Replies: 1 comment
-
|
https://en.wikipedia.org/wiki/MQV |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
这个规范我感觉除了ECC密钥交换外,其它根本没讲清楚,或者根本没讲。
ECC
这个基本上就是根据原来RSA套件改的,把RSA加解密换成了SM2加解密,预主密钥或者shared secret就是加密过的随机数加上两字节版本号。
PRF
伪随机函数或者TLS-KDF,这个是和TLS 1.2规范一致的,只是hmac中的hash换成了SM3。
ECDHE
TLS国际标准参考使用SEC1 V2 3.3.1 Elliptic Curve Diffie-Hellman Primitive 来计算交换shared secret,或者叫预主密钥;使用 SEC1 V2 6.1 Elliptic Curve Diffie-Hellman Scheme来计算交换keying data,TLS中定义的PRF方法作为KDF实现。
TLCP中,只是说参考GB/T 35276,GB/T 35276中参考GB/T 32918.3,其实GB/T 32918.3中密钥交换中KDF之前步骤是和
SEC1 V2 3.4 Elliptic Curve MQV Primitive描述类似的(和Diffie-Hellman Primitive一样,国际标准中只取X轴值),但GB/T 32918.3讲的是完整的密钥交换(Key Agreement),同时包含了shared secret和最终keying data的生成(通过GB/T 32918.3中定义的KDF方法)。SEC1 V2 6.1 Elliptic Curve MQV Key Agreement Scheme中,人家只定义Scheme Setup / Key Deployment / Key Agreement Operation,并未规定具体的KDF实现,KDF具体实现应该由具体应用协议决定的。
所以TLCP中的ECDHE是隐晦不清的,对实现者也不友好。到底ECDHE中的预主密钥(shared secret)是按SEC1 V2 3.4 Elliptic Curve MQV Primitive曲线点?或者是按GB/T 32918.3生成的keying data?那这生成的keying data到底是预主密钥还是主密钥?
IBC/IBSDH
这个连参考标准都没有了,猜测IBC和ECC类似,换个加解密、签名算法;IBSDH估计用SM9密钥交换,SM9密钥交换也是个完整的key agreement 实现规范,同时包含shared secret以及KDF方法,如何在TLCP中应用,也是个迷。
Beta Was this translation helpful? Give feedback.
All reactions