After some bug fixes in my code (to be committed soon), I agree with the "usEpwFIC_qrmBExntFwxMA" group (so I disagree with the spec).
The input to SHA256 invocation inside of concat should be (in hex, line breaks and comments for convenience): 00000001 # Counter 9e56d91d817135d372834283bf84269cfb316ea3da806a48f6daa7798cfe90c4 # Z 4131323847434d00000005416c69636500000003426f6200000080 # otherInfo The otherInfo string is as presented in the spec (0x4131323847434d00000005416c69636500000003426f6200000080). And I assume the folks matching the spec have the counter right. So the error has to be in how they're computing Z. I tried to reproduce the error in a couple of different ways, but none of them yielded the result in the spec. I tried: -- Starting the counter at 0 instead of 1 (yielded: lGZD7e8MGEHfW_miuv-PNg) -- Instead of X, setting Z to X||Y (yielded: z0MmMHWswff5FElNp1-vQg) -- Instead of X, setting Z to Y||X (yielded: P51_EtE5Fe7SJPpz2JgA0g) -- Instead of X, setting Z to Y (yielded: PgBvVvYjmlP-XxNCO_w-ng) -- Using "epk" for both private and public keys (yielded: header["epk"]) -- Using public key for both private and public keys (yielded: _YWu37A851QNMpnI1KFCEg) So, without some code to look at, I'm not sure how people are getting the result in the spec. Maybe it has to do with how the points are getting decoded. On Thu, Aug 15, 2013 at 8:38 PM, Mike Jones <[email protected]>wrote: > How is the ES512 example broken and what needs to be done to fix it? *** > * > > ** ** > > Did you also verify that you can reproduce the key agreement result at > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#appendix-D? > I ask that because since it was published, three other implementations have > produced the key value usEpwFIC_qrmBExntFwxMA rather than > jSNmj9QK9ZGQJ2xg5_TJpA as published.**** > > ** ** > > -- Mike*** > * > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Richard Barnes > *Sent:* Thursday, August 15, 2013 4:47 PM > *To:* [email protected] > *Subject:* [jose] JOSE in Python**** > > ** ** > > Hey all,**** > > ** ** > > I've just pushed to GitHub a pretty complete JOSE library I've worked up > in Python. **** > > <https://github.com/bifurcation/pyjose>**** > > ** ** > > It supports pretty much all of the current specs, including:**** > > ** ** > > -- JSON and compact serializations**** > > -- Custom levels of header protection (all/none/some)**** > > -- Multi-signer JWS and multi-recipient JWE**** > > -- All JWA algorithms besides "none" (which should not be used anyway)**** > > ** ** > > It successfully processes the examples in the current specs (except the > "ES512" one, which is broken), and successfully interoperates with itself > in all 288 different configurations ("alg" + "enc" + "protected"). I have > not yet tested it against any other JOSE implementations. **** > > ** ** > > I also took this opportunity to start up a list of implementations on the > JOSE wiki. Right now it's pretty short because I don't know of that many > off the top of my head.**** > > <http://trac.tools.ietf.org/wg/jose/trac/wiki/WikiStart>**** > > ** ** > > Comments / bugs welcome!**** > > ** ** > > Thanks,**** > > --Richard**** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
