idnits 2.17.1 draft-selander-lake-edhoc-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 09, 2020) is 1509 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '5' on line 1383 -- Looks like a reference, but probably isn't: '6' on line 1383 -- Looks like a reference, but probably isn't: '7' on line 1383 -- Looks like a reference, but probably isn't: '9' on line 1379 == Outdated reference: A later version (-14) exists of draft-ietf-core-echo-request-tag-08 == Outdated reference: A later version (-09) exists of draft-ietf-cose-x509-05 ** Downref: Normative reference to an Informational RFC: RFC 5869 ** Downref: Normative reference to an Informational RFC: RFC 6090 ** Downref: Normative reference to an Informational RFC: RFC 6979 ** Obsolete normative reference: RFC 7049 (Obsoleted by RFC 8949) ** Downref: Normative reference to an Informational RFC: RFC 7748 ** Obsolete normative reference: RFC 8152 (Obsoleted by RFC 9052, RFC 9053) -- Possible downref: Non-RFC (?) normative reference: ref. 'SIGMA' -- Possible downref: Non-RFC (?) normative reference: ref. 'SP-800-56A' == Outdated reference: A later version (-46) exists of draft-ietf-ace-oauth-authz-33 == Outdated reference: A later version (-19) exists of draft-ietf-ace-oscore-profile-09 == Outdated reference: A later version (-28) exists of draft-ietf-core-resource-directory-23 == Outdated reference: A later version (-07) exists of draft-ietf-lwig-security-protocol-comparison-03 == Outdated reference: A later version (-43) exists of draft-ietf-tls-dtls13-34 == Outdated reference: A later version (-05) exists of draft-selander-ace-ake-authz-00 Summary: 6 errors (**), 0 flaws (~~), 9 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Selander 3 Internet-Draft J. Mattsson 4 Intended status: Standards Track F. Palombini 5 Expires: September 10, 2020 Ericsson AB 6 March 09, 2020 8 Ephemeral Diffie-Hellman Over COSE (EDHOC) 9 draft-selander-lake-edhoc-01 11 Abstract 13 This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a 14 very compact, and lightweight authenticated Diffie-Hellman key 15 exchange with ephemeral keys. EDHOC provides mutual authentication, 16 perfect forward secrecy, and identity protection. EDHOC is intended 17 for usage in constrained scenarios and a main use case is to 18 establish an OSCORE security context. By reusing COSE for 19 cryptography, CBOR for encoding, and CoAP for transport, the 20 additional code footprint can be kept very low. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on September 10, 2020. 39 Copyright Notice 41 Copyright (c) 2020 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Rationale for EDHOC . . . . . . . . . . . . . . . . . . . 4 58 1.2. Terminology and Requirements Language . . . . . . . . . . 5 59 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 3. EDHOC Overview . . . . . . . . . . . . . . . . . . . . . . . 7 61 3.1. Transport and Message Correlation . . . . . . . . . . . . 8 62 3.2. Authentication Keys and Identities . . . . . . . . . . . 9 63 3.3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . 10 64 3.4. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 10 65 3.5. Communication/Negotiation of Protocol Features . . . . . 11 66 3.6. Auxiliary Data . . . . . . . . . . . . . . . . . . . . . 12 67 3.7. Ephemeral Public Keys . . . . . . . . . . . . . . . . . . 12 68 3.8. Key Derivation . . . . . . . . . . . . . . . . . . . . . 12 69 4. EDHOC Authenticated with Asymmetric Keys . . . . . . . . . . 15 70 4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 15 71 4.2. EDHOC Message 1 . . . . . . . . . . . . . . . . . . . . . 17 72 4.3. EDHOC Message 2 . . . . . . . . . . . . . . . . . . . . . 19 73 4.4. EDHOC Message 3 . . . . . . . . . . . . . . . . . . . . . 22 74 5. EDHOC Authenticated with Symmetric Keys . . . . . . . . . . . 25 75 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 25 76 5.2. EDHOC Message 1 . . . . . . . . . . . . . . . . . . . . . 26 77 5.3. EDHOC Message 2 . . . . . . . . . . . . . . . . . . . . . 27 78 5.4. EDHOC Message 3 . . . . . . . . . . . . . . . . . . . . . 28 79 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 28 80 6.1. EDHOC Error Message . . . . . . . . . . . . . . . . . . . 28 81 7. Transferring EDHOC and Deriving an OSCORE Context . . . . . . 30 82 7.1. Transferring EDHOC in CoAP . . . . . . . . . . . . . . . 30 83 8. Security Considerations . . . . . . . . . . . . . . . . . . . 33 84 8.1. Security Properties . . . . . . . . . . . . . . . . . . . 33 85 8.2. Cryptographic Considerations . . . . . . . . . . . . . . 34 86 8.3. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 35 87 8.4. Unprotected Data . . . . . . . . . . . . . . . . . . . . 35 88 8.5. Denial-of-Service . . . . . . . . . . . . . . . . . . . . 36 89 8.6. Implementation Considerations . . . . . . . . . . . . . . 36 90 8.7. Other Documents Referencing EDHOC . . . . . . . . . . . . 37 91 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 92 9.1. EDHOC Cipher Suites Registry . . . . . . . . . . . . . . 37 93 9.2. EDHOC Method Type Registry . . . . . . . . . . . . . . . 38 94 9.3. The Well-Known URI Registry . . . . . . . . . . . . . . . 39 95 9.4. Media Types Registry . . . . . . . . . . . . . . . . . . 39 96 9.5. CoAP Content-Formats Registry . . . . . . . . . . . . . . 40 97 9.6. Expert Review Instructions . . . . . . . . . . . . . . . 40 98 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 99 10.1. Normative References . . . . . . . . . . . . . . . . . . 41 100 10.2. Informative References . . . . . . . . . . . . . . . . . 43 101 Appendix A. Use of CBOR, CDDL and COSE in EDHOC . . . . . . . . 45 102 A.1. CBOR and CDDL . . . . . . . . . . . . . . . . . . . . . . 45 103 A.2. COSE . . . . . . . . . . . . . . . . . . . . . . . . . . 46 104 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 46 105 B.1. Test Vectors for EDHOC Authenticated with Signature Keys 106 (x5t) . . . . . . . . . . . . . . . . . . . . . . . . . . 46 107 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 60 108 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 60 110 1. Introduction 112 Security at the application layer provides an attractive option for 113 protecting Internet of Things (IoT) deployments, for example where 114 transport layer security is not sufficient 115 [I-D.hartke-core-e2e-security-reqs] or where the protection needs to 116 work over a variety of underlying protocols. IoT devices may be 117 constrained in various ways, including memory, storage, processing 118 capacity, and energy [RFC7228]. A method for protecting individual 119 messages at the application layer suitable for constrained devices, 120 is provided by CBOR Object Signing and Encryption (COSE) [RFC8152]), 121 which builds on the Concise Binary Object Representation (CBOR) 122 [RFC7049]. Object Security for Constrained RESTful Environments 123 (OSCORE) [RFC8613] is a method for application-layer protection of 124 the Constrained Application Protocol (CoAP), using COSE. 126 In order for a communication session to provide forward secrecy, the 127 communicating parties can run an Elliptic Curve Diffie-Hellman (ECDH) 128 key exchange protocol with ephemeral keys, from which shared key 129 material can be derived. This document specifies Ephemeral Diffie- 130 Hellman Over COSE (EDHOC), a lightweight key exchange protocol 131 providing perfect forward secrecy and identity protection. 132 Authentication is based on credentials established out of band, e.g. 133 from a trusted third party, such as an Authorization Server as 134 specified by [I-D.ietf-ace-oauth-authz]. EDHOC supports 135 authentication using pre-shared keys (PSK), raw public keys (RPK), 136 and public key certificates. After successful completion of the 137 EDHOC protocol, application keys and other application specific data 138 can be derived using the EDHOC-Exporter interface. A main use case 139 for EDHOC is to establish an OSCORE security context. EDHOC uses 140 COSE for cryptography, CBOR for encoding, and CoAP for transport. By 141 reusing existing libraries, the additional code footprint can be kept 142 very low. Note that this document focuses on authentication and key 143 establishment: for integration with authorization of resource access, 144 refer to [I-D.ietf-ace-oscore-profile]. 146 EDHOC is designed to work in highly constrained scenarios making it 147 especially suitable for network technologies such as Cellular IoT, 148 6TiSCH [I-D.ietf-6tisch-dtsecurity-zerotouch-join], and LoRaWAN 149 [LoRa1][LoRa2]. These network technologies are characterized by 150 their low throughput, low power consumption, and small frame sizes. 151 Compared to the DTLS 1.3 handshake [I-D.ietf-tls-dtls13] with ECDH 152 and connection ID, the number of bytes in EDHOC + CoAP is less than 153 1/4 when PSK authentication is used and less than 1/6 when RPK 154 authentication is used, see 155 [I-D.ietf-lwig-security-protocol-comparison]. Typical message sizes 156 for EDHOC with pre-shared keys, raw public keys with static Diffie- 157 Hellman keys, and two different ways to identify X.509 certificates 158 with signature keys are shown in Figure 1. Further reductions of 159 message sizes are possible by eliding redundant length indications. 161 ===================================================================== 162 PSK RPK x5t x5chain 163 --------------------------------------------------------------------- 164 message_1 38 37 37 37 165 message_2 44 46 117 110 + Certificate 166 message_3 10 20 91 84 + Certificate 167 --------------------------------------------------------------------- 168 Total 92 103 245 231 + Certificates 169 ===================================================================== 171 Figure 1: Typical message sizes in bytes 173 The ECDH exchange and the key derivation follow known protocol 174 constructions such as [SIGMA], NIST SP-800-56A [SP-800-56A], and HKDF 175 [RFC5869]. CBOR [RFC7049] and COSE [RFC8152] are used to implement 176 these standards. The use of COSE provides crypto agility and enables 177 use of future algorithms and headers designed for constrained IoT. 179 This document is organized as follows: Section 2 describes how EDHOC 180 authenticated with digital signatures builds on SIGMA-I, Section 3 181 specifies general properties of EDHOC, including message flow, 182 formatting of the ephemeral public keys, and key derivation, 183 Section 4 specifies EDHOC with signature key and static Diffie- 184 Hellman key authentication, Section 5 specifies EDHOC with symmetric 185 key authentication, Section 6 specifies the EDHOC error message, and 186 Section 7 describes how EDHOC can be transferred in CoAP and used to 187 establish an OSCORE security context. 189 1.1. Rationale for EDHOC 191 Many constrained IoT systems today do not use any security at all, 192 and when they do, they often do not follow best practices. One 193 reason is that many current security protocols are not designed with 194 constrained IoT in mind. Constrained IoT systems often deal with 195 personal information, valuable business data, and actuators 196 interacting with the physical world. Not only do such systems need 197 security and privacy, they often need end-to-end protection with 198 source authentication and perfect forward secrecy. EDHOC and OSCORE 199 [RFC8613] enables security following current best practices to 200 devices and systems where current security protocols are impractical. 202 EDHOC is optimized for small message sizes and can therefore be sent 203 over a small number of radio frames. The message size of a key 204 exchange protocol may have a large impact on the performance of an 205 IoT deployment, especially in constrained environments. For example, 206 in a network bootstrapping setting a large number of devices turned 207 on in a short period of time may result in large latencies caused by 208 parallel key exchanges. Requirements on network formation time in 209 constrained environments can be translated into key exchange 210 overhead. In network technologies with duty cycle, each additional 211 frame significantly increases the latency even if no other devices 212 are transmitting. 214 Power consumption for wireless devices is highly dependent on message 215 transmission, listening, and reception. For devices that only send a 216 few bytes occasionally, the battery lifetime may be impacted by a 217 heavy key exchange protocol. A key exchange may need to be executed 218 more than once, e.g. due to a device rebooting or for security 219 reasons such as perfect forward secrecy. 221 EDHOC is adapted to primitives and protocols designed for the 222 Internet of Things: EDHOC is built on CBOR and COSE which enables 223 small message overhead and efficient parsing in constrained devices. 224 EDHOC is not bound to a particular transport layer, but it is 225 recommended to transport the EDHOC message in CoAP payloads. EDHOC 226 is not bound to a particular communication security protocol but 227 works off-the-shelf with OSCORE [RFC8613] providing the necessary 228 input parameters with required properties. Maximum code complexity 229 (ROM/Flash) is often a constraint in many devices and by reusing 230 already existing libraries, the additional code footprint for EDHOC + 231 OSCORE can be kept very low. 233 1.2. Terminology and Requirements Language 235 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 236 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 237 "OPTIONAL" in this document are to be interpreted as described in BCP 238 14 [RFC2119] [RFC8174] when, and only when, they appear in all 239 capitals, as shown here. 241 Readers are expected to be familiar with the terms and concepts 242 described in CBOR [RFC7049] [I-D.ietf-cbor-sequence], COSE [RFC8152], 243 and CDDL [RFC8610]. The Concise Data Definition Language (CDDL) is 244 used to express CBOR data structures [RFC7049]. Examples of CBOR and 245 CDDL are provided in Appendix A.1. 247 2. Background 249 EDHOC specifies different authentication methods of the Diffie- 250 Hellman key exchange: digital signatures, static Diffie-Hellman keys 251 and symmetric keys. This section outlines the digital signature 252 based method. 254 SIGMA (SIGn-and-MAc) is a family of theoretical protocols with a 255 large number of variants [SIGMA]. Like IKEv2 [RFC7296] and (D)TLS 256 1.3 [RFC8446], EDHOC authenticated with digital signatures is built 257 on a variant of the SIGMA protocol which provide identity protection 258 of the initiator (SIGMA-I), and like IKEv2 [RFC7296], EDHOC 259 implements the SIGMA-I variant as Mac-then-Sign. The SIGMA-I 260 protocol using an authenticated encryption algorithm is shown in 261 Figure 2. 263 Initiator Responder 264 | G_X | 265 +-------------------------------------------------------->| 266 | | 267 | G_Y, AEAD( K_2; ID_CRED_R, Sig(R; CRED_R, G_X, G_Y) ) | 268 |<--------------------------------------------------------+ 269 | | 270 | AEAD( K_3; ID_CRED_I, Sig(I; CRED_I, G_Y, G_X) ) | 271 +-------------------------------------------------------->| 272 | | 274 Figure 2: Authenticated encryption variant of the SIGMA-I protocol. 276 The parties exchanging messages are called Initiator (I) and 277 Responder (R). They exchange ephemeral public keys, compute the 278 shared secret, and derive symmetric application keys. 280 o G_X and G_Y are the ECDH ephemeral public keys of I and R, 281 respectively. 283 o CRED_I and CRED_R are the credentials containing the public 284 authentication keys of I and R, respectively. 286 o ID_CRED_I and ID_CRED_R are data enabling the recipient party to 287 retrieve the credential of I and R, respectively. 289 o Sig(I; . ) and S(R; . ) denote signatures made with the private 290 authentication key of I and R, respectively. 292 o AEAD(K; . ) denotes authenticated encryption with additional data 293 using a key K derived from the shared secret. 295 In order to create a "full-fledged" protocol some additional protocol 296 elements are needed. EDHOC adds: 298 o Explicit connection identifiers C_I, C_R chosen by I and R, 299 respectively, enabling the recipient to find the protocol state. 301 o Transcript hashes (hashes of message data) TH_2, TH_3, TH_4 used 302 for key derivation and as additional authenticated data. 304 o Computationally independent keys derived from the ECDH shared 305 secret and used for authenticated encryption of different 306 messages. 308 o Verification of a common preferred cipher suite: 310 * The Initiator lists supported cipher suites in order of 311 preference 313 * The Responder verifies that the selected cipher suite is the 314 first supported cipher suite 316 o Method types and error handling. 318 o Transport of opaque auxiliary data. 320 EDHOC is designed to encrypt and integrity protect as much 321 information as possible, and all symmetric keys are derived using as 322 much previous information as possible. EDHOC is furthermore designed 323 to be as compact and lightweight as possible, in terms of message 324 sizes, processing, and the ability to reuse already existing CBOR, 325 COSE, and CoAP libraries. 327 To simplify for implementors, the use of CBOR in EDHOC is summarized 328 in Appendix A and test vectors including CBOR diagnostic notation are 329 given in Appendix B. 331 3. EDHOC Overview 333 EDHOC consists of three messages (message_1, message_2, message_3) 334 that maps directly to the three messages in SIGMA-I, plus an EDHOC 335 error message. EDHOC messages are CBOR Sequences 336 [I-D.ietf-cbor-sequence], where the first data item (METHOD_CORR) of 337 message_1 is an int specifying the method and the correlation 338 properties of the transport used, see Section 3.1. The method 339 specifies the authentication methods used (signature, static DH, 340 symmetric), see Section 9.2. An implementation may support only 341 Initiator or Responder. An implementation may support only a single 342 method. The Initiator and the Responder need to have agreed on a 343 single method to be used for EDHOC. 345 While EDHOC uses the COSE_Key, COSE_Sign1, and COSE_Encrypt0 346 structures, only a subset of the parameters is included in the EDHOC 347 messages. The unprotected COSE header in COSE_Sign1, and 348 COSE_Encrypt0 (not included in the EDHOC message) MAY contain 349 parameters (e.g. 'alg'). After creating EDHOC message_3, the 350 Initiator can derive symmetric application keys, and application 351 protected data can therefore be sent in parallel with EDHOC 352 message_3. The application may protect data using the algorithms 353 (AEAD, hash, etc.) in the selected cipher suite and the connection 354 identifiers (C_I, C_R). EDHOC may be used with the media type 355 application/edhoc defined in Section 9. 357 Initiator Responder 358 | | 359 | ------------------ EDHOC message_1 -----------------> | 360 | | 361 | <----------------- EDHOC message_2 ------------------ | 362 | | 363 | ------------------ EDHOC message_3 -----------------> | 364 | | 365 | <----------- Application Protected Data ------------> | 366 | | 368 Figure 3: EDHOC message flow 370 3.1. Transport and Message Correlation 372 Cryptographically, EDHOC does not put requirements on the lower 373 layers. EDHOC is not bound to a particular transport layer, and can 374 be used in environments without IP. The transport is responsible to 375 handle message loss, reordering, message duplication, fragmentation, 376 and denial of service protection, where necessary. The Initiator and 377 the Responder need to have agreed on a transport to be used for 378 EDHOC. It is recommended to transport EDHOC in CoAP payloads, see 379 Section 7. 381 EDHOC includes connection identifiers (C_I, C_R) to correlate 382 messages. The connection identifiers C_I and C_R do not have any 383 cryptographic purpose in EDHOC. They contain information 384 facilitating retrieval of the protocol state and may therefore be 385 very short. The connection identifier MAY be used with an 386 application protocol (e.g. OSCORE) for which EDHOC establishes keys, 387 in which case the connection identifiers SHALL adhere to the 388 requirements for that protocol. Each party choses a connection 389 identifier it desires the other party to use in outgoing messages. 391 If the transport provides a mechanism for correlating messages, some 392 of the connection identifiers may be omitted. There are four cases: 394 o corr = 0, the transport does not provide a correlation mechanism. 396 o corr = 1, the transport provides a correlation mechanism that 397 enables the Responder to correlate message_2 and message_1. 399 o corr = 2, the transport provides a correlation mechanism that 400 enables the Initiator to correlate message_3 and message_2. 402 o corr = 3, the transport provides a correlation mechanism that 403 enables both parties to correlate all three messages. 405 For example, if the key exchange is transported over CoAP, the CoAP 406 Token can be used to correlate messages, see Section 7.1. 408 3.2. Authentication Keys and Identities 410 The EDHOC message exchange may be authenticated using pre-shared keys 411 (PSK), raw public keys (RPK), or public key certificates. The 412 certificates and RPKs can contain signature keys or static Diffie- 413 Hellman keys. In X.509 certificates, signature keys typically have 414 key usage "digitalSignature" and Diffie-Hellman keys typically have 415 key usage "keyAgreement". EDHOC assumes the existence of mechanisms 416 (certification authority, trusted third party, manual distribution, 417 etc.) for distributing authentication keys (public or pre-shared) and 418 identities. Policies are set based on the identity of the other 419 party, and parties typically only allow connections from a small 420 restricted set of identities. 422 o When a Public Key Infrastructure (PKI) is used, the trust anchor 423 is a Certification Authority (CA) certificate, and the identity is 424 the subject whose unique name (e.g. a domain name, NAI, or EUI) is 425 included in the other party's certificate. Before running EDHOC 426 each party needs at least one CA public key certificate, or just 427 the public key, and a set of identities it is allowed to 428 communicate with. Any validated public-key certificate with an 429 allowed subject name is accepted. EDHOC provides proof that the 430 other party possesses the private authentication key corresponding 431 to the public authentication key in its certificate. The 432 certification path provides proof that the subject of the 433 certificate owns the public key in the certificate. 435 o When public keys are used but not with a PKI (RPK, self-signed 436 certificate), the trust anchor is the public authentication key of 437 the other party. In this case, the identity is typically directly 438 associated to the public authentication key of the other party. 439 For example, the name of the subject may be a canonical 440 representation of the public key. Alternatively, if identities 441 can be expressed in the form of unique subject names assigned to 442 public keys, then a binding to identity can be achieved by 443 including both public key and associated subject name in the 444 protocol message computation: CRED_I or CRED_R may be a self- 445 signed certificate or COSE_Key containing the public 446 authentication key and the subject name, see Figure 2. Before 447 running EDHOC, each party need a set of public authentication 448 keys/unique associated subject names it is allowed to communicate 449 with. EDHOC provides proof that the other party possesses the 450 private authentication key corresponding to the public 451 authentication key. 453 o When pre-shared keys are used the information about the other 454 party is carried in the PSK identifier field of the protocol, 455 ID_PSK. The purpose of ID_PSK is to facilitate retrieval of the 456 pre-shared key, which is used to authenticate and assert trust. 457 In this case no other identities or trust anchors are used. 459 3.3. Identifiers 461 One byte connection and credential identifiers are realistic in many 462 scenarios as most constrained devices only have a few keys and 463 connections. In cases where a node only has one connection or key, 464 the identifiers may even be the empty byte string. 466 3.4. Cipher Suites 468 EDHOC cipher suites consist of an ordered set of COSE algorithms: an 469 EDHOC AEAD algorithm, an EDHOC hash algorithm, an EDHOC ECDH curve, 470 an EDHOC signature algorithm, an EDHOC signature algorithm curve, an 471 application AEAD algorithm, and an application hash algorithm from 472 the COSE Algorithms and Elliptic Curves registries. Each cipher 473 suite is identified with a pre-defined int label. This document 474 specifies four pre-defined cipher suites. 476 0. ( 10, -16, 4, -8, 6, 10, -16 ) 477 (AES-CCM-16-64-128, SHA-256, X25519, EdDSA, Ed25519, 478 AES-CCM-16-64-128, SHA-256) 480 1. ( 30, -16, 4, -8, 6, 10, -16 ) 481 (AES-CCM-16-128-128, SHA-256, X25519, EdDSA, Ed25519, 482 AES-CCM-16-64-128, SHA-256) 484 2. ( 10, -16, 1, -7, 1, 10, -16 ) 485 (AES-CCM-16-64-128, SHA-256, P-256, ES256, P-256, 486 AES-CCM-16-64-128, SHA-256) 488 3. ( 30, -16, 1, -7, 1, 10, -16 ) 489 (AES-CCM-16-128-128, SHA-256, P-256, ES256, P-256, 490 AES-CCM-16-64-128, SHA-256) 492 The different methods use the same cipher suites, but some algorithms 493 are not used in some methods. The EDHOC signature algorithm and the 494 EDHOC signature algorithm curve are not used is methods without 495 signature authentication. 497 The Initiator need to have a list of cipher suites it supports in 498 order of decreasing preference. The Responder need to have a list of 499 cipher suites it supports. 501 3.5. Communication/Negotiation of Protocol Features 503 EDHOC allows the communication or negotiation of various protocol 504 features during the execution of the protocol. 506 o The Initiator proposes a cipher suite (see Section 3.4), and the 507 Responder either accepts or rejects, and may make a counter 508 proposal. 510 o The Initiator decides on the correlation parameter corr (see 511 Section 3.1). This is typically given by the transport which the 512 Initiator and the Responder have agreed on beforehand. The 513 Responder either accepts or rejects. 515 o The Initiator decides on the method parameter, see Section 9.2. 516 The Responder either accepts or rejects. 518 o The Initiator and the Responder decide on the representation of 519 the identifier of their respective credentials, ID_CRED_I and 520 ID_CRED_R. The decision is reflected by the label used in the 521 CBOR map, see for example Section 4.1. 523 3.6. Auxiliary Data 525 In order to reduce round trips and number of messages, and in some 526 cases also streamline processing, certain security applications may 527 be integrated into EDHOC by transporting auxiliary data together with 528 the messages. One example is the transport of third-party 529 authorization information protected outside of EDHOC 530 [I-D.selander-ace-ake-authz]. Another example is the embedding of a 531 certificate enrolment request or a newly issued certificate. 533 EDHOC allows opaque auxiliary data (AD) to be sent in the EDHOC 534 messages. Unprotected Auxiliary Data (AD_1, AD_2) may be sent in 535 message_1 and message_2, respectively. Protected Auxiliary Data 536 (AD_3) may be sent in message_3. 538 Since data carried in AD1 and AD2 may not be protected, and the 539 content of AD3 is available to both the Initiator and the Responder, 540 special considerations need to be made such that the availability of 541 the data a) does not violate security and privacy requirements of the 542 service which uses this data, and b) does not violate the security 543 properties of EDHOC. 545 3.7. Ephemeral Public Keys 547 The ECDH ephemeral public keys are formatted as a COSE_Key of type 548 EC2 or OKP according to Sections 13.1 and 13.2 of [RFC8152], but only 549 the 'x' parameter is included in the EDHOC messages. For Elliptic 550 Curve Keys of type EC2, compact representation as per [RFC6090] MAY 551 be used also in the COSE_Key. If the COSE implementation requires an 552 'y' parameter, any of the possible values of the y-coordinate can be 553 used, see Appendix C of [RFC6090]. COSE [RFC8152] always use compact 554 output for Elliptic Curve Keys of type EC2. 556 3.8. Key Derivation 558 EDHOC uses HKDF [RFC5869] with the EDHOC hash algorithm in the 559 selected cipher suite to derive keys. HKDF-Extract is used to derive 560 fixed-length uniformly pseudorandom keys (PRK) from ECDH shared 561 secrets. HKDF-Expand is used to derive additional output keying 562 material (OKM) from the PRKs. The PRKs are derived using HKDF- 563 Extract [RFC5869]. 565 PRK = HKDF-Extract( salt, IKM ) 567 PRK_2e is used to derive key and IV to encrypt message_2. PRK_3e2m 568 is used to derive keys and IVs produce a MAC in message_2 and to 569 encrypt message_3. PRK_4x3m is used to derive keys and IVs produce a 570 MAC in message_3 and to derive application specific data. 572 PRK_2e is derived with the following input: 574 o The salt SHALL be the PSK when EDHOC is authenticated with 575 symmetric keys, and the empty byte string when EDHOC is 576 authenticated with asymmetric keys (signature or static DH). The 577 PSK is used as 'salt' to simplify implementation. Note that 578 [RFC5869] specifies that if the salt is not provided, it is set to 579 a string of zeros (see Section 2.2 of [RFC5869]). For 580 implementation purposes, not providing the salt is the same as 581 setting the salt to the empty byte string. 583 o The input keying material (IKM) SHALL be the ECDH shared secret 584 G_XY (calculated from G_X and Y or G_Y and X) as defined in 585 Section 12.4.1 of [RFC8152]. 587 Example: Assuming the use of SHA-256 the extract phase of HKDF 588 produces PRK_2e as follows: 590 PRK_2e = HMAC-SHA-256( salt, G_XY ) 592 where salt = 0x (the empty byte string) in the asymmetric case and 593 salt = PSK in the symmetric case. 595 The pseudorandom keys PRK_3e2m and PRK_4x3m are defined as follow: 597 o If the Reponder authenticates with a static Diffie-Hellman key, 598 then PRK_3e2m = HKDF-Extract( PRK_2e, G_RX ), where G_RX is the 599 ECDH shared secret calculated from G_R and X, or G_X and R, else 600 PRK_3e2m = PRK_2e. 602 o If the Initiator authenticates with a static Diffie-Hellman key, 603 then PRK_4x3m = HKDF-Extract( PRK_3e2m, G_IY ), where G_IY is the 604 ECDH shared secret calculated from G_I and Y, or G_Y and I, else 605 PRK_4x3m = PRK_3e2m. 607 Example: Assuming the use of curve25519, the ECDH shared secrets 608 G_XY, G_RX, and G_IY are the outputs of the X25519 function 609 [RFC7748]: 611 G_XY = X25519( Y, G_X ) = X25519( X, G_Y ) 613 The keys and IVs used in EDHOC are derived from PRK using HKDF-Expand 614 [RFC5869] where the EDHOC-KDF is instantiated with the EDHOC AEAD 615 algorithm in the selected cipher suite. 617 OKM = EDHOC-KDF( PRK, transcript_hash, label, length ) 618 = HKDF-Expand( PRK, info, length ) 620 where info is the CBOR encoding of 622 info = [ 623 edhoc_aead_id : int / tstr, 624 transcript_hash : bstr, 625 label : tstr, 626 length : uint 627 ] 629 where 631 o edhoc_aead_id is an int or tstr containing the algorithm 632 identifier of the EDHOC AEAD algorithm in the selected cipher 633 suite encoded as defined in [RFC8152]. Note that a single fixed 634 edhoc_aead_id is used in all invocations of EDHOC-KDF, including 635 the derivation of K_2e and invocations of the EDHOC-Exporter. 637 o transcript_hash is a bstr set to one of the transcript hashes 638 TH_2, TH_3, or TH_4 as defined in Sections 4.3.1, 4.4.1, and 639 3.8.1. 641 o label is a tstr set to the name of the derived key or IV, i.e. 642 "K_2m", "IV_2m", "K_2e", "K_2ae", "IV_2ae", "K_3m", "IV_3m", 643 "K_3ae", or "IV_2ae". 645 o length is the length of output keying material (OKM) in bytes 647 K_2ae and IV_2ae are derived using the transcript hash TH_2 and the 648 pseudorandom key PRK_2e. K_2m and IV_2m are derived using the 649 transcript hash TH_2 and the pseudorandom key PRK_3e2m. K_3ae and 650 IV_3ae are derived using the transcript hash TH_3 and the 651 pseudorandom key PRK_3e2m. K_3m and IV_3m are derived using the 652 transcript hash TH_3 and the pseudorandom key PRK_4x3m. IVs are only 653 used if the EDHOC AEAD algorithm uses IVs. 655 3.8.1. EDHOC-Exporter Interface 657 Application keys and other application specific data can be derived 658 using the EDHOC-Exporter interface defined as: 660 EDHOC-Exporter(label, length) 661 = EDHOC-KDF(PRK_4x3m, TH_4, label, length) 663 where label is a tstr defined by the application and length is an 664 uint defined by the application. The label SHALL be different for 665 each different exporter value. The transcript hash TH_4 is a CBOR 666 encoded bstr and the input to the hash function is a CBOR Sequence. 668 TH_4 = H( TH_3, CIPHERTEXT_3 ) 670 where H() is the hash function in the selected cipher suite. Example 671 use of the EDHOC-Exporter is given in Sections 3.8.2 and 7.1.1. 673 3.8.2. EDHOC PSK Chaining 675 An application using EDHOC may want to derive new PSKs to use for 676 authentication in future EDHOC exchanges. In this case, the new PSK 677 and the ID_PSK 'kid_value' parameter SHOULD be derived as follows 678 where length is the key length (in bytes) of the EDHOC AEAD 679 Algorithm. 681 PSK = EDHOC-Exporter( "EDHOC Chaining PSK", length ) 682 kid_psk = EDHOC-Exporter( "EDHOC Chaining kid_psk", 4 ) 684 4. EDHOC Authenticated with Asymmetric Keys 686 4.1. Overview 688 This section specifies authentication method = 0, 1, 2, and 3, see 689 Section 9.2. EDHOC supports authentication with signature or static 690 Diffie-Hellman keys in the form of raw public keys (RPK) and public 691 key certificates with the requirements that: 693 o Only the Responder SHALL have access to the Responder's private 694 authentication key, 696 o Only the Initiator SHALL have access to the Initiator's private 697 authentication key, 699 o The Initiator is able to retrieve the Responder's public 700 authentication key using ID_CRED_R, 702 o The Responder is able to retrieve the Initiator's public 703 authentication key using ID_CRED_I, 705 where the identifiers ID_CRED_I and ID_CRED_R are COSE header_maps, 706 i.e. CBOR maps containing COSE Common Header Parameters, see 707 Section 3.1 of [RFC8152]). ID_CRED_I and ID_CRED_R need to contain 708 parameters that can identify a public authentication key. In the 709 following paragraph we give some examples of possible COSE header 710 parameters used. 712 Raw public keys are most optimally stored as COSE_Key objects and 713 identified with a 'kid' parameter: 715 o ID_CRED_x = { 4 : kid_x }, where kid_x : bstr, for x = I or R. 717 Public key certificates can be identified in different ways. Several 718 header parameters for identifying X.509 certificates are defined in 719 [I-D.ietf-cose-x509]: 721 o by a bag of certificates with the 'x5bag' parameter; or 723 * ID_CRED_x = { 32 : COSE_X509 }, for x = I or R, 725 o by a certificate chain with the 'x5chain' parameter; 727 * ID_CRED_x = { 33 : COSE_X509 }, for x = I or R, 729 o by a hash value with the 'x5t' parameter; 731 * ID_CRED_x = { 34 : COSE_CertHash }, for x = I or R, 733 o by a URL with the 'x5u' parameter; 735 * ID_CRED_x = { 35 : uri }, for x = I or R, 737 In the first two examples, ID_CRED_I and ID_CRED_R contain the actual 738 credential used for authentication. The purpose of ID_CRED_I and 739 ID_CRED_R is to facilitate retrieval of a public authentication key 740 and when they do not contain the actual credential, they may be very 741 short. It is RECOMMENDED that they uniquely identify the public 742 authentication key as the recipient may otherwise have to try several 743 keys. ID_CRED_I and ID_CRED_R are transported in the ciphertext, see 744 Section 4.3.2 and Section 4.4.2. 746 The authentication key MUST be a signature key or static Diffie- 747 Hellman key. The Initiator and the Responder MAY use different types 748 of authentication keys, e.g. one uses a signature key and the other 749 uses a static Diffie-Hellman key. When using a signature key, the 750 authentication is provided by a signature. When using a static 751 Diffie-Hellman key the authentication is provided by a Message 752 Authentication Code (MAC) computed from an ephemeral-static ECDH 753 shared secret which enables significant reductions in message sizes. 754 The MAC is implemented with an AEAD algorithm. When using a static 755 Diffie-Hellman keys the Initiator's and Responder's private 756 authentication keys are called I and R, respectively, and the public 757 authentication keys are called G_I and G_R, respectively. 759 The actual credentials CRED_I and CRED_R are signed or MAC:ed by the 760 Initiator and the Responder respectively, see Section 4.4.1 and 761 Section 4.3.1. The Initiator and the Responder MAY use different 762 types of credentials, e.g. one uses RPK and the other uses 763 certificate. When the credential is a certificate, CRED_x is end- 764 entity certificate (i.e. not the certificate chain) encoded as a CBOR 765 bstr. When the credential is a COSE_Key, CREX_x is a CBOR map only 766 contains specific fields from the COSE_Key. For COSE_Keys of type 767 OKP the CBOR map SHALL only include the parameters 1 (kty), -1 (crv), 768 and -2 (x-coordinate). For COSE_Keys of type EC2 the CBOR map SHALL 769 only include the parameters 1 (kty), -1 (crv), -2 (x-coordinate), and 770 -3 (y-coordinate). If the parties have agreed on an identity besides 771 the public key, the indentity is included in the CBOR map with the 772 label "subject name", otherwise the subject name is the empty text 773 string. The parameters SHALL be encoded in decreasing order with int 774 labels first and text string labels last. An example of CRED_x when 775 the RPK contains a X25519 static Diffie-Hellman key and the parties 776 have agreed on an EUI-64 identity is shown below: 778 CRED_x = { 779 1: 1, 780 -1: 4, 781 -2: h'b1a3e89460e88d3a8d54211dc95f0b90 782 3ff205eb71912d6db8f4af980d2db83a', 783 "subject name" : "42-50-31-FF-EF-37-32-39" 784 } 786 Initiator Responder 787 | METHOD_CORR, SUITES_I, G_X, C_I, AD_1 | 788 +------------------------------------------------------------------>| 789 | message_1 | 790 | | 791 | C_I, G_Y, C_R, Enc(K_2e; ID_CRED_R, Signature_or_MAC_2, AD_2) | 792 |<------------------------------------------------------------------+ 793 | message_2 | 794 | | 795 | C_R, AEAD(K_3ae; ID_CRED_I, Signature_or_MAC_3, AD_3) | 796 +------------------------------------------------------------------>| 797 | message_3 | 799 Figure 4: Overview of EDHOC with asymmetric key authentication. 801 4.2. EDHOC Message 1 803 4.2.1. Formatting of Message 1 805 message_1 SHALL be a CBOR Sequence (see Appendix A.1) as defined 806 below 807 message_1 = ( 808 METHOD_CORR : int, 809 SUITES_I : [ selected : suite, supported : 2* suite ] / suite, 810 G_X : bstr, 811 C_I : bstr_identifier, 812 ? AD_1 : bstr, 813 ) 815 suite = int 816 bstr_identifier = bsrt / int 818 where: 820 o METHOD_CORR = 4 * method + corr, where method = 0, 1, 2, or 3 (see 821 Section 9.2) and the correlation parameter corr is chosen based on 822 the transport and determines which connection identifiers that are 823 omitted (see Section 3.1). 825 o SUITES_I - cipher suites which the Initiator supports in order of 826 decreasing preference. One of the supported cipher suites is 827 selected. If a single supported cipher suite is conveyed then 828 that cipher suite is selected and the selected cipher suite is 829 encoded as an int instead of an array. 831 o G_X - the ephemeral public key of the Initiator 833 o C_I - variable length connection identifier. An bstr_identifier 834 is a byte string with special encoding. Byte strings of length 835 one is encoded as the corresponding integer - 24, i.e. h'2a' is 836 encoded as 18. 838 o AD_1 - bstr containing unprotected opaque auxiliary data 840 4.2.2. Initiator Processing of Message 1 842 The Initiator SHALL compose message_1 as follows: 844 o The supported cipher suites and the order of preference MUST NOT 845 be changed based on previous error messages. However, the list 846 SUITES_I sent to the Responder MAY be truncated such that cipher 847 suites which are the least preferred are omitted. The amount of 848 truncation MAY be changed between sessions, e.g. based on previous 849 error messages (see next bullet), but all cipher suites which are 850 more preferred than the least preferred cipher suite in the list 851 MUST be included in the list. 853 o Determine the cipher suite to use with the Responder in message_1. 854 If the Initiator previously received from the Responder an error 855 message to a message_1 with diagnostic payload identifying a 856 cipher suite that the Initiator supports, then the Initiator SHALL 857 use that cipher suite. Otherwise the first supported (i.e. the 858 most preferred) cipher suite in SUITES_I MUST be used. 860 o Generate an ephemeral ECDH key pair as specified in Section 5 of 861 [SP-800-56A] using the curve in the selected cipher suite and 862 format it as a COSE_Key. Let G_X be the 'x' parameter of the 863 COSE_Key. 865 o Choose a connection identifier C_I and store it for the length of 866 the protocol. 868 o Encode message_1 as a sequence of CBOR encoded data items as 869 specified in Section 4.2.1 871 4.2.3. Responder Processing of Message 1 873 The Responder SHALL process message_1 as follows: 875 o Decode message_1 (see Appendix A.1). 877 o Verify that the selected cipher suite is supported and that no 878 prior cipher suites in SUITES_I are supported. 880 o Pass AD_1 to the security application. 882 If any verification step fails, the Initiator MUST send an EDHOC 883 error message back, formatted as defined in Section 6, and the 884 protocol MUST be discontinued. If V does not support the selected 885 cipher suite, then SUITES_R MUST include one or more supported cipher 886 suites. If the Responder does not support the selected cipher suite, 887 but supports another cipher suite in SUITES_I, then SUITES_R MUST 888 include the first supported cipher suite in SUITES_I. 890 4.3. EDHOC Message 2 892 4.3.1. Formatting of Message 2 894 message_2 and data_2 SHALL be CBOR Sequences (see Appendix A.1) as 895 defined below 897 message_2 = ( 898 data_2, 899 CIPHERTEXT_2 : bstr, 900 ) 901 data_2 = ( 902 ? C_I : bstr_identifier, 903 G_Y : bstr, 904 C_R : bstr_identifier, 905 ) 907 where: 909 o G_Y - the ephemeral public key of the Responder 911 o C_R - variable length connection identifier 913 4.3.2. Responder Processing of Message 2 915 The Responder SHALL compose message_2 as follows: 917 o If corr (METHOD_CORR mod 4) equals 1 or 3, C_I is omitted, 918 otherwise C_I is not omitted. 920 o Generate an ephemeral ECDH key pair as specified in Section 5 of 921 [SP-800-56A] using the curve in the selected cipher suite and 922 format it as a COSE_Key. Let G_Y be the 'x' parameter of the 923 COSE_Key. 925 o Choose a connection identifier C_R and store it for the length of 926 the protocol. 928 o Compute the transcript hash TH_2 = H(message_1, data_2) where H() 929 is the hash function in the selected cipher suite. The transcript 930 hash TH_2 is a CBOR encoded bstr and the input to the hash 931 function is a CBOR Sequence. 933 o Compute an inner COSE_Encrypt0 as defined in Section 5.3 of 934 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 935 suite, K_2m, IV_2m, and the following parameters: 937 * protected = << ID_CRED_R >> 939 + ID_CRED_R - identifier to facilitate retrieval of CRED_R, 940 see Section 4.1 942 * external_aad = << TH_2, CRED_R, ? AD_2 >> 944 + CRED_R - bstr containing the credential of the Responder, 945 see Section 4.1. 947 + AD_2 = bstr containing opaque unprotected auxiliary data 949 * plaintext = h'' 951 COSE constructs the input to the AEAD [RFC5116] as follows: 953 * Key K = EDHOC-KDF( PRK_3e2m, TH_2, "K_2m", length ) 955 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_2, "IV_2m", length ) 957 * Plaintext P = 0x (the empty string) 959 * Associated data A = 961 [ "Encrypt0", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >> ] 963 MAC_2 is the 'ciphertext' of the inner COSE_Encrypt0. 965 o If the Reponder authenticates with a static Diffie-Hellman key 966 (method equals 1 or 3), then Signature_or_MAC_2 is MAC_2. If the 967 Reponder authenticates with a signature key (method equals 0 or 968 2), then Signature_or_MAC_2 is the 'signature' of a COSE_Sign1 969 object as defined in Section 4.4 of [RFC8152] using the signature 970 algorithm in the selected cipher suite, the private authentication 971 key of the Responder, and the following parameters: 973 * protected = << ID_CRED_R >> 975 * external_aad = << TH_2, CRED_R, ? AD_2 >> 977 * payload = MAC_2 979 COSE constructs the input to the Signature Algorithm as: 981 * The key is the private authentication key of the Responder. 983 * The message M to be signed = 985 [ "Signature1", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >>, 986 MAC_2 ] 988 o CIPHERTEXT_2 is the ciphertext resulting from XOR encrypting a 989 plaintext with the following common parameters: 991 * plaintext = ( ID_CRED_R / bstr_identifier, Signature_or_MAC_2, 992 ? AD_2 ) 994 + Note that if ID_CRED_R contains a single 'kid' parameter, 995 i.e., ID_CRED_R = { 4 : kid_R }, only the byte string kid_R 996 is conveyed in the plaintext encoded as an bstr_identifier, 997 see Section 4.1. 999 * CIPHERTEXT_2 = plaintext XOR K_2e 1001 * K_2e = EDHOC-KDF( PRK_2e, TH_2, "K_2e", length ), where length 1002 is the length of the plaintext. 1004 o Encode message_2 as a sequence of CBOR encoded data items as 1005 specified in Section 4.3.1. 1007 4.3.3. Initiator Processing of Message 2 1009 The Initiator SHALL process message_2 as follows: 1011 o Decode message_2 (see Appendix A.1). 1013 o Retrieve the protocol state using the connection identifier C_I 1014 and/or other external information such as the CoAP Token and the 1015 5-tuple. 1017 o Decrypt CIPHERTEXT_2. The decryption process depends on the 1018 method, see Section 4.3.2. 1020 o Verify that the identity of the Responder is among the allowed 1021 identities for this connection. 1023 o Verify Signature_or_MAC_2 using the algorithm in the selected 1024 cipher suite. The verification process depends on the method, see 1025 Section 4.3.2. 1027 o Pass AD_2 to the security application. 1029 If any verification step fails, the Responder MUST send an EDHOC 1030 error message back, formatted as defined in Section 6, and the 1031 protocol MUST be discontinued. 1033 4.4. EDHOC Message 3 1035 4.4.1. Formatting of Message 3 1037 message_3 and data_3 SHALL be CBOR Sequences (see Appendix A.1) as 1038 defined below 1040 message_3 = ( 1041 data_3, 1042 CIPHERTEXT_3 : bstr, 1043 ) 1044 data_3 = ( 1045 ? C_R : bstr_identifier, 1046 ) 1048 4.4.2. Initiator Processing of Message 3 1050 The Initiator SHALL compose message_3 as follows: 1052 o If corr (METHOD_CORR mod 4) equals 2 or 3, C_R is omitted, 1053 otherwise C_R is not omitted. 1055 o Compute the transcript hash TH_3 = H(TH_2 , CIPHERTEXT_2, data_3) 1056 where H() is the hash function in the the selected cipher suite. 1057 The transcript hash TH_3 is a CBOR encoded bstr and the input to 1058 the hash function is a CBOR Sequence. 1060 o Compute an inner COSE_Encrypt0 as defined in Section 5.3 of 1061 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1062 suite, K_3m, IV_3m, and the following parameters: 1064 * protected = << ID_CRED_I >> 1066 + ID_CRED_I - identifier to facilitate retrieval of CRED_I, 1067 see Section 4.1 1069 * external_aad = << TH_3, CRED_I, ? AD_3 >> 1071 + CRED_I - bstr containing the credential of the Initiator, 1072 see Section 4.1. 1074 + AD_3 = bstr containing opaque protected auxiliary data 1076 * plaintext = h'' 1078 COSE constructs the input to the AEAD [RFC5116] as follows: 1080 * Key K = EDHOC-KDF( PRK_4x3m, TH_3, "K_3m", length ) 1082 * Nonce N = EDHOC-KDF( PRK_4x3m, TH_3, "IV_3m", length ) 1084 * Plaintext P = 0x (the empty string) 1086 * Associated data A = 1088 [ "Encrypt0", << ID_CRED_I >>, << TH_3, CRED_I, ? AD_3 >> ] 1090 MAC_3 is the 'ciphertext' of the inner COSE_Encrypt0. 1092 o If the Initiator authenticates with a static Diffie-Hellman key 1093 (method equals 2 or 3), then Signature_or_MAC_3 is MAC_3. If the 1094 Initiator authenticates with a signature key (method equals 0 or 1095 1), then Signature_or_MAC_3 is the 'signature' of a COSE_Sign1 1096 object as defined in Section 4.4 of [RFC8152] using the signature 1097 algorithm in the selected cipher suite, the private authentication 1098 key of the Initiator, and the following parameters: 1100 * protected = << ID_CRED_I >> 1102 * external_aad = << TH_3, CRED_I, ? AD_3 >> 1104 * payload = MAC_3 1106 COSE constructs the input to the Signature Algorithm as: 1108 * The key is the private authentication key of the Initiator. 1110 * The message M to be signed = 1112 [ "Signature1", << ID_CRED_I >>, << TH_3, CRED_I, ? AD_3 >>, 1113 MAC_3 ] 1115 o Compute an outer COSE_Encrypt0 as defined in Section 5.3 of 1116 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1117 suite, K_3ae, IV_3ae, and the following parameters. The protected 1118 header SHALL be empty. 1120 * external_aad = TH_3 1122 * plaintext = ( ID_CRED_I / bstr_identifier, Signature_or_MAC_3, 1123 ? AD_3 ) 1125 + Note that if ID_CRED_I contains a single 'kid' parameter, 1126 i.e., ID_CRED_I = { 4 : kid_I }, only the byte string kid_I 1127 is conveyed in the plaintext encoded as an bstr_identifier, 1128 see Section 4.1. 1130 COSE constructs the input to the AEAD [RFC5116] as follows: 1132 * Key K = EDHOC-KDF( PRK_3e2m, TH_3, "K_3ae", length ) 1134 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_3, "IV_3ae", length ) 1136 * Plaintext P = ( ID_CRED_I / bstr_identifier, 1137 Signature_or_MAC_3, ? AD_3 ) 1139 * Associated data A = [ "Encrypt0", h'', TH_3 ] 1140 CIPHERTEXT_3 is the 'ciphertext' of the outer COSE_Encrypt0. 1142 o Encode message_3 as a sequence of CBOR encoded data items as 1143 specified in Section 4.4.1. 1145 Pass the connection identifiers (C_I, C_R) and the application 1146 algorithms in the selected cipher suite to the application. The 1147 application can now derive application keys using the EDHOC-Exporter 1148 interface. 1150 4.4.3. Responder Processing of Message 3 1152 The Responder SHALL process message_3 as follows: 1154 o Decode message_3 (see Appendix A.1). 1156 o Retrieve the protocol state using the connection identifier C_R 1157 and/or other external information such as the CoAP Token and the 1158 5-tuple. 1160 o Decrypt and verify the outer COSE_Encrypt0 as defined in 1161 Section 5.3 of [RFC8152], with the EDHOC AEAD algorithm in the 1162 selected cipher suite, K_3ae, and IV_3ae. 1164 o Verify that the identity of the Initiator is among the allowed 1165 identities for this connection. 1167 o Verify Signature_or_MAC_3 using the algorithm in the selected 1168 cipher suite. The verification process depends on the method, see 1169 Section 4.4.2. 1171 o Pass AD_3, the connection identifiers (C_I, C_R), and the 1172 application algorithms in the selected cipher suite to the 1173 security application. The application can now derive application 1174 keys using the EDHOC-Exporter interface. 1176 If any verification step fails, the Responder MUST send an EDHOC 1177 error message back, formatted as defined in Section 6, and the 1178 protocol MUST be discontinued. 1180 5. EDHOC Authenticated with Symmetric Keys 1182 5.1. Overview 1184 EDHOC supports authentication with pre-shared keys (authentication 1185 method = 4, see Section 9.2). The Initiator and the Responder are 1186 assumed to have a pre-shared key (PSK) with a good amount of 1187 randomness and the requirement that: 1189 o Only the Initiator and the Responder SHALL have access to the PSK, 1191 o The Responder is able to retrieve the PSK using ID_PSK. 1193 where the identifier ID_PSK is a COSE header_map (i.e. a CBOR map 1194 containing COSE Common Header Parameters, see [RFC8152]) containing 1195 COSE header parameter that can identify a pre-shared key. Pre-shared 1196 keys are typically stored as COSE_Key objects and identified with a 1197 'kid' parameter (see [RFC8152]): 1199 o ID_PSK = { 4 : kid_psk } , where kid_psk : bstr 1201 The purpose of ID_PSK is to facilitate retrieval of the PSK and in 1202 the case a 'kid' parameter is used it may be very short. It is 1203 RECOMMENDED that it uniquely identify the PSK as the recipient may 1204 otherwise have to try several keys. 1206 EDHOC with symmetric key authentication is illustrated in Figure 5. 1208 Initiator Responder 1209 | METHOD_CORR, SUITES_I, G_X, C_I, ID_PSK, AD_1 | 1210 +------------------------------------------------------------------>| 1211 | message_1 | 1212 | | 1213 | C_I, G_Y, C_R, AEAD(K_2ae; TH_2, AD_2) | 1214 |<------------------------------------------------------------------+ 1215 | message_2 | 1216 | | 1217 | C_R, AEAD(K_3ae; TH_3, AD_3) | 1218 +------------------------------------------------------------------>| 1219 | message_3 | 1221 Figure 5: Overview of EDHOC with symmetric key authentication. 1223 EDHOC with symmetric key authentication is very similar to EDHOC with 1224 asymmetric authentication. In the following subsections the 1225 differences compared to EDHOC with asymmetric authentication are 1226 described. 1228 5.2. EDHOC Message 1 1230 5.2.1. Formatting of Message 1 1232 message_1 SHALL be a CBOR Sequence (see Appendix A.1) as defined 1233 below 1234 message_1 = ( 1235 METHOD_CORR : int, 1236 SUITES_I : [ selected : suite, supported : 2* suite ] / suite, 1237 G_X : bstr, 1238 C_I : bstr_identifier, 1239 ID_PSK : header_map / bstr_identifier, 1240 ? AD_1 : bstr, 1241 ) 1243 where: 1245 o METHOD_CORR = 4 * method + corr, where method = 4 and the 1246 connection parameter corr is chosen based on the transport and 1247 determines which connection identifiers that are omitted (see 1248 Section 3.1). 1250 o ID_PSK - identifier to facilitate retrieval of the pre-shared key. 1251 If ID_PSK contains a single 'kid' parameter, i.e., ID_PSK = { 4 : 1252 kid_psk }, only the byte string kid_psk is conveyed encoded as an 1253 bstr_identifier. 1255 5.3. EDHOC Message 2 1257 5.3.1. Processing of Message 2 1259 o Signature_or_MAC_2 is not used. 1261 o The outer COSE_Encrypt0 is computed as defined in Section 5.3 of 1262 [RFC8152], with the EDHOC AEAD algorithm in the selected cipher 1263 suite, K_2ae, IV_2ae, and the following parameters. The protected 1264 header SHALL be empty. 1266 * plaintext = ? AD_2 1268 + AD_2 = bstr containing opaque unprotected auxiliary data 1270 * external_aad = TH_2 1272 COSE constructs the input to the AEAD [RFC5116] as follows: 1274 * Key K = EDHOC-KDF( PRK_2e, TH_2, "K_2ae", length ) 1276 * Nonce N = EDHOC-KDF( PRK_2e, TH_2, "IV_2ae", length ) 1278 * Plaintext P = ? AD_2 1280 * Associated data A = [ "Encrypt0", h'', TH_2 ] 1282 5.4. EDHOC Message 3 1284 5.4.1. Processing of Message 3 1286 o Signature_or_MAC_3 is not used. 1288 o COSE_Encrypt0 is computed as defined in Section 5.3 of [RFC8152], 1289 with the EDHOC AEAD algorithm in the selected cipher suite, K_3ae, 1290 IV_3ae, and the following parameters. The protected header SHALL 1291 be empty. 1293 * plaintext = ? AD_3 1295 + AD_3 = bstr containing opaque protected auxiliary data 1297 * external_aad = TH_3 1299 COSE constructs the input to the AEAD [RFC5116] as follows: 1301 * Key K = EDHOC-KDF( PRK_3e2m, TH_3, "K_3ae", length ) 1303 * Nonce N = EDHOC-KDF( PRK_3e2m, TH_3, "IV_3ae", length ) 1305 * Plaintext P = ? AD_3 1307 * Associated data A = [ "Encrypt0", h'', TH_3 ] 1309 6. Error Handling 1311 6.1. EDHOC Error Message 1313 This section defines a message format for the EDHOC error message, 1314 used during the protocol. An EDHOC error message can be sent by both 1315 parties as a reply to any non-error EDHOC message. After sending an 1316 error message, the protocol MUST be discontinued. Errors at the 1317 EDHOC layer are sent as normal successful messages in the lower 1318 layers (e.g. CoAP POST and 2.04 Changed). An advantage of using 1319 such a construction is to avoid issues created by usage of cross 1320 protocol proxies (e.g. UDP to TCP). 1322 error SHALL be a CBOR Sequence (see Appendix A.1) as defined below 1324 error = ( 1325 ? C_x : bstr_identifier, 1326 ERR_MSG : tstr, 1327 ? SUITES_R : [ supported : 2* suite ] / suite, 1328 ) 1329 where: 1331 o C_x - if error is sent by the Responder and corr (METHOD_CORR mod 1332 4) equals 0 or 2 then C_x is set to C_I, else if error is sent by 1333 the Initiator and corr (METHOD_CORR mod 4) equals 0 or 1 then C_x 1334 is set to C_R, else C_x is omitted. 1336 o ERR_MSG - text string containing the diagnostic payload, defined 1337 in the same way as in Section 5.5.2 of [RFC7252]. ERR_MSG MAY be 1338 a 0-length text string. 1340 o SUITES_R - cipher suites from SUITES_I or the EDHOC cipher suites 1341 registry that the Responder supports. SUITES_R MUST only be 1342 included in replies to message_1. If a single supported cipher 1343 suite is conveyed then the supported cipher suite is encoded as an 1344 int instead of an array. 1346 6.1.1. Example Use of EDHOC Error Message with SUITES_R 1348 Assuming that the Initiator supports the five cipher suites 5, 6, 7, 1349 8, and 9 in decreasing order of preference, Figures 6 and 7 show 1350 examples of how the Responder can truncate SUITES_I and how SUITES_R 1351 is used by the Responder to give the Initiator information about the 1352 cipher suites that the Responder supports. In Figure 6, the 1353 Responder supports cipher suite 6 but not the selected cipher suite 1354 5. 1356 Initiator Responder 1357 | METHOD_CORR, SUITES_I = [5, 5, 6, 7], G_X, C_I, AD_1 | 1358 +------------------------------------------------------------------>| 1359 | message_1 | 1360 | | 1361 | C_I, ERR_MSG, SUITES_R = 6 | 1362 |<------------------------------------------------------------------+ 1363 | error | 1364 | | 1365 | METHOD_CORR, SUITES_I = [6, 5, 6], G_X, C_I, AD_1 | 1366 +------------------------------------------------------------------>| 1367 | message_1 | 1369 Figure 6: Example use of error message with SUITES_R. 1371 In Figure 7, the Responder supports cipher suite 7 but not cipher 1372 suites 5 and 6. 1374 Initiator Responder 1375 | METHOD_CORR, SUITES_I = [5, 5, 6], G_X, C_I, AD_1 | 1376 +------------------------------------------------------------------>| 1377 | message_1 | 1378 | | 1379 | C_I, ERR_MSG, SUITES_R = [7, 9] | 1380 |<------------------------------------------------------------------+ 1381 | error | 1382 | | 1383 | METHOD_CORR, SUITES_I = [7, 5, 6, 7], G_X, C_I, AD_1 | 1384 +------------------------------------------------------------------>| 1385 | message_1 | 1387 Figure 7: Example use of error message with SUITES_R. 1389 As the Initiator's list of supported cipher suites and order of 1390 preference is fixed, and the Responder only accepts message_1 if the 1391 selected cipher suite is the first cipher suite in SUITES_I that the 1392 Responder supports, the parties can verify that the selected cipher 1393 suite is the most preferred (by the Initiator) cipher suite supported 1394 by both parties. If the selected cipher suite is not the first 1395 cipher suite in SUITES_I that the Responder supports, the Responder 1396 will discontinue the protocol. 1398 7. Transferring EDHOC and Deriving an OSCORE Context 1400 7.1. Transferring EDHOC in CoAP 1402 It is recommended to transport EDHOC as an exchange of CoAP [RFC7252] 1403 messages. CoAP is a reliable transport that can preserve packet 1404 ordering and handle message duplication. CoAP can also perform 1405 fragmentation and protect against denial of service attacks. It is 1406 recommended to carry the EDHOC messages in Confirmable messages, 1407 especially if fragmentation is used. 1409 By default, the CoAP client is the Initiator and the CoAP server is 1410 the Responder, but the roles SHOULD be chosen to protect the most 1411 sensitive identity, see Section 8. By default, EDHOC is transferred 1412 in POST requests and 2.04 (Changed) responses to the Uri-Path: 1413 "/.well-known/edhoc", but an application may define its own path that 1414 can be discovered e.g. using resource directory 1415 [I-D.ietf-core-resource-directory]. 1417 By default, the message flow is as follows: EDHOC message_1 is sent 1418 in the payload of a POST request from the client to the server's 1419 resource for EDHOC. EDHOC message_2 or the EDHOC error message is 1420 sent from the server to the client in the payload of a 2.04 (Changed) 1421 response. EDHOC message_3 or the EDHOC error message is sent from 1422 the client to the server's resource in the payload of a POST request. 1423 If needed, an EDHOC error message is sent from the server to the 1424 client in the payload of a 2.04 (Changed) response. 1426 An example of a successful EDHOC exchange using CoAP is shown in 1427 Figure 8. In this case the CoAP Token enables the Initiator to 1428 correlate message_1 and message_2 so the correlation parameter corr = 1429 1. 1431 Client Server 1432 | | 1433 +--------->| Header: POST (Code=0.02) 1434 | POST | Uri-Path: "/.well-known/edhoc" 1435 | | Content-Format: application/edhoc 1436 | | Payload: EDHOC message_1 1437 | | 1438 |<---------+ Header: 2.04 Changed 1439 | 2.04 | Content-Format: application/edhoc 1440 | | Payload: EDHOC message_2 1441 | | 1442 +--------->| Header: POST (Code=0.02) 1443 | POST | Uri-Path: "/.well-known/edhoc" 1444 | | Content-Format: application/edhoc 1445 | | Payload: EDHOC message_3 1446 | | 1447 |<---------+ Header: 2.04 Changed 1448 | 2.04 | 1449 | | 1451 Figure 8: Transferring EDHOC in CoAP 1453 The exchange in Figure 8 protects the client identity against active 1454 attackers and the server identity against passive attackers. An 1455 alternative exchange that protects the server identity against active 1456 attackers and the client identity against passive attackers is shown 1457 in Figure 9. In this case the CoAP Token enables the Responder to 1458 correlate message_2 and message_3 so the correlation parameter corr = 1459 2. 1461 Client Server 1462 | | 1463 +--------->| Header: POST (Code=0.02) 1464 | POST | Uri-Path: "/.well-known/edhoc" 1465 | | 1466 |<---------+ Header: 2.04 Changed 1467 | 2.04 | Content-Format: application/edhoc 1468 | | Payload: EDHOC message_1 1469 | | 1470 +--------->| Header: POST (Code=0.02) 1471 | POST | Uri-Path: "/.well-known/edhoc" 1472 | | Content-Format: application/edhoc 1473 | | Payload: EDHOC message_2 1474 | | 1475 |<---------+ Header: 2.04 Changed 1476 | 2.04 | Content-Format: application/edhoc 1477 | | Payload: EDHOC message_3 1478 | | 1480 Figure 9: Transferring EDHOC in CoAP 1482 To protect against denial-of-service attacks, the CoAP server MAY 1483 respond to the first POST request with a 4.01 (Unauthorized) 1484 containing an Echo option [I-D.ietf-core-echo-request-tag]. This 1485 forces the initiator to demonstrate its reachability at its apparent 1486 network address. If message fragmentation is needed, the EDHOC 1487 messages may be fragmented using the CoAP Block-Wise Transfer 1488 mechanism [RFC7959]. 1490 7.1.1. Deriving an OSCORE Context from EDHOC 1492 When EDHOC is used to derive parameters for OSCORE [RFC8613], the 1493 parties make sure that the EDHOC connection identifiers are unique, 1494 i.e. C_R MUST NOT be equal to C_I. The CoAP client and server MUST 1495 be able to retrieve the OSCORE protocol state using its chosen 1496 connection identifier and optionally other information such as the 1497 5-tuple. In case that the CoAP client is the Initiator and the CoAP 1498 server is the Responder: 1500 o The client's OSCORE Sender ID is C_R and the server's OSCORE 1501 Sender ID is C_I, as defined in this document 1503 o The AEAD Algorithm and the hash algorithm are the application AEAD 1504 and hash algorithms in the selected cipher suite. 1506 o The Master Secret and Master Salt are derived as follows where 1507 length is the key length (in bytes) of the application AEAD 1508 Algorithm. 1510 Master Secret = EDHOC-Exporter( "OSCORE Master Secret", length ) 1511 Master Salt = EDHOC-Exporter( "OSCORE Master Salt", 8 ) 1513 8. Security Considerations 1515 8.1. Security Properties 1517 EDHOC inherits its security properties from the theoretical SIGMA-I 1518 protocol [SIGMA]. Using the terminology from [SIGMA], EDHOC provides 1519 perfect forward secrecy, mutual authentication with aliveness, 1520 consistency, peer awareness. As described in [SIGMA], peer awareness 1521 is provided to the Responder, but not to the Initiator. 1523 When a Public Key Infrastructure (PKI) is used, EDHOC provides 1524 identity protection of the Initiator against active attacks and 1525 identity protection of the Responder against passive attacks. When 1526 PKI is not used (kid, x5t) the identity is not sent on the wire and 1527 EDHOC with asymmetric authentication protects the credential 1528 identifier of the Initiator against active attacks and the credential 1529 identifier of the Responder against passive attacks. The roles 1530 should be assigned to protect the most sensitive identity/identifier, 1531 typically that which is not possible to infer from routing 1532 information in the lower layers. EDHOC with symmetric authentication 1533 does not offer protection of the PSK identifier ID_PSK. 1535 Compared to [SIGMA], EDHOC adds an explicit method type and expands 1536 the message authentication coverage to additional elements such as 1537 algorithms, auxiliary data, and previous messages. This protects 1538 against an attacker replaying messages or injecting messages from 1539 another session. 1541 EDHOC also adds negotiation of connection identifiers and downgrade 1542 protected negotiation of cryptographic parameters, i.e. an attacker 1543 cannot affect the negotiated parameters. A single session of EDHOC 1544 does not include negotiation of cipher suites, but it enables the 1545 Responder to verify that the selected cipher suite is the most 1546 preferred cipher suite by the Initiator which is supported by both 1547 the Initiator and the Responder. 1549 As required by [RFC7258], IETF protocols need to mitigate pervasive 1550 monitoring when possible. One way to mitigate pervasive monitoring 1551 is to use a key exchange that provides perfect forward secrecy. 1552 EDHOC therefore only supports methods with perfect forward secrecy. 1553 To limit the effect of breaches, it is important to limit the use of 1554 symmetrical group keys for bootstrapping. EDHOC therefore strives to 1555 make the additional cost of using raw public keys and self-signed 1556 certificates as small as possible. Raw public keys and self-signed 1557 certificates are not a replacement for a public key infrastructure, 1558 but SHOULD be used instead of symmetrical group keys for 1559 bootstrapping. 1561 Compromise of the long-term keys (PSK or private authentication keys) 1562 does not compromise the security of completed EDHOC exchanges. 1563 Compromising the private authentication keys of one party lets an 1564 active attacker impersonate that compromised party in EDHOC exchanges 1565 with other parties, but does not let the attacker impersonate other 1566 parties in EDHOC exchanges with the compromised party. Compromising 1567 the PSK lets an active attacker impersonate the Initiator in EDHOC 1568 exchanges with the Responder and impersonate the Responder in EDHOC 1569 exchanges with the Initiator. Compromise of the long-term keys does 1570 not enable a passive attacker to compromise future session keys. 1571 Compromise of the HDKF input parameters (ECDH shared secret and/or 1572 PSK) leads to compromise of all session keys derived from that 1573 compromised shared secret. Compromise of one session key does not 1574 compromise other session keys. 1576 Key compromise impersonation (KCI): In EDHOC authenticated with 1577 signature keys, EDHOC provides KCI protection against an attacker 1578 having access to the long term key or the ephemeral secret key. In 1579 EDHOC authenticated with symmetric keys, EDHOC provides KCI 1580 protection against an attacker having access to the ephemeral secret 1581 key, but not against an attacker having access to the long-term PSK. 1582 With static Diffie-Hellman key authentication, KCI protection would 1583 be provided against an attacker having access to the long-term 1584 Diffie-Hellman key, but not to an attacker having access to the 1585 ephemeral secret key. Note that the term KCI has typically been used 1586 for compromise of long-term keys, and that an attacker with access to 1587 the ephemeral secret key can only attack that specific protocol run. 1589 Repudiation: In EDHOC authenticated with signature keys, Party U 1590 could theoretically prove that Party V performed a run of the 1591 protocol by presenting the private ephemeral key, and vice versa. 1592 Note that storing the private ephemeral keys violates the protocol 1593 requirements. With static Diffie-Hellman key authentication or PSK 1594 authentication, both parties can always deny having participated in 1595 the protocol. 1597 8.2. Cryptographic Considerations 1599 The security of the SIGMA protocol requires the MAC to be bound to 1600 the identity of the signer. Hence the message authenticating 1601 functionality of the authenticated encryption in EDHOC is critical: 1602 authenticated encryption MUST NOT be replaced by plain encryption 1603 only, even if authentication is provided at another level or through 1604 a different mechanism. EDHOC implements SIGMA-I using the same Sign- 1605 then-MAC approach as TLS 1.3. 1607 To reduce message overhead EDHOC does not use explicit nonces and 1608 instead rely on the ephemeral public keys to provide randomness to 1609 each session. A good amount of randomness is important for the key 1610 generation, to provide liveness, and to protect against interleaving 1611 attacks. For this reason, the ephemeral keys MUST NOT be reused, and 1612 both parties SHALL generate fresh random ephemeral key pairs. 1614 The choice of key length used in the different algorithms needs to be 1615 harmonized, so that a sufficient security level is maintained for 1616 certificates, EDHOC, and the protection of application data. The 1617 Initiator and the Responder should enforce a minimum security level. 1619 The data rates in many IoT deployments are very limited. Given that 1620 the application keys are protected as well as the long-term 1621 authentication keys they can often be used for years or even decades 1622 before the cryptographic limits are reached. If the application keys 1623 established through EDHOC need to be renewed, the communicating 1624 parties can derive application keys with other labels or run EDHOC 1625 again. 1627 8.3. Cipher Suites 1629 Cipher suite number 0 (AES-CCM-16-64-128, SHA-256, X25519, EdDSA, 1630 Ed25519, AES-CCM-16-64-128, SHA-256) is mandatory to implement. 1631 Implementations only need to implement the algorithms needed for 1632 their supported methods. For many constrained IoT devices it is 1633 problematic to support more than one cipher suites, so some 1634 deployments with P-256 may not support the mandatory cipher suite. 1635 This is not a problem for local deployments. 1637 The HMAC algorithm HMAC 256/64 (HMAC w/ SHA-256 truncated to 64 bits) 1638 SHALL NOT be supported for use in EDHOC. 1640 8.4. Unprotected Data 1642 The Initiator and the Responder must make sure that unprotected data 1643 and metadata do not reveal any sensitive information. This also 1644 applies for encrypted data sent to an unauthenticated party. In 1645 particular, it applies to AD_1, ID_CRED_R, AD_2, and ERR_MSG in the 1646 asymmetric case, and ID_PSK, AD_1, and ERR_MSG in the symmetric case. 1647 Using the same ID_PSK or AD_1 in several EDHOC sessions allows 1648 passive eavesdroppers to correlate the different sessions. The 1649 communicating parties may therefore anonymize ID_PSK. Another 1650 consideration is that the list of supported cipher suites may be used 1651 to identify the application. 1653 The Initiator and the Responder must also make sure that 1654 unauthenticated data does not trigger any harmful actions. In 1655 particular, this applies to AD_1 and ERR_MSG in the asymmetric case, 1656 and ID_PSK, AD_1, and ERR_MSG in the symmetric case. 1658 8.5. Denial-of-Service 1660 EDHOC itself does not provide countermeasures against Denial-of- 1661 Service attacks. By sending a number of new or replayed message_1 an 1662 attacker may cause the Responder to allocate state, perform 1663 cryptographic operations, and amplify messages. To mitigate such 1664 attacks, an implementation SHOULD rely on lower layer mechanisms such 1665 as the Echo option in CoAP [I-D.ietf-core-echo-request-tag] that 1666 forces the initiator to demonstrate reachability at its apparent 1667 network address. 1669 8.6. Implementation Considerations 1671 The availability of a secure pseudorandom number generator and truly 1672 random seeds are essential for the security of EDHOC. If no true 1673 random number generator is available, a truly random seed must be 1674 provided from an external source. As each pseudorandom number must 1675 only be used once, an implementation need to get a new truly random 1676 seed after reboot, or continuously store state in nonvolatile memory, 1677 see ([RFC8613], Appendix B.1.1) for issues and solution approaches 1678 for writing to nonvolatile memory. If ECDSA is supported, 1679 "deterministic ECDSA" as specified in [RFC6979] is RECOMMENDED. 1681 The referenced processing instructions in [SP-800-56A] must be 1682 complied with, including deleting the intermediate computed values 1683 along with any ephemeral ECDH secrets after the key derivation is 1684 completed. The ECDH shared secret, keys, and IVs MUST be secret. 1685 Implementations should provide countermeasures to side-channel 1686 attacks such as timing attacks. Depending on the selected curve, the 1687 parties should perform various validations of each other's public 1688 keys, see e.g. Section 5 of [SP-800-56A]. 1690 The Initiator and the Responder are responsible for verifying the 1691 integrity of certificates. The selection of trusted CAs should be 1692 done very carefully and certificate revocation should be supported. 1693 The private authentication keys and the PSK (even though it is used 1694 as salt) MUST be kept secret. 1696 The Initiator and the Responder are allowed to select the connection 1697 identifiers C_I and C_R, respectively, for the other party to use in 1698 the ongoing EDHOC protocol as well as in a subsequent application 1699 protocol (e.g. OSCORE [RFC8613]). The choice of connection 1700 identifier is not security critical in EDHOC but intended to simplify 1701 the retrieval of the right security context in combination with using 1702 short identifiers. If the wrong connection identifier of the other 1703 party is used in a protocol message it will result in the receiving 1704 party not being able to retrieve a security context (which will 1705 terminate the protocol) or retrieve the wrong security context (which 1706 also terminates the protocol as the message cannot be verified). 1708 The Responder MUST finish the verification step of message_3 before 1709 passing AD_3 to the application. 1711 If two nodes unintentionally initiate two simultaneous EDHOC message 1712 exchanges with each other even if they only want to complete a single 1713 EDHOC message exchange, they MAY terminate the exchange with the 1714 lexicographically smallest G_X. If the two G_X values are equal, the 1715 received message_1 MUST be discarded to mitigate reflection attacks. 1716 Note that in the case of two simultaneous EDHOC exchanges where the 1717 nodes only complete one and where the nodes have different preferred 1718 cipher suites, an attacker can affect which of the two nodes' 1719 preferred cipher suites will be used by blocking the other exchange. 1721 8.7. Other Documents Referencing EDHOC 1723 EDHOC has been analyzed in several other documents. A formal 1724 verification of EDHOC was done in [SSR18], an analysis of EDHOC for 1725 certificate enrollment was done in [Kron18], the use of EDHOC in 1726 LoRaWAN is analyzed in [LoRa1] and [LoRa2], the use of EDHOC in IoT 1727 bootstrapping is analyzed in [Perez18], and the use of EDHOC in 1728 6TiSCH is described in [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. 1730 9. IANA Considerations 1732 9.1. EDHOC Cipher Suites Registry 1734 IANA has created a new registry titled "EDHOC Cipher Suites" under 1735 the new heading "EDHOC". The registration procedure is "Expert 1736 Review". The columns of the registry are Value, Array, Description, 1737 and Reference, where Value is an integer and the other columns are 1738 text strings. The initial contents of the registry are: 1740 Value: -24 1741 Algorithms: N/A 1742 Desc: Reserved for Private Use 1743 Reference: [[this document]] 1745 Value: -23 1746 Algorithms: N/A 1747 Desc: Reserved for Private Use 1748 Reference: [[this document]] 1749 Value: 0 1750 Array: 10, 5, 4, -8, 6, 10, 5 1751 Desc: AES-CCM-16-64-128, SHA-256, X25519, EdDSA, Ed25519, 1752 AES-CCM-16-64-128, SHA-256 1753 Reference: [[this document]] 1755 Value: 1 1756 Array: 30, 5, 4, -8, 6, 10, 5 1757 Desc: AES-CCM-16-128-128, SHA-256, X25519, EdDSA, Ed25519, 1758 AES-CCM-16-64-128, SHA-256 1759 Reference: [[this document]] 1761 Value: 2 1762 Array: 10, 5, 1, -7, 1, 10, 5 1763 Desc: AES-CCM-16-64-128, SHA-256, P-256, ES256, P-256, 1764 AES-CCM-16-64-128, SHA-256 1765 Reference: [[this document]] 1767 Value: 3 1768 Array: 30, 5, 1, -7, 1, 10, 5 1769 Desc: AES-CCM-16-128-128, SHA-256, P-256, ES256, P-256, 1770 AES-CCM-16-64-128, SHA-256 1771 Reference: [[this document]] 1773 9.2. EDHOC Method Type Registry 1775 IANA has created a new registry titled "EDHOC Method Type" under the 1776 new heading "EDHOC". The registration procedure is "Expert Review". 1777 The columns of the registry are Value, Description, and Reference, 1778 where Value is an integer and the other columns are text strings. 1779 The initial contents of the registry are: 1781 +-------+-------------------+-------------------+-------------------+ 1782 | Value | Initiator | Responder | Reference | 1783 +-------+-------------------+-------------------+-------------------+ 1784 | 0 | Signature Key | Signature Key | [[this document]] | 1785 | 1 | Signature Key | Static DH Key | [[this document]] | 1786 | 2 | Static DH Key | Signature Key | [[this document]] | 1787 | 3 | Static DH Key | Static DH Key | [[this document]] | 1788 | 4 | PSK | PSK | [[this document]] | 1789 +-------+-------------------+-------------------+-------------------+ 1791 Figure 10: Method Types 1793 9.3. The Well-Known URI Registry 1795 IANA has added the well-known URI 'edhoc' to the Well-Known URIs 1796 registry. 1798 o URI suffix: edhoc 1800 o Change controller: IETF 1802 o Specification document(s): [[this document]] 1804 o Related information: None 1806 9.4. Media Types Registry 1808 IANA has added the media type 'application/edhoc' to the Media Types 1809 registry. 1811 o Type name: application 1813 o Subtype name: edhoc 1815 o Required parameters: N/A 1817 o Optional parameters: N/A 1819 o Encoding considerations: binary 1821 o Security considerations: See Section 7 of this document. 1823 o Interoperability considerations: N/A 1825 o Published specification: [[this document]] (this document) 1827 o Applications that use this media type: To be identified 1829 o Fragment identifier considerations: N/A 1831 o Additional information: 1833 * Magic number(s): N/A 1835 * File extension(s): N/A 1837 * Macintosh file type code(s): N/A 1839 o Person & email address to contact for further information: See 1840 "Authors' Addresses" section. 1842 o Intended usage: COMMON 1844 o Restrictions on usage: N/A 1846 o Author: See "Authors' Addresses" section. 1848 o Change Controller: IESG 1850 9.5. CoAP Content-Formats Registry 1852 IANA has added the media type 'application/edhoc' to the CoAP 1853 Content-Formats registry. 1855 o Media Type: application/edhoc 1857 o Encoding: 1859 o ID: TBD42 1861 o Reference: [[this document]] 1863 9.6. Expert Review Instructions 1865 The IANA Registries established in this document is defined as 1866 "Expert Review". This section gives some general guidelines for what 1867 the experts should be looking for, but they are being designated as 1868 experts for a reason so they should be given substantial latitude. 1870 Expert reviewers should take into consideration the following points: 1872 o Clarity and correctness of registrations. Experts are expected to 1873 check the clarity of purpose and use of the requested entries. 1874 Expert needs to make sure the values of algorithms are taken from 1875 the right registry, when that's required. Expert should consider 1876 requesting an opinion on the correctness of registered parameters 1877 from relevant IETF working groups. Encodings that do not meet 1878 these objective of clarity and completeness should not be 1879 registered. 1881 o Experts should take into account the expected usage of fields when 1882 approving point assignment. The length of the encoded value 1883 should be weighed against how many code points of that length are 1884 left, the size of device it will be used on, and the number of 1885 code points left that encode to that size. 1887 o Specifications are recommended. When specifications are not 1888 provided, the description provided needs to have sufficient 1889 information to verify the points above. 1891 10. References 1893 10.1. Normative References 1895 [I-D.ietf-cbor-sequence] 1896 Bormann, C., "Concise Binary Object Representation (CBOR) 1897 Sequences", draft-ietf-cbor-sequence-02 (work in 1898 progress), September 2019. 1900 [I-D.ietf-core-echo-request-tag] 1901 Amsuess, C., Mattsson, J., and G. Selander, "CoAP: Echo, 1902 Request-Tag, and Token Processing", draft-ietf-core-echo- 1903 request-tag-08 (work in progress), November 2019. 1905 [I-D.ietf-cose-x509] 1906 Schaad, J., "CBOR Object Signing and Encryption (COSE): 1907 Headers for carrying and referencing X.509 certificates", 1908 draft-ietf-cose-x509-05 (work in progress), November 2019. 1910 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1911 Requirement Levels", BCP 14, RFC 2119, 1912 DOI 10.17487/RFC2119, March 1997, 1913 . 1915 [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated 1916 Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008, 1917 . 1919 [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand 1920 Key Derivation Function (HKDF)", RFC 5869, 1921 DOI 10.17487/RFC5869, May 2010, 1922 . 1924 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 1925 Curve Cryptography Algorithms", RFC 6090, 1926 DOI 10.17487/RFC6090, February 2011, 1927 . 1929 [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature 1930 Algorithm (DSA) and Elliptic Curve Digital Signature 1931 Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August 1932 2013, . 1934 [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object 1935 Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, 1936 October 2013, . 1938 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 1939 Application Protocol (CoAP)", RFC 7252, 1940 DOI 10.17487/RFC7252, June 2014, 1941 . 1943 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves 1944 for Security", RFC 7748, DOI 10.17487/RFC7748, January 1945 2016, . 1947 [RFC7959] Bormann, C. and Z. Shelby, Ed., "Block-Wise Transfers in 1948 the Constrained Application Protocol (CoAP)", RFC 7959, 1949 DOI 10.17487/RFC7959, August 2016, 1950 . 1952 [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", 1953 RFC 8152, DOI 10.17487/RFC8152, July 2017, 1954 . 1956 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1957 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1958 May 2017, . 1960 [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data 1961 Definition Language (CDDL): A Notational Convention to 1962 Express Concise Binary Object Representation (CBOR) and 1963 JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, 1964 June 2019, . 1966 [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, 1967 "Object Security for Constrained RESTful Environments 1968 (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, 1969 . 1971 [SIGMA] Krawczyk, H., "SIGMA - The 'SIGn-and-MAc' Approach to 1972 Authenticated Diffie-Hellman and Its Use in the IKE- 1973 Protocols (Long version)", June 2003, 1974 . 1976 [SP-800-56A] 1977 Barker, E., Chen, L., Roginsky, A., Vassilev, A., and R. 1978 Davis, "Recommendation for Pair-Wise Key-Establishment 1979 Schemes Using Discrete Logarithm Cryptography", 1980 NIST Special Publication 800-56A Revision 3, April 2018, 1981 . 1983 10.2. Informative References 1985 [CborMe] Bormann, C., "CBOR Playground", May 2018, 1986 . 1988 [I-D.hartke-core-e2e-security-reqs] 1989 Selander, G., Palombini, F., and K. Hartke, "Requirements 1990 for CoAP End-To-End Security", draft-hartke-core-e2e- 1991 security-reqs-03 (work in progress), July 2017. 1993 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 1994 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 1995 draft-ietf-6tisch-dtsecurity-zerotouch-join-04 (work in 1996 progress), July 2019. 1998 [I-D.ietf-ace-oauth-authz] 1999 Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and 2000 H. Tschofenig, "Authentication and Authorization for 2001 Constrained Environments (ACE) using the OAuth 2.0 2002 Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-33 2003 (work in progress), February 2020. 2005 [I-D.ietf-ace-oscore-profile] 2006 Palombini, F., Seitz, L., Selander, G., and M. Gunnarsson, 2007 "OSCORE profile of the Authentication and Authorization 2008 for Constrained Environments Framework", draft-ietf-ace- 2009 oscore-profile-09 (work in progress), March 2020. 2011 [I-D.ietf-core-resource-directory] 2012 Shelby, Z., Koster, M., Bormann, C., Stok, P., and C. 2013 Amsuess, "CoRE Resource Directory", draft-ietf-core- 2014 resource-directory-23 (work in progress), July 2019. 2016 [I-D.ietf-lwig-security-protocol-comparison] 2017 Mattsson, J. and F. Palombini, "Comparison of CoAP 2018 Security Protocols", draft-ietf-lwig-security-protocol- 2019 comparison-03 (work in progress), March 2019. 2021 [I-D.ietf-tls-dtls13] 2022 Rescorla, E., Tschofenig, H., and N. Modadugu, "The 2023 Datagram Transport Layer Security (DTLS) Protocol Version 2024 1.3", draft-ietf-tls-dtls13-34 (work in progress), 2025 November 2019. 2027 [I-D.selander-ace-ake-authz] 2028 Selander, G., Mattsson, J., Vucinic, M., and M. 2029 Richardson, "Lightweight Authorization for Authenticated 2030 Key Exchange.", draft-selander-ace-ake-authz-00 (work in 2031 progress), February 2020. 2033 [Kron18] Krontiris, A., "Evaluation of Certificate Enrollment over 2034 Application Layer Security", May 2018, 2035 . 2038 [LoRa1] Sanchez-Iborra, R., Sanchez-Gomez, J., Perez, S., 2039 Fernandez, P., Santa, J., Hernandez-Ramos, J., and A. 2040 Skarmeta, "Enhancing LoRaWAN Security through a 2041 Lightweight and Authenticated Key Management Approach", 2042 June 2018, 2043 . 2046 [LoRa2] Sanchez-Iborra, R., Sanchez-Gomez, J., Perez, S., 2047 Fernandez, P., Santa, J., Hernandez-Ramos, J., and A. 2048 Skarmeta, "Internet Access for LoRaWAN Devices Considering 2049 Security Issues", June 2018, 2050 . 2052 [Perez18] Perez, S., Garcia-Carrillo, D., Marin-Lopez, R., 2053 Hernandez-Ramos, J., Marin-Perez, R., and A. Skarmeta, 2054 "Architecture of security association establishment based 2055 on bootstrapping technologies for enabling critical IoT 2056 K", October 2018, . 2061 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 2062 Constrained-Node Networks", RFC 7228, 2063 DOI 10.17487/RFC7228, May 2014, 2064 . 2066 [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an 2067 Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2068 2014, . 2070 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 2071 Kivinen, "Internet Key Exchange Protocol Version 2 2072 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2073 2014, . 2075 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2076 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2077 . 2079 [SSR18] Bruni, A., Sahl Joergensen, T., Groenbech Petersen, T., 2080 and C. Schuermann, "Formal Verification of Ephemeral 2081 Diffie-Hellman Over COSE (EDHOC)", November 2018, 2082 . 2086 Appendix A. Use of CBOR, CDDL and COSE in EDHOC 2088 This Appendix is intended to simplify for implementors not familiar 2089 with CBOR [RFC7049], CDDL [RFC8610], COSE [RFC8152], and HKDF 2090 [RFC5869]. 2092 A.1. CBOR and CDDL 2094 The Concise Binary Object Representation (CBOR) [RFC7049] is a data 2095 format designed for small code size and small message size. CBOR 2096 builds on the JSON data model but extends it by e.g. encoding binary 2097 data directly without base64 conversion. In addition to the binary 2098 CBOR encoding, CBOR also has a diagnostic notation that is readable 2099 and editable by humans. The Concise Data Definition Language (CDDL) 2100 [RFC8610] provides a way to express structures for protocol messages 2101 and APIs that use CBOR. [RFC8610] also extends the diagnostic 2102 notation. 2104 CBOR data items are encoded to or decoded from byte strings using a 2105 type-length-value encoding scheme, where the three highest order bits 2106 of the initial byte contain information about the major type. CBOR 2107 supports several different types of data items, in addition to 2108 integers (int, uint), simple values (e.g. null), byte strings (bstr), 2109 and text strings (tstr), CBOR also supports arrays [] of data items, 2110 maps {} of pairs of data items, and sequences 2111 [I-D.ietf-cbor-sequence] of data items. Some examples are given 2112 below. For a complete specification and more examples, see [RFC7049] 2113 and [RFC8610]. We recommend implementors to get used to CBOR by 2114 using the CBOR playground [CborMe]. 2116 Diagnostic Encoded Type 2117 ------------------------------------------------------------------ 2118 1 0x01 unsigned integer 2119 24 0x1818 unsigned integer 2120 -24 0x37 negative integer 2121 -25 0x3818 negative integer 2122 null 0xf6 simple value 2123 h'12cd' 0x4212cd byte string 2124 '12cd' 0x4431326364 byte string 2125 "12cd" 0x6431326364 text string 2126 { 4 : h'cd' } 0xa10441cd map 2127 << 1, 2, null >> 0x430102f6 byte string 2128 [ 1, 2, null ] 0x830102f6 array 2129 ( 1, 2, null ) 0x0102f6 sequence 2130 1, 2, null 0x0102f6 sequence 2131 ------------------------------------------------------------------ 2133 A.2. COSE 2135 CBOR Object Signing and Encryption (COSE) [RFC8152] describes how to 2136 create and process signatures, message authentication codes, and 2137 encryption using CBOR. COSE builds on JOSE, but is adapted to allow 2138 more efficient processing in constrained devices. EDHOC makes use of 2139 COSE_Key, COSE_Encrypt0, COSE_Sign1, and COSE_KDF_Context objects. 2141 Appendix B. Test Vectors 2143 This appendix provides detailed test vectors to ease implementation 2144 and ensure interoperability. In addition to hexadecimal, all CBOR 2145 data items and sequences are given in CBOR diagnostic notation. The 2146 test vectors use the default mapping to CoAP where the Initiator acts 2147 as CoAP client (this means that corr = 1). 2149 A more extensive test vector suite covering more combinations of 2150 authentication method used between Initiator and Responder and 2151 related code to generate them can be found at 2152 https://github.com/EricssonResearch/EDHOC/tree/master/Test%20Vectors 2153 . 2155 B.1. Test Vectors for EDHOC Authenticated with Signature Keys (x5t) 2157 EDHOC with signature authentication and X.509 certificates is used. 2158 In this test vector, the hash value 'x5t' is used to identify the 2159 certificate. 2161 method (Signature Authentication) 2162 0 2163 CoaP is used as transport and the Initiator acts as CoAP client: 2165 corr (the Initiator can correlate message_1 and message_2) 2166 1 2168 From there, METHOD_CORR has the following value: 2170 METHOD_CORR (4 * method + corr) (int) 2171 1 2173 No unprotected opaque auxiliary data is sent in the message 2174 exchanges. 2176 The pre-defined Cipher Suite 0 is in place both on the Initiator and 2177 the Responder, see Section 8.3. 2179 Selected Cipher Suite (int) 2180 0 2182 B.1.1. Message_1 2184 X (Initiator's ephemeral private key) (32 bytes) 2185 8f 78 1a 09 53 72 f8 5b 6d 9f 61 09 ae 42 26 11 73 4d 7d bf a0 06 9a 2d 2186 f2 93 5b b2 e0 53 bf 35 2188 G_X (Initiator's ephemeral public key) (32 bytes) 2189 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 ec 07 6b ba 2190 02 59 d9 04 b7 ec 8b 0c 2192 The Initiator chooses a connection identifier C_I: 2194 Connection identifier chosen by Initiator (0 bytes) 2196 Since no unprotected opaque auxiliary data is sent in the message 2197 exchanges: 2199 AD_1 (0 bytes) 2201 With SUITES_I = suite = 0, message_1 is constructed, as the CBOR 2202 Sequence of the CBOR data items above. 2204 message_1 = 2205 ( 2206 1, 2207 0, 2208 h'898ff79a02067a16ea1eccb90fa52246f5aa4dd6ec076bba0259d904b7ec8b0c', 2209 h'' 2210 ) 2212 message_1 (CBOR Sequence) (37 bytes) 2213 01 00 58 20 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 2214 ec 07 6b ba 02 59 d9 04 b7 ec 8b 0c 40 2216 B.1.2. Message_2 2218 Since METHOD_CORR mod 4 equals 1, C_I is omitted from data_2. 2220 Y (Responder's ephemeral private key) (32 bytes) 2221 fd 8c d8 77 c9 ea 38 6e 6a f3 4f f7 e6 06 c4 b6 4c a8 31 c8 ba 33 13 4f 2222 d4 cd 71 67 ca ba ec da 2224 G_Y (Responder's ephemeral public key) (32 bytes) 2225 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 19 52 2226 81 75 4c 5e bc af 30 1e 2228 From G_X and Y or from G_Y and X the ECDH shared secret is computed: 2230 G_XY (ECDH shared secret) (32 bytes) 2231 2b b7 fa 6e 13 5b c3 35 d0 22 d6 34 cb fb 14 b3 f5 82 f3 e2 e3 af b2 b3 2232 15 04 91 49 5c 61 78 2b 2234 The key and nonce for calculating the ciphertext are calculated as 2235 follows, as specified in Section 3.8. 2237 HKDF SHA-256 is the HKDF used (as defined by cipher suite 0). 2239 PRK_2e = HMAC-SHA-256(salt, G_XY) 2241 Since this is the asymmetric case, salt is the empty byte string. 2243 salt (0 bytes) 2245 From there, PRK_2e is computed: 2247 PRK_2e (32 bytes) 2248 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2249 d8 2f be b7 99 71 39 4a 2250 SK_R (Responders's private authentication key) (32 bytes) 2251 df 69 27 4d 71 32 96 e2 46 30 63 65 37 2b 46 83 ce d5 38 1b fc ad cd 44 2252 0a 24 c3 91 d2 fe db 94 2254 Since neither the Initiator nor the Responder authanticates with a 2255 static Diffie-Hellman key, PRK_3e2m = PRK_2e 2257 PRK_3e2m (32 bytes) 2258 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2259 d8 2f be b7 99 71 39 4a 2261 The Responder chooses a connection identifier C_R. 2263 Connection identifier chosen by Responder (1 bytes) 2264 2b 2266 Data_2 is constructed, as the CBOR Sequence of G_Y and C_R. 2268 data_2 = 2269 ( 2270 h'71a3d599c21da18902a1aea810b2b6382ccd8d5f9bf0195281754c5ebcaf301e', 2271 h'2b' 2272 ) 2274 data_2 (CBOR Sequence) (35 bytes) 2275 58 20 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 2276 19 52 81 75 4c 5e bc af 30 1e 13 2278 From data_2 and message_1, compute the input to the transcript hash 2279 TH_2 = H( message_1, data_2 ), as a CBOR Sequence of these 2 data 2280 items. 2282 Input to calculate TH_2 (CBOR Sequence) (72 bytes) 2283 01 00 58 20 89 8f f7 9a 02 06 7a 16 ea 1e cc b9 0f a5 22 46 f5 aa 4d d6 2284 ec 07 6b ba 02 59 d9 04 b7 ec 8b 0c 40 58 20 71 a3 d5 99 c2 1d a1 89 02 2285 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 19 52 81 75 4c 5e bc af 30 1e 13 2287 And from there, compute the transcript hash TH_2 = SHA-256( 2288 message_1, data_2 ) 2290 TH_2 (32 bytes) 2291 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 b9 ca fb 60 2292 9d e4 f6 a1 76 0d 6c f7 2294 The Responder's subject name is the empty string: 2296 Responders's subject name (text string) 2297 "" 2298 And because 'x5t' has value certificate are used, ID_CRED_R is the 2299 following: 2301 ID_CRED_x = { 34 : COSE_CertHash }, for x = I or R, and since the 2302 SHA-2 256-bit Hash truncated to 64-bits is used (value -15): 2304 ID_CRED_R = 2305 { 2306 34: [-15, h'FC79990F2431A3F5'] 2307 } 2309 ID_CRED_R (14 bytes) 2310 a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 f5 2312 CRED_R is the certificate encoded as a byte string: 2314 CRED_R (112 bytes) 2315 58 6e 47 62 4d c9 cd c6 82 4b 2a 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 2316 4b f9 03 15 00 ce e6 86 99 79 c2 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 2317 5c 50 db 78 97 4c 27 15 79 b0 16 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 2318 18 0b 5a 6a f3 1e 80 20 9a 08 5c fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 2319 0f fb 8e 3f 9a 32 a5 08 59 ec d0 bf cf f2 c2 18 2321 Since no unprotected opaque auxiliary data is sent in the message 2322 exchanges: 2324 AD_2 (0 bytes) 2326 The Plaintext is defined as the empty string: 2328 P_2m (0 bytes) 2330 The Enc_structure is defined as follows: [ "Encrypt0", 2331 << ID_CRED_R >>, << TH_2, CRED_R >> ] 2333 A_2m = 2334 [ 2335 "Encrypt0", 2336 h'A11822822E48FC79990F2431A3F5', 2337 h'5820B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF 2338 7586E47624DC9CDC6824B2A4C52E95EC9D6B0534B71C2B49E4BF9031500CEE6869979 2339 C297BB5A8B381E98DB714108415E5C50DB78974C271579B01633A3EF6271BE5C225EB 2340 28F9CF6180B5A6AF31E80209A085CFBF95F3FDCF9B18B693D6C0E0D0FFB8E3F9A32A5 2341 0859ECD0BFCFF2C218' 2342 ] 2344 Which encodes to the following byte string to be used as Additional 2345 Authenticated Data: 2347 A_2m (CBOR-encoded) (173 bytes) 2348 83 68 45 6e 63 72 79 70 74 30 4e a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 2349 f5 58 92 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 2350 47 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 58 6e 47 62 4d c9 cd c6 82 4b 2a 2351 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 4b f9 03 15 00 ce e6 86 99 79 c2 2352 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 5c 50 db 78 97 4c 27 15 79 b0 16 2353 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 18 0b 5a 6a f3 1e 80 20 9a 08 5c 2354 fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 0f fb 8e 3f 9a 32 a5 08 59 ec d0 2355 bf cf f2 c2 18 2357 info for K_2m is defined as follows: 2359 info for K_2m = 2360 [ 2361 10, 2362 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2363 "K_2m", 2364 16 2365 ] 2367 Which as a CBOR encoded data item is: 2369 info for K_2m (CBOR-encoded) (42 bytes) 2370 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2371 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 64 4b 5f 32 6d 10 2373 From these parameters, K_2m is computed. Key K_2m is the output of 2374 HKDF-Expand(PRK_3e2m, info, L), where L is the length of K_2m, so 16 2375 bytes. 2377 K_2m (16 bytes) 2378 b7 48 6a 94 a3 6c f6 9e 67 3f c4 57 55 ee 6b 95 2380 info for IV_2m is defined as follows: 2382 info for K_2m = 2383 [ 2384 10, 2385 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2386 " "IV_2m", 2387 13 2388 ] 2390 Which as a CBOR encoded data item is: 2392 info for IV_2m (CBOR-encoded) (43 bytes) 2393 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2394 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 65 49 56 5f 32 6d 0d 2395 From these parameters, IV_2m is computed. IV_2m is the output of 2396 HKDF-Expand(PRK_3e2m, info, L), where L is the length of IV_2m, so 13 2397 bytes. 2399 IV_2m (13 bytes) 2400 c5 b7 17 0e 65 d5 4f 1a e0 5d 10 af 56 2402 Finally, COSE_Encrypt0 is computed from the parameters above. 2404 o protected header = CBOR-encoded ID_CRED_R 2406 o external_aad = A_2m 2408 o empty plaintext = P_2m 2410 MAC_2 (8 bytes) 2411 cf 99 99 ae 75 9e c0 d8 2413 To compute the Signature_or_MAC_2, the key is the private 2414 authentication key of the Responder and the message M_2 to be signed 2415 = [ "Signature1", << ID_CRED_R >>, << TH_2, CRED_R, ? AD_2 >>, MAC_2 2416 ] 2418 M_2 = 2419 [ 2420 "Signature1", 2421 h'A11822822E48FC79990F2431A3F5', 2422 h'5820B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF 2423 7586E47624DC9CDC6824B2A4C52E95EC9D6B0534B71C2B49E4BF9031500CEE6869979 2424 C297BB5A8B381E98DB714108415E5C50DB78974C271579B01633A3EF6271BE5C225EB 2425 28F9CF6180B5A6AF31E80209A085CFBF95F3FDCF9B18B693D6C0E0D0FFB8E3F9A32A5 2426 0859ECD0BFCFF2C218', 2427 h'CF9999AE759EC0D8' 2428 ] 2430 Which as a CBOR encoded data item is: 2432 M_2 (184 bytes) 2433 84 6a 53 69 67 6e 61 74 75 72 65 31 4e a1 18 22 82 2e 48 fc 79 99 0f 24 2434 31 a3 f5 58 92 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 2435 31 1a 47 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 58 6e 47 62 4d c9 cd c6 82 2436 4b 2a 4c 52 e9 5e c9 d6 b0 53 4b 71 c2 b4 9e 4b f9 03 15 00 ce e6 86 99 2437 79 c2 97 bb 5a 8b 38 1e 98 db 71 41 08 41 5e 5c 50 db 78 97 4c 27 15 79 2438 b0 16 33 a3 ef 62 71 be 5c 22 5e b2 8f 9c f6 18 0b 5a 6a f3 1e 80 20 9a 2439 08 5c fb f9 5f 3f dc f9 b1 8b 69 3d 6c 0e 0d 0f fb 8e 3f 9a 32 a5 08 59 2440 ec d0 bf cf f2 c2 18 48 cf 99 99 ae 75 9e c0 d8 2442 From there Signature_or_MAC_2 is a signature (since method = 0): 2444 Signature_or_MAC_2 (64 bytes) 2445 45 47 81 ec ef eb b4 83 e6 90 83 9d 57 83 8d fe 24 a8 cf 3f 66 42 8a a0 2446 16 20 4a 22 61 84 4a f8 4f 98 b8 c6 83 4f 38 7f dd 60 6a 29 41 3a dd e3 2447 a2 07 74 02 13 74 01 19 6f 6a 50 24 06 6f ac 0e 2449 CIPHERTEXT_2 is the ciphertext resulting from XOR encrypting a 2450 plaintext constructed from the following parameters and the key K_2e. 2452 o plaintext = CBOR Sequence of the items ID_CRED_R and 2453 Singature_or_MAC_2, in this order. 2455 The plaintext is the following: 2457 P_2e (CBOR Sequence) (80 bytes) 2458 a1 18 22 82 2e 48 fc 79 99 0f 24 31 a3 f5 58 40 45 47 81 ec ef eb b4 83 2459 e6 90 83 9d 57 83 8d fe 24 a8 cf 3f 66 42 8a a0 16 20 4a 22 61 84 4a f8 2460 4f 98 b8 c6 83 4f 38 7f dd 60 6a 29 41 3a dd e3 a2 07 74 02 13 74 01 19 2461 6f 6a 50 24 06 6f ac 0e 2463 K_2e = HKDF-Expand( PRK, info, length ), where length is the length 2464 of the plaintext, so 80. 2466 info for K_2e = 2467 [ 2468 10, 2469 h'B0DC6C1BA0BAE6E2888610FA0B27BFC52E311A47B9CAFB609DE4F6A1760D6CF7', 2470 "K_2e", 2471 80 2472 ] 2474 Which as a CBOR encoded data item is: 2476 info for K_2e (CBOR-encoded) (43 bytes) 2477 84 0a 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 2478 b9 ca fb 60 9d e4 f6 a1 76 0d 6c f7 64 4b 5f 32 65 18 50 2480 From there, K_2e is computed: 2482 K_2e (80 bytes) 2483 38 cd 1a 83 89 6d 43 af 3d e8 39 35 27 42 0d ac 7d 7a 76 96 7e 85 74 58 2484 26 bb 39 e1 76 21 8d 7e 5f e7 97 60 14 c9 ed ba c0 58 ee 18 cd 57 71 80 2485 a4 4d de 0b 83 00 fe 8e 09 66 9a 34 d6 3e 3a e6 10 12 26 ab f8 5c eb 28 2486 05 dc 00 13 d1 78 2a 20 2488 Using the parameters above, the ciphertext CIPHERTEXT_2 can be 2489 computed: 2491 CIPHERTEXT_2 (80 bytes) 2492 99 d5 38 01 a7 25 bf d6 a4 e7 1d 04 84 b7 55 ec 38 3d f7 7a 91 6e c0 db 2493 c0 2b ba 7c 21 a2 00 80 7b 4f 58 5f 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 2494 eb d5 66 cd 00 4f c6 f1 d4 06 f0 1d 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 2495 6a b6 50 37 d7 17 86 2e 2497 message_2 is the CBOR sequence of data_2 and CIPHERTEXT_2, in this 2498 order: 2500 message_2 = 2501 ( 2502 h'582071a3d599c21da18902a1aea810b2b6382ccd8d5f9bf0195281754c5ebcaf301 2503 e135850' 2504 h'99d53801a725bfd6a4e71d0484b755ec383df77a916ec0dbc02bba7c21a200807b4f 2505 585f728b671ad678a43aacd33b78ebd566cd004fc6f1d406f01d9704e705b21552a9eb 2506 28ea316ab65037d717862e' 2508 Which as a CBOR encoded data item is: 2510 message_2 (CBOR Sequence) (117 bytes) 2511 58 20 71 a3 d5 99 c2 1d a1 89 02 a1 ae a8 10 b2 b6 38 2c cd 8d 5f 9b f0 2512 19 52 81 75 4c 5e bc af 30 1e 13 58 50 99 d5 38 01 a7 25 bf d6 a4 e7 1d 2513 04 84 b7 55 ec 38 3d f7 7a 91 6e c0 db c0 2b ba 7c 21 a2 00 80 7b 4f 58 2514 5f 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 eb d5 66 cd 00 4f c6 f1 d4 06 f0 2515 1d 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 6a b6 50 37 d7 17 86 2e 2517 B.1.3. Message_3 2519 Since corr equals 1, C_R is not omitted from data_3. 2521 SK_I (Initiator's private authentication key) (32 bytes) 2522 2f fc e7 a0 b2 b8 25 d3 97 d0 cb 54 f7 46 e3 da 3f 27 59 6e e0 6b 53 71 2523 48 1d c0 e0 12 bc 34 d7 2525 HKDF SHA-256 is the HKDF used (as defined by cipher suite 0). 2527 PRK_4x3m = HMAC-SHA-256 (PRK_3e2m, G_IY) 2529 PRK_4x3m (32 bytes) 2530 ec 62 92 a0 67 f1 37 fc 7f 59 62 9d 22 6f bf c4 e0 68 89 49 f6 62 a9 7f 2531 d8 2f be b7 99 71 39 4a 2533 data 3 is equal to C_R. 2535 data_3 (CBOR Sequence) (1 bytes) 2536 13 2537 From data_3, CIPHERTEXT_2, and TH_2, compute the input to the 2538 transcript hash TH_2 = H(TH_2 , CIPHERTEXT_2, data_3), as a CBOR 2539 Sequence of these 3 data items. 2541 Input to calculate TH_3 (CBOR Sequence) (117 bytes) 2542 58 20 b0 dc 6c 1b a0 ba e6 e2 88 86 10 fa 0b 27 bf c5 2e 31 1a 47 b9 ca 2543 fb 60 9d e4 f6 a1 76 0d 6c f7 58 50 99 d5 38 01 a7 25 bf d6 a4 e7 1d 04 2544 84 b7 55 ec 38 3d f7 7a 91 6e c0 db c0 2b ba 7c 21 a2 00 80 7b 4f 58 5f 2545 72 8b 67 1a d6 78 a4 3a ac d3 3b 78 eb d5 66 cd 00 4f c6 f1 d4 06 f0 1d 2546 97 04 e7 05 b2 15 52 a9 eb 28 ea 31 6a b6 50 37 d7 17 86 2e 13 2548 And from there, compute the transcript hash TH_3 = SHA-256(TH_2 , 2549 CIPHERTEXT_2, data_3) 2551 TH_3 (32 bytes) 2552 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e f6 ee e4 dd 2553 b3 2e 4a 27 ce 93 58 da 2555 The initiator's subject name is the empty string: 2557 Initiator's subject name (text string) 2558 "" 2560 And its credential is a certificate identified by its 'x5t' hash: 2562 ID_CRED_R = 2563 { 2564 34: [-15, h'FC79990F2431A3F5'] 2565 } 2567 ID_CRED_I (14 bytes) 2568 a1 18 22 82 2e 48 5b 78 69 88 43 9e bc f2 2570 CRED_I is the certificate encoded as a byte string: 2572 CRED_I (103 bytes) 2573 58 65 fa 34 b2 2a 9c a4 a1 e1 29 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f 2574 fc 79 5f 88 af c4 9c be 8a fd d1 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 2575 95 60 1f 6f 0a 08 52 97 8b d4 3d 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 2576 88 37 00 16 b8 96 5b db 20 74 bf f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2577 2b 87 ec 3f f2 45 b7 2579 Since no opaque auciliary data is exchanged: 2581 AD_3 (0 bytes) 2583 The Plaintext of the COSE_Encrypt is the empty string: 2585 P_3m (0 bytes) 2587 The external_aad is the CBOR Sequence od CRED_I and TH_3, in this 2588 order: 2590 A_3m (CBOR-encoded) (164 bytes) 2591 83 68 45 6e 63 72 79 70 74 30 4e a1 18 22 82 2e 48 5b 78 69 88 43 9e bc 2592 f2 58 89 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 2593 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 58 65 fa 34 b2 2a 9c a4 a1 e1 29 2594 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f fc 79 5f 88 af c4 9c be 8a fd d1 2595 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 95 60 1f 6f 0a 08 52 97 8b d4 3d 2596 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 88 37 00 16 b8 96 5b db 20 74 bf 2597 f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2b 87 ec 3f f2 45 b7 2599 Info for K_3m is computed as follows: 2601 info for K_3m = 2602 [ 2603 10, 2604 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2605 "K_3m", 2606 16 2607 ] 2609 Which as a CBOR encoded data item is: 2611 info for K_3m (CBOR-encoded) (42 bytes) 2612 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2613 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 64 4b 5f 33 6d 10 2615 From these parameters, K_3m is computed. Key K_3m is the output of 2616 HKDF-Expand(PRK_4x3m, info, L), where L is the length of K_2m, so 16 2617 bytes. 2619 K_3m (16 bytes) 2620 3d bb f0 d6 01 03 26 e8 27 3f c6 c6 c3 b0 de cd 2622 Nonce IV_3m is the output of HKDF-Expand(PRK_4x3m, info, L), where L 2623 = 13 bytes. 2625 Info for IV_3m is defined as follows: 2627 info for IV_3m = 2628 [ 2629 10, 2630 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2631 "IV_3m", 2632 13 2633 ] 2635 Which as a CBOR encoded data item is: 2637 info for IV_3m (CBOR-encoded) (43 bytes) 2638 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2639 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 65 49 56 5f 33 6d 0d 2641 From these parameters, IV_3m is computed: 2643 IV_3m (13 bytes) 2644 10 b6 f4 41 4a 2c 91 3c cd a1 96 42 e3 2646 MAC_3 is the ciphertext of the COSE_Encrypt0: 2648 MAC_3 (8 bytes) 2649 5e ef b8 85 98 3c 22 d9 2651 Since the method = 0, Signature_or_Mac_3 is a signature: 2653 o The message M_3 to be signed = [ "Signature1", << ID_CRED_I >>, 2654 << TH_3, CRED_I >>, MAC_3 ] 2656 o The signing key is the private authentication key of the 2657 Initiator. 2659 M_3 = 2660 [ 2661 "Signature1", 2662 h'A11822822E485B786988439EBCF2', 2663 h'5820A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358D 2664 A5865FA34B22A9CA4A1E12924EAE1D1766088098449CB848FFC795F88AFC49CBE8AFD 2665 D1BA009F21675E8F6C77A4A2C30195601F6F0A0852978BD43D28207D44486502FF7BD 2666 DA632C788370016B8965BDB2074BFF82E5A20E09BEC21F8406E86442B87EC3FF245 2667 B7', 2668 h'5EEFB885983C22D9'] 2670 Which as a CBOR encoded data item is: 2672 M_3 (175 bytes) 2673 84 6a 53 69 67 6e 61 74 75 72 65 31 4e a1 18 22 82 2e 48 5b 78 69 88 43 2674 9e bc f2 58 89 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 2675 6d 39 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 58 65 fa 34 b2 2a 9c a4 a1 2676 e1 29 24 ea e1 d1 76 60 88 09 84 49 cb 84 8f fc 79 5f 88 af c4 9c be 8a 2677 fd d1 ba 00 9f 21 67 5e 8f 6c 77 a4 a2 c3 01 95 60 1f 6f 0a 08 52 97 8b 2678 d4 3d 28 20 7d 44 48 65 02 ff 7b dd a6 32 c7 88 37 00 16 b8 96 5b db 20 2679 74 bf f8 2e 5a 20 e0 9b ec 21 f8 40 6e 86 44 2b 87 ec 3f f2 45 b7 48 5e 2680 ef b8 85 98 3c 22 d9 2682 From there, the signature can be computed: 2684 Signature_or_MAC_3 (64 bytes) 2685 b3 31 76 33 fa eb c7 f4 24 9c f3 ab 95 96 fd ae 2b eb c8 e7 27 5d 39 9f 2686 42 00 04 f3 76 7b 88 d6 0f fe 37 dc f3 90 a0 00 d8 5a b0 ad b0 d7 24 e3 2687 a5 7c 4d fe 24 14 a4 1e 79 78 91 b9 55 35 89 06 2689 Finally, the outer COSE_Encrypt0 is computed. 2691 The Plaintext is the following CBOR sequence: plaintext = ( ID_CRED_I 2692 , Signature_or_MAC_3 ) 2694 P_3ae (CBOR Sequence) (80 bytes) 2695 a1 18 22 82 2e 48 5b 78 69 88 43 9e bc f2 58 40 b3 31 76 33 fa eb c7 f4 2696 24 9c f3 ab 95 96 fd ae 2b eb c8 e7 27 5d 39 9f 42 00 04 f3 76 7b 88 d6 2697 0f fe 37 dc f3 90 a0 00 d8 5a b0 ad b0 d7 24 e3 a5 7c 4d fe 24 14 a4 1e 2698 79 78 91 b9 55 35 89 06 2700 The Associated data A is the following: Associated data A = [ 2701 "Encrypt0", h'', TH_3 ] 2703 A_3ae (CBOR-encoded) (45 bytes) 2704 83 68 45 6e 63 72 79 70 74 30 40 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 2705 1e c3 92 bf eb 92 6d 39 3e f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 2707 Key K_3ae is the output of HKDF-Expand(PRK_3e2m, info, L). 2709 info is defined as follows: 2711 info for K_3ae = 2712 [ 2713 10, 2714 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2715 "K_3ae", 2716 16 2717 ] 2719 Which as a CBOR encoded data item is: 2721 info for K_3ae (CBOR-encoded) (43 bytes) 2722 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2723 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 65 4b 5f 33 61 65 10 2725 L is the length of K_3ae, so 16 bytes. 2727 From these parameters, K_3ae is computed: 2729 K_3ae (16 bytes) 2730 58 b5 2f 94 5b 30 9d 85 4c a7 36 cd 06 a9 62 95 2732 Nonce IV_3ae is the output of HKDF-Expand(PRK_3e2m, info, L). 2734 info is defined as follows: 2736 info for IV_3ae = 2737 [ 2738 10, 2739 h'A239A627ADA3802DB8DAE51EC392BFEB926D393EF6EEE4DDB32E4A27CE9358DA', 2740 "IV_3ae", 2741 13 2742 ] 2744 Which as a CBOR encoded data item is: 2746 info for IV_3ae (CBOR-encoded) (44 bytes) 2747 84 0a 58 20 a2 39 a6 27 ad a3 80 2d b8 da e5 1e c3 92 bf eb 92 6d 39 3e 2748 f6 ee e4 dd b3 2e 4a 27 ce 93 58 da 66 49 56 5f 33 61 65 0d 2750 L is the length of IV_3ae, so 13 bytes. 2752 From these parameters, IV_3ae is computed: 2754 IV_3ae (13 bytes) 2755 cf a9 a5 85 58 10 d6 dc e9 74 3c 3b c3 2757 Using the parameters above, the ciphertext CIPHERTEXT_3 can be 2758 computed: 2760 CIPHERTEXT_3 (88 bytes) 2761 2d 88 ff 86 da 47 48 2c 0d fa 55 9a c8 24 a4 a7 83 d8 70 c9 db a4 78 05 2762 e8 aa fb ad 69 74 c4 96 46 58 65 03 fa 9b bf 3e 00 01 2c 03 7e af 56 e4 2763 5e 30 19 20 83 9b 81 3a 53 f6 d4 c5 57 48 0f 6c 79 7d 5b 76 f0 e4 62 f5 2764 f5 7a 3d b6 d2 b5 0c 32 31 9f 34 0f 4a c5 af 9a 2766 From the parameter above, message_3 is computed, as the CBOR Sequence 2767 of the following items: (C_R, CIPHERTEXT_3). 2769 message_3 = 2770 ( 2771 h'2b', 2772 h'' 2773 ) 2775 Which encodes to the following byte string: 2777 message_3 (CBOR Sequence) (91 bytes) 2778 13 58 58 2d 88 ff 86 da 47 48 2c 0d fa 55 9a c8 24 a4 a7 83 d8 70 c9 db 2779 a4 78 05 e8 aa fb ad 69 74 c4 96 46 58 65 03 fa 9b bf 3e 00 01 2c 03 7e 2780 af 56 e4 5e 30 19 20 83 9b 81 3a 53 f6 d4 c5 57 48 0f 6c 79 7d 5b 76 f0 2781 e4 62 f5 f5 7a 3d b6 d2 b5 0c 32 31 9f 34 0f 4a c5 af 9a 2783 Acknowledgments 2785 The authors want to thank Alessandro Bruni, Karthikeyan Bhargavan, 2786 Martin Disch, Theis Groenbech Petersen, Dan Harkins, Klaus Hartke, 2787 Russ Housley, Alexandros Krontiris, Ilari Liusvaara, Karl Norrman, 2788 Salvador Perez, Eric Rescorla, Michael Richardson, Thorvald Sahl 2789 Joergensen, Jim Schaad, Carsten Schuermann, Ludwig Seitz, Stanislav 2790 Smyshlyaev, Valery Smyslov, Rene Struik, and Erik Thormarker for 2791 reviewing and commenting on intermediate versions of the draft. We 2792 are especially indebted to Jim Schaad for his continuous reviewing 2793 and implementation of different versions of the draft. 2795 Authors' Addresses 2797 Goeran Selander 2798 Ericsson AB 2800 Email: goran.selander@ericsson.com 2802 John Preuss Mattsson 2803 Ericsson AB 2805 Email: john.mattsson@ericsson.com 2807 Francesca Palombini 2808 Ericsson AB 2810 Email: francesca.palombini@ericsson.com