In the message archived at
http://www.IMC.ORG/ietf-smime/mail-archive/msg03318.html,
Maxim Masiutin wrote:
Where can I find implementation of key derivation function
ANSI-X9.63-KDF to use with ECDH (RFC 3278)?
I didn't find it in OpenSSL or CryptLib.
The designated successor of RFC 3278, draft-ietf-smime-3278bis,
available e.g. at:
http://tools.ietf.org/html/draft-ietf-smime-3278bis-05
gives you (in Section 7.1.8) a pointer to the description of the
method now considered authoritative by the SMIME WG, because of
its barrier-free availablility: Section 3.6.1 of SEC-1 (pp.29/30).
The algorithm is trivial to implement once you have an
implementation of the hash function available; besides that,
it only makes use of octet string concatenation and basic
32-bit integer (index) arithmetics. Typical hash function
APIs will allow optimizations to avoid the interior string
concatenations, replacing them by incremental (partial) hash
function calls, and the hash output concatenation will also
not be performed explicitely, but by pointer addressing;
intermediate state saving techniques might be applied for further
optimization, but that will go far beyond the typical needs in
EC context, with much shorter shared secrets than in RSA cases.
Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah(_at_)TR-Sys(_dot_)de
|
+------------------------+--------------------------------------------+