Ansi X9.63 is pretty trivial to implement using the OpenSSL libraries - less than a days work.
The algorithm is defined in SEC1 §3.6.1.<http://www.secg.org/collateral/sec1.pdf> >From memory, the main logic was only around 50LOC, with another 50-100LOC wrapping various library calls. There's not much to it. Matthew On 3 July 2013 18:28, Aaron <wang...@alumni.nus.edu.sg> wrote: > Hi All, > > I am working on a product using Certicom KDF function. In fact, we > use HU_KDF_IEEE_KDF1_SHA1 and HU_KDF_ANSI_SHA256 only. > > The function hu_KDFDerive() has an argument specifying which KDF > algorithm to use to compute a cryptographic key. This is referred to > as a key derivation algorithm ID. The following constants are defined > in hukdf.h: > • HU_KDF_IEEE_KDF1_SHA1 (IEEE 1363-2000 KDF1 based on SHA-1) > • HU_KDF_ANSI_SHA1 (ANSI X9.42/X9.63 KDF based on SHA-1) > • HU_KDF_ANSI_SHA224 (ANSI X9.42/X9.63 KDF based on SHA-224) > • HU_KDF_ANSI_SHA256 (ANSI X9.42/X9.63 KDF based on SHA-256) > • HU_KDF_ANSI_SHA384 (ANSI X9.42/X9.63 KDF based on SHA-384) > • HU_KDF_ANSI_SHA512 (ANSI X9.42/X9.63 KDF based on SHA-512) > • HU_KDF_NIST_ALT1_SHA1 (SP 800-56A) > • HU_KDF_NIST_ALT1_SHA224 (SP 800-56A) > • HU_KDF_NIST_ALT1_SHA256 (SP 800-56A) > • HU_KDF_NIST_ALT1_SHA384 (SP 800-56A) > • HU_KDF_NIST_ALT1_SHA512 (SP 800-56A) > > Now my company is going to use OpenSSL instead. I checked OpenSSL > and it seems to me that OpenSSL doesn't support these KDF algorithms. > > My question is - is there any way to implement these algorithms in OpenSSL? > > Thanks so much in advance, > Aaron > > > > -- > View this message in context: > http://openssl.6102.n7.nabble.com/KDF-algorithms-tp45762.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
