What cryptographic librairies will help calculate shared point and derive keys?

Question

We need to perform some cryptographic operations and I want to know what cryptographic librairies can fit my need.

The following is the context:

Given the fact that we have:

An EC Private Key stored in the HSM
An EC Public Key (public point)
Encrypted AES key
MAC calculated with the EC public key ECDH

We need to perform the following:

Calculate a shared point (K~X~, K~Y~) using ECKA-DH algorithm from the EC Private and EC Public Keys. (See BSI TR 03111)
Derive K~ENC~ and K~MAC~ using KDF2(x, l) with SHA-256. K~ENC~ is first 8 bytes of output. K~MAC~ is last 8 bytes of output. (See ISO/IEC 18033-2)
Verify the MAC over the encrypted AES key against MAC ==> MAC = AES-CMAC(Encrypted AES key || ValueA || ValueB, K~MAC~).
Decrypt the encrypted AES key ==> AES key = AES-CBC(encrypted AES key, K~ENC~).

What cryptographic librairies will help calculate shared point baed on the fact that the Private key is stored in the HSM?

Can Bouncy Castle be used jointly with IAIK PKCS#11 wrapper?

Can IAIK-JCE a commercial product from IAIK help on that?

Thank you for your help.

Best regards.

score 0 · Answer 1 · answered Apr 10 '19 at 13:53

Since you are using HSM (your Elliptic Curve private is store on HSM) you can use API's from hsm vendors to perform your cryptographic operations. For eg: In case of Safenet HSM, Gemalto provides crystoki library like JSP and JCProv API's in java to perform all the operations you have stated.

What cryptographic librairies will help calculate shared point and derive keys?

1 Answers1