draft-ietf-dtn-bpsec-default-sc-10.txt   draft-ietf-dtn-bpsec-default-sc-11.txt 
Delay-Tolerant Networking E. Birrane Delay-Tolerant Networking E.J. Birrane
Internet-Draft A. White Internet-Draft A. White
Intended status: Standards Track S. Heiner Intended status: Standards Track S. Heiner
Expires: January 13, 2022 JHU/APL Expires: 26 January 2022 JHU/APL
July 12, 2021 25 July 2021
BPSec Default Security Contexts BPSec Default Security Contexts
draft-ietf-dtn-bpsec-default-sc-10 draft-ietf-dtn-bpsec-default-sc-11
Abstract Abstract
This document defines default integrity and confidentiality security This document defines default integrity and confidentiality security
contexts that can be used with the Bundle Protocol Security Protocol contexts that can be used with the Bundle Protocol Security Protocol
(BPSec) implementations. These security contexts are intended to be (BPSec) implementations. These security contexts are intended to be
used for both testing the interoperability of BPSec implementations used for both testing the interoperability of BPSec implementations
and for providing basic security operations when no other security and for providing basic security operations when no other security
contexts are defined or otherwise required for a network. contexts are defined or otherwise required for a network.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2022. This Internet-Draft will expire on 26 January 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. Integrity Security Context BIB-HMAC-SHA2 . . . . . . . . . . 4 3. Integrity Security Context BIB-HMAC-SHA2 . . . . . . . . . . 4
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3. Parameters . . . . . . . . . . . . . . . . . . . . . . . 6 3.3. Parameters . . . . . . . . . . . . . . . . . . . . . . . 6
3.3.1. SHA Variant . . . . . . . . . . . . . . . . . . . . . 7 3.3.1. SHA Variant . . . . . . . . . . . . . . . . . . . . . 7
skipping to change at page 2, line 45 skipping to change at page 2, line 52
4.4. Results . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.4. Results . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.4.1. Authentication Tag . . . . . . . . . . . . . . . . . 19 4.4.1. Authentication Tag . . . . . . . . . . . . . . . . . 19
4.4.2. Enumerations . . . . . . . . . . . . . . . . . . . . 20 4.4.2. Enumerations . . . . . . . . . . . . . . . . . . . . 20
4.5. Key Considerations . . . . . . . . . . . . . . . . . . . 20 4.5. Key Considerations . . . . . . . . . . . . . . . . . . . 20
4.6. GCM Considerations . . . . . . . . . . . . . . . . . . . 21 4.6. GCM Considerations . . . . . . . . . . . . . . . . . . . 21
4.7. Canonicalization Algorithms . . . . . . . . . . . . . . . 22 4.7. Canonicalization Algorithms . . . . . . . . . . . . . . . 22
4.7.1. Cipher text related calculations . . . . . . . . . . 22 4.7.1. Cipher text related calculations . . . . . . . . . . 22
4.7.2. Additional Authenticated Data . . . . . . . . . . . . 23 4.7.2. Additional Authenticated Data . . . . . . . . . . . . 23
4.8. Processing . . . . . . . . . . . . . . . . . . . . . . . 24 4.8. Processing . . . . . . . . . . . . . . . . . . . . . . . 24
4.8.1. Encryption . . . . . . . . . . . . . . . . . . . . . 24 4.8.1. Encryption . . . . . . . . . . . . . . . . . . . . . 24
4.8.2. Decryption . . . . . . . . . . . . . . . . . . . . . 25 4.8.2. Decryption . . . . . . . . . . . . . . . . . . . . . 26
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
5.1. Security Context Identifiers . . . . . . . . . . . . . . 27 5.1. Security Context Identifiers . . . . . . . . . . . . . . 27
5.2. Integrity Scope Flags . . . . . . . . . . . . . . . . . . 27 5.2. Integrity Scope Flags . . . . . . . . . . . . . . . . . . 27
5.3. AAD Scope Flags . . . . . . . . . . . . . . . . . . . . . 28 5.3. AAD Scope Flags . . . . . . . . . . . . . . . . . . . . . 28
5.4. Guidance for Designated Experts . . . . . . . . . . . . . 29 5.4. Guidance for Designated Experts . . . . . . . . . . . . . 29
6. Security Considerations . . . . . . . . . . . . . . . . . . . 30 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
6.1. Key Management . . . . . . . . . . . . . . . . . . . . . 30 6.1. Key Management . . . . . . . . . . . . . . . . . . . . . 30
6.2. Key Handling . . . . . . . . . . . . . . . . . . . . . . 31 6.2. Key Handling . . . . . . . . . . . . . . . . . . . . . . 31
6.3. AES GCM . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3. AES GCM . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.4. AES Key Wrap . . . . . . . . . . . . . . . . . . . . . . 32 6.4. AES Key Wrap . . . . . . . . . . . . . . . . . . . . . . 32
6.5. Bundle Fragmentation . . . . . . . . . . . . . . . . . . 33 6.5. Bundle Fragmentation . . . . . . . . . . . . . . . . . . 32
7. Normative References . . . . . . . . . . . . . . . . . . . . 33 7. Normative References . . . . . . . . . . . . . . . . . . . . 33
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 35 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 34
A.1. Example 1: Simple Integrity . . . . . . . . . . . . . . . 35 A.1. Example 1: Simple Integrity . . . . . . . . . . . . . . . 35
A.1.1. Original Bundle . . . . . . . . . . . . . . . . . . . 35 A.1.1. Original Bundle . . . . . . . . . . . . . . . . . . . 35
A.1.2. Security Operation Overview . . . . . . . . . . . . . 37 A.1.2. Security Operation Overview . . . . . . . . . . . . . 37
A.1.3. Bundle Integrity Block . . . . . . . . . . . . . . . 38 A.1.3. Bundle Integrity Block . . . . . . . . . . . . . . . 38
A.1.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 39 A.1.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 39
A.2. Example 2: Simple Confidentiality with Key Wrap . . . . . 40 A.2. Example 2: Simple Confidentiality with Key Wrap . . . . . 39
A.2.1. Original Bundle . . . . . . . . . . . . . . . . . . . 40 A.2.1. Original Bundle . . . . . . . . . . . . . . . . . . . 39
A.2.2. Security Operation Overview . . . . . . . . . . . . . 41 A.2.2. Security Operation Overview . . . . . . . . . . . . . 40
A.2.3. Bundle Confidentiality Block . . . . . . . . . . . . 41 A.2.3. Bundle Confidentiality Block . . . . . . . . . . . . 41
A.2.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 43 A.2.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 43
A.3. Example 3: Security Blocks from Multiple Sources . . . . 43 A.3. Example 3: Security Blocks from Multiple Sources . . . . 43
A.3.1. Original Bundle . . . . . . . . . . . . . . . . . . . 43 A.3.1. Original Bundle . . . . . . . . . . . . . . . . . . . 43
A.3.2. Security Operation Overview . . . . . . . . . . . . . 45 A.3.2. Security Operation Overview . . . . . . . . . . . . . 45
A.3.3. Bundle Integrity Block . . . . . . . . . . . . . . . 46 A.3.3. Bundle Integrity Block . . . . . . . . . . . . . . . 45
A.3.4. Bundle Confidentiality Block . . . . . . . . . . . . 48 A.3.4. Bundle Confidentiality Block . . . . . . . . . . . . 47
A.3.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 49 A.3.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 49
A.4. Example 4: Security Blocks with Full Scope . . . . . . . 50 A.4. Example 4: Security Blocks with Full Scope . . . . . . . 49
A.4.1. Original Bundle . . . . . . . . . . . . . . . . . . . 50 A.4.1. Original Bundle . . . . . . . . . . . . . . . . . . . 49
A.4.2. Security Operation Overview . . . . . . . . . . . . . 51 A.4.2. Security Operation Overview . . . . . . . . . . . . . 50
A.4.3. Bundle Integrity Block . . . . . . . . . . . . . . . 51 A.4.3. Bundle Integrity Block . . . . . . . . . . . . . . . 51
A.4.4. Bundle Confidentiality Block . . . . . . . . . . . . 53 A.4.4. Bundle Confidentiality Block . . . . . . . . . . . . 52
A.4.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 55 A.4.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 55
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 55 Appendix B. CDDL Expression . . . . . . . . . . . . . . . . . . 55
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 56
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 56
1. Introduction 1. Introduction
The Bundle Protocol Security Protocol (BPSec) [I-D.ietf-dtn-bpsec] The Bundle Protocol Security Protocol (BPSec) [I-D.ietf-dtn-bpsec]
specification provides inter-bundle integrity and confidentiality specification provides inter-bundle integrity and confidentiality
operations for networks deploying the Bundle Protocol (BP) operations for networks deploying the Bundle Protocol (BP)
[I-D.ietf-dtn-bpbis]. BPSec defines BP extension blocks to carry [I-D.ietf-dtn-bpbis]. BPSec defines BP extension blocks to carry
security information produced under the auspices of some security security information produced under the auspices of some security
context. context.
skipping to change at page 7, line 14 skipping to change at page 7, line 14
3.3.1. SHA Variant 3.3.1. SHA Variant
This optional parameter identifies which variant of the SHA-2 This optional parameter identifies which variant of the SHA-2
algorithm is to be used in the generation of the authentication code. algorithm is to be used in the generation of the authentication code.
This value MUST be encoded as a CBOR unsigned integer. This value MUST be encoded as a CBOR unsigned integer.
Valid values for this parameter are as follows. Valid values for this parameter are as follows.
SHA Variant Parameter Values SHA Variant Parameter Values
+-------+-----------------------------------------------------------+ +=======+======================================+
| Value | Description | | Value | Description |
+-------+-----------------------------------------------------------+ +=======+======================================+
| 5 | HMAC 256/256 as defined in [RFC8152] Table 7: HMAC | | 5 | HMAC 256/256 as defined in [RFC8152] |
| | Algorithm Values | | | Table 7: HMAC Algorithm Values |
| 6 | HMAC 384/384 as defined in [RFC8152] Table 7: HMAC | +-------+--------------------------------------+
| | Algorithm Values | | 6 | HMAC 384/384 as defined in [RFC8152] |
| 7 | HMAC 512/512 as defined in [RFC8152] Table 7: HMAC | | | Table 7: HMAC Algorithm Values |
| | Algorithm Values | +-------+--------------------------------------+
+-------+-----------------------------------------------------------+ | 7 | HMAC 512/512 as defined in [RFC8152] |
| | Table 7: HMAC Algorithm Values |
+-------+--------------------------------------+
Table 1 Table 1
When not provided, implementations SHOULD assume a value of 6 When not provided, implementations SHOULD assume a value of 6
(indicating use of HMAC 384/384), unless an alternate default is (indicating use of HMAC 384/384), unless an alternate default is
established by local security policy at the security source, established by local security policy at the security source,
verifiers, or acceptor of this integrity service. verifiers, or acceptor of this integrity service.
3.3.2. Wrapped Key 3.3.2. Wrapped Key
This optional parameter contains the output of the AES key wrap This optional parameter contains the output of the AES key wrap
authenticated encryption function (KW-AE) as defined in [RFC5649]. authenticated encryption function (KW-AE) as defined in [RFC5649].
skipping to change at page 8, line 15 skipping to change at page 8, line 19
3.3.3. Integrity Scope Flags 3.3.3. Integrity Scope Flags
This optional parameter contains a series of flags that describe what This optional parameter contains a series of flags that describe what
information is to be included with the block-type-specific data when information is to be included with the block-type-specific data when
constructing the IPPT value. constructing the IPPT value.
This value MUST be represented as a CBOR unsigned integer, the value This value MUST be represented as a CBOR unsigned integer, the value
of which MUST be processed as a 16-bit field. The maximum value of of which MUST be processed as a 16-bit field. The maximum value of
this field, as a CBOR unsigned integer, MUST be 65535. this field, as a CBOR unsigned integer, MUST be 65535.
Integrity scope flags that are unrecognized MUST be ignored, as
future definitions of additional flags might not be integrated
simultaneously into security context implementations operating at all
nodes.
Implementations MUST set reserved and unassigned bits in this field Implementations MUST set reserved and unassigned bits in this field
to 0 when constructing these flags at a security source. Once set, to 0 when constructing these flags at a security source. Once set,
the value of this field MUST NOT be altered until the security the value of this field MUST NOT be altered until the security
service is completed at the security acceptor in the network and service is completed at the security acceptor in the network and
removed from the bundle. removed from the bundle.
Bits in this field represent additional information to be included Bits in this field represent additional information to be included
when generating an integrity signature over the security target. when generating an integrity signature over the security target.
These bits are defined as follows. These bits are defined as follows.
skipping to change at page 9, line 5 skipping to change at page 8, line 49
3.3.4. Enumerations 3.3.4. Enumerations
The BIB-HMAC-SHA2 security context parameters are listed in Table 2. The BIB-HMAC-SHA2 security context parameters are listed in Table 2.
In this table, the "Parm Id" column refers to the expected Parameter In this table, the "Parm Id" column refers to the expected Parameter
Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter
and Result Identification". and Result Identification".
If the default value column is empty, this indicates that the If the default value column is empty, this indicates that the
security parameter does not have a default value. security parameter does not have a default value.
BIB-HMAC-SHA2 Security Parameters BIB-HMAC-SHA2 Security Parameters
+---------+---------------------+-------------------+---------------+ +=========+=============+====================+===============+
| Parm Id | Parm Name | CBOR Encoding | Default Value | | Parm Id | Parm Name | CBOR Encoding Type | Default Value |
| | | Type | | +=========+=============+====================+===============+
+---------+---------------------+-------------------+---------------+ | 1 | SHA Variant | unsigned integer | 6 |
| 1 | SHA Variant | unsigned integer | 6 | +---------+-------------+--------------------+---------------+
| 2 | Wrapped Key | Byte String | | | 2 | Wrapped Key | Byte String | |
| 3 | Integrity Scope | unsigned integer | 7 | +---------+-------------+--------------------+---------------+
| | Flags | | | | 3 | Integrity | unsigned integer | 7 |
+---------+---------------------+-------------------+---------------+ | | Scope Flags | | |
+---------+-------------+--------------------+---------------+
Table 2 Table 2
3.4. Results 3.4. Results
The BIB-HMAC-SHA2 security context results are listed in Table 3. In The BIB-HMAC-SHA2 security context results are listed in Table 3. In
this table, the "Result Id" column refers to the expected Result this table, the "Result Id" column refers to the expected Result
Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter
and Result Identification". and Result Identification".
BIB-HMAC-SHA2 Security Results BIB-HMAC-SHA2 Security Results
+--------+----------+-------------+---------------------------------+ +========+==========+===============+======================+
| Result | Result | CBOR | Description | | Result | Result | CBOR Encoding | Description |
| Id | Name | Encoding | | | Id | Name | Type | |
| | | Type | | +========+==========+===============+======================+
+--------+----------+-------------+---------------------------------+ | 1 | Expected | byte string | The output of the |
| 1 | Expected | byte string | The output of the HMAC | | | HMAC | | HMAC calculation at |
| | HMAC | | calculation at the security | | | | | the security source. |
| | | | source. | +--------+----------+---------------+----------------------+
+--------+----------+-------------+---------------------------------+
Table 3 Table 3
3.5. Key Considerations 3.5. Key Considerations
HMAC keys used with this context MUST be symmetric and MUST have a HMAC keys used with this context MUST be symmetric and MUST have a
key length equal to the output of the HMAC. For this reason, HMAC key length equal to the output of the HMAC. For this reason, HMAC
key lengths will be integer divisible by 8 bytes and special padding- key lengths will be integer divisible by 8 bytes and special padding-
aware AES key wrap algorithms are not needed. aware AES key wrap algorithms are not needed.
It is assumed that any security verifier or security acceptor It is assumed that any security verifier or security acceptor
performing an integrity verification can determine the proper HMAC performing an integrity verification can determine the proper HMAC
skipping to change at page 17, line 5 skipping to change at page 17, line 5
4.3.2. AES Variant 4.3.2. AES Variant
This optional parameter identifies the AES variant being used for the This optional parameter identifies the AES variant being used for the
AES-GCM encryption, where the variant is identified by the length of AES-GCM encryption, where the variant is identified by the length of
key used. key used.
This value MUST be encoded as a CBOR unsigned integer. This value MUST be encoded as a CBOR unsigned integer.
Valid values for this parameter are as follows. Valid values for this parameter are as follows.
AES Variant Parameter Values AES Variant Parameter Values
+-------+-----------------------------------------------------------+ +=======+=======================================+
| Value | Description | | Value | Description |
+-------+-----------------------------------------------------------+ +=======+=======================================+
| 1 | A128GCM as defined in [RFC8152] Table 9: Algorithm Values | | 1 | A128GCM as defined in [RFC8152] |
| | for AES-GCM | | | Table 9: Algorithm Values for AES-GCM |
| 3 | A256GCM as defined in [RFC8152] Table 9: Algorithm Values | +-------+---------------------------------------+
| | for AES-GCM | | 3 | A256GCM as defined in [RFC8152] |
+-------+-----------------------------------------------------------+ | | Table 9: Algorithm Values for AES-GCM |
+-------+---------------------------------------+
Table 4
When not provided, implementations SHOULD assume a value of 3 When not provided, implementations SHOULD assume a value of 3
(indicating use of A256GCM), unless an alternate default is (indicating use of A256GCM), unless an alternate default is
established by local security policy at the security source, established by local security policy at the security source,
verifier, or acceptor of this integrity service. verifier, or acceptor of this integrity service.
Regardless of the variant, the generated authentication tag MUST Regardless of the variant, the generated authentication tag MUST
always be 128 bits. always be 128 bits.
4.3.3. Wrapped Key 4.3.3. Wrapped Key
skipping to change at page 18, line 5 skipping to change at page 18, line 9
4.3.4. AAD Scope Flags 4.3.4. AAD Scope Flags
This optional parameter contains a series of flags that describe what This optional parameter contains a series of flags that describe what
information is to be included with the block-type-specific data of information is to be included with the block-type-specific data of
the security target as part of additional authenticated data (AAD). the security target as part of additional authenticated data (AAD).
This value MUST be represented as a CBOR unsigned integer, the value This value MUST be represented as a CBOR unsigned integer, the value
of which MUST be processed as a 16-bit field. The maximum value of of which MUST be processed as a 16-bit field. The maximum value of
this field, as a CBOR unsigned integer, MUST be 65535. this field, as a CBOR unsigned integer, MUST be 65535.
AAD scope flags that are unrecognized MUST be ignored, as future
definitions of additional flags might not be integrated
simultaneously into security context implementations operating at all
nodes.
Implementations MUST set reserved and unassigned bits in this field Implementations MUST set reserved and unassigned bits in this field
to 0 when constructing these flags at a security source. Once set, to 0 when constructing these flags at a security source. Once set,
the value of this field MUST NOT be altered until the security the value of this field MUST NOT be altered until the security
service is completed at the security acceptor in the network and service is completed at the security acceptor in the network and
removed from the bundle. removed from the bundle.
Bits in this field represent additional information to be included Bits in this field represent additional information to be included
when generating an integrity signature over the security target. when generating an integrity signature over the security target.
These bits are defined as follows. These bits are defined as follows.
skipping to change at page 18, line 32 skipping to change at page 18, line 31
- Bit 1 (0x0002): Target Header Flag. - Bit 1 (0x0002): Target Header Flag.
- Bit 2 (0x0004): Security Header Flag. - Bit 2 (0x0004): Security Header Flag.
- Bits 3-7 are reserved. - Bits 3-7 are reserved.
- Bits 8-15 are unassigned. - Bits 8-15 are unassigned.
4.3.5. Enumerations 4.3.5. Enumerations
The BCB-AES-GCM security context parameters are listed in Table 4. The BCB-AES-GCM security context parameters are listed in Table 5.
In this table, the "Parm Id" column refers to the expected Parameter In this table, the "Parm Id" column refers to the expected Parameter
Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter
and Result Identification". and Result Identification".
If the default value column is empty, this indicates that the If the default value column is empty, this indicates that the
security parameter does not have a default value. security parameter does not have a default value.
BCB-AES-GCM Security Parameters BCB-AES-GCM Security Parameters
+---------+----------------------+------------------+---------------+ +=========+================+====================+===============+
| Parm Id | Parm Name | CBOR Encoding | Default Value | | Parm Id | Parm Name | CBOR Encoding Type | Default Value |
| | | Type | | +=========+================+====================+===============+
+---------+----------------------+------------------+---------------+ | 1 | Initialization | Byte String | |
| 1 | Initialization | Byte String | | | | Vector | | |
| | Vector | | | +---------+----------------+--------------------+---------------+
| 2 | AES Variant | Unsigned Integer | 3 | | 2 | AES Variant | Unsigned Integer | 3 |
| 3 | Wrapped Key | Byte String | | +---------+----------------+--------------------+---------------+
| 4 | AAD Scope Flags | Unsigned Integer | 7 | | 3 | Wrapped Key | Byte String | |
+---------+----------------------+------------------+---------------+ +---------+----------------+--------------------+---------------+
| 4 | AAD Scope | Unsigned Integer | 7 |
| | Flags | | |
+---------+----------------+--------------------+---------------+
Table 4 Table 5
4.4. Results 4.4. Results
The BCB-AES-GCM security context produces a single security result The BCB-AES-GCM security context produces a single security result
carried in the security block: the authentication tag. carried in the security block: the authentication tag.
NOTES: NOTES:
The cipher text generated by the cipher suite is not considered a * The cipher text generated by the cipher suite is not considered a
security result as it is stored in the block-type-specific data security result as it is stored in the block-type-specific data
field of the security target block. When operating in GCM mode, field of the security target block. When operating in GCM mode,
AES produces cipher text of the same size as its plain text and, AES produces cipher text of the same size as its plain text and,
therefore, no additional logic is required to handle padding or therefore, no additional logic is required to handle padding or
overflow caused by the encryption in most cases (see below). overflow caused by the encryption in most cases (see below).
If the authentication tag can be separated from the cipher text, * If the authentication tag can be separated from the cipher text,
then the tag MAY be separated and stored in the authentication tag then the tag MAY be separated and stored in the authentication tag
security result field. Otherwise, the security target block MUST security result field. Otherwise, the security target block MUST
be resized to accommodate the additional 128 bits of be resized to accommodate the additional 128 bits of
authentication tag included with the generated cipher text authentication tag included with the generated cipher text
replacing the block-type-specific-data field of the security replacing the block-type-specific-data field of the security
target block. target block.
4.4.1. Authentication Tag 4.4.1. Authentication Tag
The authentication tag is generated by the cipher suite over the The authentication tag is generated by the cipher suite over the
skipping to change at page 20, line 14 skipping to change at page 20, line 7
security result MUST NOT be included in the BCB for that security security result MUST NOT be included in the BCB for that security
target. target.
The length of the authentication tag, prior to any CBOR encoding, The length of the authentication tag, prior to any CBOR encoding,
MUST be 128 bits. MUST be 128 bits.
This value MUST be encoded as a CBOR byte string. This value MUST be encoded as a CBOR byte string.
4.4.2. Enumerations 4.4.2. Enumerations
The BCB-AES-GCM security context results are listed in Table 5. In The BCB-AES-GCM security context results are listed in Table 6. In
this table, the "Result Id" column refers to the expected Result this table, the "Result Id" column refers to the expected Result
Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter Identifier described in [I-D.ietf-dtn-bpsec], Section 3.10 "Parameter
and Result Identification". and Result Identification".
BCB-AES-GCM Security Results BCB-AES-GCM Security Results
+-----------+--------------------+--------------------+ +===========+====================+====================+
| Result Id | Result Name | CBOR Encoding Type | | Result Id | Result Name | CBOR Encoding Type |
+-----------+--------------------+--------------------+ +===========+====================+====================+
| 1 | Authentication Tag | Byte String | | 1 | Authentication Tag | Byte String |
+-----------+--------------------+--------------------+ +-----------+--------------------+--------------------+
Table 5 Table 6
4.5. Key Considerations 4.5. Key Considerations
Keys used with this context MUST be symmetric and MUST have a key Keys used with this context MUST be symmetric and MUST have a key
length equal to the key length defined in the security context length equal to the key length defined in the security context
parameters or as defined by local security policy at security parameters or as defined by local security policy at security
verifiers and acceptors. For this reason, content-encrypting key verifiers and acceptors. For this reason, content-encrypting key
lengths will be integer divisible by 8 bytes and special padding- lengths will be integer divisible by 8 bytes and special padding-
aware AES key wrap algorithms are not needed. aware AES key wrap algorithms are not needed.
skipping to change at page 21, line 6 skipping to change at page 20, line 47
Keys extracted from material carried in the BCB. Keys extracted from material carried in the BCB.
Session keys negotiated via a mechanism external to the BCB. Session keys negotiated via a mechanism external to the BCB.
When an AES-KW wrapped key is present in a security block, it is When an AES-KW wrapped key is present in a security block, it is
assumed that security verifiers and security acceptors can assumed that security verifiers and security acceptors can
independently determine the key encryption key (KEK) used in the independently determine the key encryption key (KEK) used in the
wrapping of the symmetric AES content-encrypting key. wrapping of the symmetric AES content-encrypting key.
The security provided by block ciphers is reduced as more data is The security provided by block ciphers is reduced as more data is
processed with the same key. The total number of blocks processed processed with the same key. The total number of AES blocks
with a single key for AES-GCM is recommended to be less than 2^64, as processed with a single key for AES-GCM is recommended to be less
described in Appendix B of [AES-GCM]. than 2^64, as described in Appendix B of [AES-GCM].
Additionally, there exist limits on the number of encryptions that Additionally, there exist limits on the number of encryptions that
can be performed with the same key. The total number of invocations can be performed with the same key. The total number of invocations
of the authenticated encryption function with a single key for AES- of the authenticated encryption function with a single key for AES-
GCM is required to not exceed 2^32, as described in Section 8.3 of GCM is required to not exceed 2^32, as described in Section 8.3 of
[AES-GCM]. [AES-GCM].
As discussed in Section 6 and emphasized here, it is strongly As discussed in Section 6 and emphasized here, it is strongly
recommended that keys be protected once generated, both when they are recommended that keys be protected once generated, both when they are
stored and when they are transmitted. stored and when they are transmitted.
skipping to change at page 21, line 33 skipping to change at page 21, line 28
be followed by implementers for the secure function of the BCB-AES- be followed by implementers for the secure function of the BCB-AES-
GCM security context. While these requirements are well documented GCM security context. While these requirements are well documented
in [AES-GCM], some of them are repeated here for emphasis. in [AES-GCM], some of them are repeated here for emphasis.
With the exception of the AES-KW function, the IVs used by the With the exception of the AES-KW function, the IVs used by the
BCB-AES-GCM security context are considered to be per-invocation BCB-AES-GCM security context are considered to be per-invocation
IVs. The pairing of a per-invocation IV and a security key MUST IVs. The pairing of a per-invocation IV and a security key MUST
be unique. A per-invocation IV MUST NOT be used with a security be unique. A per-invocation IV MUST NOT be used with a security
key more than one time. If a per-invocation IV and key pair are key more than one time. If a per-invocation IV and key pair are
repeated then the GCM implementation is vulnerable to forgery repeated then the GCM implementation is vulnerable to forgery
attacks. More information regarding the importance of the attacks. Because the loss of integrity protection occurs with
uniqueness of the IV value can be found in Appendix A of even a single reuse, this situation is often considered to have
[AES-GCM]. catastrophic security consequences. More information regarding
the importance of the uniqueness of the IV value can be found in
Appendix A of [AES-GCM].
Methods of generating unique IV values are provided in Chapter 8
of [AES-GCM]. For example, one method decomposes the IV value
into a fixed field and an invocation field. The fixed field being
a constant value associated with a device and the invocation field
changing on each invocation (such as by incrementing an integer
counter). Implementers SHOULD carefully read all relevant
sections of [AES-GCM] when generating any mechanism to create
unique IVs.
The AES-KW function used to wrap keys for the security contexts in The AES-KW function used to wrap keys for the security contexts in
this document uses a single, globally constant IV input to the AES this document uses a single, globally constant IV input to the AES
cipher operation and, thus, is distinct from the aforementioned cipher operation and, thus, is distinct from the aforementioned
requirement related to per-invocation IVs. requirement related to per-invocation IVs.
While any tag-based authentication mechanism has some likelihood While any tag-based authentication mechanism has some likelihood
of being forged, this probability is increased when using AES-GCM. of being forged, this probability is increased when using AES-GCM.
In particular, short tag lengths combined with very long messages In particular, short tag lengths combined with very long messages
SHOULD be avoided when using this mode. The BCB-AES-GCM security SHOULD be avoided when using this mode. The BCB-AES-GCM security
skipping to change at page 22, line 35 skipping to change at page 22, line 47
the canonical forms for extension blocks defined in the canonical forms for extension blocks defined in
[I-D.ietf-dtn-bpbis] but resolve ambiguities related to how values [I-D.ietf-dtn-bpbis] but resolve ambiguities related to how values
are represented in CBOR. are represented in CBOR.
4.7.1. Cipher text related calculations 4.7.1. Cipher text related calculations
The BCB operates over the block-type-specific data of a block, but The BCB operates over the block-type-specific data of a block, but
the BP always encodes these data within a single, definite-length the BP always encodes these data within a single, definite-length
CBOR byte string. Therefore, the plain text used during encryption CBOR byte string. Therefore, the plain text used during encryption
MUST be calculated as the value of the block-type-specific data field MUST be calculated as the value of the block-type-specific data field
of the security target excluding any CBOR encoding. of the security target excluding the BP CBOR encoding.
Consider the following two CBOR encoded examples and the plain text Consider the following two CBOR encoded examples and the plain text
that would be extracted from them. The first example is an unsigned that would be extracted from them. The first example is an unsigned
integer, while the second is a byte string. integer, while the second is a byte string.
CBOR Plain Text Extraction Examples CBOR Plain Text Extraction Examples
+------------------------------+---------+--------------------------+ +==============================+=======+==========================+
| CBOR Encoding (Hex) | CBOR | Plain Text Part (Hex) | | CBOR Encoding (Hex) | CBOR | Plain Text Part (Hex) |
| | Part | | | | Part | |
| | (Hex) | | | | (Hex) | |
+------------------------------+---------+--------------------------+ +==============================+=======+==========================+
| 18ED | 18 | ED | | 18ED | 18 | ED |
+------------------------------+---------+--------------------------+ +------------------------------+-------+--------------------------+
| C24CDEADBEEFDEADBEEFDEADBEEF | C24C | DEADBEEFDEADBEEFDEADBEEF | | C24CDEADBEEFDEADBEEFDEADBEEF | C24C | DEADBEEFDEADBEEFDEADBEEF |
+------------------------------+---------+--------------------------+ +------------------------------+-------+--------------------------+
Table 6 Table 7
Similarly, the cipher text used during decryption MUST be calculated Similarly, the cipher text used during decryption MUST be calculated
as the single, definite-length CBOR byte string representing the as the single, definite-length CBOR byte string representing the
block-type-specific data field excluding the CBOR byte string block-type-specific data field excluding the CBOR byte string
identifying byte and optional CBOR byte string length field. identifying byte and optional CBOR byte string length field.
All other fields of the security target (such as the block type code, All other fields of the security target (such as the block type code,
block number, block processing control flags, or any CRC information) block number, block processing control flags, or any CRC information)
MUST NOT be considered as part of encryption or decryption. MUST NOT be considered as part of encryption or decryption.
skipping to change at page 26, line 30 skipping to change at page 26, line 36
The security target cipher text for decryption MUST be generated The security target cipher text for decryption MUST be generated
as discussed in Section 4.7.1. as discussed in Section 4.7.1.
Additional authenticated data MUST be generated as discussed in Additional authenticated data MUST be generated as discussed in
Section 4.7.2 with the value of AAD scope flags being taken from Section 4.7.2 with the value of AAD scope flags being taken from
the AAD scope flags security context parameter. If the AAD scope the AAD scope flags security context parameter. If the AAD scope
flags parameter is not included in the security context parameters flags parameter is not included in the security context parameters
then these flags MAY be derived from local security policy in then these flags MAY be derived from local security policy in
cases where the set of such flags is determinable in the network. cases where the set of such flags is determinable in the network.
The authentication tag MUST be present in the BCB security context The authentication tag MUST be present either as a security result
parameters field. This tag MUST be 128 bits in length. in the BCB representing the security operation or (with the cipher
text) in the security target block-type-specific data field.
Upon successful decryption the following actions MUST occur. Upon successful decryption the following actions MUST occur.
The plain text produced by AES/GCM MUST replace the bytes used to The plain text produced by AES/GCM MUST replace the bytes used to
define the cipher text in the security target block's block-type- define the cipher text in the security target block's block-type-
specific data field. Any changes to the security target block specific data field. Any changes to the security target block
length field MUST be corrected in cases where the plain text has a length field MUST be corrected in cases where the plain text has a
different length than the replaced cipher text. different length than the replaced cipher text.
If the security acceptor is not the bundle destination and if no If the security acceptor is not the bundle destination and if no
skipping to change at page 27, line 13 skipping to change at page 27, line 25
with local security policy. with local security policy.
5. IANA Considerations 5. IANA Considerations
5.1. Security Context Identifiers 5.1. Security Context Identifiers
This specification allocates two security context identifiers from This specification allocates two security context identifiers from
the "BPSec Security Context Identifiers" registry defined in the "BPSec Security Context Identifiers" registry defined in
[I-D.ietf-dtn-bpsec]. [I-D.ietf-dtn-bpsec].
Additional Entries for the BPSec Security Context Identifiers Additional Entries for the BPSec Security Context Identifiers
Registry: Registry:
+-------+---------------+---------------+ +=======+===============+===============+
| Value | Description | Reference | | Value | Description | Reference |
+-------+---------------+---------------+ +=======+===============+===============+
| TBA | BIB-HMAC-SHA2 | This document | | TBA | BIB-HMAC-SHA2 | This document |
+-------+---------------+---------------+
| TBA | BCB-AES-GCM | This document | | TBA | BCB-AES-GCM | This document |
+-------+---------------+---------------+ +-------+---------------+---------------+
Table 7 Table 8
5.2. Integrity Scope Flags 5.2. Integrity Scope Flags
The BIB-HMAC-SHA2 security context has an Integrity Scope Flags field The BIB-HMAC-SHA2 security context has an Integrity Scope Flags field
for which IANA is requested to create and maintain a new registry for which IANA is requested to create and maintain a new registry
named "BPSec BIB-HMAC-SHA2 Integrity Scope Flags" on the Bundle named "BPSec BIB-HMAC-SHA2 Integrity Scope Flags" on the Bundle
Protocol registry page. Initial values for this registry are given Protocol registry page. Initial values for this registry are given
below. below.
The registration policy for this registry is: Specification Required. The registration policy for this registry is: Specification Required.
The value range is unsigned 16-bit integer. The value range is unsigned 16-bit integer.
BPSec BIB-HMAC-SHA2 Integrity Scope Flags Registry BPSec BIB-HMAC-SHA2 Integrity Scope Flags Registry
+-------------------------+--------------------------+--------------+ +==============================+=======================+===========+
| Bit Position (right to | Description | Reference | | Bit Position (right to left) | Description | Reference |
| left) | | | +==============================+=======================+===========+
+-------------------------+--------------------------+--------------+ | 0 | Include primary block | This |
| 0 | Include primary block | This | | | | document |
| | | document | +------------------------------+-----------------------+-----------+
| 1 | Include target header | This | | 1 | Include target header | This |
| | flag | document | | | flag | document |
| 2 | Include security header | This | +------------------------------+-----------------------+-----------+
| | flag | document | | 2 | Include security | This |
| 3-7 | reserved | This | | | header flag | document |
| | | document | +------------------------------+-----------------------+-----------+
| 8-15 | unassigned | This | | 3-7 | reserved | This |
| | | document | | | | document |
+-------------------------+--------------------------+--------------+ +------------------------------+-----------------------+-----------+
| 8-15 | unassigned | This |
| | | document |
+------------------------------+-----------------------+-----------+
Table 8 Table 9
5.3. AAD Scope Flags 5.3. AAD Scope Flags
The BCB-AES-GCM security context has an AAD Scope Flags field for The BCB-AES-GCM security context has an AAD Scope Flags field for
which IANA is requested to create and maintain a new registry named which IANA is requested to create and maintain a new registry named
"BPSec BCB-AES-GCM AAD Scope Flags" on the Bundle Protocol registry "BPSec BCB-AES-GCM AAD Scope Flags" on the Bundle Protocol registry
page. Initial values for this registry are given below. page. Initial values for this registry are given below.
The registration policy for this registry is: Specification Required. The registration policy for this registry is: Specification Required.
The value range is unsigned 16-bit integer. The value range is unsigned 16-bit integer.
BPSec BCB-AES-GCM AAD Scope Flags Registry BPSec BCB-AES-GCM AAD Scope Flags Registry
+-------------------------+--------------------------+--------------+ +==============================+=======================+===========+
| Bit Position (right to | Description | Reference | | Bit Position (right to left) | Description | Reference |
| left) | | | +==============================+=======================+===========+
+-------------------------+--------------------------+--------------+ | 0 | Include primary block | This |
| 0 | Include primary block | This | | | | document |
| | | document | +------------------------------+-----------------------+-----------+
| 1 | Include target header | This | | 1 | Include target header | This |
| | flag | document | | | flag | document |
| 2 | Include security header | This | +------------------------------+-----------------------+-----------+
| | flag | document | | 2 | Include security | This |
| 3-7 | reserved | This | | | header flag | document |
| | | document | +------------------------------+-----------------------+-----------+
| 8-15 | unassigned | This | | 3-7 | reserved | This |
| | | document | | | | document |
+-------------------------+--------------------------+--------------+ +------------------------------+-----------------------+-----------+
| 8-15 | unassigned | This |
| | | document |
+------------------------------+-----------------------+-----------+
Table 9 Table 10
5.4. Guidance for Designated Experts 5.4. Guidance for Designated Experts
New assignments within the BIB-HMAC-SHA2 Integrity Scope Flags New assignments within the BIB-HMAC-SHA2 Integrity Scope Flags
Registry and the BCB-AES-GCM AAD Scope Flags Registry require review Registry and the BCB-AES-GCM AAD Scope Flags Registry require review
by a Designated Expert (DE). This section provides guidance to the by a Designated Expert (DE). This section provides guidance to the
DE when performing their reviews. Specifically, a DE is expected to DE when performing their reviews. Specifically, a DE is expected to
perform the following activities. perform the following activities.
o Ascertain the existence of suitable documentation (a * Ascertain the existence of suitable documentation (a
specification) as described in [RFC8126] and to verify that the specification) as described in [RFC8126] and to verify that the
document is permanently and publicly available. document is permanently and publicly available.
o Ensure that any changes to the Integrity Scope Flags clearly state * Ensure that any changes to the Integrity Scope Flags clearly state
how new assignments interact with existing flags and how the how new assignments interact with existing flags and how the
inclusion of new assignments affects the construction of the IPPT inclusion of new assignments affects the construction of the IPPT
value. value.
o Ensure that any changes to the AAD Scope Flags clearly state how * Ensure that any changes to the AAD Scope Flags clearly state how
new assignments interact with existing flags and how the inclusion new assignments interact with existing flags and how the inclusion
of new assignments affects the construction of the AAD input to of new assignments affects the construction of the AAD input to
the BCB-AES-GCM mechanism. the BCB-AES-GCM mechanism.
o Ensure that any processing changes proposed with new assignments * Ensure that any processing changes proposed with new assignments
do not alter any required behavior in this specification. do not alter any required behavior in this specification.
o Verify that any specification produced in the IETF has been made
available for review by the DTN working group and that any
specification produced outside of the IETF does not conflict with
work that is active or already published within the IETF.
6. Security Considerations 6. Security Considerations
Security considerations specific to a single security context are Security considerations specific to a single security context are
provided in the description of that context. This section discusses provided in the description of that context. This section discusses
security considerations that should be evaluated by implementers of security considerations that should be evaluated by implementers of
any security context described in this document. Considerations can any security context described in this document. Considerations can
also be found in documents listed as normative references and they also be found in documents listed as normative references and they
should also be reviewed by security context implementors. should also be reviewed by security context implementors.
6.1. Key Management 6.1. Key Management
skipping to change at page 33, line 49 skipping to change at page 33, line 33
encapsulating the bundle first and then fragmenting the encapsulating encapsulating the bundle first and then fragmenting the encapsulating
bundle. bundle.
7. Normative References 7. Normative References
[AES-GCM] Dworkin, M., "NIST Special Publication 800-38D: [AES-GCM] Dworkin, M., "NIST Special Publication 800-38D:
Recommendation for Block Cipher Modes of Operation: Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC.", November 2007. Galois/Counter Mode (GCM) and GMAC.", November 2007.
[I-D.ietf-dtn-bpbis] [I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol Burleigh, S., Fall, K., and E. J. Birrane, "Bundle
Version 7", draft-ietf-dtn-bpbis-31 (work in progress), Protocol Version 7", Work in Progress, Internet-Draft,
January 2021. draft-ietf-dtn-bpbis-31, 25 January 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-dtn-
bpbis-31>.
[I-D.ietf-dtn-bpsec] [I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security III, E. J. B. and K. McKeever, "Bundle Protocol Security
Specification", draft-ietf-dtn-bpsec-27 (work in Specification", Work in Progress, Internet-Draft, draft-
progress), February 2021. ietf-dtn-bpsec-27, 16 February 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-dtn-
bpsec-27>.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>. <https://www.rfc-editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 36, line 40 skipping to change at page 36, line 30
7, / BP version / 7, / BP version /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
[2, [1,2]], / destination (ipn:1.2) / [2, [1,2]], / destination (ipn:1.2) /
[2, [2,1]], / source (ipn:2.1) / [2, [2,1]], / source (ipn:2.1) /
[2, [2,1]], / report-to (ipn:2.1) / [2, [2,1]], / report-to (ipn:2.1) /
[0, 40], / timestamp / [0, 40], / timestamp /
1000000 / lifetime / 1000000 / lifetime /
] ]
Figure 2: Primary Block (CBOR Diagnostic Notation) Figure 2: Primary Block (CBOR Diagnostic Notation)
The CBOR encoding of the primary block is The CBOR encoding of the primary block is
0x88070000820282010282028202018202820201820018281a000f4240. 0x88070000820282010282028202018202820201820018281a000f4240.
A.1.1.2. Payload Block A.1.1.2. Payload Block
Other than its use as a source of plaintext for security blocks, the Other than its use as a source of plaintext for security blocks, the
payload has no required distinguishing characteristic for the purpose payload has no required distinguishing characteristic for the purpose
of this example. The sample payload is a 32 byte string whose value of this example. The sample payload is a 32 byte string whose value
is "Ready Generate a 32 byte payload". is "Ready Generate a 32 byte payload".
skipping to change at page 37, line 22 skipping to change at page 37, line 14
[ [
1, / type code: Payload block / 1, / type code: Payload block /
1, / block number / 1, / block number /
0, / block processing flags / 0, / block processing flags /
0, / CRC Type / 0, / CRC Type /
h'52656164792047656e65726174652061 / type-specific-data: payload / h'52656164792047656e65726174652061 / type-specific-data: payload /
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
] ]
Payload Block (CBOR Diagnostic Notation) Figure 3: Payload Block (CBOR Diagnostic Notation)
The CBOR encoding of the payload block is 0x8501010000582052656164792 The CBOR encoding of the payload block is 0x8501010000582052656164792
047656e657261746520612033322062797465207061796c6f6164. 047656e657261746520612033322062797465207061796c6f6164.
A.1.1.3. Bundle CBOR Representation A.1.1.3. Bundle CBOR Representation
A BPv7 bundle is represented as an indefinite-length array consisting A BPv7 bundle is represented as an indefinite-length array consisting
of the blocks comprising the bundle, with a terminator character at of the blocks comprising the bundle, with a terminator character at
the end. the end.
skipping to change at page 38, line 16 skipping to change at page 37, line 49
in Bundle Type Number in Bundle Type Number
+========================================+=======+========+ +========================================+=======+========+
| Primary Block | N/A | 0 | | Primary Block | N/A | 0 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Bundle Integrity Block | 11 | 2 | | Bundle Integrity Block | 11 | 2 |
| OP(bib-integrity, target=1) | | | | OP(bib-integrity, target=1) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block | 1 | 1 | | Payload Block | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 3: Example 1 Resulting Bundle Figure 4: Example 1 Resulting Bundle
A.1.3. Bundle Integrity Block A.1.3. Bundle Integrity Block
In this example, a BIB is used to carry an integrity signature over In this example, a BIB is used to carry an integrity signature over
the payload block. the payload block.
A.1.3.1. Configuration, Parameters, and Results A.1.3.1. Configuration, Parameters, and Results
For this example, the following configuration and security parameters For this example, the following configuration and security parameters
are used to generate the security results indicated. are used to generate the security results indicated.
skipping to change at page 38, line 41 skipping to change at page 38, line 28
Key : h'1a2b1a2b1a2b1a2b1a2b1a2b1a2b1a2b' Key : h'1a2b1a2b1a2b1a2b1a2b1a2b1a2b1a2b'
SHA Variant : HMAC 512/512 SHA Variant : HMAC 512/512
Scope Flags : 0x00 Scope Flags : 0x00
Payload Data: h'52656164792047656e65726174652061 Payload Data: h'52656164792047656e65726174652061
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
Signature : h'0654d65992803252210e377d66d0a8dc Signature : h'0654d65992803252210e377d66d0a8dc
18a1e8a392269125ae9ac198a9a598be 18a1e8a392269125ae9ac198a9a598be
4b83d5daa8be2f2d16769ec1c30cfc34 4b83d5daa8be2f2d16769ec1c30cfc34
8e2205fba4b3be2b219074fdd5ea8ef0' 8e2205fba4b3be2b219074fdd5ea8ef0'
Figure 4: Example 1: Configuration, Parameters, and Results Figure 5: Example 1: Configuration, Parameters, and Results
A.1.3.2. Abstract Security Block A.1.3.2. Abstract Security Block
The abstract security block structure of the BIB's block-type- The abstract security block structure of the BIB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[1], / Security Target - Payload block / [1], / Security Target - Payload block /
1, / Security Context ID - BIB-HMAC-SHA2 / 1, / Security Context ID - BIB-HMAC-SHA2 /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
[ / Security Parameters - 2 Parameters / [ / Security Parameters - 2 Parameters /
[1, 7], / SHA Variant - HMAC 512/512 / [1, 7], / SHA Variant - HMAC 512/512 /
[3, 0x00] / Scope Flags - No Additional Scope / [3, 0x00] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'0654d65992803252210e377d66d0a8dc18a1e8a392269125ae9ac198a9a598b [1, h'0654d65992803252210e377d66d0a8dc18a1e8a392269125ae9ac198a9a598b
e4b83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2b219074fdd5ea8ef0'] e4b83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2b219074fdd5ea8ef0']
] ]
Figure 5: Example 1: BIB Abstract Security Block (CBOR Diagnostic Figure 6: Example 1: BIB Abstract Security Block (CBOR Diagnostic
Notation) Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x810101018202820201828201078203008182015 abstract security block) is 0x810101018202820201828201078203008182015
8400654d65992803252210e377d66d0a8dc18a1e8a392269125ae9ac198a9a598be4b 8400654d65992803252210e377d66d0a8dc18a1e8a392269125ae9ac198a9a598be4b
83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2b219074fdd5ea8ef0. 83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2b219074fdd5ea8ef0.
A.1.3.3. Representations A.1.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
[ [
11, / type code / 11, / type code /
2, / block number / 2, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'8101010182028202018282010782030081820158400654d65992803252210e377d66 h'8101010182028202018282010782030081820158400654d65992803252210e377d66
d0a8dc18a1e8a392269125ae9ac198a9a598be4b83d5daa8be2f2d16769ec1c30cfc34 d0a8dc18a1e8a392269125ae9ac198a9a598be4b83d5daa8be2f2d16769ec1c30cfc34
8e2205fba4b3be2b219074fdd5ea8ef0', 8e2205fba4b3be2b219074fdd5ea8ef0',
] ]
Figure 6: Example 1: BIB (CBOR Diagnostic Notation) Figure 7: Example 1: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b0200005855810101018202820 The CBOR encoding of the BIB block is 0x850b0200005855810101018202820
2018282010782030081820158400654d65992803252210e377d66d0a8dc18a1e8a392 2018282010782030081820158400654d65992803252210e377d66d0a8dc18a1e8a392
269125ae9ac198a9a598be4b83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2 269125ae9ac198a9a598be4b83d5daa8be2f2d16769ec1c30cfc348e2205fba4b3be2
b219074fdd5ea8ef0. b219074fdd5ea8ef0.
A.1.4. Final Bundle A.1.4. Final Bundle
The CBOR encoding of the full output bundle, with the BIB: 0x9f880700 The CBOR encoding of the full output bundle, with the BIB: 0x9f880700
00820282010282028202018202820201820018281a000f4240850b020000585581010 00820282010282028202018202820201820018281a000f4240850b020000585581010
skipping to change at page 40, line 27 skipping to change at page 40, line 13
been added. been added.
Block Block Block Block Block Block
in Bundle Type Number in Bundle Type Number
+========================================+=======+========+ +========================================+=======+========+
| Primary Block | N/A | 0 | | Primary Block | N/A | 0 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block | 1 | 1 | | Payload Block | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 7: Example 2 Original Bundle Figure 8: Example 2 Original Bundle
A.2.1.1. Primary Block A.2.1.1. Primary Block
The primary block used in this example is identical to the primary The primary block used in this example is identical to the primary
block presented in Example 1 Appendix A.1.1.1. block presented in Example 1 Appendix A.1.1.1.
In summary, the CBOR encoding of the primary block is In summary, the CBOR encoding of the primary block is
0x88070000820282010282028202018202820201820018281a000f4240. 0x88070000820282010282028202018202820201820018281a000f4240.
A.2.1.2. Payload Block A.2.1.2. Payload Block
skipping to change at page 41, line 29 skipping to change at page 41, line 16
in Bundle Type Number in Bundle Type Number
+========================================+=======+========+ +========================================+=======+========+
| Primary Block | N/A | 0 | | Primary Block | N/A | 0 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Bundle Confidentiality Block | 12 | 2 | | Bundle Confidentiality Block | 12 | 2 |
| OP(bcb-confidentiality, target=1) | | | | OP(bcb-confidentiality, target=1) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block (Encrypted) | 1 | 1 | | Payload Block (Encrypted) | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 8: Example 2 Resulting Bundle Figure 9: Example 2 Resulting Bundle
A.2.3. Bundle Confidentiality Block A.2.3. Bundle Confidentiality Block
In this example, a BCB is used to encrypt the payload block and uses In this example, a BCB is used to encrypt the payload block and uses
AES key wrap to transmit the symmetric key. AES key wrap to transmit the symmetric key.
A.2.3.1. Configuration, Parameters, and Results A.2.3.1. Configuration, Parameters, and Results
For this example, the following configuration and security parameters For this example, the following configuration and security parameters
are used to generate the security results indicated. are used to generate the security results indicated.
skipping to change at page 42, line 19 skipping to change at page 41, line 47
AES Variant: A128GCM AES Variant: A128GCM
AES Wrapped Key: h'69c411276fecddc4780df42c8a2af892 AES Wrapped Key: h'69c411276fecddc4780df42c8a2af892
96fabf34d7fae700' 96fabf34d7fae700'
Scope Flags: 0x00 Scope Flags: 0x00
Payload Data: h'52656164792047656e65726174652061 Payload Data: h'52656164792047656e65726174652061
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
Authentication Tag: h'da08f4d8936024ad7c6b3b800e73dd97' Authentication Tag: h'da08f4d8936024ad7c6b3b800e73dd97'
Payload Ciphertext: h'3a09c1e63fe2097528a78b7c12943354 Payload Ciphertext: h'3a09c1e63fe2097528a78b7c12943354
a563e32648b700c2784e26a990d91f9d' a563e32648b700c2784e26a990d91f9d'
Figure 9: Example 2: Configuration, Parameters, and Results Figure 10: Example 2: Configuration, Parameters, and Results
A.2.3.2. Abstract Security Block A.2.3.2. Abstract Security Block
The abstract security block structure of the BCB's block-type- The abstract security block structure of the BCB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[1], / Security Target - Payload block / [1], / Security Target - Payload block /
2, / Security Context ID - BCB-AES-GCM / 2, / Security Context ID - BCB-AES-GCM /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
skipping to change at page 42, line 41 skipping to change at page 42, line 25
[1, h'5477656c7665313231323132'], / Initialization Vector / [1, h'5477656c7665313231323132'], / Initialization Vector /
[2, 1], / AES Variant - A128GCM / [2, 1], / AES Variant - A128GCM /
[3, h'69c411276fecddc4780df42c8a / AES wrapped key / [3, h'69c411276fecddc4780df42c8a / AES wrapped key /
2af89296fabf34d7fae700'], 2af89296fabf34d7fae700'],
[4, 0x00] / Scope Flags - No extra scope/ [4, 0x00] / Scope Flags - No extra scope/
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'da08f4d8936024ad7c6b3b800e73dd97'] / Payload Auth. Tag / [1, h'da08f4d8936024ad7c6b3b800e73dd97'] / Payload Auth. Tag /
] ]
Figure 10: Example 2: BCB Abstract Security Block (CBOR Diagnostic Figure 11: Example 2: BCB Abstract Security Block (CBOR
Notation) Diagnostic Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x8101020182028202018482014c5477656c76653 abstract security block) is 0x8101020182028202018482014c5477656c76653
132313231328202018203581869c411276fecddc4780df42c8a2af89296fabf34d7fa 132313231328202018203581869c411276fecddc4780df42c8a2af89296fabf34d7fa
e70082040081820150da08f4d8936024ad7c6b3b800e73dd97. e70082040081820150da08f4d8936024ad7c6b3b800e73dd97.
A.2.3.3. Representations A.2.3.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
2, / block number / 2, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'8101020182028202018482014c5477656c766531323132313282020182035818 h'8101020182028202018482014c5477656c766531323132313282020182035818
69c411276fecddc4780df42c8a2af89296fabf34d7fae70082040081820150da 69c411276fecddc4780df42c8a2af89296fabf34d7fae70082040081820150da
08f4d8936024ad7c6b3b800e73dd97' 08f4d8936024ad7c6b3b800e73dd97'
] ]
Figure 11: Example 2: BCB (CBOR Diagnostic Notation) Figure 12: Example 2: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c020100584f810102018202820 The CBOR encoding of the BCB block is 0x850c020100584f810102018202820
2018482014c5477656c76653132313231328202018203581869c411276fecddc4780d 2018482014c5477656c76653132313231328202018203581869c411276fecddc4780d
f42c8a2af89296fabf34d7fae70082040081820150da08f4d8936024ad7c6b3b800e7 f42c8a2af89296fabf34d7fae70082040081820150da08f4d8936024ad7c6b3b800e7
3dd97. 3dd97.
A.2.4. Final Bundle A.2.4. Final Bundle
The CBOR encoding of the full output bundle, with the BCB: 0x9f880700 The CBOR encoding of the full output bundle, with the BCB: 0x9f880700
00820282010282028202018202820201820018281a000f4240850c020100584f81010 00820282010282028202018202820201820018281a000f4240850c020100584f81010
skipping to change at page 44, line 15 skipping to change at page 43, line 44
Block Block Block Block Block Block
in Bundle Type Number in Bundle Type Number
+========================================+=======+========+ +========================================+=======+========+
| Primary Block | N/A | 0 | | Primary Block | N/A | 0 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Extension Block: Bundle Age Block | 7 | 2 | | Extension Block: Bundle Age Block | 7 | 2 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block | 1 | 1 | | Payload Block | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 12: Example 3 Original Bundle Figure 13: Example 3 Original Bundle
A.3.1.1. Primary Block A.3.1.1. Primary Block
The primary block used in this example is identical to the primary The primary block used in this example is identical to the primary
block presented in Example 1 Appendix A.1.1.1. block presented in Example 1 Appendix A.1.1.1.
In summary, the CBOR encoding of the primary block is In summary, the CBOR encoding of the primary block is
0x88070000820282010282028202018202820201820018281a000f4240. 0x88070000820282010282028202018202820201820018281a000f4240.
A.3.1.2. Bundle Age Block A.3.1.2. Bundle Age Block
skipping to change at page 44, line 47 skipping to change at page 44, line 27
The bundle age extension block is provided as follows. The bundle age extension block is provided as follows.
[ [
7, / type code: Bundle Age block / 7, / type code: Bundle Age block /
2, / block number / 2, / block number /
0, / block processing flags / 0, / block processing flags /
0, / CRC Type / 0, / CRC Type /
<<300>> / type-specific-data: age / <<300>> / type-specific-data: age /
] ]
Figure 13: Bundle Age Block (CBOR Diagnostic Notation) Figure 14: Bundle Age Block (CBOR Diagnostic Notation)
The CBOR encoding of the bundle age block is 0x85070200004319012c. The CBOR encoding of the bundle age block is 0x85070200004319012c.
A.3.1.3. Payload Block A.3.1.3. Payload Block
The payload block used in this example is identical to the payload The payload block used in this example is identical to the payload
block presented in Example 1 Appendix A.1.1.2. block presented in Example 1 Appendix A.1.1.2.
In summary, the CBOR encoding of the payload block is 0x8501010000582 In summary, the CBOR encoding of the payload block is 0x8501010000582
052656164792047656e657261746520612033322062797465207061796c6f6164. 052656164792047656e657261746520612033322062797465207061796c6f6164.
skipping to change at page 45, line 52 skipping to change at page 45, line 34
| OP(bib-integrity, targets=0, 2) | | | | OP(bib-integrity, targets=0, 2) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Bundle Confidentiality Block | 12 | 4 | | Bundle Confidentiality Block | 12 | 4 |
| OP(bcb-confidentiality, target=1) | | | | OP(bcb-confidentiality, target=1) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Extension Block: Bundle Age Block | 7 | 2 | | Extension Block: Bundle Age Block | 7 | 2 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block (Encrypted) | 1 | 1 | | Payload Block (Encrypted) | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 14: Example 3 Resulting Bundle Figure 15: Example 3 Resulting Bundle
A.3.3. Bundle Integrity Block A.3.3. Bundle Integrity Block
In this example, a BIB is used to carry an integrity signature over In this example, a BIB is used to carry an integrity signature over
the bundle age block and an additional signature over the payload the bundle age block and an additional signature over the payload
block. The BIB is added by a waypoint node, ipn:3.0. block. The BIB is added by a waypoint node, ipn:3.0.
A.3.3.1. Configuration, Parameters, and Results A.3.3.1. Configuration, Parameters, and Results
For this example, the following configuration and security parameters For this example, the following configuration and security parameters
skipping to change at page 46, line 34 skipping to change at page 46, line 19
820201820018281a000f4240' 820201820018281a000f4240'
Bundle Age Block Bundle Age Block
Data: h'85070200004319012c' Data: h'85070200004319012c'
Primary Block Primary Block
Signature: h'8e059b8e71f7218264185a666bf3e453 Signature: h'8e059b8e71f7218264185a666bf3e453
076f2b883f4dce9b3cdb6464ed0dcf0f' 076f2b883f4dce9b3cdb6464ed0dcf0f'
Bundle Age Block Bundle Age Block
Signature: h'72dee8eba049a22978e84a95d0496466 Signature: h'72dee8eba049a22978e84a95d0496466
8eb131b1ca4800c114206d70d9065c80' 8eb131b1ca4800c114206d70d9065c80'
Figure 15: Example 3: Configuration, Parameters, and Results for the Figure 16: Example 3: Configuration, Parameters, and Results for
BIB the BIB
A.3.3.2. Abstract Security Block A.3.3.2. Abstract Security Block
The abstract security block structure of the BIB's block-type- The abstract security block structure of the BIB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[0, 2], / Security Targets / [0, 2], / Security Targets /
1, / Security Context ID - BIB-HMAC-SHA2 / 1, / Security Context ID - BIB-HMAC-SHA2 /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[3, 0]], / Security Source - ipn:3.0 / [2,[3, 0]], / Security Source - ipn:3.0 /
skipping to change at page 47, line 20 skipping to change at page 46, line 42
[1, 5], / SHA Variant - HMAC 256/256 / [1, 5], / SHA Variant - HMAC 256/256 /
[3, 0x00] / Scope Flags - No Additional Scope / [3, 0x00] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 2 Results / [ / Security Results: 2 Results /
[1, h'8e059b8e71f7218264185a666bf3e453 [1, h'8e059b8e71f7218264185a666bf3e453
076f2b883f4dce9b3cdb6464ed0dcf0f'], / Primary Block / 076f2b883f4dce9b3cdb6464ed0dcf0f'], / Primary Block /
[1, h'72dee8eba049a22978e84a95d0496466 [1, h'72dee8eba049a22978e84a95d0496466
8eb131b1ca4800c114206d70d9065c80'] / Bundle Age Block / 8eb131b1ca4800c114206d70d9065c80'] / Bundle Age Block /
] ]
Figure 16: Example 3: BIB Abstract Security Block (CBOR Diagnostic Figure 17: Example 3: BIB Abstract Security Block (CBOR
Notation) Diagnostic Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x820002010182028203008282010582030082820 abstract security block) is 0x820002010182028203008282010582030082820
158208e059b8e71f7218264185a666bf3e453076f2b883f4dce9b3cdb6464ed0dcf0f 158208e059b8e71f7218264185a666bf3e453076f2b883f4dce9b3cdb6464ed0dcf0f
8201582072dee8eba049a22978e84a95d04964668eb131b1ca4800c114206d70d9065 8201582072dee8eba049a22978e84a95d04964668eb131b1ca4800c114206d70d9065
c80. c80.
A.3.3.3. Representations A.3.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
skipping to change at page 47, line 43 skipping to change at page 47, line 19
[ [
11, / type code / 11, / type code /
3, / block number / 3, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'820002010182028203008282010582030082820158208e059b8e71f721826418 h'820002010182028203008282010582030082820158208e059b8e71f721826418
5a666bf3e453076f2b883f4dce9b3cdb6464ed0dcf0f8201582072dee8eba049 5a666bf3e453076f2b883f4dce9b3cdb6464ed0dcf0f8201582072dee8eba049
a22978e84a95d04964668eb131b1ca4800c114206d70d9065c80', a22978e84a95d04964668eb131b1ca4800c114206d70d9065c80',
] ]
Figure 17: Example 3: BIB (CBOR Diagnostic Notation) Figure 18: Example 3: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b030000585a820002010182028 The CBOR encoding of the BIB block is 0x850b030000585a820002010182028
203008282010582030082820158208e059b8e71f7218264185a666bf3e453076f2b88 203008282010582030082820158208e059b8e71f7218264185a666bf3e453076f2b88
3f4dce9b3cdb6464ed0dcf0f8201582072dee8eba049a22978e84a95d04964668eb13 3f4dce9b3cdb6464ed0dcf0f8201582072dee8eba049a22978e84a95d04964668eb13
1b1ca4800c114206d70d9065c80. 1b1ca4800c114206d70d9065c80.
A.3.4. Bundle Confidentiality Block A.3.4. Bundle Confidentiality Block
In this example, a BCB is used encrypt the payload block. The BCB is In this example, a BCB is used encrypt the payload block. The BCB is
added by the bundle source node, ipn:2.1. added by the bundle source node, ipn:2.1.
skipping to change at page 48, line 31 skipping to change at page 48, line 5
Key: h'71776572747975696f70617364666768' Key: h'71776572747975696f70617364666768'
IV: h'5477656c7665313231323132' IV: h'5477656c7665313231323132'
AES Variant: A128GCM AES Variant: A128GCM
Scope Flags: 0x00 Scope Flags: 0x00
Payload Data: h'52656164792047656e65726174652061 Payload Data: h'52656164792047656e65726174652061
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
Authentication Tag: h'da08f4d8936024ad7c6b3b800e73dd97' Authentication Tag: h'da08f4d8936024ad7c6b3b800e73dd97'
Payload Ciphertext: h'3a09c1e63fe2097528a78b7c12943354 Payload Ciphertext: h'3a09c1e63fe2097528a78b7c12943354
a563e32648b700c2784e26a990d91f9d' a563e32648b700c2784e26a990d91f9d'
Figure 18: Example 3: Configuration, Parameters, and Results for the Figure 19: Example 3: Configuration, Parameters, and Results for
BCB the BCB
A.3.4.2. Abstract Security Block A.3.4.2. Abstract Security Block
The abstract security block structure of the BCB's block-type- The abstract security block structure of the BCB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[1], / Security Target - Payload block / [1], / Security Target - Payload block /
2, / Security Context ID - BCB-AES-GCM / 2, / Security Context ID - BCB-AES-GCM /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
[ / Security Parameters - 3 Parameters / [ / Security Parameters - 3 Parameters /
[1, h'5477656c7665313231323132'], / Initialization Vector / [1, h'5477656c7665313231323132'], / Initialization Vector /
[2, 1], / AES Variant - AES 128 / [2, 1], / AES Variant - AES 128 /
[4, 0x00] / Scope Flags - No Additional Scope / [4, 0x00] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'da08f4d8936024ad7c6b3b800e73dd97'] / Payload Auth. Tag / [1, h'da08f4d8936024ad7c6b3b800e73dd97'] / Payload Auth. Tag /
] ]
Figure 19: Example 3: BCB Abstract Security Block (CBOR Diagnostic Figure 20: Example 3: BCB Abstract Security Block (CBOR
Notation) Diagnostic Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x8101020182028202018382014c5477656c76653 abstract security block) is 0x8101020182028202018382014c5477656c76653
1323132313282020182040081820150da08f4d8936024ad7c6b3b800e73dd97. 1323132313282020182040081820150da08f4d8936024ad7c6b3b800e73dd97.
A.3.4.3. Representations A.3.4.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
4, / block number / 4, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'8101020182028202018382014c5477656c766531323132313282020182040081 h'8101020182028202018382014c5477656c766531323132313282020182040081
820150da08f4d8936024ad7c6b3b800e73dd97', 820150da08f4d8936024ad7c6b3b800e73dd97',
] ]
Figure 20: Example 3: BCB (CBOR Diagnostic Notation) Figure 21: Example 3: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c0401005833810102018202820 The CBOR encoding of the BCB block is 0x850c0401005833810102018202820
2018382014c5477656c766531323132313282020182040081820150da08f4d8936024 2018382014c5477656c766531323132313282020182040081820150da08f4d8936024
ad7c6b3b800e73dd97. ad7c6b3b800e73dd97.
A.3.5. Final Bundle A.3.5. Final Bundle
The CBOR encoding of the full output bundle, with the BIB and BCB The CBOR encoding of the full output bundle, with the BIB and BCB
added is: 0x9f88070000820282010282028202018202820201820018281a000f424 added is: 0x9f88070000820282010282028202018202820201820018281a000f424
0850b030000585a820002010182028203008282010582030082820158208e059b8e71 0850b030000585a820002010182028203008282010582030082820158208e059b8e71
skipping to change at page 50, line 29 skipping to change at page 49, line 38
blocks have been added. blocks have been added.
Block Block Block Block Block Block
in Bundle Type Number in Bundle Type Number
+========================================+=======+========+ +========================================+=======+========+
| Primary Block | N/A | 0 | | Primary Block | N/A | 0 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block | 1 | 1 | | Payload Block | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 21: Example 4 Original Bundle Figure 22: Example 4 Original Bundle
A.4.1.1. Primary Block A.4.1.1. Primary Block
The primary block used in this example is identical to the primary The primary block used in this example is identical to the primary
block presented in Example 1 Appendix A.1.1.1. block presented in Example 1 Appendix A.1.1.1.
In summary, the CBOR encoding of the primary block is In summary, the CBOR encoding of the primary block is
0x88070000820282010282028202018202820201820018281a000f4240. 0x88070000820282010282028202018202820201820018281a000f4240.
A.4.1.2. Payload Block A.4.1.2. Payload Block
skipping to change at page 51, line 36 skipping to change at page 50, line 45
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Bundle Integrity Block (Encrypted) | 11 | 3 | | Bundle Integrity Block (Encrypted) | 11 | 3 |
| OP(bib-integrity, target=1) | | | | OP(bib-integrity, target=1) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Bundle Confidentiality Block | 12 | 2 | | Bundle Confidentiality Block | 12 | 2 |
| OP(bcb-confidentiality, targets=1, 3) | | | | OP(bcb-confidentiality, targets=1, 3) | | |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
| Payload Block (Encrypted) | 1 | 1 | | Payload Block (Encrypted) | 1 | 1 |
+----------------------------------------+-------+--------+ +----------------------------------------+-------+--------+
Figure 22: Example 4 Resulting Bundle Figure 23: Example 4 Resulting Bundle
A.4.3. Bundle Integrity Block A.4.3. Bundle Integrity Block
In this example, a BIB is used to carry an integrity signature over In this example, a BIB is used to carry an integrity signature over
the payload block. The IPPT contains the payload block block-type- the payload block. The IPPT contains the payload block block-type-
specific data, primary block data, the payload block header, and the specific data, primary block data, the payload block header, and the
BIB header. That is, all additional headers are included in the BIB header. That is, all additional headers are included in the
IPPT. IPPT.
A.4.3.1. Configuration, Parameters, and Results A.4.3.1. Configuration, Parameters, and Results
skipping to change at page 52, line 18 skipping to change at page 51, line 34
Primary Block Data: h'88070000820282010282028202018202 Primary Block Data: h'88070000820282010282028202018202
820201820018281a000f4240 820201820018281a000f4240
Payload Data: h'52656164792047656e65726174652061 Payload Data: h'52656164792047656e65726174652061
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
Payload Header: h'85010100005820' Payload Header: h'85010100005820'
BIB Header: h'850b0300005845' BIB Header: h'850b0300005845'
Payload Signature: h'07c84d929f83bee4690130729d77a1bd Payload Signature: h'07c84d929f83bee4690130729d77a1bd
da9611cd6598e73d0659073ea74e8c27 da9611cd6598e73d0659073ea74e8c27
523b02193cb8ba64be58dbc556887aca 523b02193cb8ba64be58dbc556887aca
Figure 23: Example 4: Configuration, Parameters, and Results for the Figure 24: Example 4: Configuration, Parameters, and Results for
BIB the BIB
A.4.3.2. Abstract Security Block A.4.3.2. Abstract Security Block
The abstract security block structure of the BIB's block-type- The abstract security block structure of the BIB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[1], / Security Target - Payload block / [1], / Security Target - Payload block /
1, / Security Context ID - BIB-HMAC-SHA2 / 1, / Security Context ID - BIB-HMAC-SHA2 /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
[ / Security Parameters - 2 Parameters / [ / Security Parameters - 2 Parameters /
[1, 6], / SHA Variant - HMAC 384/384 / [1, 6], / SHA Variant - HMAC 384/384 /
[3, 0x07] / Scope Flags - All additional headers in the SHA Hash / [3, 0x07] / Scope Flags - All additional headers in the SHA Hash /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'07c84d929f83bee4690130729d77a1bdda9611cd6598e73d [1, h'07c84d929f83bee4690130729d77a1bdda9611cd6598e73d
0659073ea74e8c27523b02193cb8ba64be58dbc556887aca'] 0659073ea74e8c27523b02193cb8ba64be58dbc556887aca']
] ]
Figure 24: Example 4: BIB Abstract Security Block (CBOR Diagnostic Figure 25: Example 4: BIB Abstract Security Block (CBOR
Notation) Diagnostic Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x810101018202820201828201068203078182015 abstract security block) is 0x810101018202820201828201068203078182015
83007c84d929f83bee4690130729d77a1bdda9611cd6598e73d0659073ea74e8c2752 83007c84d929f83bee4690130729d77a1bdda9611cd6598e73d0659073ea74e8c2752
3b02193cb8ba64be58dbc556887aca. 3b02193cb8ba64be58dbc556887aca.
A.4.3.3. Representations A.4.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
[ [
11, / type code / 11, / type code /
3, / block number / 3, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'81010101820282020182820106820307818201583007c84d929f83bee4690130 h'81010101820282020182820106820307818201583007c84d929f83bee4690130
729d77a1bdda9611cd6598e73d0659073ea74e8c27523b02193cb8ba64be58db 729d77a1bdda9611cd6598e73d0659073ea74e8c27523b02193cb8ba64be58db
c556887aca', c556887aca',
] ]
Figure 25: Example 4: BIB (CBOR Diagnostic Notation) Figure 26: Example 4: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b0300005845810101018202820 The CBOR encoding of the BIB block is 0x850b0300005845810101018202820
20182820106820307818201583007c84d929f83bee4690130729d77a1bdda9611cd65 20182820106820307818201583007c84d929f83bee4690130729d77a1bdda9611cd65
98e73d0659073ea74e8c27523b02193cb8ba64be58dbc556887aca. 98e73d0659073ea74e8c27523b02193cb8ba64be58dbc556887aca.
A.4.4. Bundle Confidentiality Block A.4.4. Bundle Confidentiality Block
In this example, a BCB is used encrypt the payload block and the BIB In this example, a BCB is used encrypt the payload block and the BIB
that provides integrity over the payload. that provides integrity over the payload.
skipping to change at page 54, line 29 skipping to change at page 53, line 39
Payload Block Payload Block
Authentication Tag: h'0e365c700e4bb19c0d991faff5345aff' Authentication Tag: h'0e365c700e4bb19c0d991faff5345aff'
Payload Ciphertext: h'90eab64575930498d6aa654107f15e96 Payload Ciphertext: h'90eab64575930498d6aa654107f15e96
319bb227706000abc8fcac3b9bb9c87e' 319bb227706000abc8fcac3b9bb9c87e'
BIB Ciphertext: h'438ed6208eb1c1ffb94d952175167df0 BIB Ciphertext: h'438ed6208eb1c1ffb94d952175167df0
902a815f221ebc837a134efc13bfa82a 902a815f221ebc837a134efc13bfa82a
2d5d317747da3eb54acef4ca839bd961 2d5d317747da3eb54acef4ca839bd961
487284404259b60be12b8aed2f3e8a36 487284404259b60be12b8aed2f3e8a36
2836529f66' 2836529f66'
Figure 26: Example 4: Configuration, Parameters, and Results for the Figure 27: Example 4: Configuration, Parameters, and Results for
BCB the BCB
A.4.4.2. Abstract Security Block A.4.4.2. Abstract Security Block
The abstract security block structure of the BCB's block-type- The abstract security block structure of the BCB's block-type-
specific-data field for this application is as follows. specific-data field for this application is as follows.
[3, 1], / Security Targets / [3, 1], / Security Targets /
2, / Security Context ID - BCB-AES-GCM / 2, / Security Context ID - BCB-AES-GCM /
1, / Security Context Flags - Parameters Present / 1, / Security Context Flags - Parameters Present /
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
[ / Security Parameters - 3 Parameters / [ / Security Parameters - 3 Parameters /
[1, h'5477656c7665313231323132'], / Initialization Vector / [1, h'5477656c7665313231323132'], / Initialization Vector /
[2, 3], / AES Variant - AES 256 / [2, 3], / AES Variant - AES 256 /
[4, 0x07] / Scope Flags - All headers in SHA hash / [4, 0x07] / Scope Flags - All headers in SHA hash /
], ],
[ / Security Results: 2 Results / [ / Security Results: 2 Results /
[1, h'c95ed4534769b046d716e1cdfd00830e'], / BIB Auth. Tag / [1, h'c95ed4534769b046d716e1cdfd00830e'], / BIB Auth. Tag /
[1, h'0e365c700e4bb19c0d991faff5345aff'] / Payload Auth. Tag / [1, h'0e365c700e4bb19c0d991faff5345aff'] / Payload Auth. Tag /
] ]
Figure 27: Example 4: BCB Abstract Security Block (CBOR Diagnostic Figure 28: Example 4: BCB Abstract Security Block (CBOR
Notation) Diagnostic Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x820301020182028202018382014c5477656c766 abstract security block) is 0x820301020182028202018382014c5477656c766
531323132313282020382040782820150c95ed4534769b046d716e1cdfd00830e8201 531323132313282020382040782820150c95ed4534769b046d716e1cdfd00830e8201
500e365c700e4bb19c0d991faff5345aff. 500e365c700e4bb19c0d991faff5345aff.
A.4.4.3. Representations A.4.4.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
2, / block number / 2, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'820301020182028202018382014c5477656c7665313231323132820203820407 h'820301020182028202018382014c5477656c7665313231323132820203820407
82820150c95ed4534769b046d716e1cdfd00830e8201500e365c700e4bb19c0d 82820150c95ed4534769b046d716e1cdfd00830e8201500e365c700e4bb19c0d
991faff5345aff', 991faff5345aff',
] ]
Figure 28: Example 4: BCB (CBOR Diagnostic Notation) Figure 29: Example 4: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c0201005847820301020182028 The CBOR encoding of the BCB block is 0x850c0201005847820301020182028
202018382014c5477656c766531323132313282020382040782820150c95ed4534769 202018382014c5477656c766531323132313282020382040782820150c95ed4534769
b046d716e1cdfd00830e8201500e365c700e4bb19c0d991faff5345aff. b046d716e1cdfd00830e8201500e365c700e4bb19c0d991faff5345aff.
A.4.5. Final Bundle A.4.5. Final Bundle
The CBOR encoding of the full output bundle, with the security blocks The CBOR encoding of the full output bundle, with the security blocks
added and payload block and BIB encrypted is: 0x9f8807000082028201028 added and payload block and BIB encrypted is: 0x9f8807000082028201028
2028202018202820201820018281a000f4240850b0300005845438ed6208eb1c1ffb9 2028202018202820201820018281a000f4240850b0300005845438ed6208eb1c1ffb9
4d952175167df0902a815f221ebc837a134efc13bfa82a2d5d317747da3eb54acef4c 4d952175167df0902a815f221ebc837a134efc13bfa82a2d5d317747da3eb54acef4c
a839bd961487284404259b60be12b8aed2f3e8a362836529f66 850c0201005847820 a839bd961487284404259b60be12b8aed2f3e8a362836529f66 850c0201005847820
301020182028202018382014c5477656c766531323132313282020382040782820150 301020182028202018382014c5477656c766531323132313282020382040782820150
c95ed4534769b046d716e1cdfd00830e8201500e365c700e4bb19c0d991faff5345af c95ed4534769b046d716e1cdfd00830e8201500e365c700e4bb19c0d991faff5345af
f8501010000582090eab64575930498d6aa654107f15e96319bb227706000abc8fcac f8501010000582090eab64575930498d6aa654107f15e96319bb227706000abc8fcac
3b9bb9c87eff. 3b9bb9c87eff.
Appendix B. Acknowledgements Appendix B. CDDL Expression
For informational purposes, Brian Sipos has kindly provided an
expression of the IPPT and AAD structures using the Concise Data
Definition Language (CDDL). That CDDL expression is presented below.
Note that wherever the CDDL expression is in disagreement with the
textual representation of the security block specification presented
in earlier sections of this document, the textual representation
rules.
Note that the structure of BP bundles and BPSec security blocks are
provided by other specifications and this section only provides the
CDDL expression for structures uniquely defined in this
specification. Items related to elements of a bundle, such as
"primary-block", are defined in Appendix B of the Bundle Protocol
Version 7 [I-D.ietf-dtn-bpbis].
Note that the CDDL itself does not have the concept of unadorned CBOR
sequences as a top-level subject of a specification. The current
best practice, as documented in Section 4.1 of [RFC8742], requires
representing the sequence as an array with a comment in the CDDL
noting that the array represents a CBOR sequence.
start = scope / AAD-list / IPPT-list ; satisfy CDDL decoders
scope = uint .bits scope-flags
scope-flags = &(
has-primary-ctx: 0,
has-target-ctx: 1,
has-security-ctx: 2,
)
; Encoded as a CBOR sequence
AAD-list = [
AAD-structure
]
; Encoded as a CBOR sequence
IPPT-list = [
AAD-structure,
target-btsd: bstr ; block-type-specific-data of the target block.
]
AAD-structure = (
scope,
? primary-block, ; present if has-primary-ctx flag set
? block-metadata, ; present if has-target-ctx flag set
? block-metadata, ; present if has-security-ctx flag set
)
; Selected fields of a canonical block
block-metadata = (
block-type-code: uint,
block-number: uint,
block-control-flags,
)
Figure 30: IPPT and AAD Expressions
Appendix C. Acknowledgements
Amy Alford of the Johns Hopkins University Applied Physics Laboratory Amy Alford of the Johns Hopkins University Applied Physics Laboratory
contributed useful review and analysis of these security contexts. contributed useful review and analysis of these security contexts.
Authors' Addresses Authors' Addresses
Edward J. Birrane, III Edward J. Birrane, III
The Johns Hopkins University Applied The Johns Hopkins University Applied Physics Laboratory
Physics Laboratory
11100 Johns Hopkins Rd. 11100 Johns Hopkins Rd.
Laurel, MD 20723 Laurel, MD 20723
US United States of America
Phone: +1 443 778 7423 Phone: +1 443 778 7423
Email: Edward.Birrane@jhuapl.edu Email: Edward.Birrane@jhuapl.edu
Alex White Alex White
The Johns Hopkins University Applied The Johns Hopkins University Applied Physics Laboratory
Physics Laboratory
11100 Johns Hopkins Rd. 11100 Johns Hopkins Rd.
Laurel, MD 20723 Laurel, MD 20723
US United States of America
Phone: +1 443 778 0845 Phone: +1 443 778 0845
Email: Alex.White@jhuapl.edu Email: Alex.White@jhuapl.edu
Sarah Heiner Sarah Heiner
The Johns Hopkins University Applied The Johns Hopkins University Applied Physics Laboratory
Physics Laboratory
11100 Johns Hopkins Rd. 11100 Johns Hopkins Rd.
Laurel, MD 20723 Laurel, MD 20723
US United States of America
Phone: +1 240 592 3704 Phone: +1 240 592 3704
Email: Sarah.Heiner@jhuapl.edu Email: Sarah.Heiner@jhuapl.edu
 End of changes. 99 change blocks. 
227 lines changed or deleted 301 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/