开发者

Trying to perform a Diffie Hellman Key exchange, using Win32 API in C#

开发者 https://www.devze.com 2023-01-09 18:49 出处:网络
I\'m trying to build some code that will switch between the old CAPI or the new CNG-based Diffie-Hellman algorithms.

I'm trying to build some code that will switch between the old CAPI or the new CNG-based Diffie-Hellman algorithms.

(Despite documentation, the new ECC-based DH algorithm, as part of CNG, is not supported on Windows XP).

Anyway, I've begun exposing the Win32 CAPI, as follows:

public static class CAPI
{
    private static int ALG_CLASS_KEY_EXCHANGE = 5 << 13;
    private static int ALG_TYPE_DH = 5 << 9;
    private static int ALG_SID_DH_EPHEM = 2;

    public static int CALG_DH_EPHEM = (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EPHEM);
    public static uint CRYPT_VERIFYCONTEXT = 0xF0000000;
    public static uint CRYPT_SILENT = 0x00000040;
    public static uint PROV_DSS_DH = 13;
    public static uint CRYPT_EXPORTABLE = 0x00000001;
    public static uint CRYPT_PREGEN = 0x00000040;
    public static uint KEY_SIZE = 0x00000400;

    public static string MS_ENH_DSS_DH_PROV = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider";

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool CryptAcquireContext(ref IntPtr hProv, string pszContainer, string pszProvider, uint dwProvType, uint dwFlags);

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool CryptReleaseContext(IntPtr hProv, uint dwFlags);

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool CryptGenKey(IntPtr hProv, int Algid, uint dwFlags, ref IntPtr phKey);

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool CryptDestroyKey(IntPtr key);
}

and I have begun building a .NET DH class ontop of this:

public sealed class CAPIDiffieHellman : IDisposable
{
    private IntPtr _publicKeyPointer = new IntPtr();
    private IntPtr _hProv = new IntPtr();
    private uint _contextFlags = CAPI.CRYPT_VERIFYCONTEXT | CAPI.CRYPT_SILENT;
    private uint _keyGenerationFlags = CAPI.CRYPT_EXPORTABLE | CAPI.CRYPT_PREGEN;

    public CAPIDiffieHellman()
    {
        if (!CAPI.CryptAcquireContext(
            ref this._hProv,
            null,
            CAPI.MS_ENH_DSS_DH_PROV,
            CAPI.PROV_DSS_DH,
            this._contextFlags))
        {
            throw new ApplicationException(string.Format("Unable to acquire cryptographic context. Error Code: {0}", Marshal.GetLastWin32Error()));
        }
    }

    public byte[] GeneratePublicKey()
    {
        if (!CAPI.CryptGenKey(this._hProv, CAPI.CALG_DH_EPHEM, this._keyGenerationFlags, ref this._publicKeyPointer))
        {
            throw new ApplicationException(string.Format("Unable to generate cryptographic key. Error Code: {0}", Marshal.GetLastWin32Error()));
        }

        var publicKey = new byte[128];
        Marshal.Copy(this._publicKeyPointer, publicKey, 0, publi开发者_开发技巧cKey.Length);

        return publicKey;
    }

    public byte[] DerivePrivateKey(byte[] publicKey)
    {
        return null;
    }

    public void Dispose()
    {
        CAPI.CryptReleaseContext(this._hProv, 0);
        CAPI.CryptDestroyKey(this._publicKeyPointer);
    }
}

I am working from this documentation

However, I'm realising that I'm not sure what the process I need to follow is; what I'm calling the 'public key' probably isn't!

So, a step-by-step guide for how to use the CAPI to perform a DH key exchange would be greatly appreciated!

thanks.


Use this method to acquire either public or private keys by passing correspondent isPublicKey value:

public static bool ExportCryptKey(IntPtr cryptKey, out byte[] outData, ref uint outDataSize, bool isPublicKey)
        {
            uint keyType = isPublicKey ? 0x6u : 0x7u;
            outData = null;
            if (!CryptExportKey(cryptKey, IntPtr.Zero, keyType, 0, null, ref outDataSize))
            {
                var err = Marshal.GetLastWin32Error();
                Debug.Print(new Win32Exception(err).Message);
                return false;
            }

            outData = new byte[outDataSize];

            if (!CryptExportKey(cryptKey, IntPtr.Zero, keyType, 0, outData, ref outDataSize))
                return false;

            return true;
        }
0

精彩评论

暂无评论...
验证码 换一张
取 消