EC Diffie-Hellman (CSNDEDH) Use the EC Diffie-Hellman verb …

metamitya ·

EC Diffie-Hellman (CSNDEDH)
Use the EC Diffie-Hellman verb to create symmetric key material from various input sources.
With the EC Diffie-Hellman verb, you can create:
- symmetric key material from a pair of elliptic curve cryptography (ECC) keys using Elliptic Curve Diffie-Hellman (ECDH) protocol and the static unified model key agreement scheme.
- "Z" - The "secret" material output from Elliptic Curve Diffie-Hellman process.
- symmetric key material from a hybrid quantum safe key exchange scheme involving a CRYSTALS-Kyber encrypted value or an AES encrypted value and a pair of ECC keys using the Elliptic Curve Diffie-Hellman protocol.
For more information, see EC Diffie-Hellman key agreement models or Creating a hybrid quantum safe key exchange scheme.
ECDH is a key-agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret is used to derive another symmetric key. The ECDH protocol is a variant of the Diffie-Hellman protocol using elliptic curve cryptography. ECDH derives a shared secret value from a secret key owned by an Entity A and a public key owned by an Entity B, when the keys share the same elliptic curve domain parameters. Entity A can be either the initiator of a key-agreement transaction, or the responder in a scheme. If two entities both correctly perform the same operations with corresponding keys as inputs, the same shared secret value is produced.
- Brainpool (key size 160, 192, 224, 256, 320, 384, or 512)
- Prime (key size 192, 224, 256, 384, or 521)
- Edwards (key size 255, 448)
- Koblitz (key size 256)
In addition to having the same elliptic curve domain parameters, the keys must have their key-usage field set to permit key establishment (either KEY-MGMT or KM-ONLY). See ECC key token.
- One to six rule-array keywords:
- A required key-agreement keyword
- An optional transport key-type (required if output_KEK_key_identifier is a label) that identifies which key-storage dataset contains the output KEK key-token
- An optional output key-type (required if output_key_identifier is a label) that identifies which key-storage dataset contains the output key-token
- When the output is a DES key-token, an optional key-wrapping method and an optional translation control keyword
- An optional hash type for rule-array keyword DERIV02.
- The internal or external ECC key-token containing the private
key (public-private key pair).
If the private key is in an external key-token and is not in the clear, specify the internal KEK that was used to wrap the private key. Otherwise, specify a private KEK key-length of 0.
- An internal or external ECC key-token containing the public key
(public key only or public-private key pair) of the other party.
If the public key is in a key token that contains a public-private key pair, only the public-key portion is used. No attempt is made to decrypt the private key.
- Party information data in parameter party_info:
- When rule-array keyword DERIV01 is given: From 8 - 64 bytes, specify the party information data of the initiator and the responder entities, according to NIST SP800-56A Section 5.8
- When rule-array keyword DERIV02 is given: From 0 - 256 bytes, specify party information data, according to section 5.6.3 of ANS X9.63-2011
- The number of bits of key material, from 64 - 256, to derive and place in the provided output key-token
- The length in bytes of the buffer for the output key-identifier
- An internal or external skeleton key-token to be used as input for the output key-token
The skeleton key-token must be an AES key or a DES key, as shown in the following table:
Table 1. CSNDEDH skeleton key-tokens Algorithm Token version number Key type (see note) AES X'04' (legacy fixed-length symmetric key-token) DATA X'05' (variable-length symmetric key-token) - CIPHER
Both parties can provide any combination of encryption or decryption for key-usage field.
- EXPORTER or IMPORTER
Both parties can provide any combination of EXPORTER or IMPORTER.
DES X'00', X'01', X'03' (legacy fixed-length symmetric key-token) - CIPHER, DECIPHER, ENCIPHER
Both parties can provide any combination of Encipher or Decipher key-usage bits in the control vector.
- CIPHER XI, CIPHERXL, CIPHERXO
Both parties can provide any combination of Encipher or Decipher key-usage bits in the control vector.
- EXPORTER or IMPORTER
Both parties can provide any combination of EXPORT or IMPORT key-usage bits in the control vector.
Note:- Except as otherwise noted, both parties must provide identical skeleton key tokens for the output key in order to derive identical keys. For legacy skeletons, control vector parity bits are not used in the key derivation process.
- Control vector bits and key-usage fields are not used in the key derivation process when rule-array keyword DERIV02 is specified.
If the skeleton key-token is an external key-token, specify the internal KEK to be used to wrap the ou…