Re: Using CONCAT and ECDH from Mark Watson on 2014-10-08 (public-webcrypto-comments@w3.org from October 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 8 Oct 2014 08:13:01 -0700
To: Richard Barnes <rlb@ipv.sx>
Cc: Ryan Sleevi <sleevi@google.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CAEnTvdAPbV9upbkoWE5u36YoUW1-qRGpsbKrTnyPzbc3EXdw8A@mail.gmail.com>

Surely you should change this:

crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name: 'AES-CBC',
length: 256}, false, ['encrypt']).then (function(aes_key)

to this:

crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name: 'CONCAT'},
false, ['deriveKey']).then (function(concat_key)

var concat_params = { name: 'CONCAT', hash: 'SHA-1', algorithmId: ...,
partyUInfo: ..., partyVInfo: ... };
crypto.subtle.deriveKey(concat_params, concat_key,  {name: 'AES-CBC',
length: 256}, false, ['encrypt']).then (function(aes_key)

?

...Mark

On Wed, Oct 8, 2014 at 7:45 AM, Richard Barnes <rlb@ipv.sx> wrote:

> On Wed, Oct 8, 2014 at 10:36 AM, Ryan Sleevi <sleevi@google.com> wrote:
>
>>
>> On Oct 8, 2014 10:22 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com>
>> wrote:
>> >
>> > Dear List;
>> > I'm not particularly up-to-speed on the WebCrypto API but I at least
>> got this working fairly quickly:
>> >
>> > // Generate ephemeral ECDH key-pair
>> > var gen_alg = {name: 'ECDH', namedCurve:
>> selected_card.bank_encryption_key.crv};
>> > crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then
>> (function(key_pair) {
>> >
>> > // Import static ECDH key
>> > crypto.subtle.importKey('jwk', selected_card.bank_encryption_key,
>> {name: 'ECDH'}, false, ['deriveKey']).then (function(public_key) {
>> >
>> > // Derive key using ECDH
>> > var derive_alg = {name: 'ECDH', public: public_key};
>> > crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name:
>> 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {
>> >
>> > // Encrypt using derived key
>> > var encryption_algorithm = { name: 'AES-CBC',  iv:
>> window.crypto.getRandomValues(new Uint8Array(16))};
>> > crypto.subtle.encrypt(encryption_algorithm, aes_key,
>> signed_auth_data).then (function(encrypted_auth_data) {
>> >
>> > Naturally I wanted to use a KDF as well but then it got a bit less
>> obvious how to do.
>> > There is no support for deriveKey and CONCAT?
>> >
>> > So the proper solution is to deriveBits() and then import() the raw
>> secret for usage with symmetric encryption algorithms?
>> >
>> > Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE
>> which is my primary tool...
>> >
>> > Cheers
>> > Anders
>> >
>> >
>>
>> "Derive bits" is the description of the internal algorithm used to
>> support both the deriveKey and deriveBits API surface.
>>
>> So you can use deriveKey
>>
> However, Anders is correct that there's no support for Concat right now
> (AFAIK).  You should be able to polyfill with digest, though, if you really
> need it.  You'll just have to export the secret from ECDH (or just use
> deriveBits).
>
> --Richard
>

Received on Wednesday, 8 October 2014 15:13:28 UTC