Re: [webauthn] musings wrt webauthn's profile of COSE_Key from =JeffH via GitHub on 2017-09-05 (public-webauthn@w3.org from September 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Sep 2017 13:52:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327181699-1504619534-sysbot+gh@w3.org>
calculating the size of COSE-encoded EC public keys [RFC8152] for curve P-256 in EC2 form, with "alg" included:

Using the first public key from <https://tools.ietf.org/html/rfc8152#appendix-C.7.1> with the optional "kid" field (i.e., "2") removed and some including some comments here for documentation):
```
{ ; EC public key (curve point) in "EC2" "uncompressed" form 
  ; (both x & y coords present) on P-256 curve:
-1:1,  ; "crv": "P-256"
1:2,   ; "kty": "EC2"
3:-7   ; "alg": "ES256"

; curve point x coord:
-2:h'65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d',

; curve point y coord:
-3:h'1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c'

}
```
then:
```
# gem install cbor-diag   // assumes you have Ruby's "gem" package manager installed

# cat > PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor
{
-1:1,
1:2,
3:-7,
-2:h'65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d',
-3:h'1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c'
}

# ls -l PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor
rw-r--r--  1 jehodges  110028724  164 Sep  5 06:41 PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor


#  diag2cbor.rb < PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor > PublicKeyInCOSEKeyBinaryFormat.bin

# ls -l PublicKeyInCOSEKeyBinaryFormat.bin
-rw-r--r--  1 jehodges  110028724  77 Sep  5 06:42 PublicKeyInCOSEKeyBinaryFormat.bin
// PublicKeyInCOSEKeyBinaryFormat.bin is 77 bytes long


# cbor2diag.rb < ./PublicKeyInCOSEKeyBinaryFormat.bin
{-1: 1, 
1: 2, 
3: -7, 
-2: h'65EDA5A12577C2BAE829437FE338701A10AAA375E1BB5B5DE108DE439C08551D', 
-3: h'1E52ED75701163F7F9E40DDF9F341B3DC9BA860AF7E0CA7CA7E9EECD0084D19C'}
```
The above cbor2diag.rb output matches the text input to the PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor file (above).

since binary format CBOR-encoded data does not have whitespace, and  we are stipulating that we are using a particular ECC curve (P-256), and  uncompressed point format, I am thinking we can conclude that such  binary CBOR-encoded ECC public keys will be of a constant size, and  the above gives that fixed size as 77 bytes. 

Converting PublicKeyInCOSEKeyCBORDiagnosticFormat.cbor's text  diagnostic representation to CBOR binary dump format  (using http://cbor.me) yields:
```
A5                                      # map(5)
   20                                   # negative(0)
   01                                   # unsigned(1)
   01                                   # unsigned(1)
   02                                   # unsigned(2)
   03                                   # unsigned(3)
   26                                   # negative(6)
   21                                   # negative(1)
   58 20                                # bytes(32)
      65EDA5A12577C2BAE829437FE338701A10AAA375E1BB5B5DE108DE439C08551D
   22                                   # negative(2)
   58 20                                # bytes(32)
      1E52ED75701163F7F9E40DDF9F341B3DC9BA860AF7E0CA7CA7E9EECD0084D19C

```
..which verifies that the x & y coord values are 32 bytes each, and the CBOR overhead plus the kty (key type, 1) value, the crv (curve type, -1) value, and alg (alg type, 3) value, is 13 bytes, yielding a  total size of 77 bytes. 












-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/543#issuecomment-327181699 using your GitHub account
Received on Tuesday, 5 September 2017 13:52:21 UTC