Pointers to cipher implementations

[chrysn]

For using this project (even for practical evaluation), it is necessary to find implemetations fo CoseEncrypt0Cipher et cetera. Are there any around?

There are good backends around implemented in Rust (eg. the various implementations of the aead crate's traits), but a gap remains.

I haven'f found any in dcaf's reverse dependencies on crates.io, or outside this crate in the namib-project organization. If there are such crates, please consider adding a pointer to them to the dcaf documentation (or publishing the crates as to become discoverable).

[falko17]

That's a good point, thanks for your comment.

We've actually implemented the cipher traits in an unreleased project for the AES_CCM_16_64_128 algorithm, using the aead and ccm crates. My idea would be to integrate that cipher implementation into this crate, but gating it behind a feature flag, with the possibility to add other implementations later on.

I'm currently still occupied with developing a python implementation of ACE-OAuth, but once that's done in a week or two, I'll work on a new version of dcaf-rs which includes this initial cipher implementation and updates the documentation to point to the now released RFC rather than the previous internet draft. If you're interested in testing this crate before then, I've made the implementation available in this gist.

[chrysn]

My idea would be to integrate that cipher implementation into this crate, but gating it behind a feature flag, with the possibility to add other implementations later on.

Given that different platforms have different ways of doing accelerated cryptography, I think I wouldn't mind having those implementations separate from this crate. What might fly well is a version generic over any AEAD (cipher, digest, signature ... anything in 1) that bridges the gap between this crate's requirements and the actual algorithm implementations.

I'm currently still occupied with developing a python implementation of ACE-OAuth,

Cool. I have a very minimal branch for that for the ACE OSCORE profile in aiocoap2, but it'd need lots of cleanup. Maybe we can interface at some point there to make things work smooth and reduce duplication.

If you're interested in testing this crate before then, I've made the implementation available in this gist

Thanks, I'll have a look!

[pulsastrix]

@chrysn FYI in case there is still interest in this topic, #13 has completely reworked the COSE-related code in dcaf-rs and should simplify the implementation of new cryptographic backends by a lot,as everything that is not directly related to the cryptographic operations is now handled by dcaf-rs.

Related information:

• An example for using the new API to create COSE objects is here.
• Some general information regarding the creation of COSE objects can be found here.
• An example for creating access tokens in particular is here, although the values inside of the access token shown in this example need to be adjusted, see #21.
• For implementing cryptographic backends, there is documentation in the relevant traits:
  • CryptoBackend (for generic stuff like random number generation)
  • EncryptCryptoBackend (for COSE_Encrypt/COSE_Encrypt0)
  • SignCryptoBackend (for COSE_Sign/COSE_Sign1)
  • MacCryptoBackend (for COSE_Mac/COSE_Mac0)
  • KeyDistributionCryptoBackend (for COSE_Recipient en-/decryption in COSE structures that have multiple recipients)

As of now, the new COSE module only supports a limited subset of algorithms (AES-GCM, ECDSA, HMAC, AES-KW), but we'll be adding more algorithms in the near future (starting with AES-CCM), see #16, #17, #18 and #19.

Also, there is a pre-defined backend based on OpenSSL that can be added with the openssl feature. A RustCrypto based backend should follow in the next few days (already got most of it working locally).