Closed kentakayama closed 8 months ago
Covered algorithms for each CDDL.
On the other hand, it also allows them to be encoded into protected header (Incorrect-2 above).
It seems that writing the CDDL down to allow all correct SUIT_Encryption_Info binaries and to prohibit all incorrect ones is not realistic and reasonable.
Then, how about changing the CDDL like this ( GREEN CIRCLE above)?
SUIT_Encryption_Info = #6.96(COSE_Encrypt)
It only mentions that the tagged COSE_Encrypt binary is possible, and does not mentions about the values and structures related to the algorithm identifier. It is also good at accepting other key exchange and encryption algorithms in the future.
Prohibiting all of mal-formed CBOR binaries with CDDL are not realistic. Further more, listing SUIT_Encryption_Info_AESKW and SUIT_Encryption_Info_ESDH could be misleading because it implies HPKE in COSE is not allowed.
Instead, SUIT_Encryption_Info = #6.96(COSE_Encrypt)
is proposed in #51 .
After #51 is merged, we can close this Issue as completed.
Our conclusions are,
SUIT_Encryption_Info
(tagged COSE_Encrypt) is for any possible key exchange algorithms and content encryption algorithmsSUIT_Encryption_Info_AESKW
is just for binaries using AES-KW for key exchange algorithmSUIT_Encryption_Info_ESDH
is just for binaries using ECDH-ES+AES-KW for key exchange algorithmClosed with PR
In short, the CDDL in the current draft is TOO MUCH STRICT (judges valid example as invalid = false negative), and one proposed in the PR #47 is TOO LOOSE (judges many invalid examples as valid = false positive). Let me explain some for the better CDDL representations.
While I was creating PR #47, I've wondered the role of CDDL. In most cases it acts like "necessary condition," but sometimes we leverages it to reject some anti-patterns. Writing one like "necessary and sufficient condition" is too tough and sometimes it could be so complicated like regular expressions.
Only for discussion, here are some example binaries and CDDL representations.
Example binaries
Only outer header is shown in these examples. Same issue occurs also on inner header.
Correct-1: AES-GCM in protected header
Correct-2: AES-CTR in unprotected header
Correct-3: AES-CCM in protected header
Incorrect-1: AES-GCM in unprotected header
Incorrect-2: AES-CTR in protected header
Incorrect-3: no algorithm id in both protected nor unprotected header
CDDLs
Current: One in current draft
PR47: Allow algorithm id in unprotected header
Verbose: Limit AEAD only in protected and non AEAD only in unprotected
Quality of CDDL
β : Judged "valid" in CDDL check π«: Judged "invalid" in CDDL check π: Judged correctly π: Judged incorrectly
* Even with Verbose CDDL, we can enumerate possible algorithm ids to make them valid.