有关在.net framework 4.7中执行ECDiffieHellmanCng的秘密协议的问题?
问题描述:
我有以下代码:有关在.net framework 4.7中执行ECDiffieHellmanCng的秘密协议的问题?
var curve = ECCurve.NamedCurves.nistP256;
var ecdhSender = ECDiffieHellman.Create(curve);
var ecdhReceiver = ECDiffieHellman.Create(curve);
我的理解是,我应该能够计算秘密协议,无论是从使用ecdhSender对象使用ecdhReceiver.PublicKey或使用与ecdhSender.PublicKey ecdhReceiver对象和两个秘密协议值应相同。如果这是一个错误的假设,请让我知道。
由于ECDiffieHellman.Create返回ECDiffieHellman类型,我写了下面的代码来获取秘密协议:
string receiverHexString = null;
using (SafeNCryptSecretHandle secretAgreement = (ecdhReceiver as ECDiffieHellmanCng).DeriveSecretAgreementHandle(ecdhSender.PublicKey))
{
byte[] secretAgreementBytes = new byte[32];
IntPtr pointer = secretAgreement.DangerousGetHandle();
Marshal.Copy(pointer, secretAgreementBytes, 0, secretAgreementBytes.Length);
receiverHexString = BitConverter.ToString(secretAgreementBytes).Replace("-", string.Empty).ToLower();
Console.WriteLine($"receiver secretAgreement: 0x{receiverHexString}");
}
string senderHexString = null;
using (SafeNCryptSecretHandle secretAgreement = (ecdhSender as ECDiffieHellmanCng).DeriveSecretAgreementHandle(ecdhReceiver.PublicKey))
{
byte[] secretAgreementBytes = new byte[32];
IntPtr pointer = secretAgreement.DangerousGetHandle();
Marshal.Copy(pointer, secretAgreementBytes, 0, secretAgreementBytes.Length);
senderHexString = BitConverter.ToString(secretAgreementBytes).Replace("-", string.Empty).ToLower();
Console.WriteLine($"sender secretAgreement: 0x{senderHexString}");
}
Assert.AreEqual(receiverHexString, senderHexString);
我断言失败。显然我做错了一些事情(如果秘密协议应该是相同的)。
难道我是如何提取字节的句柄吗?或者是其他东西?
答
从last time I checked开始,没有文档记载的方式从CNG获取原始秘密协议值,这就是.NET不公开它的原因。
在.NET的预期使用ECDH的是
ECCurve curve = ECCurve.NamedCurves.nistP256;
// Usually you'll only have one private key (yours), so this isn't representative of
// real code. An `ECDiffieHellman` object doesn't necessarily have a private key,
// but an `ECDiffieHellmanPublicKey` object definitely doesn't.
using (ECDiffieHellman bobPrivate = ECDiffieHellman.Create(curve))
using (ECDiffieHellman alicePrivate = ECDiffieHellman.Create(curve))
using (ECDiffieHellmanPublicKey bobPublic = bobPrivate.PublicKey)
using (ECDiffieHellmanPublicKey alicePublic = alicePrivate.PublicKey)
{
byte[] ba = bobPrivate.DeriveKeyFromHash(alicePublic, HashAlgorithmName.SHA256);
byte[] ab = alicePrivate.DeriveKeyFromHash(bobPublic, HashAlgorithmName.SHA256);
// ba and ab have the same contents.
}
还有
DeriveKeyFromHash(ECDiffieHellmanPublicKey otherPartyPublicKey, HashAlgorithmName hashAlgorithm, byte[] secretPrepend, byte[] secretAppend)DeriveKeyFromHmac(ECDiffieHellmanPublicKey otherPartyPublicKey, HashAlgorithmName hashAlgorithm, byte[] hmacKey)DeriveKeyFromHmac(ECDiffieHellmanPublicKey otherPartyPublicKey, HashAlgorithmName hashAlgorithm, byte[] hmacKey, byte[] secretPrepend, byte[] secretAppend)DeriveKeyTls(ECDiffieHellmanPublicKey otherPartyPublicKey, byte[] prfLabel, byte[] prfSeed)
如果bobPrivate和alicePublic(或者相反,alicePrivate和bobPublic)不变,那么提供相同的输入将产生相同的输出。
注意:你应该避免专门讨论ECDiffieHellmanCng,如果可以的话。当ECDH最终将其转换为.NET标准时,ECDHCng类不会。从.NET 4.6.2开始,一切都可以在基类上完成(打开持久键除外);而.NET Core往往不会从其工厂方法中返回公共类型。
你想完成什么? NCRYPT_SECRET_HANDLE结构是不透明的,你不应该读它的内存。 – bartonjs
尝试使用详细步骤验证来自合作伙伴的结果。如果在我的问题的第一部分中,我的假设是正确的还是错误的,请您评论一下吗? – Raghu