[jose] RFC7520 5.5 Clarification
Tommy Wang <lists@august8.net> Thu, 03 December 2015 09:22 UTC
Return-Path: <lists@august8.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1847F1A0379 for <jose@ietfa.amsl.com>; Thu, 3 Dec 2015 01:22:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.028
X-Spam-Level:
X-Spam-Status: No, score=0.028 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, TRACKER_ID=1.306] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HjdvT2EpxNvU for <jose@ietfa.amsl.com>; Thu, 3 Dec 2015 01:22:42 -0800 (PST)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60CBA1A0252 for <jose@ietf.org>; Thu, 3 Dec 2015 01:22:42 -0800 (PST)
Received: by lfdl133 with SMTP id l133so83660171lfd.2 for <jose@ietf.org>; Thu, 03 Dec 2015 01:22:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=august8-net.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=9gR+vh/9WxfYoUJTOCLV8WpkZdvJEHOV4JoQnoX40oU=; b=p3FBQRmAMoY2wHsF8ybXZooCNNem5Aps9Ke9YmU4EwOeEzgnoNOYjoxDde6bjl1ipz Pys1jVor5gi0d9rJsKcjiJaRiWG0gQhghzafKDc8CKvHfzNI24hDChr9rJE2YwyxF31F XEMnnwAKParLofiVy7hUa7tanNGV3hAB6jQ97rFPoSDVa0vZ2fFr3YG97TI74Yn+xK37 18Bo68f7dL+ZLfg8ozCBnTaV0g4IrLJoWPeTv45l2Z4Pd84DNQZc0e3Ki9QdF2WYSkYv 4ekpsM8xcRTnTUtO7j78plSjDRuAXJeD384UH4KjHW9HPoJSRiJ3PAoYLdj/0AzwEGZ9 pHvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=9gR+vh/9WxfYoUJTOCLV8WpkZdvJEHOV4JoQnoX40oU=; b=fbLZBg9zIgzo0Qd8OUpDQjcSmcVk11mMdHmphC6AVyPMMJWVHo5Rogyzx6TKQzRVGR h1NCRhF3t4SN2rYtqhX0AdVHgoeDBzWb8JBi6eGFsxHErBsdPhIaCHk3qZIFZJbKKCO5 wb48gMsvowliiVcS14VSvKPy0IQ790c0Xj9BuPICLgGzMMOzyFeZPyZOSxV+mcpHRtgv 4TY4tpSpxvRliahx3aeiXAeboKbbR5iFClgony5b9/RZiqTA9MueOPFXwA7GDihZRtBF zdlc1v4T/N5ralepRHln08rqUlnorr6ZwEfxa3AzdHiohsRXLsDuBylYWa8aPWmfAJvp ke4A==
X-Gm-Message-State: ALoCoQki9+UvIumeyB3w8i7bzZYTx8Rs846y4Ven6f1F6ZiUoryYyRnBVukUkXqvHm2AdfEMHk1/
MIME-Version: 1.0
X-Received: by 10.112.134.169 with SMTP id pl9mr5094499lbb.145.1449134560348; Thu, 03 Dec 2015 01:22:40 -0800 (PST)
Received: by 10.25.89.210 with HTTP; Thu, 3 Dec 2015 01:22:40 -0800 (PST)
Date: Thu, 03 Dec 2015 03:22:40 -0600
Message-ID: <CAFeYy0O1+EBSAv5ueqOuHFe6=0A_g6_7W=t3ZjK8FWO5rzRFrA@mail.gmail.com>
From: Tommy Wang <lists@august8.net>
To: jose@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/u_n18V36qffz7KU_jjGeCSIpGd4>
Subject: [jose] RFC7520 5.5 Clarification
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 09:22:44 -0000
Looking for some guidance on how the ECDH-ES Key Agreement (5.5.2)
derived the CEK:
hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
No apv/apu values were provided leading me to believe that it was not
derived using ConcatKDF.
I tried to implement via D-H Key Agreement (RFC2631) with no
partyAInfo but was not able to arrive at the same CEK.
I used the following OIDS:
OIDS = {
'A128CBC-HS256': '2.16.840.1.101.3.4.1.2',
'A192CBC-HS384': '2.16.840.1.101.3.4.1.22',
'A256CBC-HS512': '2.16.840.1.101.3.4.1.42',
'A128GCM': '2.16.840.1.101.3.4.1.6',
'A192GCM': '2.16.840.1.101.3.4.1.26',
'A256GCM': '2.16.840.1.101.3.4.1.46',
}
And the following pyasn1:
from pyasn1.type import univ, namedtype, tag, constraint
from pyasn1.codec.der import encoder
import hashlib
class Counter(univ.OctetString):
subtypeSpec = constraint.ValueSizeConstraint(4, 4)
class KeySpecificInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
namedtype.NamedType('counter', Counter())
)
class OtherInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('keyInfo', KeySpecificInfo()),
namedtype.OptionalNamedType('partyAInfo', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
)),
namedtype.NamedType('suppPubInfo', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
))
)
def km(alg, zz, n):
oid = OIDS[alg]
ainfo = None
pinfo = 128
k = KeySpecificInfo()
k.setComponentByName('algorithm', oid)
k.setComponentByName('counter', struct.pack('>I', n))
o = OtherInfo()
o.setComponentByName('keyInfo', k)
o.setComponentByName('suppPubInfo', struct.pack('>I', pinfo))
o = encoder.encode(o)
return hashlib.sha1(zz + o).digest()
zz was derived using cryptography's EC key exchange.
- [jose] RFC7520 5.5 Clarification Tommy Wang
- Re: [jose] RFC7520 5.5 Clarification Brian Campbell
- [jose] RFC7520 5.5 Clarification Tommy Wang
- Re: [jose] RFC7520 5.5 Clarification Matt Miller (mamille2)