From 5d6913ddb1738e66f8a9b1228b534e2ce72620e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6ran=20Selander?= Date: Fri, 9 Dec 2022 14:56:43 +0100 Subject: [PATCH] Only make EAD available if processing successful --- draft-ietf-lake-edhoc.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/draft-ietf-lake-edhoc.md b/draft-ietf-lake-edhoc.md index d24238d0..0d71cecd 100644 --- a/draft-ietf-lake-edhoc.md +++ b/draft-ietf-lake-edhoc.md @@ -918,13 +918,13 @@ The Initiator SHALL compose message_1 as follows: ### Responder Processing of Message 1 {#resp-proc-msg1} -The Responder SHALL process message_1 as follows: +The Responder SHALL process message_1 in the following order: * Decode message_1 (see {{CBOR}}). -* Verify that the selected cipher suite is supported and that no prior cipher suite in SUITES_I is supported. +* Verify message_1, in particular that the selected cipher suite is supported and that no prior cipher suite in SUITES_I is supported. -* If EAD_1 is present then make it available to the application for EAD processing. +* If all verifications have completed successfully, and if EAD_1 is present, then make it available to the application for EAD processing. If any processing step fails, then the Responder MUST send an EDHOC error message back as defined in {{error}}, and the protocol MUST be discontinued. @@ -984,7 +984,7 @@ The Responder SHALL compose message_2 as follows: ### Initiator Processing of Message 2 -The Initiator SHALL process message_2 as follows: +The Initiator SHALL process message_2 in the following order: * Decode message_2 (see {{CBOR}}). @@ -992,7 +992,7 @@ The Initiator SHALL process message_2 as follows: * Decrypt CIPHERTEXT_2, see {{asym-msg2-proc}}. -* Make ID_CRED_R and (if present) EAD_2 available to the application for authentication- and EAD processing. +* If all verifications have completed successfully, then make ID_CRED_R and (if present) EAD_2 available to the application for authentication- and EAD processing. * Obtain the authentication credential (CRED_R) and the authentication key of R from the application (or by other means). @@ -1060,7 +1060,7 @@ The Initiator SHALL compose message_3 as follows: ### Responder Processing of Message 3 -The Responder SHALL process message_3 as follows: +The Responder SHALL process message_3 in the following order: * Decode message_3 (see {{CBOR}}). @@ -1068,7 +1068,7 @@ The Responder SHALL process message_3 as follows: * Decrypt and verify the COSE_Encrypt0 as defined in Sections 5.2 and 5.3 of {{RFC9052}}, with the EDHOC AEAD algorithm in the selected cipher suite, and the parameters defined in {{asym-msg3-proc}}. -* Make ID_CRED_I and (if present) EAD_3 available to the application for authentication- and EAD processing. +* If all verifications have completed successfully, then make ID_CRED_I and (if present) EAD_3 available to the application for authentication- and EAD processing. * Obtain the authentication credential (CRED_I) and the authentication key of I from the application (or by other means).