I'm trying to build some code that will switch between the old CAPI or the new CNG-based Diffie-Hellman algorithms.
(Despite documentation, the new ECC-based DH algorithm, as part of CNG, is not supported on Windows XP).
Anyway, I've begun exposing the Win32 CAPI, as follows:
public static class CAPI
{
private static int ALG_CLASS_KEY_EXCHANGE = 5 << 13;
private static int ALG_TYPE_DH = 5 << 9;
private static int ALG_SID_DH_EPHEM = 2;
public static int CALG_DH_EPHEM = (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EPHEM);
public static uint CRYPT_VERIFYCONTEXT = 0xF0000000;
public static uint CRYPT_SILENT = 0x00000040;
public static uint PROV_DSS_DH = 13;
public static uint CRYPT_EXPORTABLE = 0x00000001;
public static uint CRYPT_PREGEN = 0x00000040;
public static uint KEY_SIZE = 0x00000400;
public static string MS_ENH_DSS_DH_PROV = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider";
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CryptAcquireContext(ref IntPtr hProv, string pszContainer, string pszProvider, uint dwProvType, uint dwFlags);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool CryptReleaseContext(IntPtr hProv, uint dwFlags);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool CryptGenKey(IntPtr hProv, int Algid, uint dwFlags, ref IntPtr phKey);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool CryptDestroyKey(IntPtr key);
}
and I have begun building a .NET DH class ontop of this:
public sealed class CAPIDiffieHellman : IDisposable
{
private IntPtr _publicKeyPointer = new IntPtr();
private IntPtr _hProv = new IntPtr();
private uint _contextFlags = CAPI.CRYPT_VERIFYCONTEXT | CAPI.CRYPT_SILENT;
private uint _keyGenerationFlags = CAPI.CRYPT_EXPORTABLE | CAPI.CRYPT_PREGEN;
public CAPIDiffieHellman()
{
if (!CAPI.CryptAcquireContext(
ref this._hProv,
null,
CAPI.MS_ENH_DSS_DH_PROV,
CAPI.PROV_DSS_DH,
this._contextFlags))
{
throw new ApplicationException(string.Format("Unable to acquire cryptographic context. Error Code: {0}", Marshal.GetLastWin32Error()));
}
}
public byte[] GeneratePublicKey()
{
if (!CAPI.CryptGenKey(this._hProv, CAPI.CALG_DH_EPHEM, this._keyGenerationFlags, ref this._publicKeyPointer))
{
throw new ApplicationException(string.Format("Unable to generate cryptographic key. Error Code: {0}", Marshal.GetLastWin32Error()));
}
var publicKey = new byte[128];
Marshal.Copy(this._publicKeyPointer, publicKey, 0, publi开发者_开发技巧cKey.Length);
return publicKey;
}
public byte[] DerivePrivateKey(byte[] publicKey)
{
return null;
}
public void Dispose()
{
CAPI.CryptReleaseContext(this._hProv, 0);
CAPI.CryptDestroyKey(this._publicKeyPointer);
}
}
I am working from this documentation
However, I'm realising that I'm not sure what the process I need to follow is; what I'm calling the 'public key' probably isn't!
So, a step-by-step guide for how to use the CAPI to perform a DH key exchange would be greatly appreciated!
thanks.
Use this method to acquire either public or private keys by passing correspondent isPublicKey value:
public static bool ExportCryptKey(IntPtr cryptKey, out byte[] outData, ref uint outDataSize, bool isPublicKey)
{
uint keyType = isPublicKey ? 0x6u : 0x7u;
outData = null;
if (!CryptExportKey(cryptKey, IntPtr.Zero, keyType, 0, null, ref outDataSize))
{
var err = Marshal.GetLastWin32Error();
Debug.Print(new Win32Exception(err).Message);
return false;
}
outData = new byte[outDataSize];
if (!CryptExportKey(cryptKey, IntPtr.Zero, keyType, 0, outData, ref outDataSize))
return false;
return true;
}
精彩评论