trussed icon indicating copy to clipboard operation
trussed copied to clipboard

Published 20 hours ago verified publisher icon trussed-dev

Add P256 HMAC-based key derivation from the supplied data

Open szszszsz opened this issue 2 years ago • 2 comments

Based on the HmacSha256 implementation - the only difference is, that the result is stored as a P256 key, instead of a shared variant.

As discussed, it would be best in the future to introduce shared implementation across different combinations of hash and resulting key algorithms.

Requesting for comments / solution suggestions.

Improvement ideas:

  • Provide a way to connect multiple mechanisms together, without copying the implementation like in this case.

Current downsides:

  • supplied implementation is almost a verbatim copy of HmacSha256.

To do:

  • [ ] change the algorithm to seed-based Ed25519 instead
  • [ ] make sure the generated keys are correct - apply proper checks

szszszsz avatar Sep 13 '22 17:09 szszszsz

As a quick comment - not sure if it's intended, for now, but this is an incomplete way of generating an ECC key. There must be additional checks to ensure the value fits the limitations for the curve group. See e.g. FIPS 186-4 (or -5 draft) for details. Typing this from a phone, so don't have section/page pointers, can post later (let me know)

alt3r-3go avatar Sep 15 '22 18:09 alt3r-3go

Yes, switch to Ed25519 makes sense. Will do so in the next step, and remove P256 usage completely.

szszszsz avatar Oct 17 '22 09:10 szszszsz

Closing as this has been implemented as a custom backend for websmartcard, see: https://github.com/Nitrokey/nitrokey-websmartcard-rust/pull/16

robin-nitrokey avatar Mar 25 '24 13:03 robin-nitrokey