Re: Using CONCAT and ECDH from Richard Barnes on 2014-10-09 (public-webcrypto-comments@w3.org from October 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 9 Oct 2014 17:16:40 -0400
To: Mark Watson <watsonm@netflix.com>
Cc: Ryan Sleevi <sleevi@google.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CAL02cgQK7+NJDL8CA5idPFYD3oBRB7QvOKZ6kX+xdcVwNiMOHQ@mail.gmail.com>

You could, according to the spec, but AFAIK, there's no current support for
Concat in implementations.  Thus my suggestion to polyfill for now.

--Richard

On Wed, Oct 8, 2014 at 11:13 AM, Mark Watson <watsonm@netflix.com> wrote:

> Surely you should change this:
>
> crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name:
> 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key)
>
> to this:
>
> crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name:
> 'CONCAT'}, false, ['deriveKey']).then (function(concat_key)
>
> var concat_params = { name: 'CONCAT', hash: 'SHA-1', algorithmId: ...,
> partyUInfo: ..., partyVInfo: ... };
> crypto.subtle.deriveKey(concat_params, concat_key,  {name: 'AES-CBC',
> length: 256}, false, ['encrypt']).then (function(aes_key)
>
> ?
>
> ...Mark
>
> On Wed, Oct 8, 2014 at 7:45 AM, Richard Barnes <rlb@ipv.sx> wrote:
>
>> On Wed, Oct 8, 2014 at 10:36 AM, Ryan Sleevi <sleevi@google.com> wrote:
>>
>>>
>>> On Oct 8, 2014 10:22 AM, "Anders Rundgren" <
>>> anders.rundgren.net@gmail.com> wrote:
>>> >
>>> > Dear List;
>>> > I'm not particularly up-to-speed on the WebCrypto API but I at least
>>> got this working fairly quickly:
>>> >
>>> > // Generate ephemeral ECDH key-pair
>>> > var gen_alg = {name: 'ECDH', namedCurve:
>>> selected_card.bank_encryption_key.crv};
>>> > crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then
>>> (function(key_pair) {
>>> >
>>> > // Import static ECDH key
>>> > crypto.subtle.importKey('jwk', selected_card.bank_encryption_key,
>>> {name: 'ECDH'}, false, ['deriveKey']).then (function(public_key) {
>>> >
>>> > // Derive key using ECDH
>>> > var derive_alg = {name: 'ECDH', public: public_key};
>>> > crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name:
>>> 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {
>>> >
>>> > // Encrypt using derived key
>>> > var encryption_algorithm = { name: 'AES-CBC',  iv:
>>> window.crypto.getRandomValues(new Uint8Array(16))};
>>> > crypto.subtle.encrypt(encryption_algorithm, aes_key,
>>> signed_auth_data).then (function(encrypted_auth_data) {
>>> >
>>> > Naturally I wanted to use a KDF as well but then it got a bit less
>>> obvious how to do.
>>> > There is no support for deriveKey and CONCAT?
>>> >
>>> > So the proper solution is to deriveBits() and then import() the raw
>>> secret for usage with symmetric encryption algorithms?
>>> >
>>> > Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE
>>> which is my primary tool...
>>> >
>>> > Cheers
>>> > Anders
>>> >
>>> >
>>>
>>> "Derive bits" is the description of the internal algorithm used to
>>> support both the deriveKey and deriveBits API surface.
>>>
>>> So you can use deriveKey
>>>
>> However, Anders is correct that there's no support for Concat right now
>> (AFAIK).  You should be able to polyfill with digest, though, if you really
>> need it.  You'll just have to export the secret from ECDH (or just use
>> deriveBits).
>>
>> --Richard
>>
>
>

Received on Thursday, 9 October 2014 21:17:08 UTC