[Cryptech Tech] Key wrap in HW
Daniel Harkins
dharkins at lounge.org
Mon Jun 25 15:45:55 UTC 2018
Ola,
On 6/25/18 7:40 AM, Joachim Strömbergson wrote:
> Aloha!
>
> On 25 Jun 2018, at 14:26, Peter Gutmann wrote:
>> Is that specific to the NIST wrap mechanism or an issue with the HW in
>> general? For PKCS #15 it's just AES-CBC with an HMAC around it, so
>> presumably
>> a single operation, or at least one for AES over a block of memory and a
>> second for the HMAC over the same block.
>
>
> It is mainly specific to the keywrap mechanism in RFC 3394. See 2.2.1:
>
> https://tools.ietf.org/html/rfc3394#section-2.2.1
>
> Basically it divides a given message M into n 64-bit blocks. Each
> block is encrypted 6 times with AES (the 64-bit block is combined with
> an evolved 64-bit state A). With the architecture we have this means
> that each 64-bit block moves back and forth between the MCU and the
> FPGA 12 times. Just moving all of M to the FPGA and instead process it
> there before moving the resulting C back should make quite a difference.
The key wrapping technique from RFC 5297 (section 4) is much more
efficient, and unlike
RFC 3394, it has a security proof around it.
regards,
Dan.
>
> Regards,
> JoachimS
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
More information about the Tech
mailing list