diff options
author | Daniel Neus <[email protected]> | 2016-07-11 14:13:00 +0200 |
---|---|---|
committer | Daniel Neus <[email protected]> | 2016-07-13 10:17:28 +0200 |
commit | 2c8799b3d91e12b21eb3789f5cedc8a4fb7aaec1 (patch) | |
tree | 6f3e390b72d5fe08e03457471eeba7b593e5caf2 /src/lib/cert/x509/crl_ent.h | |
parent | b3bc80dfdb28aee0900b6ed92dff5ba8c5e4daf9 (diff) |
DLIES rework
With these fixes the implementation is now compatible with bouncycastle and it should operate
as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI
technical guideline TR-02102-1.
In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher.
Previously the input to the KDF was the concatenation of the (ephemeral) public key
and the secret value derived by the key agreement operation:
```
secure_vector<byte> vz(m_my_key.begin(), m_my_key.end());
vz += m_ka.derive_key(0, m_other_key).bits_of();
const size_t K_LENGTH = length + m_mac_keylen;
secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz);
```
I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation.
Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}.
Multiple test vectors added that were generated with bouncycastle and some with botan itself.
Diffstat (limited to 'src/lib/cert/x509/crl_ent.h')
0 files changed, 0 insertions, 0 deletions