hash function is a CBOR Sequence. 1062 o Compute an inner COSE_Encrypt0 as defined in Section 5.3 of 1063 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1064 suite, K_3m, IV_3m, and the following parameters: 1066 * protected = << ID_CRED_I >> 1068 + ID_CRED_I - identifier to facilitate retrieval of CRED_I, 1069 see Section 4.1 1071 * external_aad = << TH_3, CRED_I, ? AD_3 >> 1073 + CRED_I - bstr containing the credential of the Initiator, 1074 see Section 4.1. 1076 + AD_3 = bstr containing opaque protected auxiliary data 1078 * plaintext = h'' 1080 COSE constructs the input to the AEAD [RFC5116] as follows: 1082 * Key K = EDHOC-KDF( PRK_4x3m, TH_3, "K_3m", length ) 1084 * Nonce N = EDHOC-KDF( PRK_4x3m, TH_3, "IV_3m", length ) 1086 * Plaintext P = 0x (the empty string) 1088 * Associated data A = 1090 [ "Encrypt0", << ID_CRED_I >>, << TH_3, CRED_I, ? AD_3 >> ] 1092 MAC_3 is the 'ciphertext' of the inner COSE_Encrypt0. 1094 o If the Initiator authenticates with a static Diffie-Hellman key 1095 (method equals 2 or 3), then Signature_or_MAC_3 is MAC_3. If the 1096 Initiator authenticates with a signature key (method equals 0 or 1097 1), then Signature_or_MAC_3 is the 'signature' of a COSE_Sign1 1098 object as defined in Section 4.4 of [RFC8152] using the signature 1099 algorithm in the selected cipher suite, the private authentication 1100 key of the Initiator, and the following parameters: 1102 * protected = << ID_CRED_I >> 1104 * external_aad = << TH_3, CRED_I, ? AD_3 >> 1106 * payload = MAC_3 1108 COSE constructs the input to the Signature Algorithm as: 1110 * The key is the private authentication key of the Initiator. 1112 * The message M to be signed = 1114 [ "Signature1", << ID_CRED_I >>, << TH_3, CRED_I, ? AD_3 >>, 1115 MAC_3 ] 1117 o Compute an outer COSE_Encrypt0 as defined in Section 5.3 of 1118 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1119 suite, K_3ae, IV_3ae, and the following parameters. The protected 1120 header SHALL be empty. 1122 * external_aad = TH_3 1124 * plaintext = ( ID_CRED_I / bstr_identifier, Signature_or_MAC_3, 1125 ? AD_3 ) 1127 + Note that if ID_CRED_I contains a single 'kid' parameter, 1128 i.e., ID_CRED_I = { 4 : kid_I }, only the byte string kid_I 1129 is conveyed in the plaintext encoded as an bstr_identifier, 1130 see Section 4.1. 1132 COSE constructs the input to the AEAD [RFC5116] as follows: 1134 * Key K = EDHOC-KDF( PRK_3e2m, TH_3, "K_3ae", length ) 1136 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_3, "IV_3ae", length ) 1138 * Plaintext P = ( ID_CRED_I / bstr_identifier, 1139 Signature_or_MAC_3, ? AD_3 ) 1141 * Associated data A = [ "Encrypt0", h'', TH_3 ] 1142 CIPHERTEXT_3 is the 'ciphertext' of the outer COSE_Encrypt0. 1144 o Encode message_3 as a sequence of CBOR encoded data items as 1145 specified in Section 4.4.1. 1147 Pass the connection identifiers (C_I, C_R) and the application 1148 algorithms in the selected cipher suite to the application. The 1149 application can now derive application keys using the EDHOC-Exporter 1150 interface. 1152 4.4.3. Responder Processing of Message 3 1154 The Responder SHALL process message_3 as follows: 1156 o Decode message_3 (see Appendix A.1). 1158 o Retrieve the protocol state using the connection identifier C_R 1159 and/or other external information such as the CoAP Token and the 1160 5-tuple. 1162 o Decrypt and verify the outer COSE_Encrypt0 as defined in 1163 Section 5.3 of [RFC8152], with the EDHOC AEAD algorithm in the 1164 selected cipher suite, K_3ae, and IV_3ae. 1166 o Verify that the identity of the Initiator is among the allowed 1167 identities for this connection. 1169 o Verify Signature_or_MAC_3 using the algorithm in the selected 1170 cipher suite. The verification process depends on the method, see 1171 Section 4.4.2. 1173 o Pass AD_3, the connection identifiers (C_I, C_R), and the 1174 application algorithms in the selected cipher suite to the 1175 security application. The application can now derive application 1176 keys using the EDHOC-Exporter interface. 1178 If any verification step fails, the Responder MUST send an EDHOC 1179 error message back, formatted as defined in Section 6, and the 1180 protocol MUST be discontinued. 1182 5. EDHOC Authenticated with Symmetric Keys 1184 5.1. Overview 1186 EDHOC supports authentication with pre-shared keys (authentication 1187 method = 4, see Section 9.2). The Initiator and the Responder are 1188 assumed to have a pre-shared key (PSK) with a good amount of 1189 randomness and the requirement that: 1191 o Only the Initiator and the Responder SHALL have access to the PSK, 1193 o The Responder is able to retrieve the PSK using ID_PSK. 1195 where the identifier ID_PSK is a COSE header_map (i.e. a CBOR map 1196 containing COSE Common Header Parameters, see [RFC8152]) containing 1197 COSE header parameter that can identify a pre-shared key. Pre-shared 1198 keys are typically stored as COSE_Key objects and identified with a 1199 'kid' parameter (see [RFC8152]): 1201 o ID_PSK = { 4 : kid_psk } , where kid_psk : bstr 1203 The purpose of ID_PSK is to facilitate retrieval of the PSK and in 1204 the case a 'kid' parameter is used it may be very short. It is 1205 RECOMMENDED that it uniquely identify the PSK as the recipient may 1206 otherwise have to try several keys. 1208 EDHOC with symmetric key authentication is illustrated in Figure 5. 1210 Initiator Responder 1211 | METHOD_CORR, SUITES_I, G_X, C_I, ID_PSK, AD_1 | 1212 +------------------------------------------------------------------>| 1213 | message_1 | 1214 | | 1215 | C_I, G_Y, C_R, AEAD(K_2ae; TH_2, AD_2) | 1216 |<------------------------------------------------------------------+ 1217 | message_2 | 1218 | | 1219 | C_R, AEAD(K_3ae; TH_3, AD_3) | 1220 +------------------------------------------------------------------>| 1221 | message_3 | 1223 Figure 5: Overview of EDHOC with symmetric key authentication. 1225 EDHOC with symmetric key authentication is very similar to EDHOC with 1226 asymmetric authentication. In the following subsections the 1227 differences compared to EDHOC with asymmetric authentication are 1228 described. 1230 5.2. EDHOC Message 1 1232 5.2.1. Formatting of Message 1 1234 message_1 SHALL be a CBOR Sequence (see Appendix A.1) as defined 1235 below 1236 message_1 = ( 1237 METHOD_CORR : int, 1238 SUITES_I : [ selected : suite, supported : 2* suite ] / suite, 1239 G_X : bstr, 1240 C_I : bstr_identifier, 1241 ID_PSK : header_map / bstr_identifier, 1242 ? AD_1 : bstr, 1243 ) 1245 where: 1247 o METHOD_CORR = 4 * method + corr, where method = 4 and the 1248 connection parameter corr is chosen based on the transport and 1249 determines which connection identifiers that are omitted (see 1250 Section 3.1). 1252 o ID_PSK - identifier to facilitate retrieval of the pre-shared key. 1253 If ID_PSK contains a single 'kid' parameter, i.e., ID_PSK = { 4 : 1254 kid_psk }, only the byte string kid_psk is conveyed encoded as an 1255 bstr_identifier. 1257 5.3. EDHOC Message 2 1259 5.3.1. Processing of Message 2 1261 o Signature_or_MAC_2 is not used. 1263 o The outer COSE_Encrypt0 is computed as defined in Section 5.3 of 1264 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1265 suite, K_2ae, IV_2ae, and the following parameters. The protected 1266 header SHALL be empty. 1268 * plaintext = ? AD_2 1270 + AD_2 = bstr containing opaque unprotected auxiliary data 1272 * external_aad = TH_2 1274 COSE constructs the input to the AEAD [RFC5116] as follows: 1276 * Key K = EDHOC-KDF( PRK_2e, TH_2, "K_2ae", length ) 1278 * Nonce N = EDHOC-KDF( PRK_2e, TH_2, "IV_2ae", length ) 1280 * Plaintext P = ? AD_2 1282 * Associated data A = [ "Encrypt0", h'', TH_2 ] 1284 5.4. EDHOC Message 3 1286 5.4.1. Processing of Message 3 1288 o Signature_or_MAC_3 is not used. 1290 o COSE_Encrypt0 is computed as defined in Section 5.3 of [RFC8152], 1291 with the EDHOC AEAD algorithm in the selected cipher suite, K_3ae, 1292 IV_3ae, and the following parameters. The protected header SHALL 1293 be empty. 1295 * plaintext = ? AD_3 1297 + AD_3 = bstr containing opaque protected auxiliary data 1299 * external_aad = TH_3 1301 COSE constructs the input to the AEAD [RFC5116] as follows: 1303 * Key K = EDHOC-KDF( PRK_3e2m, TH_3, "K_3ae", length ) 1305 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_3, "IV_3ae", length ) 1307 * Plaintext P = ? AD_3 1309 * Associated data A = [ "Encrypt0", h'', TH_3 ] 1311 6. Error Handling 1313 6.1. EDHOC Error Message 1315 This section defines a message format for the EDHOC error message, 1316 used during the protocol. An EDHOC error message can be sent by both 1317 parties as a reply to any non-error EDHOC message. After sending an 1318 error message, the protocol MUST be discontinued. Errors at the 1319 EDHOC layer are sent as normal successful messages in the lower 1320 layers (e.g. CoAP POST and 2.04 Changed). An advantage of using 1321 such a construction is to avoid issues created by usage of cross 1322 protocol proxies (e.g. UDP to TCP). 1324 error SHALL be a CBOR Sequence (see Appendix A.1) as defined below 1326 error = ( 1327 ? C_x : bstr_identifier, 1328 ERR_MSG : tstr, 1329 ? SUITES_R : [ supported : 2* suite ] / suite, 1330 ) 1331 where: 1333 o C_x - if error is sent by the Responder and corr (METHOD_CORR mod 1334 4) equals 0 or 2 then C_x is set to C_I, else if error is sent by 1335 the Initiator and corr (METHOD_CORR mod 4) equals 0 or 1 then C_x 1336 is set to C_R, else C_x is omitted. 1338 o ERR_MSG - text string containing the diagnostic payload, defined 1339 in the same way as in Section 5.5.2 of [RFC7252]. ERR_MSG MAY be 1340 a 0-length text string. 1342 o SUITES_R - cipher suites from SUITES_I or the EDHOC cipher suites 1343 registry that the Responder supports. SUITES_R MUST only be 1344 included in replies to message_1. If a single supported cipher 1345 suite is conveyed then the supported cipher suite is encoded as an 1346 int instead of an array. 1348 6.1.1. Example Use of EDHOC Error Message with SUITES_R 1350 Assuming that the Initiator supports the five cipher suites 5, 6, 7, 1351 8, and 9 in decreasing order of preference, Figures 6 and 7 show 1352 examples of how the Responder can truncate SUITES_I and how SUITES_R 1353 is used by the Responder to give the Initiator information about the 1354 cipher suites that the Responder supports. In Figure 6, the 1355 Responder supports cipher suite 6 but not the selected cipher suite 1356 5. 1358 Initiator Responder 1359 | METHOD_CORR, SUITES_I = [5, 5, 6, 7], G_X, C_I, AD_1 | 1360 +------------------------------------------------------------------>| 1361 | message_1 | 1362 | | 1363 | C_I, ERR_MSG, SUITES_R = 6 | 1364 |<------------------------------------------------------------------+ 1365 | error | 1366 | | 1367 | METHOD_CORR, SUITES_I = [6, 5, 6], G_X, C_I, AD_1 | 1368 +------------------------------------------------------------------>| 1369 | message_1 | 1371 Figure 6: Example use of error message with SUITES_R. 1373 In Figure 7, the Responder supports cipher suite 7 but not cipher 1374 suites 5 and 6. 1376 Initiator Responder 1377 | METHOD_CORR, SUITES_I = [5, 5, 6], G_X, C_I, AD_1 | 1378 +------------------------------------------------------------------>| 1379 | message_1 | 1380 | | 1381 | C_I, ERR_MSG, SUITES_R = [7, 9] | 1382 |<------------------------------------------------------------------+ 1383 | error | 1384 | | 1385 | METHOD_CORR, SUITES_I = [7, 5, 6, 7], G_X, C_I, AD_1 | 1386 +------------------------------------------------------------------>| 1387 | message_1 | 1389 Figure 7: Example use of error message with SUITES_R. 1391 As the Initiator's list of supported cipher suites and order of 1392 preference is fixed, and the Responder only accepts message_1 if the 1393 selected cipher suite is the first cipher suite in SUITES_I that the 1394 Responder supports, the parties can verify that the selected cipher 1395 suite is the most preferred (by the Initiator) cipher suite supported 1396 by both parties. If the selected cipher suite is not the first 1397 cipher suite in SUITES_I that the Responder supports, the Responder 1398 will discontinue the protocol. 1400 7. Transferring EDHOC and Deriving an OSCORE Context 1402 7.1. Transferring EDHOC in CoAP 1404 It is recommended to transport EDHOC as an exchange of CoAP [RFC7252] 1405 messages. CoAP is a reliable transport that can preserve packet 1406 ordering and handle message duplication. CoAP can also perform 1407 fragmentation and protect against denial of service attacks. It is 1408 recommended to carry the EDHOC messages in Confirmable messages, 1409 especially if fragmentation is used. 1411 By default, the CoAP client is the Initiator and the CoAP server is 1412 the Responder, but the roles SHOULD be chosen to protect the most 1413 sensitive identity, see Section 8. By default, EDHOC is transferred 1414 in POST requests and 2.04 (Changed) responses to the Uri-Path: 1415 "/.well-known/edhoc", but an application may define its own path that 1416 can be discovered e.g. using resource directory 1417 [I-D.ietf-core-resource-directory]. 1419 By default, the message flow is as follows: EDHOC message_1 is sent 1420 in the payload of a POST request from the client to the server's 1421 resource for EDHOC. EDHOC message_2 or the EDHOC error message is 1422 sent from the server to the client in the payload of a 2.04 (Changed) 1423 response. EDHOC message_3 or the EDHOC error message is sent from 1424 the client to the server's resource in the payload of a POST request. 1425 If needed, an EDHOC error message is sent from the server to the 1426 client in the payload of a 2.04 (Changed) response. 1428 An example of a successful EDHOC exchange using CoAP is shown in 1429 Figure 8. In this case the CoAP Token enables the Initiator to 1430 correlate message_1 and message_2 so the correlation parameter corr = 1431 1. 1433 Client Server 1434 | | 1435 +--------->| Header: POST (Code=0.02) 1436 | POST | Uri-Path: "/.well-known/edhoc" 1437 | | Content-Format: application/edhoc 1438 | | Payload: EDHOC message_1 1439 | | 1440 |<---------+ Header: 2.04 Changed 1441 | 2.04 | Content-Format: application/edhoc 1442 | | Payload: EDHOC message_2 1443 | | 1444 +--------->| Header: POST (Code=0.02) 1445 | POST | Uri-Path: "/.well-known/edhoc" 1446 | | Content-Format: application/edhoc 1447 | | Payload: EDHOC message_3 1448 | | 1449 |<---------+ Header: 2.04 Changed 1450 | 2.04 | 1451 | | 1453 Figure 8: Transferring EDHOC in CoAP 1455 The exchange in Figure 8 protects the client identity against active 1456 attackers and the server identity against passive attackers. An 1457 alternative exchange that protects the server identity against active 1458 attackers and the client identity against passive attackers is shown 1459 in Figure 9. In this case the CoAP Token enables the Responder to 1460 correlate message_2 and message_3 so the correlation parameter corr = 1461 2. 1463 Client Server 1464 | | 1465 +--------->| Header: POST (Code=0.02) 1466 | POST | Uri-Path: "/.well-known/edhoc" 1467 | | 1468 |<---------+ Header: 2.04 Changed 1469 | 2.04 | Content-Format: application/edhoc 1470 | | Payload: EDHOC message_1 1471 | | 1472 +--------->| Header: POST (Code=0.02) 1473 | POST | Uri-Path: "/.well-known/edhoc" 1474 | | Content-Format: application/edhoc 1475 | | Payload: EDHOC message_2 1476 | | 1477 |<---------+ Header: 2.04 Changed 1478 | 2.04 | Content-Format: application/edhoc 1479 | | Payload: EDHOC message_3 1480 | | 1482 Figure 9: Transferring EDHOC in CoAP 1484 To protect against denial-of-service attacks, the CoAP server MAY 1485 respond to the first POST request with a 4.01 (Unauthorized) 1486 containing an Echo option [I-D.ietf-core-echo-request-tag]. This 1487 forces the initiator to demonstrate its reachability at its apparent 1488 network address. If message fragmentation is needed, the EDHOC 1489 messages may be fragmented using the CoAP Block-Wise Transfer 1490 mechanism [RFC7959]. 1492 7.1.1. Deriving an OSCORE Context from EDHOC 1494 When EDHOC is used to derive parameters for OSCORE [RFC8613], the 1495 parties make sure that the EDHOC connection identifiers are unique, 1496 i.e. C_R MUST NOT be equal to C_I. The CoAP client and server MUST 1497 be able to retrieve the OSCORE protocol state using its chosen 1498 connection identifier and optionally other information such as the 1499 5-tuple. In case that the CoAP client is the Initiator and the CoAP 1500 server is the Responder: 1502 o The client's OSCORE Sender ID is C_R and the server's OSCORE 1503 Sender ID is C_I, as defined in this document 1505 o The AEAD Algorithm and the hash algorithm are the application AEAD 1506 and hash algorithms in the selected cipher suite. 1508 o The Master Secret and Master Salt are derived as follows where 1509 length is the key length (in bytes) of the application AEAD 1510 Algorithm. 1512 Master Secret = EDHOC-Exporter( "OSCORE Master Secret", length ) 1513 Master Salt = EDHOC-Exporter( "OSCORE Master Salt", 8 ) 1515 8. Security Considerations 1517 8.1. Security Properties 1519 EDHOC inherits its security properties from the theoretical SIGMA-I 1520 protocol [SIGMA]. Using the terminology from [SIGMA], EDHOC provides 1521 perfect forward secrecy, mutual authentication with aliveness, 1522 consistency, peer awareness. As described in [SIGMA], peer awareness 1523 is provided to the Responder, but not to the Initiator. 1525 When a Public Key Infrastructure (PKI) is used, EDHOC provides 1526 identity protection of the Initiator against active attacks and 1527 identity protection of the Responder against passive attacks. When 1528 PKI is not used (kid, x5t) the identity is not sent on the wire and 1529 EDHOC with asymmetric authentication protects the credential 1530 identifier of the Initiator against active attacks and the credential 1531 identifier of the Responder against passive attacks. The roles 1532 should be assigned to protect the most sensitive identity/identifier, 1533 typically that which is not possible to infer from routing 1534 information in the lower layers. EDHOC with symmetric authentication 1535 does not offer protection of the PSK identifier ID_PSK. 1537 Compared to [SIGMA], EDHOC adds an explicit method type and expands 1538 the message authentication coverage to additional elements such as 1539 algorithms, auxiliary data, and previous messages. This protects 1540 against an attacker replaying messages or injecting messages from 1541 another session. 1543 EDHOC also adds negotiation of connection identifiers and downgrade 1544 protected negotiation of cryptographic parameters, i.e. an attacker 1545 cannot affect the negotiated parameters. A single session of EDHOC 1546 does not include negotiation of cipher suites, but it enables the 1547 Responder to verify that the selected cipher suite is the most 1548 preferred cipher suite by the Initiator which is supported by both 1549 the Initiator and the Responder. 1551 As required by [RFC7258], IETF protocols need to mitigate pervasive 1552 monitoring when possible. One way to mitigate pervasive monitoring 1553 is to use a key exchange that provides perfect forward secrecy. 1554 EDHOC therefore only supports methods with perfect forward secrecy. 1555 To limit the effect of breaches, it is important to limit the use of 1556 symmetrical group keys for bootstrapping. EDHOC therefore strives to 1557 make the additional cost of using raw public keys and self-signed 1558 certificates as small as possible. Raw public keys and self-signed 1559 certificates are not a replacement for a public key infrastructure, 1560 but SHOULD be used instead of symmetrical group keys for 1561 bootstrapping. 1563 Compromise of the long-term keys (PSK or private authentication keys) 1564 does not compromise the security of completed EDHOC exchanges. 1565 Compromising the private authentication keys of one party lets an 1566 active attacker impersonate that compromised party in EDHOC exchanges 1567 with other parties, but does not let the attacker impersonate other 1568 parties in EDHOC exchanges with the compromised party. Compromising 1569 the PSK lets an active attacker impersonate the Initiator in EDHOC 1570 exchanges with the Responder and impersonate the Responder in EDHOC 1571 exchanges with the Initiator. Compromise of the long-term keys does 1572 not enable a passive attacker to compromise future session keys. 1573 Compromise of the HDKF input parameters (ECDH shared secret and/or 1574 PSK) leads to compromise of all session keys derived from that 1575 compromised shared secret. Compromise of one session key does not 1576 compromise other session keys. 1578 Key compromise impersonation (KCI): In EDHOC authenticated with 1579 signature keys, EDHOC provides KCI protection against an attacker 1580 having access to the long term key or the ephemeral secret key. In 1581 EDHOC authenticated with symmetric keys, EDHOC provides KCI 1582 protection against an attacker having access to the ephemeral secret 1583 key, but not against an attacker having access to the long-term PSK. 1584 With static Diffie-Hellman key authentication, KCI protection would 1585 be provided against an attacker having access to the long-term 1586 Diffie-Hellman key, but not to an attacker having access to the 1587 ephemeral secret key. Note that the term KCI has typically been used 1588 for compromise of long-term keys, and that an attacker with access to 1589 the ephemeral secret key can only attack that specific protocol run. 1591 Repudiation: In EDHOC authenticated with signature keys, Party U 1592 could theoretically prove that Party V performed a run of the 1593 protocol by presenting the private ephemeral key, and vice versa. 1594 Note that storing the private ephemeral keys violates the protocol 1595 requirements. With static Diffie-Hellman key authentication or PSK 1596 authentication, both parties can always deny having participated in 1597 the protocol. 1599 8.2. Cryptographic Considerations 1601 The security of the SIGMA protocol requires the MAC to be bound to 1602 the identity of the signer. Hence the message authenticating 1603 functionality of the authenticated encryption in EDHOC is critical: 1604 authenticated encryption MUST NOT be replaced by plain encryption 1605 only, even if authentication is provided at another level or through 1606 a different mechanism. EDHOC implements SIGMA-I using the same Sign- 1607 then-MAC approach as TLS 1.3. 1609 To reduce message overhead EDHOC does not use explicit nonces and 1610 instead rely on the ephemeral public keys to provide randomness to 1611 each session. A good amount of randomness is important for the key 1612 generation, to provide liveness, and to protect against interleaving 1613 attacks. For this reason, the ephemeral keys MUST NOT be reused, and 1614 both parties SHALL generate fresh random ephemeral key pairs. 1616 The choice of key length used in the different algorithms needs to be 1617 harmonized, so that a sufficient security level is maintained for 1618 certificates, EDHOC, and the protection of application data. The 1619 Initiator and the Responder should enforce a minimum security level. 1621 The data rates in many IoT deployments are very limited. Given that 1622 the application keys are protected as well as the long-term 1623 authentication keys they can often be used for years or even decades 1624 before the cryptographic limits are reached. If the application keys 1625 established through EDHOC need to be renewed, the communicating 1626 parties can derive application keys with other labels or run EDHOC 1627 again. 1629 8.3. Cipher Suites 1631 Cipher suite number 0 (AES-CCM-16-64-128, SHA-256, X25519, EdDSA, 1632 Ed25519, AES-CCM-16-64-128, SHA-256) is mandatory to implement. 1633 Implementations only need to implement the algorithms needed for 1634 their supported methods. For many constrained IoT devices it is 1635 problematic to support more than one cipher suites, so some 1636 deployments with P-256 may not support the mandatory cipher suite. 1637 This is not a problem for local deployments. 1639 The HMAC algorithm HMAC 256/64 (HMAC w/ SHA-256 truncated to 64 bits) 1640 SHALL NOT be supported for use in EDHOC. 1642 8.4. Unprotected Data 1644 The Initiator and the Responder must make sure that unprotected data 1645 and metadata do not reveal any sensitive information. This also 1646 applies for encrypted data sent to an unauthenticated party. In 1647 particular, it applies to AD_1, ID_CRED_R, AD_2, and ERR_MSG in the 1648 asymmetric case, and ID_PSK, AD_1, and ERR_MSG in the symmetric case. 1649 Using the same ID_PSK or AD_1 in several EDHOC sessions allows 1650 passive eavesdroppers to correlate the different sessions. The 1651 communicating parties may therefore anonymize ID_PSK. Another 1652 consideration is that the list of supported cipher suites may be used 1653 to identify the application. 1655 The Initiator and the Responder must also make sure that 1656 unauthenticated data does not trigger any harmful actions. In 1657 particular, this applies to AD_1 and ERR_MSG in the asymmetric case, 1658 and ID_PSK, AD_1, and ERR_MSG in the symmetric case. 1660 8.5. Denial-of-Service 1662 EDHOC itself does not provide countermeasures against Denial-of- 1663 Service attacks. By sending a number of new or replayed message_1 an 1664 attacker may cause the Responder to allocate state, perform 1665 cryptographic operations, and amplify messages. To mitigate such 1666 attacks, an implementation SHOULD rely on lower layer mechanisms such 1667 as the Echo option in CoAP [I-D.ietf-core-echo-request-tag] that 1668 forces the initiator to demonstrate reachability at its apparent 1669 network address. 1671 8.6. Implementation Considerations 1673 The availability of a secure pseudorandom number generator and truly 1674 random seeds are essential for the security of EDHOC. If no true 1675 random number generator is available, a truly random seed must be 1676 provided from an external source. As each pseudorandom number must 1677 only be used once, an implementation need to get a new truly random 1678 seed after reboot, or continuously store state in nonvolatile memory, 1679 see ([RFC8613], Appendix B.1.1) for issues and solution approaches 1680 for writing to nonvolatile memory. If ECDSA is supported, 1681 "deterministic ECDSA" as specified in [RFC6979] is RECOMMENDED. 1683 The referenced processing instructions in [SP-800-56A] must be 1684 complied with, including deleting the intermediate computed values 1685 along with any ephemeral ECDH secrets after the key derivation is 1686 completed. The ECDH shared secret, keys, and IVs MUST be secret. 1687 Implementations should provide countermeasures to side-channel 1688 attacks such as timing attacks. Depending on the selected curve, the 1689 parties should perform various validations of each other's public 1690 keys, see e.g. Section 5 of [SP-800-56A]. 1692 The Initiator and the Responder are responsible for verifying the 1693 integrity of certificates. The selection of trusted CAs should be 1694 done very carefully and certificate revocation should be supported. 1695 The private authentication keys and the PSK (even though it is used 1696 as salt) MUST be kept secret. 1698 The Initiator and the Responder are allowed to select the connection 1699 identifiers C_I and C_R, respectively, for the other party to use in 1700 the ongoing EDHOC protocol as well as in a subsequent application 1701 protocol (e.g. OSCORE [RFC8613]). The choice of connection 1702 identifier is not security critical in EDHOC but intended to simplify 1703 the retrieval of the right security context in combination with using 1704 short identifiers. If the wrong connection identifier of the other 1705 party is used in a protocol message it will result in the receiving 1706 party not being able to retrieve a security context (which will 1707 terminate the protocol) or retrieve the wrong security context (which 1708 also terminates the protocol as the message cannot be verified). 1710 The Responder MUST finish the verification step of message_3 before 1711 passing AD_3 to the application. 1713 If two nodes unintentionally initiate two simultaneous EDHOC message 1714 exchanges with each other even if they only want to complete a single 1715 EDHOC message exchange, they MAY terminate the exchange with the 1716 lexicographically smallest G_X. If the two G_X values are equal, the 1717 received message_1 MUST be discarded to mitigate reflection attacks. 1718 Note that in the case of two simultaneous EDHOC exchanges where the 1719 nodes only complete one and where the nodes have different preferred 1720 cipher suites, an attacker can affect which of the two nodes' 1721 preferred cipher suites will be used by blocking the other exchange. 1723 8.7. Other Documents Referencing EDHOC 1725 EDHOC has been analyzed in several other documents. A formal 1726 verification of EDHOC was done in [SSR18], an analysis of EDHOC for 1727 certificate enrollment was done in [Kron18], the use of EDHOC in 1728 LoRaWAN is analyzed in [LoRa1] and [LoRa2], the use of EDHOC in IoT 1729 bootstrapping is analyzed in [Perez18], and the use of EDHOC in 1730 6TiSCH is described in [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. 1732 9. IANA Considerations 1734 9.1. EDHOC Cipher Suites Registry 1736 IANA has created a new registry titled "EDHOC Cipher Suites" under 1737 the new heading "EDHOC". The registration procedure is "Expert 1738 Review". The columns of the registry are Value, Array, Description, 1739 and Reference, where Value is an integer and the other columns are 1740 text strings. The initial contents of the registry are: 1742 Value: -24 1743 Algorithms: N/A 1744 Desc: Reserved for Private Use 1745 Reference: [[this document]] 1747 Value: -23 1748 Algorithms: N/A 1749 Desc: Reserved for Private Use 1750 Reference: [[this document]] 1751 Value: 0 1752 Array: 10, 5, 4, -8, 6, 10, 5 1753 Desc: AES-CCM-16-64-128, SHA-256, X25519, EdDSA, Ed25519, 1754 AES-CCM-16-64-128, SHA-256 1755 Reference: [[this document]] 1757 Value: 1 1758 Array: 30, 5, 4, -8, 6, 10, 5 1759 Desc: AES-CCM-16-128-128, SHA-256, X25519, EdDSA, Ed25519, 1760 AES-CCM-16-64-128, SHA-256 1761 Reference: [[this document]] 1763 Value: 2 1764 Array: 10, 5, 1, -7, 1, 10, 5 1765 Desc: AES-CCM-16-64-128, SHA-256, P-256, ES256, P-256, 1766 AES-CCM-16-64-128, SHA-256 1767 Reference: [[this document]] 1769 Value: 3 1770 Array: 30, 5, 1, -7, 1, 10, 5 1771 Desc: AES-CCM-16-128-128, SHA-256, P-256, ES256, P-256, 1772 AES-CCM-16-64-128, SHA-256 1773 Reference: [[this document]] 1775 9.2. EDHOC Method Type Registry 1777 IANA has created a new registry titled "EDHOC Method Type" under the 1778 new heading "EDHOC". The registration procedure is "Expert Review". 1779 The columns of the registry are Value, Description, and Reference, 1780 where Value is an integer and the other columns are text strings. 1781 The initial contents of the registry are: 1783 +-------+-------------------+-------------------+-------------------+ 1784 | Value | Initiator | Responder | Reference | 1785 +-------+-------------------+-------------------+-------------------+ 1786 | 0 | Signature Key | Signature Key | [[this document]] | 1787 | 1 | Signature Key | Static DH Key | [[this document]] | 1788 | 2 | Static DH Key | Signature Key | [[this document]] | 1789 | 3 | Static DH Key | Static DH Key | [[this document]] | 1790 | 4 | PSK | PSK | [[this document]] | 1791 +-------+-------------------+-------------------+-------------------+ 1793 Figure 10: Method Types 1795 9.3. The Well-Known URI Registry 1797 IANA has added the well-known URI 'edhoc' to the Well-Known URIs 1798 registry. 1800 o URI suffix: edhoc 1802 o Change controller: IETF 1804 o Specification document(s): [[this document]] 1806 o Related information: None 1808 9.4. Media Types Registry 1810 IANA has added the media type 'application/edhoc' to the Media Types 1811 registry. 1813 o Type name: application 1815 o Subtype name: edhoc 1817 o Required parameters: N/A 1819 o Optional parameters: N/A 1821 o Encoding considerations: binary 1823 o Security considerations: See Section 7 of this document. 1825 o Interoperability considerations: N/A 1827 o Published specification: [[this document]] (this document) 1829 o Applications that use this media type: To be identified 1831 o Fragment identifier considerations: N/A 1833 o Additional information: 1835 * Magic number(s): N/A 1837 * File extension(s): N/A 1839 * Macintosh file type code(s): N/A 1841 o Person & email address to contact for further information: See 1842 "Authors' Addresses" section. 1844 o Intended usage: COMMON 1846 o Restrictions on usage: N/A 1848 o Author: See "Authors' Addresses" section. 1850 o Change Controller: IESG 1852 9.5. CoAP Content-Formats Registry 1854 IANA has added the media type 'application/edhoc' to the CoAP 1855 Content-Formats registry. 1857 o Media Type: application/edhoc 1859 o Encoding: 1861 o ID: TBD42 1863 o Reference: [[this document]] 1865 9.6. Expert Review Instructions 1867 The IANA Registries established in this document is defined as 1868 "Expert Review". This section gives some general guidelines for what 1869 the experts should be looking for, but they are being designated as 1870 experts for a reason so they should be given substantial latitude. 1872 Expert reviewers should take into consideration the following points: 1874 o Clarity and correctness of registrations. Experts are expected to 1875 check the clarity of purpose and use of the requested entries. 1876 Expert needs to make sure the values of algorithms are taken from 1877 the right registry, when that's required. Expert should consider 1878 requesting an opinion on the correctness of registered parameters 1879 from relevant IETF working groups. Encodings that do not meet 1880 these objective of clarity and completeness should not be 1881 registered. 1883 o Experts should take into account the expected usage of fields when 1884 approving point assignment. The length of the encoded value 1885 should be weighed against how many code points of that length are 1886 left, the size of device it will be used on, and the number of 1887 code points left that encode to that size. 1889 o Specifications are recommended. When specifications are not 1890 provided, the description provided needs to have sufficient 1891 information to verify the points above. 1893 10. References 1895 10.1. Normative References 1897 [I-D.ietf-core-echo-request-tag] 1898 Amsuess, C., Mattsson, J., and G. Selander, "CoAP: Echo, 1899 Request-Tag, and Token Processing", draft-ietf-core-echo- 1900 request-tag-09 (work in progress), March 2020. 1902 [I-D.ietf-cose-x509] 1903 Schaad, J., "CBOR Object Signing and Encryption (COSE): 1904 Header parameters for carrying and referencing X.509 1905 certificates", draft-ietf-cose-x509-06 (work in progress), 1906 March 2020. 1908 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1909 Requirement Levels", BCP 14, RFC 2119, 1910 DOI 10.17487/RFC2119, March 1997, 1911 . 1913 [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated 1914 Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008, 1915 . 1917 [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand 1918 Key Derivation Function (HKDF)", RFC 5869, 1919 DOI 10.17487/RFC5869, May 2010, 1920 . 1922 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 1923 Curve Cryptography Algorithms", RFC 6090, 1924 DOI 10.17487/RFC6090, February 2011, 1925 . 1927 [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature 1928 Algorithm (DSA) and Elliptic Curve Digital Signature 1929 Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August 1930 2013, . 1932 [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object 1933 Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, 1934 October 2013, . 1936 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 1937 Application Protocol (CoAP)", RFC 7252, 1938 DOI 10.17487/RFC7252, June 2014, 1939 . 1941 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves 1942 for Security", RFC 7748, DOI 10.17487/RFC7748, January 1943 2016, . 1945 [RFC7959] Bormann, C. and Z. Shelby, Ed., "Block-Wise Transfers in 1946 the Constrained Application Protocol (CoAP)", RFC 7959, 1947 DOI 10.17487/RFC7959, August 2016, 1948 . 1950 [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", 1951 RFC 8152, DOI 10.17487/RFC8152, July 2017, 1952 . 1954 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1955 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1956 May 2017, . 1958 [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data 1959 Definition Language (CDDL): A Notational Convention to 1960 Express Concise Binary Object Representation (CBOR) and 1961 JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, 1962 June 2019, . 1964 [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, 1965 "Object Security for Constrained RESTful Environments 1966 (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, 1967 . 1969 [RFC8742] Bormann, C., "Concise Binary Object Representation (CBOR) 1970 Sequences", RFC 8742, DOI 10.17487/RFC8742, February 2020, 1971 . 1973 10.2. Informative References 1975 [CborMe] Bormann, C., "CBOR Playground", May 2018, 1976 . 1978 [I-D.hartke-core-e2e-security-reqs] 1979 Selander, G., Palombini, F., and K. Hartke, "Requirements 1980 for CoAP End-To-End Security", draft-hartke-core-e2e- 1981 security-reqs-03 (work in progress), July 2017. 1983 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 1984 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 1985 draft-ietf-6tisch-dtsecurity-zerotouch-join-04 (work in 1986 progress), July 2019. 1988 [I-D.ietf-ace-oauth-authz] 1989 Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and 1990 H. Tschofenig, "Authentication and Authorization for 1991 Constrained Environments (ACE) using the OAuth 2.0 1992 Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-35 1993 (work in progress), June 2020. 1995 [I-D.ietf-ace-oscore-profile] 1996 Palombini, F., Seitz, L., Selander, G., and M. Gunnarsson, 1997 "OSCORE profile of the Authentication and Authorization 1998 for Constrained Environments Framework", draft-ietf-ace- 1999 oscore-profile-11 (work in progress), June 2020. 2001 [I-D.ietf-core-resource-directory] 2002 Shelby, Z., Koster, M., Bormann, C., Stok, P., and C. 2003 Amsuess, "CoRE Resource Directory", draft-ietf-core- 2004 resource-directory-24 (work in progress), March 2020. 2006 [I-D.ietf-lwig-security-protocol-comparison] 2007 Mattsson, J., Palombini, F., and M. Vucinic, "Comparison 2008 of CoAP Security Protocols", draft-ietf-lwig-security- 2009 protocol-comparison-04 (work in progress), March 2020. 2011 [I-D.ietf-tls-dtls13] 2012 Rescorla, E., Tschofenig, H., and N. Modadugu, "The 2013 Datagram Transport Layer Security (DTLS) Protocol Version 2014 1.3", draft-ietf-tls-dtls13-38 (work in progress), May 2015 2020. 2017 [I-D.selander-ace-ake-authz] 2018 Selander, G., Mattsson, J., Vucinic, M., Richardson, M., 2019 and A. Schellenbaum, "Lightweight Authorization for 2020 Authenticated Key Exchange.", draft-selander-ace-ake- 2021 authz-01 (work in progress), March 2020. 2023 [Kron18] Krontiris, A., "Evaluation of Certificate Enrollment over 2024 Application Layer Security", May 2018, 2025 . 2028 [LoRa1] Sanchez-Iborra, R., Sanchez-Gomez, J., Perez, S., 2029 Fernandez, P., Santa, J., Hernandez-Ramos, J., and A. 2030 Skarmeta, "Enhancing LoRaWAN Security through a 2031 Lightweight and Authenticated Key Management Approach", 2032 June 2018, 2033 . 2036 [LoRa2] Sanchez-Iborra, R., Sanchez-Gomez, J., Perez, S., 2037 Fernandez, P., Santa, J., Hernandez-Ramos, J., and A. 2038 Skarmeta, "Internet Access for LoRaWAN Devices Considering 2039 Security Issues", June 2018, 2040 . 2042 [Perez18] Perez, S., Garcia-Carrillo, D., Marin-Lopez, R., 2043 Hernandez-Ramos, J., Marin-Perez, R., and A. Skarmeta, 2044 "Architecture of security association establishment based 2045 on bootstrapping technologies for enabling critical IoT 2046 K", October 2018, . 2051 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 2052 Constrained-Node Networks", RFC 7228, 2053 DOI 10.17487/RFC7228, May 2014, 2054 . 2056 [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an 2057 Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2058 2014, . 2060 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 2061 Kivinen, "Internet Key Exchange Protocol Version 2 2062 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2063 2014, . 2065 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2066 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2067 . 2069 [SIGMA] Krawczyk, H., "SIGMA - The 'SIGn-and-MAc' Approach to 2070 Authenticated Diffie-Hellman and Its Use in the IKE- 2071 Protocols (Long version)", June 2003, 2072 . 2074 [SP-800-56A] 2075 Barker, E., Chen, L., Roginsky, A., Vassilev, A., and R. 2076 Davis, "Recommendation for Pair-Wise Key-Establishment 2077 Schemes Using Discrete Logarithm Cryptography", 2078 NIST Special Publication 800-56A Revision 3, April 2018, 2079 . 2081 [SSR18] Bruni, A., Sahl Joergensen, T., Groenbech Petersen, T., 2082 and C. Schuermann, "Formal Verification of Ephemeral 2083 Diffie-Hellman Over COSE (EDHOC)", November 2018, 2084 . 2088 Appendix A. Use of CBOR, CDDL and COSE in EDHOC 2090 This Appendix is intended to simplify for implementors not familiar 2091 with CBOR [RFC7049], CDDL [RFC8610], COSE [RFC8152], and HKDF 2092 [RFC5869]. 2094 A.1. CBOR and CDDL 2096 The Concise Binary Object Representation (CBOR) [RFC7049] is a data 2097 format designed for small code size and small message size. CBOR 2098 builds on the JSON data model but extends it by e.g. encoding binary 2099 data directly without base64 conversion. In addition to the binary 2100 CBOR encoding, CBOR also has a diagnostic notation that is readable 2101 and editable by humans. The Concise Data Definition Language (CDDL) 2102 [RFC8610] provides a way to express structures for protocol messages 2103 and APIs that use CBOR. [RFC8610] also extends the diagnostic 2104 notation. 2106 CBOR data items are encoded to or decoded from byte strings using a 2107 type-length-value encoding scheme, where the three highest order bits 2108 of the initial byte contain information about the major type. CBOR 2109 supports several different types of data items, in addition to 2110 integers (int, uint), simple values (e.g. null), byte strings (bstr), 2111 and text strings (tstr), CBOR also supports arrays [] of data items, 2112 maps {} of pairs of data items, and sequences [RFC8742] of data 2113 items. Some examples are given below. For a complete specification 2114 and more examples, see [RFC7049] and [RFC8610]. We recommend 2115 implementors to get used to CBOR by using the CBOR playground 2116 [CborMe]. 2118 Diagnostic Encoded Type 2119 ------------------------------------------------------------------ 2120 1 0x01 unsigned integer 2121 24 0x1818 unsigned integer 2122 -24 0x37 negative integer 2123 -25 0x3818 negative integer 2124 null 0xf6 simple value 2125 h'12cd' 0x4212cd byte string 2126 '12cd' 0x4431326364 byte string 2127 "12cd" 0x6431326364 text string 2128 { 4 : h'cd' } 0xa10441cd map 2129 << 1, 2, null >> 0x430102f6 byte string 2130 [ 1, 2, null ] 0x830102f6 array 2131 ( 1, 2, null ) 0x0102f6 sequence 2132 1, 2, null 0x0102f6 sequence 2133 ------------------------------------------------------------------ 2135 A.2. COSE 2137 CBOR Object Signing and Encryption (COSE) [RFC8152] describes how to 2138 create and process signatures, message authentication codes, and 2139 encryption using CBOR. COSE builds on JOSE, but is adapted to allow 2140 more efficient processing in constrained devices. EDHOC makes use of 2141 COSE_Key, COSE_Encrypt0, COSE_Sign1, and COSE_KDF_Context objects. 2143 Appendix B. Test Vectors 2145 This appendix provides detailed test vectors to ease implementation 2146 and ensure interoperability. In addition to hexadecimal, all CBOR 2147 data items and sequences are given in CBOR diagnostic notation. The 2148 test vectors use the default mapping to CoAP where the Initiator acts 2149 as CoAP client (this means that corr = 1). 2151 A more extensive test vector suite covering more combinations of 2152 authentication method used between Initiator and Responder and 2153 related code to generate them can be found at 2154 https://github.com/EricssonResearch/EDHOC/tree/master/Test%20Vectors 2155 . 2157 B.1. Test Vectors for EDHOC Authenticated with Signature Keys (x5t) 2159 EDHOC with signature authentication and X.509 certificates is used. 2160 In this test vector, the hash value 'x5t' is used to identify the 2161 certificate. 2163 method (Signature Authentication) 2164 0 2165 CoaP is used as transport and the Initiator acts as CoAP client: 2167 corr (the Initiator can correlate message_1 and message_2) 2168 1 2170 From there, METHOD_CORR has the following value: 2172 METHOD_CORR (4 * method + corr) (int) 2173 1 2175 No unprotected opaque auxiliary data is sent in the message 2176 exchanges. 2178 The list of supported cipher suites of the Initiator in order of 2179 preference is the following: 2181 Supported Cipher Suites (4 bytes) 2182 00 01 02 03 2184 The cipher suite selected by the Initiator is the most preferred: 2186 Selected Cipher Suite (int) 2187 0 2189 The mandatory-to-implement cipher suite 0 is supported by both the 2190 Initiator and the Responder, see Section 8.3. 2192 B.1.1. Message_1 2194 X (Initiator's ephemeral private key) (32 bytes) 2195 8f 78 1a 09 53 72 f8 5b 6d 9f 61 09 ae 42 26 11 73 4d 7d bf a0 06 9a 2d 2196 f2 93 5b b2 e0 53 bf 35 2198 G_X (Initiator's ephemeral public key) (32 bytes) 2199 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 ec 07 6b ba 2200 02 59 d9 04 b7 ec 8b 0c 2202 The Initiator chooses a connection identifier C_I: 2204 Connection identifier chosen by Initiator (0 bytes) 2206 Since no unprotected opaque auxiliary data is sent in the message 2207 exchanges: 2209 AD_1 (0 bytes) 2210 Since the list of supported cipher suites needs to contain the 2211 selected cipher suite, the initiator truncates the list of supported 2212 cipher suites to one cipher suite only, 00. 2214 Because one single selected cipher suite is conveyed, it is encoded 2215 as an int instead of an array: 2217 SUITES_I (int) 2218 0 2220 With SUITES_I = 0, message_1 is constructed, as the CBOR Sequence of 2221 the CBOR data items above. 2223 message_1 = 2224 ( 2225 1, 2226 0, 2227 h'898ff79a02067a16ea1eccb90fa52246f5aa4dd6ec076bba0259d904b7ec8b0c', 2228 h'' 2229 ) 2231 message_1 (CBOR Sequence) (37 bytes) 2232 01 00 58 20 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 2233 ec 07 6b ba 02 59 d9 04 b7 ec 8b 0c 40 2235 B.1.2. Message_2 2237 Since METHOD_CORR mod 4 equals 1, C_I is omitted from data_2. 2239 Y (Responder's ephemeral private key) (32 bytes) 2240 fd 8c d8 77 c9 ea 38 6e 6a f3 4f f7 e6 06 c4 b6 4c a8 31 c8 ba 33 13 4f 2241 d4 cd 71 67 ca ba ec da 2243 G_Y (Responder's ephemeral public key) (32 bytes) 2244 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 19 52 2245 81 75 4c 5e bc af 30 1e 2247 From G_X and Y or from G_Y and X the ECDH shared secret is computed: 2249 G_XY (ECDH shared secret) (32 bytes) 2250 2b b7 fa 6e 13 5b c3 35 d0 22 d6 34 cb fb 14 b3 f5 82 f3 e2 e3 af b2 b3 2251 15 04 91 49 5c 61 78 2b 2253 The key and nonce for calculating the ciphertext are calculated as 2254 follows, as specified in Section 3.8. 2256 HKDF SHA-256 is the HKDF used (as defined by cipher suite 0). 2258 PRK_2e = HMAC-SHA-256(salt, G_XY) 2260 Since this is the asymmetric case, salt is the empty byte string. 2262 salt (0 bytes) 2264 From there, PRK_2e is computed: 2266 PRK_2e (32 bytes) 2267 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2268 d8 2f be b7 99 71 39 4a 2270 SK_R (Responders's private authentication key) (32 bytes) 2271 df 69 27 4d 71 32 96 e2 46 30 63 65 37 2b 46 83 ce d5 38 1b fc ad cd 44 2272 0a 24 c3 91 d2 fe db 94 2274 Since neither the Initiator nor the Responder authanticates with a 2275 static Diffie-Hellman key, PRK_3e2m = PRK_2e 2277 PRK_3e2m (32 bytes) 2278 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2279 d8 2f be b7 99 71 39 4a 2281 The Responder chooses a connection identifier C_R. 2283 Connection identifier chosen by Responder (1 bytes) 2284 13 2286 Data_2 is constructed, as the CBOR Sequence of G_Y and C_R. 2288 data_2 = 2289 ( 2290 h'71a3d599c21da18902a1aea810b2b6382ccd8d5f9bf0195281754c5ebcaf301e', 2291 h'13' 2292 ) 2294 data_2 (CBOR Sequence) (35 bytes) 2295 58 20 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 2296 19 52 81 75 4c 5e bc af 30 1e 13 2298 From data_2 and message_1, compute the input to the transcript hash 2299 TH_2 = H( message_1, data_2 ), as a CBOR Sequence of these 2 data 2300 items. 2302 Input to calculate TH_2 (CBOR Sequence) (72 bytes) 2303 01 00 58 20 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 2304 ec 07 6b ba 02 59 d9 04 b7 ec 8b 0c 40 58 20 71 a3 d5 99 c2 1d a1 89 02 2305 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 19 52 81 75 4c 5e bc af 30 1e 13 2306 And from there, compute the transcript hash TH_2 = SHA-256( 2307 message_1, data_2 ) 2309 TH_2 (32 bytes) 2310 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 b9 ca fb 60 2311 9d e4 f6 a1 76 0d 6c f7 2313 The Responder's subject name is the empty string: 2315 Responders's subject name (text string) 2316 "" 2318 And because 'x5t' has value certificate are used, ID_CRED_R is the 2319 following: 2321 ID_CRED_x = { 34 : COSE_CertHash }, for x = I or R, and since the 2322 SHA-2 256-bit Hash truncated to 64-bits is used (value -15): 2324 ID_CRED_R = 2325 { 2326 34: [-15, h'FC79990F2431A3F5'] 2327 } 2329 ID_CRED_R (14 bytes) 2330 a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 f5 2332 CRED_R is the certificate encoded as a byte string: 2334 CRED_R (112 bytes) 2335 58 6e 47 62 4d c9 cd c6 82 4b 2a 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 2336 4b f9 03 15 00 ce e6 86 99 79 c2 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 2337 5c 50 db 78 97 4c 27 15 79 b0 16 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 2338 18 0b 5a 6a f3 1e 80 20 9a 08 5c fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 2339 0f fb 8e 3f 9a 32 a5 08 59 ec d0 bf cf f2 c2 18 2341 Since no unprotected opaque auxiliary data is sent in the message 2342 exchanges: 2344 AD_2 (0 bytes) 2346 The Plaintext is defined as the empty string: 2348 P_2m (0 bytes) 2350 The Enc_structure is defined as follows: [ "Encrypt0", 2351 << ID_CRED_R >>, << TH_2, CRED_R >> ] 2353 A_2m = 2354 [ 2355 "Encrypt0", 2356 h'A11822822E48FC79990F2431A3F5', 2357 h'5820B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF 2358 7586E47624DC9CDC6824B2A4C52E95EC9D6B0534B71C2B49E4BF9031500CEE6869979 2359 C297BB5A8B381E98DB714108415E5C50DB78974C271579B01633A3EF6271BE5C225EB 2360 28F9CF6180B5A6AF31E80209A085CFBF95F3FDCF9B18B693D6C0E0D0FFB8E3F9A32A5 2361 0859ECD0BFCFF2C218' 2362 ] 2364 Which encodes to the following byte string to be used as Additional 2365 Authenticated Data: 2367 A_2m (CBOR-encoded) (173 bytes) 2368 83 68 45 6e 63 72 79 70 74 30 4e a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 2369 f5 58 92 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 2370 47 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 58 6e 47 62 4d c9 cd c6 82 4b 2a 2371 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 4b f9 03 15 00 ce e6 86 99 79 c2 2372 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 5c 50 db 78 97 4c 27 15 79 b0 16 2373 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 18 0b 5a 6a f3 1e 80 20 9a 08 5c 2374 fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 0f fb 8e 3f 9a 32 a5 08 59 ec d0 2375 bf cf f2 c2 18 2377 info for K_2m is defined as follows: 2379 info for K_2m = 2380 [ 2381 10, 2382 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2383 "K_2m", 2384 16 2385 ] 2387 Which as a CBOR encoded data item is: 2389 info for K_2m (CBOR-encoded) (42 bytes) 2390 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2391 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 64 4b 5f 32 6d 10 2393 From these parameters, K_2m is computed. Key K_2m is the output of 2394 HKDF-Expand(PRK_3e2m, info, L), where L is the length of K_2m, so 16 2395 bytes. 2397 K_2m (16 bytes) 2398 b7 48 6a 94 a3 6c f6 9e 67 3f c4 57 55 ee 6b 95 2400 info for IV_2m is defined as follows: 2402 info for K_2m = 2403 [ 2404 10, 2405 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2406 " "IV_2m", 2407 13 2408 ] 2410 Which as a CBOR encoded data item is: 2412 info for IV_2m (CBOR-encoded) (43 bytes) 2413 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2414 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 65 49 56 5f 32 6d 0d 2416 From these parameters, IV_2m is computed. IV_2m is the output of 2417 HKDF-Expand(PRK_3e2m, info, L), where L is the length of IV_2m, so 13 2418 bytes. 2420 IV_2m (13 bytes) 2421 c5 b7 17 0e 65 d5 4f 1a e0 5d 10 af 56 2423 Finally, COSE_Encrypt0 is computed from the parameters above. 2425 o protected header = CBOR-encoded ID_CRED_R 2427 o external_aad = A_2m 2429 o empty plaintext = P_2m 2431 MAC_2 (8 bytes) 2432 cf 99 99 ae 75 9e c0 d8 2434 To compute the Signature_or_MAC_2, the key is the private 2435 authentication key of the Responder and the message M_2 to be signed 2436 = [ "Signature1", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >>, MAC_2 2437 ] 2439 M_2 = 2440 [ 2441 "Signature1", 2442 h'A11822822E48FC79990F2431A3F5', 2443 h'5820B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF 2444 7586E47624DC9CDC6824B2A4C52E95EC9D6B0534B71C2B49E4BF9031500CEE6869979 2445 C297BB5A8B381E98DB714108415E5C50DB78974C271579B01633A3EF6271BE5C225EB 2446 28F9CF6180B5A6AF31E80209A085CFBF95F3FDCF9B18B693D6C0E0D0FFB8E3F9A32A5 2447 0859ECD0BFCFF2C218', 2448 h'CF9999AE759EC0D8' 2449 ] 2450 Which as a CBOR encoded data item is: 2452 M_2 (184 bytes) 2453 84 6a 53 69 67 6e 61 74 75 72 65 31 4e a1 18 22 82 2e 48 fc 79 99 0f 24 2454 31 a3 f5 58 92 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 2455 31 1a 47 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 58 6e 47 62 4d c9 cd c6 82 2456 4b 2a 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 4b f9 03 15 00 ce e6 86 99 2457 79 c2 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 5c 50 db 78 97 4c 27 15 79 2458 b0 16 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 18 0b 5a 6a f3 1e 80 20 9a 2459 08 5c fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 0f fb 8e 3f 9a 32 a5 08 59 2460 ec d0 bf cf f2 c2 18 48 cf 99 99 ae 75 9e c0 d8 2462 From there Signature_or_MAC_2 is a signature (since method = 0): 2464 Signature_or_MAC_2 (64 bytes) 2465 45 47 81 ec ef eb b4 83 e6 90 83 9d 57 83 8d fe 24 a8 cf 3f 66 42 8a a0 2466 16 20 4a 22 61 84 4a f8 4f 98 b8 c6 83 4f 38 7f dd 60 6a 29 41 3a dd e3 2467 a2 07 74 02 13 74 01 19 6f 6a 50 24 06 6f ac 0e 2469 CIPHERTEXT_2 is the ciphertext resulting from XOR encrypting a 2470 plaintext constructed from the following parameters and the key K_2e. 2472 o plaintext = CBOR Sequence of the items ID_CRED_R and 2473 Singature_or_MAC_2, in this order. 2475 The plaintext is the following: 2477 P_2e (CBOR Sequence) (80 bytes) 2478 a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 f5 58 40 45 47 81 ec ef eb b4 83 2479 e6 90 83 9d 57 83 8d fe 24 a8 cf 3f 66 42 8a a0 16 20 4a 22 61 84 4a f8 2480 4f 98 b8 c6 83 4f 38 7f dd 60 6a 29 41 3a dd e3 a2 07 74 02 13 74 01 19 2481 6f 6a 50 24 06 6f ac 0e 2483 K_2e = HKDF-Expand( PRK, info, length ), where length is the length 2484 of the plaintext, so 80. 2486 info for K_2e = 2487 [ 2488 10, 2489 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2490 "K_2e", 2491 80 2492 ] 2494 Which as a CBOR encoded data item is: 2496 info for K_2e (CBOR-encoded) (43 bytes) 2497 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2498 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 64 4b 5f 32 65 18 50 2500 From there, K_2e is computed: 2502 K_2e (80 bytes) 2503 38 cd 1a 83 89 6d 43 af 3d e8 39 35 27 42 0d ac 7d 7a 76 96 7e 85 74 58 2504 26 bb 39 e1 76 21 8d 7e 5f e7 97 60 14 c9 ed ba c0 58 ee 18 cd 57 71 80 2505 a4 4d de 0b 83 00 fe 8e 09 66 9a 34 d6 3e 3a e6 10 12 26 ab f8 5c eb 28 2506 05 dc 00 13 d1 78 2a 20 2508 Using the parameters above, the ciphertext CIPHERTEXT_2 can be 2509 computed: 2511 CIPHERTEXT_2 (80 bytes) 2512 99 d5 38 01 a7 25 bf d6 a4 e7 1d 04 84 b7 55 ec 38 3d f7 7a 91 6e c0 db 2513 c0 2b ba 7c 21 a2 00 80 7b 4f 58 5f 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 2514 eb d5 66 cd 00 4f c6 f1 d4 06 f0 1d 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 2515 6a b6 50 37 d7 17 86 2e 2517 message_2 is the CBOR Sequence of data_2 and CIPHERTEXT_2, in this 2518 order: 2520 message_2 = 2521 ( 2522 data_2, 2523 h'99d53801a725bfd6a4e71d0484b755ec383df77a916ec0dbc02bba7c21a200807b4f 2524 585f728b671ad678a43aacd33b78ebd566cd004fc6f1d406f01d9704e705b21552a9eb 2525 28ea316ab65037d717862e' 2526 ) 2528 Which as a CBOR encoded data item is: 2530 message_2 (CBOR Sequence) (117 bytes) 2531 58 20 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 2532 19 52 81 75 4c 5e bc af 30 1e 13 58 50 99 d5 38 01 a7 25 bf d6 a4 e7 1d 2533 04 84 b7 55 ec 38 3d f7 7a 91 6e c0 db c0 2b ba 7c 21 a2 00 80 7b 4f 58 2534 5f 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 eb d5 66 cd 00 4f c6 f1 d4 06 f0 2535 1d 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 6a b6 50 37 d7 17 86 2e 2537 B.1.3. Message_3 2539 Since corr equals 1, C_R is not omitted from data_3. 2541 SK_I (Initiator's private authentication key) (32 bytes) 2542 2f fc e7 a0 b2 b8 25 d3 97 d0 cb 54 f7 46 e3 da 3f 27 59 6e e0 6b 53 71 2543 48 1d c0 e0 12 bc 34 d7 2544 HKDF SHA-256 is the HKDF used (as defined by cipher suite 0). 2546 PRK_4x3m = HMAC-SHA-256 (PRK_3e2m, G_IY) 2548 PRK_4x3m (32 bytes) 2549 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2550 d8 2f be b7 99 71 39 4a 2552 data 3 is equal to C_R. 2554 data_3 (CBOR Sequence) (1 bytes) 2555 13 2557 From data_3, CIPHERTEXT_2, and TH_2, compute the input to the 2558 transcript hash TH_2 = H(TH_2 , CIPHERTEXT_2, data_3), as a CBOR 2559 Sequence of these 3 data items. 2561 Input to calculate TH_3 (CBOR Sequence) (117 bytes) 2562 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 b9 ca 2563 fb 60 9d e4 f6 a1 76 0d 6c f7 58 50 99 d5 38 01 a7 25 bf d6 a4 e7 1d 04 2564 84 b7 55 ec 38 3d f7 7a 91 6e c0 db c0 2b ba 7c 21 a2 00 80 7b 4f 58 5f 2565 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 eb d5 66 cd 00 4f c6 f1 d4 06 f0 1d 2566 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 6a b6 50 37 d7 17 86 2e 13 2568 And from there, compute the transcript hash TH_3 = SHA-256(TH_2 , 2569 CIPHERTEXT_2, data_3) 2571 TH_3 (32 bytes) 2572 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e f6 ee e4 dd 2573 b3 2e 4a 27 ce 93 58 da 2575 The initiator's subject name is the empty string: 2577 Initiator's subject name (text string) 2578 "" 2580 And its credential is a certificate identified by its 'x5t' hash: 2582 ID_CRED_R = 2583 { 2584 34: [-15, h'FC79990F2431A3F5'] 2585 } 2587 ID_CRED_I (14 bytes) 2588 a1 18 22 82 2e 48 5b 78 69 88 43 9e bc f2 2590 CRED_I is the certificate encoded as a byte string: 2592 CRED_I (103 bytes) 2593 58 65 fa 34 b2 2a 9c a4 a1 e1 29 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f 2594 fc 79 5f 88 af c4 9c be 8a fd d1 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 2595 95 60 1f 6f 0a 08 52 97 8b d4 3d 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 2596 88 37 00 16 b8 96 5b db 20 74 bf f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2597 2b 87 ec 3f f2 45 b7 2599 Since no opaque auciliary data is exchanged: 2601 AD_3 (0 bytes) 2603 The Plaintext of the COSE_Encrypt is the empty string: 2605 P_3m (0 bytes) 2607 The external_aad is the CBOR Sequence od CRED_I and TH_3, in this 2608 order: 2610 A_3m (CBOR-encoded) (164 bytes) 2611 83 68 45 6e 63 72 79 70 74 30 4e a1 18 22 82 2e 48 5b 78 69 88 43 9e bc 2612 f2 58 89 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 2613 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 58 65 fa 34 b2 2a 9c a4 a1 e1 29 2614 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f fc 79 5f 88 af c4 9c be 8a fd d1 2615 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 95 60 1f 6f 0a 08 52 97 8b d4 3d 2616 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 88 37 00 16 b8 96 5b db 20 74 bf 2617 f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2b 87 ec 3f f2 45 b7 2619 Info for K_3m is computed as follows: 2621 info for K_3m = 2622 [ 2623 10, 2624 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2625 "K_3m", 2626 16 2627 ] 2629 Which as a CBOR encoded data item is: 2631 info for K_3m (CBOR-encoded) (42 bytes) 2632 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2633 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 64 4b 5f 33 6d 10 2635 From these parameters, K_3m is computed. Key K_3m is the output of 2636 HKDF-Expand(PRK_4x3m, info, L), where L is the length of K_2m, so 16 2637 bytes. 2639 K_3m (16 bytes) 2640 3d bb f0 d6 01 03 26 e8 27 3f c6 c6 c3 b0 de cd 2642 Nonce IV_3m is the output of HKDF-Expand(PRK_4x3m, info, L), where L 2643 = 13 bytes. 2645 Info for IV_3m is defined as follows: 2647 info for IV_3m = 2648 [ 2649 10, 2650 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2651 "IV_3m", 2652 13 2653 ] 2655 Which as a CBOR encoded data item is: 2657 info for IV_3m (CBOR-encoded) (43 bytes) 2658 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2659 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 65 49 56 5f 33 6d 0d 2661 From these parameters, IV_3m is computed: 2663 IV_3m (13 bytes) 2664 10 b6 f4 41 4a 2c 91 3c cd a1 96 42 e3 2666 MAC_3 is the ciphertext of the COSE_Encrypt0: 2668 MAC_3 (8 bytes) 2669 5e ef b8 85 98 3c 22 d9 2671 Since the method = 0, Signature_or_Mac_3 is a signature: 2673 o The message M_3 to be signed = [ "Signature1", << ID_CRED_I >>, 2674 << TH_3, CRED_I >>, MAC_3 ] 2676 o The signing key is the private authentication key of the 2677 Initiator. 2679 M_3 = 2680 [ 2681 "Signature1", 2682 h'A11822822E485B786988439EBCF2', 2683 h'5820A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358D 2684 A5865FA34B22A9CA4A1E12924EAE1D1766088098449CB848FFC795F88AFC49CBE8AFD 2685 D1BA009F21675E8F6C77A4A2C30195601F6F0A0852978BD43D28207D44486502FF7BD 2686 DA632C788370016B8965BDB2074BFF82E5A20E09BEC21F8406E86442B87EC3FF245 2687 B7', 2688 h'5EEFB885983C22D9'] 2690 Which as a CBOR encoded data item is: 2692 M_3 (175 bytes) 2693 84 6a 53 69 67 6e 61 74 75 72 65 31 4e a1 18 22 82 2e 48 5b 78 69 88 43 2694 9e bc f2 58 89 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 2695 6d 39 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 58 65 fa 34 b2 2a 9c a4 a1 2696 e1 29 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f fc 79 5f 88 af c4 9c be 8a 2697 fd d1 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 95 60 1f 6f 0a 08 52 97 8b 2698 d4 3d 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 88 37 00 16 b8 96 5b db 20 2699 74 bf f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2b 87 ec 3f f2 45 b7 48 5e 2700 ef b8 85 98 3c 22 d9 2702 From there, the signature can be computed: 2704 Signature_or_MAC_3 (64 bytes) 2705 b3 31 76 33 fa eb c7 f4 24 9c f3 ab 95 96 fd ae 2b eb c8 e7 27 5d 39 9f 2706 42 00 04 f3 76 7b 88 d6 0f fe 37 dc f3 90 a0 00 d8 5a b0 ad b0 d7 24 e3 2707 a5 7c 4d fe 24 14 a4 1e 79 78 91 b9 55 35 89 06 2709 Finally, the outer COSE_Encrypt0 is computed. 2711 The Plaintext is the following CBOR Sequence: plaintext = ( ID_CRED_I 2712 , Signature_or_MAC_3 ) 2714 P_3ae (CBOR Sequence) (80 bytes) 2715 a1 18 22 82 2e 48 5b 78 69 88 43 9e bc f2 58 40 b3 31 76 33 fa eb c7 f4 2716 24 9c f3 ab 95 96 fd ae 2b eb c8 e7 27 5d 39 9f 42 00 04 f3 76 7b 88 d6 2717 0f fe 37 dc f3 90 a0 00 d8 5a b0 ad b0 d7 24 e3 a5 7c 4d fe 24 14 a4 1e 2718 79 78 91 b9 55 35 89 06 2720 The Associated data A is the following: Associated data A = [ 2721 "Encrypt0", h'', TH_3 ] 2723 A_3ae (CBOR-encoded) (45 bytes) 2724 83 68 45 6e 63 72 79 70 74 30 40 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 2725 1e c3 92 bf eb 92 6d 39 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 2726 Key K_3ae is the output of HKDF-Expand(PRK_3e2m, info, L). 2728 info is defined as follows: 2730 info for K_3ae = 2731 [ 2732 10, 2733 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2734 "K_3ae", 2735 16 2736 ] 2738 Which as a CBOR encoded data item is: 2740 info for K_3ae (CBOR-encoded) (43 bytes) 2741 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2742 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 65 4b 5f 33 61 65 10 2744 L is the length of K_3ae, so 16 bytes. 2746 From these parameters, K_3ae is computed: 2748 K_3ae (16 bytes) 2749 58 b5 2f 94 5b 30 9d 85 4c a7 36 cd 06 a9 62 95 2751 Nonce IV_3ae is the output of HKDF-Expand(PRK_3e2m, info, L). 2753 info is defined as follows: 2755 info for IV_3ae = 2756 [ 2757 10, 2758 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2759 "IV_3ae", 2760 13 2761 ] 2763 Which as a CBOR encoded data item is: 2765 info for IV_3ae (CBOR-encoded) (44 bytes) 2766 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2767 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 66 49 56 5f 33 61 65 0d 2769 L is the length of IV_3ae, so 13 bytes. 2771 From these parameters, IV_3ae is computed: 2773 IV_3ae (13 bytes) 2774 cf a9 a5 85 58 10 d6 dc e9 74 3c 3b c3 2776 Using the parameters above, the ciphertext CIPHERTEXT_3 can be 2777 computed: 2779 CIPHERTEXT_3 (88 bytes) 2780 2d 88 ff 86 da 47 48 2c 0d fa 55 9a c8 24 a4 a7 83 d8 70 c9 db a4 78 05 2781 e8 aa fb ad 69 74 c4 96 46 58 65 03 fa 9b bf 3e 00 01 2c 03 7e af 56 e4 2782 5e 30 19 20 83 9b 81 3a 53 f6 d4 c5 57 48 0f 6c 79 7d 5b 76 f0 e4 62 f5 2783 f5 7a 3d b6 d2 b5 0c 32 31 9f 34 0f 4a c5 af 9a 2785 From the parameter above, message_3 is computed, as the CBOR Sequence 2786 of the following items: (C_R, CIPHERTEXT_3). 2788 message_3 = 2789 ( 2790 h'13', 2791 h'' 2792 ) 2794 Which encodes to the following byte string: 2796 message_3 (CBOR Sequence) (91 bytes) 2797 13 58 58 2d 88 ff 86 da 47 48 2c 0d fa 55 9a c8 24 a4 a7 83 d8 70 c9 db 2798 a4 78 05 e8 aa fb ad 69 74 c4 96 46 58 65 03 fa 9b bf 3e 00 01 2c 03 7e 2799 af 56 e4 5e 30 19 20 83 9b 81 3a 53 f6 d4 c5 57 48 0f 6c 79 7d 5b 76 f0 2800 e4 62 f5 f5 7a 3d b6 d2 b5 0c 32 31 9f 34 0f 4a c5 af 9a 2802 Acknowledgments 2804 The authors want to thank Alessandro Bruni, Karthikeyan Bhargavan, 2805 Martin Disch, Theis Groenbech Petersen, Dan Harkins, Klaus Hartke, 2806 Russ Housley, Alexandros Krontiris, Ilari Liusvaara, Karl Norrman, 2807 Salvador Perez, Eric Rescorla, Michael Richardson, Thorvald Sahl 2808 Joergensen, Jim Schaad, Carsten Schuermann, Ludwig Seitz, Stanislav 2809 Smyshlyaev, Valery Smyslov, Rene Struik, Erik Thormarker, and Michel 2810 Veillette for reviewing and commenting on intermediate versions of 2811 the draft. We are especially indebted to Jim Schaad for his 2812 continuous reviewing and implementation of different versions of the 2813 draft. 2815 Authors' Addresses 2817 Goeran Selander 2818 Ericsson AB 2820 Email: goran.selander@ericsson.com 2821 John Preuss Mattsson 2822 Ericsson AB 2824 Email: john.mattsson@ericsson.com 2826 Francesca Palombini 2827 Ericsson AB 2829 Email: francesca.palombini@ericsson.com