[Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Brian Campbell bcampbell at pingidentity.com
Mon Aug 12 16:12:22 UTC 2013


I'm using "pure" Java (no bouncy castle).

The ECDH part uses the javax.crypto.KeyAgreement class with "ECDH" as
the algorithm name.

http://docs.oracle.com/javase/7/docs/api/javax/crypto/KeyAgreement.html

https://bitbucket.org/b_c/jose4j/src/9f8be6023227f11e152afc31e21e1de48c64d51b/src/main/java/org/jose4j/jwe/EcdhKeyAgreementAlgorithm.java?at=master


And I wrote the KDF myself, which uses Java's java.security.MessageDigest

https://bitbucket.org/b_c/jose4j/src/9f8be6023227f11e152afc31e21e1de48c64d51b/src/main/java/org/jose4j/jwe/kdf/ConcatKeyDerivationFunction.java?at=master

On Mon, Aug 12, 2013 at 9:59 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Thanks guys.  What libraries are all of you using?  Axel - are you using just Java or BouncyCastle?   Brian?  Edmund?  I'd like to verify that there are implementations with two different libraries getting the same results.
>
>                                 Thanks,
>                                 -- Mike
>
> -----Original Message-----
> From: Axel.Nennker at telekom.de [mailto:Axel.Nennker at telekom.de]
> Sent: Monday, August 12, 2013 7:11 AM
> To: bcampbell at pingidentity.com; Mike Jones
> Cc: openid-specs-ab at lists.openid.net; ejay at mgi1.com
> Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)
>
> I get the same data in my Java implementation.
>
> ECDH-ED KeyAgreement: agreed key=nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
> ECDH-ED KeyAgreement: otherInfo=QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
> ECDH-ED KeyAgreement: key=usEpwFIC_qrmBExntFwxMA
>
> Axel
>
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Brian Campbell
> Sent: Sunday, August 11, 2013 4:23 PM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net List; Edmund Jay
> Subject: Re: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)
>
> Ugh... sorry, I had a mistake in one of the debug outputs in that example. I was printing out the other info bytes where it should have been the counter.
>
> It was just a mistake in what was being passed to a debug statement.
> The actual calculation isn't changed/
>
> So,
>
> [ConcatKeyDerivationFunction]  counter: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
> 128](27bytes/216bits) | base64url encoded:
> QTEyOEdDTQAAAAVBbGljZQAAAANCb2
> IAAACA
>
> should have been:
>
> [ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ
>
>
> So the, hopefully now correct, complete output is (also attached at text file):
>
> [ECDH w/ JWA -14 KDF example] Receiver JWK:
> {"kty":"EC",
>  "crv":"P-256",
>  "x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
>  "y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
>  "d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
> }
> [ECDH w/ JWA -14 KDF example] Ephemeral JWK:
> {"kty":"EC",
>  "crv":"P-256",
>  "x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
>  "y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
>  "d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
> }
> [ECDH w/ JWA -14 KDF example] Output of sender's ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
> 196](32bytes/256bits) | base64url encoded:
> nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
> [ECDH w/ JWA -14 KDF example] Output of receiver ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
> 196](32bytes/256bits) | base64url encoded:
> nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
> [ECDH w/ JWA -14 KDF example] keydatalen: 128 [ECDH w/ JWA -14 KDF example] algorithmId: A128GCM [ECDH w/ JWA -14 KDF example] apu: QWxpY2U | decoded: Alice [ECDH w/ JWA -14 KDF example] apv: Qm9i | decoded: Bob [ConcatKeyDerivationFunction] Hash Algorithm: SHA-256 with hashlen: 256 bits [ConcatKeyDerivationFunction] KDF:
> [ConcatKeyDerivationFunction]   z: [158, 86, 217, 29, 129, 113, 53,
> 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
> | base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
> [ConcatKeyDerivationFunction]   keydatalen: 128
> [ConcatKeyDerivationFunction]   algorithmId: [65, 49, 50, 56, 71, 67,
> 77](7bytes/56bits) | base64url encoded: QTEyOEdDTQ
> [ConcatKeyDerivationFunction]   partyUInfo: [0, 0, 0, 5, 65, 108, 105,
> 99, 101](9bytes/72bits) | base64url encoded: AAAABUFsaWNl
> [ConcatKeyDerivationFunction]   suppPubInfo: [0, 0, 0,
> 128](4bytes/32bits) | base64url encoded: AAAAgA
> [ConcatKeyDerivationFunction]   suppPrivInfo: [](0bytes/0bits) |
> base64url encoded:
> [ConcatKeyDerivationFunction] reps: 1
> [ConcatKeyDerivationFunction] otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
> 128](27bytes/216bits) | base64url encoded:
> QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
> [ConcatKeyDerivationFunction] rep 1 hashing [ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ [ConcatKeyDerivationFunction]  z: [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
> | base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
> [ConcatKeyDerivationFunction]  otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
> 128](27bytes/216bits) | base64url encoded:
> QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
> [ConcatKeyDerivationFunction]  k(1): [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6, 218](32bytes/256bits) | base64url
> encoded: usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
> [ConcatKeyDerivationFunction] derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6,
> 218](32bytes/256bits) | base64url encoded:
> usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
> [ConcatKeyDerivationFunction] first 128 bits of derived key material:
> [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
> 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ConcatKeyDerivationFunction] final derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
> 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ECDH w/ JWA -14 KDF example] Derived Key from KDF:[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA
>


More information about the Openid-specs-ab mailing list