From edfd43166b438a4062df45c11804924bd92ffcad Mon Sep 17 00:00:00 2001 From: steve lasker Date: Mon, 28 Oct 2024 15:43:27 -0700 Subject: [PATCH 1/2] Simplify cddl and edn Signed-off-by: steve lasker --- draft-ietf-cose-hash-envelope.md | 46 ++++++++++---------------------- 1 file changed, 14 insertions(+), 32 deletions(-) diff --git a/draft-ietf-cose-hash-envelope.md b/draft-ietf-cose-hash-envelope.md index 5757aaa..d1f591a 100644 --- a/draft-ietf-cose-hash-envelope.md +++ b/draft-ietf-cose-hash-envelope.md @@ -92,28 +92,11 @@ TBD_3: ~~~ cddl Hash_Envelope_Protected_Header = { - ; Cryptographic algorithm to use ? &(alg: 1) => int, - - ; Type of the envelope ? &(typ: 16) => int / tstr - - ; Hash algorithm used to produce the payload from content - ; -16 for SHA-256, - ; See https://www.iana.org/assignments/cose/cose.xhtml &(payload_hash_alg: TBD_1) => int - - ; Content type of the preimage - ; (content to be hashed) of the payload - ; 50 for application/json, - ; See https://datatracker.ietf.org/doc/html/rfc7252#section-12.3 - &(payload_preimage_content_type: TBD_2) => int - - ; Location the content of the hashed payload is stored - ; For example: - ; storage.example/244f...9c19 + &(payload_preimage_content_type: TBD_2) => int / tstr ? &(payload_location: TBD_3) => tstr - * int / tstr => any } @@ -131,6 +114,7 @@ Hash_Envelope_as_COSE_Sign1 = [ Hash_Envelope = #6.18(Hash_Envelope_as_COSE_Sign1) ~~~ +- Label `1` (alg) Cryptographic algorithm to use - Label `16` (typ) MAY be used to assign a content format or media type to the entire hash envelope. - Label `TBD_1` (payload hash alg) MUST be present in the protected header and MUST NOT be present in the unprotected header. - Label `TBD_2` (content type of the preimage of the payload) MAY be present in the protected header or unprotected header. @@ -147,22 +131,20 @@ Profiles that rely on this specification MAY choose to mark TBD_1, TBD_2, TBD_3 A hashed payload functions equivalently to an attached payload, with the benefits of being compact in size and providing the ability to validate the signature. ~~~~ cbor-diag -18( / COSE Sign 1 / +18( / COSE Sign 1 / [ <<{ - / alg : ES384 / 1: -35, - / kid / 4: h'75726e3a...32636573', - / typ / 16: "application/example+cose" - / payload_hash_alg / - TBD_1: -16 / sha-256 / - / payload_preimage_content_type / - TBD_2: 51 / application/json-patch+json / - / payload_location / - TBD_3 : "https://storage.example/a24f9c19" + 1:-35, / alg : ES384 / + 4: h'75726e3a...32636573', / kid / + 16: "application/example+cose", / typ / + TBD_1: -16 / payload_hash_alg : sha-256/ + / payload_preimage_content_type / + TBD_2: 51 / "application/json-patch+json" / + TBD_3: "https://blob.example/a24f9c19"/ payload_location / }>> - {} / Unprotected / - h'935b5a91...e18a588a', / Payload / - h'15280897...93ef39e5' / Signature / + {} / Unprotected / + h'935b5a91...e18a588a', / Payload / + h'15280897...93ef39e5' / Signature / ] ) ~~~~ @@ -201,7 +183,7 @@ IANA is requested to add the following entries to the [COSE Header Algorithm Par - Label: TBD_1 - Value type: int - Value registry: https://www.iana.org/assignments/cose/cose.xhtml#algorithms -- Description: Hash algorithm used to produce the payload. +- Description: Hash algorithm used to produce the payload from pre-image content ### Payload Pre-image Content Type From a84eece92af4b6263aa402914a83e52a94d9e335 Mon Sep 17 00:00:00 2001 From: steve lasker Date: Mon, 28 Oct 2024 18:41:02 -0700 Subject: [PATCH 2/2] fix width issues Signed-off-by: steve lasker --- draft-ietf-cose-hash-envelope.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/draft-ietf-cose-hash-envelope.md b/draft-ietf-cose-hash-envelope.md index d1f591a..1e30474 100644 --- a/draft-ietf-cose-hash-envelope.md +++ b/draft-ietf-cose-hash-envelope.md @@ -131,21 +131,21 @@ Profiles that rely on this specification MAY choose to mark TBD_1, TBD_2, TBD_3 A hashed payload functions equivalently to an attached payload, with the benefits of being compact in size and providing the ability to validate the signature. ~~~~ cbor-diag -18( / COSE Sign 1 / - [ - <<{ - 1:-35, / alg : ES384 / - 4: h'75726e3a...32636573', / kid / - 16: "application/example+cose", / typ / - TBD_1: -16 / payload_hash_alg : sha-256/ - / payload_preimage_content_type / - TBD_2: 51 / "application/json-patch+json" / - TBD_3: "https://blob.example/a24f9c19"/ payload_location / - }>> - {} / Unprotected / - h'935b5a91...e18a588a', / Payload / - h'15280897...93ef39e5' / Signature / - ] +18( / COSE Sign 1 / + [ + <<{ + 1:-35, / alg : ES384 / + 4: h'75726e3a...32636573', / kid / + 16: "application/example+cose", / typ / + TBD_1: -16 / payload_hash_alg : sha-256 / + / payload_preimage_content_type / + TBD_2: 51 / "application/json-patch+json" / + TBD_3: "https://blob.example/a24f9c19"/ payload_location / + }>> + {} / Unprotected / + h'935b5a91...e18a588a', / Payload / + h'15280897...93ef39e5' / Signature / + ] ) ~~~~