Looking for some guidance on how the ECDH-ES Key Agreement (5.5.2)
derived the CEK:
hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
No apv/apu values were provided leading me to believe that it was not
derived using ConcatKDF.
I tried to implement via D-H Key Agreement (RFC2631) with no
partyAInfo but was not able to arrive at the same CEK.
I used the following OIDS:
OIDS = {
'A128CBC-HS256': '2.16.840.1.101.3.4.1.2',
'A192CBC-HS384': '2.16.840.1.101.3.4.1.22',
'A256CBC-HS512': '2.16.840.1.101.3.4.1.42',
'A128GCM': '2.16.840.1.101.3.4.1.6',
'A192GCM': '2.16.840.1.101.3.4.1.26',
'A256GCM': '2.16.840.1.101.3.4.1.46',
}
And the following pyasn1:
from pyasn1.type import univ, namedtype, tag, constraint
from pyasn1.codec.der import encoder
import hashlib
class Counter(univ.OctetString):
subtypeSpec = constraint.ValueSizeConstraint(4, 4)
class KeySpecificInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
namedtype.NamedType('counter', Counter())
)
class OtherInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('keyInfo', KeySpecificInfo()),
namedtype.OptionalNamedType('partyAInfo', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
)),
namedtype.NamedType('suppPubInfo', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
))
)
def km(alg, zz, n):
oid = OIDS[alg]
ainfo = None
pinfo = 128
k = KeySpecificInfo()
k.setComponentByName('algorithm', oid)
k.setComponentByName('counter', struct.pack('>I', n))
o = OtherInfo()
o.setComponentByName('keyInfo', k)
o.setComponentByName('suppPubInfo', struct.pack('>I', pinfo))
o = encoder.encode(o)
return hashlib.sha1(zz + o).digest()
zz was derived using cryptography's EC key exchange.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
