[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] CKM_ECDH_AES_KEY_WRAP w/ pkcs11-kdf-ecdh impact
Hi In the case we move forward with pkcs11-kdf-ecdh as proposed by Mike, then pkcs11-ckm-ecdh-aes-key-wrap proposal would need to be updated to avoid usage of CKM_ECDH1_DERIVE . Attached is an update to the pkcs11-ckm-ecdh-aes-key-wrap document to illustrate how it may look like, in such a case. However, I am not updating the ecdh proposal yet, until a decision is made on the pkcs11-kdf-ecdh . Doron -----Original Message----- From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Michael StJohns Sent: Wednesday, July 10, 2013 11:49 PM To: pkcs11@lists.oasis-open.org Subject: [pkcs11] CKM_ECDH_AES_KEY_WRAP vote The new mechanism uses CKM_ECDH1_DERIVE as the underlying ECDH mechanism. During 2.30 we changed the text for CK_ECDH1_DERIVE_PARAMS to remove an ambiguity on what the format of the provided public key (from the other side) was. It turned out that there were at least two different interpretations including treating it as an ASN1 encoded EC_POINT and as an X9.63 public key (1 byte of format), and possibly three (raw x and y values without the format). What we probably should have done was deprecate the mechanism and create two new ones with the new interpetation (ala what we did with PBKDF2). In addition, the current mechanisms don't include definitions for generic KDFs and for the SP800-56A ECDH variants. pkcs11-kdf-ecdh addresses those issues. For CKM_ECDH_AES_KEY_WRAP, I'd like to actually defer this if there's any chance we're going to deprecate CKM_ECDH1_DERIVE and its ilk and then rewrite it so it can use either the X9.63 or the SP800-56A ECDH variants. Mike The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it.
Attachment:
pkcs11-ckm-ecdh-aes-key-wrap-r1-6-wKDF change.doc
Description: pkcs11-ckm-ecdh-aes-key-wrap-r1-6-wKDF change.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]