Add CDDL definition of COSE_Key_Ref

Yubico · May 21, 2024 · 563d256 · 563d256
1 parent 7866419
commit 563d256
Showing 1 changed file with 25 additions and 3 deletions.
diff --git a/draft-bradleylundberg-cfrg-arkg.md b/draft-bradleylundberg-cfrg-arkg.md
@@ -65,6 +65,7 @@ normative:
   RFC8032:
   RFC8610:
   RFC8812:
+  RFC9052:
   RFC9380:
   SEC1:
     target: http://www.secg.org/sec1-v2.pdf
@@ -907,7 +908,7 @@ An ARKG public seed is represented as a COSE_Key structure [RFC9052]
 with `kty` value TBD (placeholder value -65537).
 This key type defines key type parameters -1 and -2 for the `BL` and `KEM` public key, respectively.
 
-The following CDDL example represents an `ARKG-P256ADD-ECDH` public seed
+The following CDDL [RFC8610] example represents an `ARKG-P256ADD-ECDH` public seed
 restricted to generating derived public keys for use with the ESP256 [fully-spec-algs] signature algorithm:
 
 ~~~cddl
@@ -954,12 +955,25 @@ h'a50139fbb402582060b6dfddd31659598ae5de49acb220d8704949e84d484b68
 ## COSE key reference types {#cose-key-refs}
 
 While keys used by many other algorithms can usually be referenced by a single atomic identifier,
-such as that used in the `kid` parameter in a COSE_Key object or in the unprotected header of a COSE_Recipient,
+such as that used in the `kid` parameter in a COSE_Key structure or in the unprotected header of a COSE_Recipient,
 users of the function `ARKG-Derive-Secret-Key` need to represent
 a reference to an ARKG private seed along with a key handle for a derived private key.
 
-A COSE key reference is a COSE_Key object whose `kty` value is defined to represent a reference to a key.
+A COSE key reference is a COSE_Key structure [RFC9052] whose `kty` value is defined to represent a reference to a key.
 The `kid` parameter MUST be present when `kty` is a key reference type.
+The CDDL [RFC8610] type `COSE_Key_Ref` encodes this additional requirement.
+
+[^key-ref-nint]{:emlun}
+
+[^key-ref-nint]: Perhaps `$COSE_Key_Ref_kty` could just be `nint`? If COSE WG is willing to commit half the `kty` space...
+
+~~~cddl
+COSE_Key_Ref = COSE_Key .within {
+  1 ^ => $COSE_Key_Ref_kty,  ; kty must be a reference type
+  2 ^ => any,                ; kid required
+  * any => any,
+}
+~~~
 
 The following CDDL example represents a reference to a key derived by `ARKG-P256ADD-ECDH`
 and restricted for use with the ESP256 [fully-spec-algs] signature algorithm:
@@ -1037,6 +1051,14 @@ This section registers the following values in the IANA "COSE Key Types" registr
   - Capabilities: \[kty(-1), crv\]
   - Reference: {{cose-key-refs}} of this document
 
+This defines the following choices for the CDDL [RFC8610] type socket `$COSE_Key_Ref_kty`:
+
+~~~cddl
+$COSE_Key_Ref_kty /= -1      ; Ref-OKP (value TBD)
+$COSE_Key_Ref_kty /= -2      ; Ref-EC2 (value TBD)
+$COSE_Key_Ref_kty /= -65538  ; Ref-ARKG-derived (value TBD)
+~~~
+
 
 ## COSE Key Type Parameters Registrations