Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement SSH KDF #426

Open
Jakuje opened this issue Jul 30, 2024 · 1 comment
Open

Implement SSH KDF #426

Jakuje opened this issue Jul 30, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@Jakuje
Copy link
Contributor

Jakuje commented Jul 30, 2024

Describe the feature
The SSH KDF is almost like the SP 800 108 Feedback mode, but does not contain the 0x00 separator byte, see

https://datatracker.ietf.org/doc/html/rfc4253#section-7.2

My reading is that this KDF can not be constructed from the SP800-108 KDF itself:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf

OTOH, the PKCS#11 flexibility of the KDF API should allow to implement the SSH KDF with something like the example in the specs:

https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061457

Therefore I do not think we need separate implementation in the pkcs11 module, but just the wiring in the

Expected behavior
The SSH applications should be able to delegate the KDF to the PKCS#11 module through the provider API.
@Jakuje Jakuje added the enhancement New feature or request label Jul 30, 2024
@simo5
Copy link
Member

simo5 commented Jul 30, 2024

Sounds easy enough if the PKCS#11 module support SP800-108 fully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jakuje @simo5