Will the signature algorithm be ECDSA and key (i) ECC key or (ii) ECDHE and ECDSA keys?
Asked
Active
Viewed 1,157 times
1 Answers
3
TLS_ECDHE_ECDSA_with_AES_128_CCM
- ECDHE: Key exchange with Ephemeral Elliptic Curve Diffie-Hellman
- ECDSA: Signature with Elliptic Curve Digital Signature Algorithm
- AES_128 : 128-bit Encryption with Advanced Encryption Standard
- CCM: Mode of Operation with Counter with CBC-MAC which is an authenticated encryption algorithm designed to provide both authentication and confidentiality.
ECDHKE_ECDSA key exchange is performed as defined as in rfc4492 and the x-coordinate of the shared secret is applied to a KDF to derive the key. The same key both in AES and CCM.
CCM combines CTR mode of operation and CBC-MAC. It has an authenticate-then-encrypt authenticated encryption. Firstly, the message tag $t$ is calculated on the message by CBC-MAC then the message and the tag are then encrypted using counter mode (CTR). In the above, the encryption is done by AES. CCM only defined for 128-bit block sizes.
The good
- this scheme can work on a single key.
- The encryption scheme is semantically secure under a chosen-plaintext attack.
- The MAC function is unforgeable under a chosen message attack.
The bad:
- Like any mode uses CTR internally (e.g. GCM) the (key,IV) pair reuse must not occur.
It is defined in rfc7251 with 4 ECC
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM = {0xC0,0xAC}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM = {0xC0,0xAD}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = {0xC0,0xAE}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = {0xC0,0xAF}
And it is mentioned that these cipher suites make use of the AEAD capability in TLS 1.2 RFC5246 in June 2014
The 8 means use eight-octet authentication tags and the default is 16 octets
