Hi,
I'm trying to use CKA_SIGN to compute things like:
SKEYSEED = PRF(Ni | Nr, {g^ir})
SKEYSEED = PRF({SK_d (old)}, {g^ir (new)} | Ni | Nr)
(PRF=HMAC_SHA1 say) where, with my current code:
Ni|Nr is raw bytes (nonces put on the wire)
{g^ir} and g^ir (new)} are the output from DH locked up in a symkey
{SK_d (old)} is a symkey obtained from earlier PRF++ calculations
However I'm finding:
- PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, ...) requires a
PK11SymKey, but for the first equation I've only got bytes (Ni|Nr)
So I made a PK11SymKey from NI|Nr (magic) and then used
PK11_CreateContextBySymKey().
Is there an interface that accepts raw bytes?
- PK11_DigestKey({g^ir}} fails; it seems it only works for CKA_DIGEST?
So I converted {g^ir} to raw bytes (more magic) and then used PK11_Digest()
Should PK11_DigestKey() work here?
- PK11_Final() returns raw bytes, but here I'd prefer to keep the
result locked up in a PK11SymKey - the value is likely going to be fed
into a further PRF call.
So I turned the raw bytes into a key (magic).
Is there a way to get the final output as a PK11SymKey?
After that the output seems to match the existing code.
Andrew
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
