diff options
| author | Daniel Neus <[email protected]> | 2016-07-11 14:13:00 +0200 |
|---|---|---|
| committer | Daniel Neus <[email protected]> | 2016-07-13 10:17:28 +0200 |
| commit | 2c8799b3d91e12b21eb3789f5cedc8a4fb7aaec1 (patch) | |
| tree | 6f3e390b72d5fe08e03457471eeba7b593e5caf2 /doc | |
| parent | b3bc80dfdb28aee0900b6ed92dff5ba8c5e4daf9 (diff) | |
DLIES rework
With these fixes the implementation is now compatible with bouncycastle and it should operate
as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI
technical guideline TR-02102-1.
In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher.
Previously the input to the KDF was the concatenation of the (ephemeral) public key
and the secret value derived by the key agreement operation:
```
secure_vector<byte> vz(m_my_key.begin(), m_my_key.end());
vz += m_ka.derive_key(0, m_other_key).bits_of();
const size_t K_LENGTH = length + m_mac_keylen;
secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz);
```
I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation.
Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}.
Multiple test vectors added that were generated with bouncycastle and some with botan itself.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/credits.rst | 6 | ||||
| -rw-r--r-- | doc/license.txt | 1 | ||||
| -rw-r--r-- | doc/news.rst | 11 |
3 files changed, 18 insertions, 0 deletions
diff --git a/doc/credits.rst b/doc/credits.rst index d9d7f2c71..290067491 100644 --- a/doc/credits.rst +++ b/doc/credits.rst @@ -124,3 +124,9 @@ snail-mail address (S), and Bitcoin address (B). W: https://sirrix.com/ D: KDF1-18033, ECIES S: Saarland, Germany + + N: Daniel Neus + E: [email protected] + W: https://sirrix.com/ + D: CI, PKCS#11, RdSeed, BSI module policy + S: Bochum, Germany diff --git a/doc/license.txt b/doc/license.txt index fd4fd0a7b..b097646e8 100644 --- a/doc/license.txt +++ b/doc/license.txt @@ -30,6 +30,7 @@ Copyright (C) 1999-2013,2014,2015,2016 Jack Lloyd 2015 Uri Blumenthal 2015,2016 Kai Michaelis 2016 Simon Cogliani + 2015,2016 Rohde & Schwarz Cybersecurity All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/doc/news.rst b/doc/news.rst index 8c4db8b09..e6ab279cf 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -18,6 +18,17 @@ Version 1.11.31, Not Yet Released a future release. The developers believe that it is unlikely that any modern system requires EGD and so the code is now dead weight. If you rely on EGD support, you should contact the developers by email or GitHub ASAP. + +* Changes in DLIES: Previously the input to the KDF was the concatenation + of the (ephemeral) public key and the secret value derived by the key + agreement operation. Now the input is only the secret value obtained + by the key agreement operation. That's how it is specified in the original + paper "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI + technical guideline TR-02102-1 for example. In addition to the already present + XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher. + Furthermore the order of the output was changed from {public key, tag, ciphertext} + to {public key, ciphertext, tag}. Both modes are compatible with bouncycastle. + Version 1.11.30, 2016-06-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |