[Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Mike Jones Michael.Jones at microsoft.com
Mon Aug 12 17:54:23 UTC 2013


And your values match Axel's and Brian's?

                                                            -- Mike

From: Edmund Jay [mailto:ejay at mgi1.com]
Sent: Monday, August 12, 2013 10:49 AM
To: Mike Jones; Axel.Nennker at telekom.de; bcampbell at pingidentity.com
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Hi Mike,

I used OpenSSL for the ECDH part and my own KDF.


-- Edmund

________________________________
From: Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
To: "Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de>" <Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de>>; "bcampbell at pingidentity.com<mailto:bcampbell at pingidentity.com>" <bcampbell at pingidentity.com<mailto:bcampbell at pingidentity.com>>
Cc: "openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>" <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>; "ejay at mgi1.com<mailto:ejay at mgi1.com>" <ejay at mgi1.com<mailto:ejay at mgi1.com>>
Sent: Monday, August 12, 2013 8:59 AM
Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Thanks guys.  What libraries are all of you using?  Axel - are you using just Java or BouncyCastle?  Brian?  Edmund?  I'd like to verify that there are implementations with two different libraries getting the same results.

                Thanks,
                -- Mike

-----Original Message-----
From: Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de> [mailto:Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de>]
Sent: Monday, August 12, 2013 7:11 AM
To: bcampbell at pingidentity.com<mailto:bcampbell at pingidentity.com>; Mike Jones
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; ejay at mgi1.com<mailto:ejay at mgi1.com>
Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

I get the same data in my Java implementation.

ECDH-ED KeyAgreement: agreed key=nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
ECDH-ED KeyAgreement: otherInfo=QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
ECDH-ED KeyAgreement: key=usEpwFIC_qrmBExntFwxMA

Axel

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Brian Campbell
Sent: Sunday, August 11, 2013 4:23 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net> List; Edmund Jay
Subject: Re: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Ugh... sorry, I had a mistake in one of the debug outputs in that example. I was printing out the other info bytes where it should have been the counter.

It was just a mistake in what was being passed to a debug statement.
The actual calculation isn't changed/

So,

[ConcatKeyDerivationFunction]  counter: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2
IAAACA

should have been:

[ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ


So the, hopefully now correct, complete output is (also attached at text file):

[ECDH w/ JWA -14 KDF example] Receiver JWK:
{"kty":"EC",
"crv":"P-256",
"x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
"y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
"d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
}
[ECDH w/ JWA -14 KDF example] Ephemeral JWK:
{"kty":"EC",
"crv":"P-256",
"x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
"y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
"d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
}
[ECDH w/ JWA -14 KDF example] Output of sender's ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
196](32bytes/256bits) | base64url encoded:
nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ECDH w/ JWA -14 KDF example] Output of receiver ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
196](32bytes/256bits) | base64url encoded:
nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ECDH w/ JWA -14 KDF example] keydatalen: 128 [ECDH w/ JWA -14 KDF example] algorithmId: A128GCM [ECDH w/ JWA -14 KDF example] apu: QWxpY2U | decoded: Alice [ECDH w/ JWA -14 KDF example] apv: Qm9i | decoded: Bob [ConcatKeyDerivationFunction] Hash Algorithm: SHA-256 with hashlen: 256 bits [ConcatKeyDerivationFunction] KDF:
[ConcatKeyDerivationFunction]  z: [158, 86, 217, 29, 129, 113, 53,
211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ConcatKeyDerivationFunction]  keydatalen: 128
[ConcatKeyDerivationFunction]  algorithmId: [65, 49, 50, 56, 71, 67,
77](7bytes/56bits) | base64url encoded: QTEyOEdDTQ
[ConcatKeyDerivationFunction]  partyUInfo: [0, 0, 0, 5, 65, 108, 105,
99, 101](9bytes/72bits) | base64url encoded: AAAABUFsaWNl
[ConcatKeyDerivationFunction]  suppPubInfo: [0, 0, 0,
128](4bytes/32bits) | base64url encoded: AAAAgA
[ConcatKeyDerivationFunction]  suppPrivInfo: [](0bytes/0bits) |
base64url encoded:
[ConcatKeyDerivationFunction] reps: 1
[ConcatKeyDerivationFunction] otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
[ConcatKeyDerivationFunction] rep 1 hashing [ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ [ConcatKeyDerivationFunction]  z: [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ConcatKeyDerivationFunction]  otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
[ConcatKeyDerivationFunction]  k(1): [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6, 218](32bytes/256bits) | base64url
encoded: usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
[ConcatKeyDerivationFunction] derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6,
218](32bytes/256bits) | base64url encoded:
usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
[ConcatKeyDerivationFunction] first 128 bits of derived key material:
[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ConcatKeyDerivationFunction] final derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ECDH w/ JWA -14 KDF example] Derived Key from KDF:[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130812/45d5710c/attachment-0001.html>


More information about the Openid-specs-ab mailing list