stackoom
  简体   繁体   中英

Does ECDiffieHellmanCng in .NET have a key derivation function that implements NIST SP 800-56A, section 5.8.1

 原文  2015-07-10 00:02:48       c#/ cryptography/ elliptic-curve/ diffie-hellman/ ecdsa

Question

I have a task at hand that requires deriving key material using the key derivation function described in NIST SP 800-56A, section 5.8.1. I'm not an expert in Cryptography so please excuse me if the question is naive. Here's what I've done so far:

  1. I have the other party's public key and my private key

  2. Now I try to generate the shared secret using ECDH 1.3.132.1.12 using C# (.NET 4) ECDiffieHellmanCng class like so: 

     // The GetCngKey method reads the private key from a certificate in my Personal certificate store CngKey cngPrivateKey = GetCngKey(); ECDiffieHellmanCng ecDiffieHellmanCng = new ECDiffieHellmanCng(cngPrivateKey); ecDiffieHellmanCng.HashAlgorithm = CngAlgorithm.ECDiffieHellmanP256; ecDiffieHellmanCng.KeyDerivationFunction = ?? // What do I set here

Finally do this: 

ecDiffieHellmanCng.DeriveKeyMaterial(otherPartyPublicKey:);

Where/how do I set the other parameters Algorithm ID, Party U Info, Party V Info?

EDIT I am open to using other libraries like Bouncy Castle (provided they can be called from .NET)

1 answers

solution1
 8 ACCPTED  2015-07-15 00:26:07

TL;DR; I haven't found a way to derive the symmetric key using KDF described in NIST SP 800-56A, section 5.8.1 using built-in classes in .NET 4.0 alone

The good news (for me :-)) is that it IS possible in .NET 4.0 using the lovely BouncyCastle library (NuGet: Install-Package BouncyCastle-Ext -Version "1.7.0"). Here's how:

STEP 1: Get other party's public key

Depending on your scenario, this may be read from a certificate or come to you as part of the message containing the encrypted data. Once you have the Base64 encoded public-key, read it into a Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters object like so: 

var publicKeyBytes = Convert.FromBase64String(base64PubKeyStr);
ECPublicKeyParameters otherPartyPublicKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(publicKeyBytes);

STEP 2: Read your private-key

This would most-commonly involve reading the private key from a PFX/P12 certificate. The windows account running the code should have access to the PFX/P12 and additionally, if the certificate is imported into a certificate store, you'll need to grant permissions via the All Tasks -> manage private key menu in certmgr.msc 

using (StreamReader reader = new StreamReader(path))
{
    var fs = reader.BaseStream;
    string password = "<password for the PFX>";
    Pkcs12Store store = new Pkcs12Store(fs, passWord.ToCharArray());

   foreach (string n in store.Aliases)
   {
       if (store.IsKeyEntry(n))
       {
           AsymmetricKeyEntry asymmetricKey = store.GetKey(n);

           if (asymmetricKey.Key.IsPrivate)
           {
               ECPrivateKeyParameters privateKey = asymmetricKey.Key as ECPrivateKeyParameters;
           }
       }
   }
}

STEP 3: Compute the shared secret 

IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH");
aKeyAgree.Init(privateKey);
BigInteger sharedSecret = aKeyAgree.CalculateAgreement(otherPartyPublicKey);
byte[] sharedSecretBytes = sharedSecret.ToByteArray();

STEP 4: Prepare information required to compute symmetric key: 

byte[] algorithmId = Encoding.ASCII.GetBytes(("<prependString/Hex>" + "id-aes256-GCM"));
byte[] partyUInfo = Encoding.ASCII.GetBytes("<as-per-agreement>");
byte[] partyVInfo = <as-per-agreement>; 
MemoryStream stream = new MemoryStream(algorithmId.Length + partyUInfo.Length + partyVInfo.Length);
var sr = new BinaryWriter(stream);
sr.Write(algorithmId);
sr.Flush();
sr.Write(partyUInfo);
sr.Flush();
sr.Write(partyVInfo);
sr.Flush();
stream.Position = 0;
byte[] keyCalculationInfo = stream.GetBuffer();

STEP 5: Derive the symmetric key 

// NOTE: Use the digest/Hash function as per your agreement with the other party
IDigest digest = new Sha256Digest();
byte[] symmetricKey = new byte[digest.GetDigestSize()];
digest.Update((byte)(1 >> 24));
digest.Update((byte)(1 >> 16));
digest.Update((byte)(1 >> 8));
digest.Update((byte)1);
digest.BlockUpdate(sharedSecret, 0, sharedSecret.Length);
digest.BlockUpdate(keyCalculationInfo, 0, keyCalculationInfo.Length);
digest.DoFinal(symmetricKey, 0);

Now you have the symmetric key ready to do the decryption. To perform decryption using AES, BouncyCastle IWrapper can be used. Obtain an IWrapper using Org.BouncyCastle.Security.WrapperUtilities by calling WrapperUtilities.GetWrapper("AES//") eg "AES/CBC/PKCS7". This will also depend on the agreement between the two communicating parties.

Initialize the cipher (IWrapper) with symmetric key and initialization vector (IV) and call the Unwrap method to get plain-text bytes. Finally, convert to string literal using the character encoding used (eg UTF8/ASCII/Unicode)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ECDH (secp256r1) + NIST SP 800-56A Concatenation KDF using .NET really not possible in C#? Why Does BouncyCastle Generate Keys Smaller Than .Net's ECDiffieHellmanCng How to Export Private Key For ECDiffieHellmanCng C# - importing a public key blob into ECDiffieHellmanCng Does .net custom config section elements have to have keys? .NET ECDiffieHellmanCng and BouncyCastle Core compatible agreement Difference between Bouncy Castle ECDH and the .net4 native ECDiffieHellmanCNG How does WebResponse not have “Dispose” publically visible when it implements IDisposable? What does a curl_error_56 and a HTTP_error_502 have in common? The key 'UserID' does not exist in the appSettings configuration section
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM