[jose] RFC7520 5.5 Clarification
Tommy Wang <lists@august8.net> Thu, 03 December 2015 18:05 UTC
Return-Path: <lists@august8.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9437C1A88C5 for <jose@ietfa.amsl.com>; Thu, 3 Dec 2015 10:05:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8pwupvfCd-g for <jose@ietfa.amsl.com>; Thu, 3 Dec 2015 10:05:02 -0800 (PST)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B078A1B34FA for <jose@ietf.org>; Thu, 3 Dec 2015 10:04:59 -0800 (PST)
Received: by lfs39 with SMTP id 39so92601880lfs.3 for <jose@ietf.org>; Thu, 03 Dec 2015 10:04:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=august8-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=kyB5EChCc2deTn49RRgvU3kB6ff8Ufkrxo/sH5viKg0=; b=kozbdtT5hLqA2Oa3nH0/0dkbM2HHoc9QKtFEOR+zL7+hknxMldISE8z2UUvjARuzGZ rnF9YJloRH5fpsr40yNLxvFi+Et7UjBqlSzLuPkfAMY5w/rZKiDXF78GIdaZhDjlB8au FOM93ARscPp5UYYkZK5ss39QR17oB1KnhicrNvhwwFaf9+/EPCWZKb/PzvoccOo6esrs M4UB4zKH2FOlgtbLL478TvZhD5RgT+k3mqoDOpqQyHzEBZXM7Qn3KpIdct7VjR2slbVt tEjej80qz1em+IVts6sI/bZWiDYuz6MolzGOMPdC4QH/MMlNFCmWh1suGqpYUxGDppxh cSJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kyB5EChCc2deTn49RRgvU3kB6ff8Ufkrxo/sH5viKg0=; b=DsSkkxFV5JnPOEugkPtW5xJD0TSHfFuybqr1ohWMijYP6r3u8XVBqaeCUdOfXEwLAH gN7i9H9NBx9i6GyIogWl5g9/jMDUlQcWaqCcHhyvuUBjhLDzRW6uddGalcgf2CXN5fnz SaTGc4IufQ5JqfrHdb24rLYWDIID1nP8j4aZQubPZKx6lEuDK06vJ5q1ecPhQDfsN8Zz wYGwGG0FYBZTaDHFEecBc2Nai+P7zksHI72rmvD387Xco9OFmHiStqXp33HR+1K6SmTb eKF8OPT0HzITAyOdKz8DMd7qDxlL6X7kVlVU7lizvuCQ+uf4JeBMeYd3S/kCZwjv0gZB C/5w==
X-Gm-Message-State: ALoCoQlKoISBkYssTAqhwSPnwmRE4Qh/QNPNuhURoDTvjExGX4sxA82WozkIDX+mCkrxmFGb9oXf
MIME-Version: 1.0
X-Received: by 10.25.27.147 with SMTP id b141mr6167593lfb.87.1449165897699; Thu, 03 Dec 2015 10:04:57 -0800 (PST)
Received: by 10.25.89.210 with HTTP; Thu, 3 Dec 2015 10:04:57 -0800 (PST)
In-Reply-To: <CA+k3eCTdfb66R2Ph0wREM1w=TSs7V9ccxz5OhkPgnfcyLVtOzA@mail.gmail.com>
References: <CAFeYy0O1+EBSAv5ueqOuHFe6=0A_g6_7W=t3ZjK8FWO5rzRFrA@mail.gmail.com> <CA+k3eCTdfb66R2Ph0wREM1w=TSs7V9ccxz5OhkPgnfcyLVtOzA@mail.gmail.com>
Date: Thu, 03 Dec 2015 12:04:57 -0600
Message-ID: <CAFeYy0NOoeaJ7OanV=-H0TosGi3z=UqQdmHj_EsZQnAK12E9gQ@mail.gmail.com>
From: Tommy Wang <lists@august8.net>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/BevrDwJ4ONLuHKsOEOr97IIF9JQ>
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: [jose] RFC7520 5.5 Clarification
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 18:05:03 -0000
I am referencing the last paragraph of 4.6.2 of RFC7518: "Alternatively, applications MAY conduct key derivation in a manner similar to "Diffie-Hellman Key Agreement Method" [RFC2631]: in that case, the "apu" parameter MAY either be omitted or represent a random 512-bit value (analogous to PartyAInfo in Ephemeral-Static mode in RFC 2631) and the "apv" parameter SHOULD NOT be present." Given that the example in RFC7520 section 5.5 does not provide an apu or apv, I had guessed that the DH Key Agreement method was used to generate the derived key, rather than ConcatKDF. I was able to verify the example in Appendix C of RFC7518 using the ConcatKDF key derivation where apv/apu were specified. ECDH was used to arrive at a shared secret in both cases. Do the examples in RFC7520 section 5.4/5.5 use ConcatKDF to derive the CEK? If so, what were the supplied apu/apv values for the otherinfo generation? On Thursday, December 3, 2015, Brian Campbell <bcampbell@pingidentity.com> wrote: > > Take a look again at http://tools.ietf.org/html/rfc7518#section-4.6, which defines JOSE's ECDH-ES key agreement. A couple things of note are that it references RFC6090 (not RFC2631) and ConcatKDF key derivation is always done on the shared secret established through the ECDH algorithm. > > The Example ECDH-ES Key Agreement Computation at http://tools.ietf.org/html/rfc7518#appendix-C might also be useful. > > > > On Thu, Dec 3, 2015 at 2:22 AM, Tommy Wang <lists@august8.net> wrote: >> >> Looking for some guidance on how the ECDH-ES Key Agreement (5.5.2) >> derived the CEK: >> >> hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc >> >> No apv/apu values were provided leading me to believe that it was not >> derived using ConcatKDF. >> >> I tried to implement via D-H Key Agreement (RFC2631) with no >> partyAInfo but was not able to arrive at the same CEK. >> >> I used the following OIDS: >> >> OIDS = { >> 'A128CBC-HS256': '2.16.840.1.101.3.4.1.2', >> 'A192CBC-HS384': '2.16.840.1.101.3.4.1.22', >> 'A256CBC-HS512': '2.16.840.1.101.3.4.1.42', >> 'A128GCM': '2.16.840.1.101.3.4.1.6', >> 'A192GCM': '2.16.840.1.101.3.4.1.26', >> 'A256GCM': '2.16.840.1.101.3.4.1.46', >> } >> >> And the following pyasn1: >> >> from pyasn1.type import univ, namedtype, tag, constraint >> from pyasn1.codec.der import encoder >> import hashlib >> >> class Counter(univ.OctetString): >> subtypeSpec = constraint.ValueSizeConstraint(4, 4) >> >> class KeySpecificInfo(univ.Sequence): >> componentType = namedtype.NamedTypes( >> namedtype.NamedType('algorithm', univ.ObjectIdentifier()), >> namedtype.NamedType('counter', Counter()) >> ) >> >> class OtherInfo(univ.Sequence): >> componentType = namedtype.NamedTypes( >> namedtype.NamedType('keyInfo', KeySpecificInfo()), >> namedtype.OptionalNamedType('partyAInfo', univ.OctetString().subtype( >> explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) >> )), >> namedtype.NamedType('suppPubInfo', univ.OctetString().subtype( >> explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2) >> )) >> ) >> >> def km(alg, zz, n): >> oid = OIDS[alg] >> ainfo = None >> pinfo = 128 >> k = KeySpecificInfo() >> k.setComponentByName('algorithm', oid) >> k.setComponentByName('counter', struct.pack('>I', n)) >> o = OtherInfo() >> o.setComponentByName('keyInfo', k) >> o.setComponentByName('suppPubInfo', struct.pack('>I', pinfo)) >> o = encoder.encode(o) >> return hashlib.sha1(zz + o).digest() >> >> zz was derived using cryptography's EC key exchange. >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose > >
- [jose] RFC7520 5.5 Clarification Tommy Wang
- Re: [jose] RFC7520 5.5 Clarification Brian Campbell
- [jose] RFC7520 5.5 Clarification Tommy Wang
- Re: [jose] RFC7520 5.5 Clarification Matt Miller (mamille2)