summaryrefslogtreecommitdiffhomepage
path: root/libtomcrypt/notes/tech0006.txt
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2006-03-21 16:20:59 +0000
committerMatt Johnston <matt@ucc.asn.au>2006-03-21 16:20:59 +0000
commitf7caf6f5c640cb1756c01184898f176438a3a0c2 (patch)
tree4d32de11b18d5f6296207961b5f25d0949af80c0 /libtomcrypt/notes/tech0006.txt
parente444f0cfe67c71d3f38854f27cefae9aea6c4cd9 (diff)
parent3f49fc5f2ca0ec4adb5cac081f502cbb86702efa (diff)
propagate from branch 'au.asn.ucc.matt.dropbear' (head 0501e6f661b5415eb76f3b312d183c3adfbfb712)
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 01038174ec27245b51bd43a66c01ad930880f67b) --HG-- branch : agent-client extra : convert_revision : 12b2f59db65e7339d340e95ac67d6d9ddb193c2b
Diffstat (limited to 'libtomcrypt/notes/tech0006.txt')
-rw-r--r--libtomcrypt/notes/tech0006.txt91
1 files changed, 91 insertions, 0 deletions
diff --git a/libtomcrypt/notes/tech0006.txt b/libtomcrypt/notes/tech0006.txt
new file mode 100644
index 0000000..ecbe8b0
--- /dev/null
+++ b/libtomcrypt/notes/tech0006.txt
@@ -0,0 +1,91 @@
+Tech Note 0006
+PK Standards Compliance
+Tom St Denis
+
+RSA
+----
+
+PKCS #1 compliance.
+
+Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
+Encryption: OAEP as per PKCS #1
+Signature : PSS as per PKCS #1
+
+DSA
+----
+
+The NIST DSA algorithm
+
+Key Format: HomeBrew [see below]
+Signature : ANSI X9.62 format [see below].
+
+Keys are stored as
+
+DSAPublicKey ::= SEQUENCE {
+ publicFlags BIT STRING(1), -- must be 0
+ g INTEGER , -- base generator, check that g^q mod p == 1
+ -- and that 1 < g < p - 1
+ p INTEGER , -- prime modulus
+ q INTEGER , -- order of sub-group (must be prime)
+ y INTEGER , -- public key, specifically, g^x mod p,
+ -- check that y^q mod p == 1
+ -- and that 1 < y < p - 1
+}
+
+DSAPrivateKey ::= SEQUENCE {
+ publicFlags BIT STRING(1), -- must be 1
+ g INTEGER , -- base generator, check that g^q mod p == 1
+ -- and that 1 < g < p - 1
+ p INTEGER , -- prime modulus
+ q INTEGER , -- order of sub-group (must be prime)
+ y INTEGER , -- public key, specifically, g^x mod p,
+ -- check that y^q mod p == 1
+ -- and that 1 < y < p - 1
+ x INTEGER -- private key
+}
+
+Signatures are stored as
+
+DSASignature ::= SEQUENCE {
+ r, s INTEGER -- signature parameters
+}
+
+ECC
+----
+
+The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves.
+
+Key Format : Homebrew [see below, only GF(p) NIST curves supported]
+Signature : X9.62 compliant
+Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
+Shared Secret: X9.63 compliant
+
+ECCPublicKey ::= SEQUENCE {
+ flags BIT STRING(1), -- public/private flag (always zero),
+ keySize INTEGER, -- Curve size (in bits) divided by eight
+ -- and rounded down, e.g. 521 => 65
+ pubkey.x INTEGER, -- The X co-ordinate of the public key point
+ pubkey.y INTEGER, -- The Y co-ordinate of the public key point
+}
+
+ECCPrivateKey ::= SEQUENCE {
+ flags BIT STRING(1), -- public/private flag (always one),
+ keySize INTEGER, -- Curve size (in bits) divided by eight
+ -- and rounded down, e.g. 521 => 65
+ pubkey.x INTEGER, -- The X co-ordinate of the public key point
+ pubkey.y INTEGER, -- The Y co-ordinate of the public key point
+ secret.k INTEGER, -- The secret key scalar
+}
+
+The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size
+of the hash digest]. The format of the encrypted text is as follows
+
+ECCEncrypted ::= SEQUENCE {
+ hashOID OBJECT IDENTIFIER, -- The OID of the hash used
+ pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey
+ skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against)
+}
+
+% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $
+% $Revision: 1.2 $
+% $Date: 2005/06/18 02:26:27 $