3

I am attempting to use the ECDiffieHellmanCng class to perform key exchange operations between a desktop and a device connected over BLE. The specs of the system require that HKDF be used to derive the key. That doesn't appear to be an option for the hash functions in the ECDiffieHellmanCng class. Is there a way to do this? I would then need to take the resulting key and pass it into a AesCng object.

Sam
  • 1,325
  • 1
  • 13
  • 26
  • Is the spec public, and are there public test vectors for it? It’s probably composable. – bartonjs Mar 05 '19 at 18:03
  • @bartonjs No, our system specs are not. I don't know that it matters really. The problem is that I need a way to implement HKDF using the ECDiffieHellmanCng class where the only key derivation functions available are Hash, HMAC and TLS. There's also no way to get at the premaster secret from the class. – Sam Mar 05 '19 at 19:01
  • right, the spec+test data was so that I could see if a “this should do it” functioned before posting it as an answer. – bartonjs Mar 05 '19 at 19:03
  • @bartonjs Ah, gotcha. Sorry, medical device. – Sam Mar 05 '19 at 19:07

1 Answers1

2

The ECDiffieHellmanCng sucks since it forces you to use one of three pre-defined post processing key derivation functions (Hash, Hmac or Tls). If none of these match your protocol you are out of luck.

You might be able to use the Hmac variant however since that is the first internal operation for HKDF ("extract"). Just set the HmacKey property to the salt in HKDF. Then manually perform the second Hmac operation yourself ("expand") to get the final HKDF result.

Emil
  • 16,784
  • 2
  • 41
  • 52
  • So I'm new to the crypto stuff but this is something I was thinking about. Can get key material using a hash or HMAC... and then I was trying to figure out if I could use that as the input for my own HKDF function. – Sam Mar 05 '19 at 18:29
  • So if I set the KeyDerivationFunction to HMAC, would I use the DeriveKeyFromHash method or DeriveKeyFromHmac method as input to the HKDF? – Sam Mar 05 '19 at 18:41
  • 1
    @Sam if you use the derive methods that say what they are doing you don’t need to set the property, it only controls the one that doesn’t say what it is doing. – bartonjs Mar 05 '19 at 19:03
  • @bartonjs I figured that was so, but didn't want to make the assumption. So it seems like the way to go would be to use the DeriveKeyFromHmac method and that would count as the "extract" step of the HKDF function. Then I would need to implement my own "expand" step. Does that sound correct? – Sam Mar 05 '19 at 19:09