Merge pull request #114 from lake-wg/Exporter-labels,-IANA,-context,-…

…requirements Exporter labels, IANA, context, requirements
lake-wg · May 21, 2021 · fa0abe7 · fa0abe7
2 parents 244f87a + 68d039d
commit fa0abe7
Showing 1 changed file with 32 additions and 6 deletions.
diff --git a/draft-ietf-lake-edhoc.md b/draft-ietf-lake-edhoc.md
@@ -604,19 +604,29 @@ KEYSTREAM_2 are derived using the transcript hash TH_2 and the pseudorandom key
 Application keys and other application specific data can be derived using the EDHOC-Exporter interface defined as:
 
 ~~~~~~~~~~~
-   EDHOC-Exporter(label, length)
-     = EDHOC-KDF(PRK_4x3m, TH_4, label, length) 
+   EDHOC-Exporter(label, context, length)
+     = EDHOC-KDF(PRK_4x3m, TH_4, label_context, length) 
 ~~~~~~~~~~~
 
-where label is a tstr defined by the application and length is a uint defined by the application. The label SHALL be different for each different exporter value. The transcript hash TH_4 is a CBOR encoded bstr and the input to the hash function is a CBOR Sequence.
+label_context is a CBOR sequence:
+
+~~~~~~~~~~~ CDDL
+label_context = (
+  label : tstr,
+  context : bstr,
+)
+~~~~~~~~~~~
+
+where label is a registered tstr from the EDHOC Exporter Label registry ({{exporter-label}}), context is a bstr defined by the application, and length is a uint defined by the application. The (label, context) pair must be unique, i.e. a (label, context) MUST NOT be used for two different purposes. However an application can re-derive the same key several times as long as it is done in a secure way. For example, in most encryption algorithms the same (key, nonce) pair must not be reused. 
+
+The transcript hash TH_4 is a CBOR encoded bstr and the input to the hash function is a CBOR Sequence.
 
 ~~~~~~~~~~~
    TH_4 = H( TH_3, CIPHERTEXT_3 )
 ~~~~~~~~~~~
+where H() is the hash function in the selected cipher suite. Examples of use of the EDHOC-Exporter are given in {{asym-msg4-proc}} and {{I-D.ietf-core-oscore-edhoc}}.
 
-where H() is the hash function in the selected cipher suite. Example use of the EDHOC-Exporter is given in {{I-D.ietf-core-oscore-edhoc}}.
-
-To provide forward secrecy in an even more efficient way than re-running EDHOC, EDHOC provides the function EDHOC-KeyUpdate. When EDHOC-KeyUpdate is called the old PRK_4x3m is deleted and the new PRk_4x3m is calculated as a "hash" of the old key using the Extract function as illustrated by the following pseudocode:
+To provide forward secrecy in an even more efficient way than re-running EDHOC, EDHOC provides the function EDHOC-KeyUpdate. When EDHOC-KeyUpdate is called the old PRK_4x3m is deleted and the new PRK_4x3m is calculated as a "hash" of the old key using the Extract function as illustrated by the following pseudocode:
 
 ~~~~~~~~~~~
    EDHOC-KeyUpdate( nonce ):
@@ -1262,6 +1272,22 @@ If supported by the device, it is RECOMMENDED that at least the long-term privat
 
 # IANA Considerations {#iana}
 
+## EDHOC Exporter Label {#exporter-label}
+
+IANA has created a new registry titled "EDHOC Exporter Label" under the new heading "EDHOC". The registration procedure is "Expert Review". The columns of the registry are Label, Description, and Reference. All columns are text strings. The initial contents of the registry are:
+
+~~~~~~~~~~~~~~~~~~~~~~~
+Label: EDHOC_message_4_Key
+Description: Key used to protect EDHOC message_4
+Reference: [[this document]]
+~~~~~~~~~~~~~~~~~~~~~~~
+
+~~~~~~~~~~~~~~~~~~~~~~~
+Label: EDHOC_message_4_Nonce
+Description: Nonce used to protect EDHOC message_4
+Reference: [[this document]]
+~~~~~~~~~~~~~~~~~~~~~~~
+
 ## EDHOC Cipher Suites Registry {#suites-registry}
 
 IANA has created a new registry titled "EDHOC Cipher Suites" under the new heading "EDHOC". The registration procedure is "Expert Review". The columns of the registry are Value, Array, Description, and Reference, where Value is an integer and the other columns are text strings. The initial contents of the registry are: