3

What is the best way to implement a elliptic curve diffie hellman using HKDF as key derivation function in windows using native windows functionallity.

I couldn't get ECDiffieHellmanCng from (https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal) running as it only support the following KDF (tls, hmac, hash)

Other libraries are not prefered (only if there is no native support for this)

Chris76
  • 83
  • 6
  • 2
    The windows operating system Crypt32.dll supports ECDH. See : https://abi-laboratory.pro/compatibility/Windows_5.0_to_Windows_6.0/x86_64/headers_diff/crypt32.dll/diff.html.. See pinvoke.net for parameters to run Crytp32.dll – jdweng Mar 15 '21 at 10:28
  • @jdweng i also need ECDH with HKDF or at least get the secret without any KDF so i can run HKDF myself – Chris76 Mar 15 '21 at 10:46
  • 1
    I'm not an expert all the different encryption modes. I believe windows is now able to do all the encryption modes that TLS 1.2 and 1.3 uses. Microsoft switched from doing TLS inside Net to using a Windows dll instead so they didn't have to support TLS in both Net and Windows (or in mobile devices in the Kernel). So Crypt32.dll should be able to do ECDH and KDF. – jdweng Mar 15 '21 at 11:17
  • 1
    AfaIk it's not possible to get the _raw_ key agreement from `DeriveKeyMaterial()`. Neither is there an option for returning the raw key agreement, nor can the raw key agreement be determined from the returned key agreement due to the irreversibility of the operations involved. Therefore, to determine the raw key agreement, there is no other option than to use a corresponding library or to recompute the key agreement from scratch (for the latter, the arithmetic of elliptic curves must be applied, which usually also requires a library), [here](https://stackoverflow.com/a/66211782/9014097). – Topaco Mar 15 '21 at 16:34
  • @Topaco so we can't communicate with another party that uses ECDH and expects a HKDF key derivation function using native windows API ? – Chris76 Mar 15 '21 at 16:45
  • 1
    It would be possible, but probably costly. You would have to recalculate the agreement and implement the necessary arithmetic yourself (I'm not aware of any native support for the latter). If you use a library for the arithmetic (e.g. BouncyCastle), it is not a big effort. – Topaco Mar 15 '21 at 16:59

2 Answers2

2

For the moment i did not find a way to use windows only (cng, or dotnet5 crypto lib) to do a ECDH secret exchange that doesn't use a key derivation function (to get the plain secret).

So i could not use HKDF key derivation function.

The way i went was to use Bouncy Castle ECDH and also Bouncy Castle HKDF.

That worked for me.

Sadly i have to deploy another dependency (even if its a great crypto library)

Chris76
  • 83
  • 6
1

You can actually do ECDH with HKDF using the ECDiffieHellmanCng library. The DeriveKeyFromHmac() performs the key agreement as well as the HKDF Extract function, so all that is left is to perform the HKDF Expand to get your shared secret, for example:

var ecdh = new ECDiffieHellmanCng();
var extractedSecret = ecdh.DeriveKeyFromHmac(otherPartyKey, HashAlgorithmName.SHA256, salt, prependData, appendData);
var sharedSecret = HKDFExpand(extractedSecret, info, length);
Kuro Neko
  • 795
  • 12
  • 19
Taylor Koon
  • 33
  • 4