Question about ECDH_compute_key and X9.63 standard - Openssl

This is a discussion on Question about ECDH_compute_key and X9.63 standard - Openssl ; Hello, If I understand correctly, regarding X9.63 standard (5.6.3) derive key (in case KDF_SHA1) must be computed as SHA1(Z || counter || [SharedInfo]) Z - secret value. But function KDF in the file ecdhtest .c does not use counter and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Question about ECDH_compute_key and X9.63 standard

  1. Question about ECDH_compute_key and X9.63 standard

    Hello,
    If I understand correctly, regarding X9.63 standard (5.6.3) derive key (in case KDF_SHA1) must be computed as
    SHA1(Z || counter || [SharedInfo])
    Z - secret value.
    But function KDF in the file ecdhtest .c does not use counter and compute key as:
    SHA1(Z)
    To my mind bit string of counter equal 1 must be included in Sha1 hash calculation.
    Is it bug, or my understanding?
    Best regards
    Mark


    Mark Shnaider | Software engineer | ARX
    phone: +972.3.9279543 | mobile: +972.54.2448543 | email: marke@arx.com | www.arx.com





  2. Re: Question about ECDH_compute_key and X9.63 standard

    Hi,

    The KDF implementation in ecdhtest.c is based on the IEEE P1363 standard
    as the rest of the implementation of ECDH in OpenSSL. It can be regarded
    as a generalization of the X9.63 standard. However, the file ecdhtest.c
    is not part of the OpenSSL core and thus you can provide your own
    implementation of KDF and still use OpenSSL ECDH functions without any
    problem.

    Regards,

    Mounir IDRASSI
    IDRIX
    http://www.idrix.fr

    Mark Shnaider a écrit :
    >
    > Hello,
    >
    > If I understand correctly, regarding X9.63 standard (5.6.3) derive
    > key (in case KDF_SHA1) must be computed as
    >
    > SHA1(Z || counter || [SharedInfo])
    >
    > Z - secret value.
    >
    > But function KDF in the file ecdhtest .c does not use counter and
    > compute key as:
    >
    > SHA1(Z)
    >
    > To my mind bit string of counter equal 1 must be included in Sha1
    > hash calculation.
    >
    > Is it bug, or my understanding?
    >
    > Best regards
    >
    > Mark
    >
    >
    > *Mark Shnaider | Software engineer | ARX*
    > phone: +972.3.9279543 | mobile: +972.54.2448543 | email: marke@arx.com
    > |_ www.arx.com_
    >


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    Development Mailing List openssl-dev@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread