-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix 543: improve COSE_Key spec language and add COSE_Key examples #732
Changes from 1 commit
8b64e83
c11f1b0
1134d40
66b2b7f
bcc6bd9
30de9f8
7908be8
90ec096
d324d69
0bac86e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2443,7 +2443,7 @@ object=] for a given credential. It has the following format: | |
<tr> | ||
<td><dfn>credentialIdLength</dfn></td> | ||
<td>2</td> | ||
<td>Byte length L of Credential ID</td> | ||
<td>Byte length <strong>L</strong> of Credential ID</td> | ||
</tr> | ||
<tr> | ||
<td><dfn>credentialId</dfn></td> | ||
|
@@ -2454,7 +2454,8 @@ object=] for a given credential. It has the following format: | |
<td><dfn>credentialPublicKey</dfn></td> | ||
<td>variable</td> | ||
<td> | ||
The [=credential public key=] encoded in COSE_Key format, as defined in Section 7 of [[RFC8152]]. | ||
The [=credential public key=] encoded in COSE_Key format, | ||
as defined in Section 7 of [[RFC8152]], using the [=CTAP canonical CBOR encoding form=]. | ||
The COSE_Key-encoded [=credential public key=] MUST contain the optional "alg" parameter and MUST NOT | ||
contain any other optional parameters. The "alg" parameter MUST contain a {{COSEAlgorithmIdentifier}} value. | ||
The encoded [=credential public key=] MUST also contain any additional required parameters stipulated by the | ||
|
@@ -2467,6 +2468,79 @@ object=] for a given credential. It has the following format: | |
NOTE: The names in the Name column in the above table are only for reference within this document, and are not present in the | ||
actual representation of the [=attested credential data=]. | ||
|
||
#### Examples of `credentialPublicKey` Values encoded in COSE_Key format #### {#sctn-encoded-credPubKey-examples} | ||
|
||
This section provides examples of COSE_Key-encoded Eliptic Curve and RSA public keys for the ES256, PS256, and RS256 | ||
signature algorithms. These examples adhere to the rules defined above for the [=credentialPublicKey=] value, and are presented in [[CDDL]] for clarity. | ||
|
||
[[RFC8152]] [Section 7](https://tools.ietf.org/html/rfc8152#section-7) defines the general framework for all | ||
COSE_Key-encoded keys. | ||
Specific key types for specific algorithms are defined in other sections of [[RFC8152]] as well as in other specifications, | ||
as noted below. | ||
|
||
Below is an example of a COSE_Key-encoded Eliptic Curve public key in EC2 format (see [[RFC8152]] | ||
[Section 13.1](https://tools.ietf.org/html/rfc8152#section-13.1)), on the P-256 curve, to be used with the ES256 signature | ||
algorithm (ECDSA w/ SHA-256, see [[RFC8152]] [Section 8.1](https://tools.ietf.org/html/rfc8152#section-8.1)): | ||
|
||
<pre class="example" highlight="json"> | ||
{ | ||
1: 2, ; kty: EC2 key type | ||
3:-7, ; alg: ES256 signature algorithm | ||
-1: 1, ; crv: P-256 curve | ||
-2: x, ; x-coordinate as byte string 32 bytes in length | ||
e.g., in hex: 65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d | ||
-3: y ; y-coordinate as byte string 32 bytes in length | ||
e.g., in hex: 1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c | ||
} | ||
</pre> | ||
|
||
Below is the above Eliptic Curve public key encoded in the [=CTAP canonical CBOR encoding form=], whitespace and line breaks | ||
are included here for clarity and to match the [[CDDL]] presentation above: | ||
|
||
<pre class="example" highlight="json"> | ||
A5 | ||
01 02 | ||
|
||
03 26 | ||
|
||
20 01 | ||
|
||
21 58 20 65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d | ||
|
||
22 58 20 1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c | ||
</pre> | ||
|
||
|
||
Below is an example of a COSE_Key-encoded 2048-bit RSA public key (see [[RFC8230]] [Section 4](https://tools.ietf.org/html/rfc8230#section-4)) | ||
to be used with the RSASSA-PSS w/ SHA-256 signature algorithm | ||
(see [[RFC8230]] [Section 2](https://tools.ietf.org/html/rfc8230#section-2)): | ||
|
||
<pre class="example" highlight="json"> | ||
{ | ||
1: 3, ; kty: RSA key type | ||
3:-37, ; alg: RS256 | ||
-1: n, ; n: RSA modulus n byte string 257 bytes in length | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should this value (and below) be a 256 byte value? (There's no zero padding to avoid negative numbers in COSE.) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. thx hm. I dunno, you guys tell me. Here's how I generated the example RSA key pair, and openssl sez the modulus is 257 bytes:
is there any zero-padding in the above modulus value? Ah, is the leading There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 2048 bits / 8 = 256, so we would expect a 256-byte value. ASN.1 DER requires that an INTEGER with the most-significant bit set be padded with a leading zero to avoid it appearing to be negative. Since the leading byte is 0xdb, that will have happened in this case. In fact, it'll happen for all RSA keys since the MSB is required to be 1 (otherwise it would be a 2047-bit key). COSE, however, doesn't have this leading padding byte. That is made explicit here:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, thx, so is openssl just not displaying a leading zero padding byte? ( I think yes ) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Correct, as it's not considered part of the value. If you base64-decode the public key and look for the modulus in a hex dump, it should be preceded by 0282010100. |
||
e.g., in hex (middle bytes elided for brevity): DB5F651550...6DC6548ACC3 | ||
-2: e ; e: RSA public exponent e byte string 3 bytes in length | ||
e.g., in hex: 010001 | ||
} | ||
</pre> | ||
|
||
Below is an example of a COSE_Key-encoded 2048-bit RSA public key (see [[RFC8230]] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. (Could also just say that it's the same key because it's also RSA. Your call.) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||
[Section 4](https://tools.ietf.org/html/rfc8230#section-4)) | ||
to be used with the RSASSA-PKCS1-v1_5 w/ SHA-256 signature algorithm (see [[#sctn-cose-alg-reg]]): | ||
|
||
<pre class="example" highlight="json"> | ||
{ | ||
1: 3, ; kty: RSA key type | ||
3:-257, ; alg: RS256 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is algorithm -257 defined for COSE? I don't see it in the IANA registry. (In fact, I don't see PKCS #1 v1.5 at all.) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's registered in WebAuthn, actually: https://w3c.github.io/webauthn/#sctn-cose-alg-reg There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Once we reach CR, I plan to submit the registration request to IANA. |
||
-1: n, ; n: RSA modulus n byte string 257 bytes in length | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think one extra space is needed after the colon here and below. (And then the continued comment lines would need an extra space too.) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||
e.g., in hex (middle bytes elided for brevity): DB5F651550...6DC6548ACC3 | ||
-2: e ; e: RSA public exponent e byte string 3 bytes in length | ||
e.g., in hex: 010001 | ||
} | ||
</pre> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. One example: {1: 3, 3: -257, -1: h'ea9fbf0b9766e8e7412f86adeab7af8e11dd01308c1b71ac7c037f98a796b98f54253cf8b83f72b656340895608752af185e560695da06a77a655760ab28df3d44bfa417fe28978bfe34f1c93ad44508f4e6c56a4840f09aaf89481faa22098b41bb49082faad0ba94ffb529cd95cec0a56f3eebee9ff0f9cd95b22c48ef4854ce0f719cb06e76ba746e4129fbcfcb3f80b44bb2edd3908f468991a5249a1b8d9234316f245b1289f95d778a461733543612e3705c5ec2b78a9674305ca9fa464c3e95b0b67f058ff0cc6a84b0890551c413f1557a2a198c6d2629ade0f16ef9aec06ae89162f15a98ae49ce8b0ce8e07bafe1bd3b728bd1fc18f07e87a425f1', -2: h'010001'} |
||
|
||
|
||
### Attestation Statement Formats ### {#attestation-formats} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: PS256, rather than RS256, I believe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, fixed, thx.