-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECDiffieHellman code in NETCOREAPP2_1 is inefficient & complex - can it be improved? #18
Comments
The ECDiffieHellmanCng type is there, with the same surface area. If you're using CngKey that means you're already bound to Windows and can just keep using it. |
@bartonjs Thx for reviewing. Is it by design that |
Yes
ECDiffieHellmanPublicKeyCng uses the CNG blob, which didn't seem like a sensible thing to move to cross-platform. It's also a bit complicated by ECDiffieHellmanCng having expectations that it will get an ECDiffieHellmanPublicKeyCng (throwing otherwise), so really the API expects that the PublicKey object came from the parent class factory property. I won't say that there's not room for improvement, but netcoreapp21 made ECDH be possible, if not nice :). |
Indeed - no complaints here. In terms of future improvement though, we all want simple things:
CNGBLOB was not perfect, but it was something resembling a "standard MS approach": internal enum KeyBlobMagicNumber : int
{
BCRYPT_ECDH_PUBLIC_P256_MAGIC = 0x314B4345, // ECK1
BCRYPT_ECDH_PRIVATE_P256_MAGIC = 0x324B4345, // ECK2
BCRYPT_ECDH_PUBLIC_P384_MAGIC = 0x334B4345, // ECK3
BCRYPT_ECDH_PRIVATE_P384_MAGIC = 0x344B4345, // ECK4
BCRYPT_ECDH_PUBLIC_P521_MAGIC = 0x354B4345, // ECK5
BCRYPT_ECDH_PRIVATE_P521_MAGIC = 0x364B4345, // ECK6
BCRYPT_ECDH_PUBLIC_GENERIC_MAGIC = 0x504B4345, // ECKP
BCRYPT_ECDH_PRIVATE_GENERIC_MAGIC = 0x564B4345, //ECKV
BCRYPT_ECDSA_PUBLIC_P256_MAGIC = 0x31534345, // ECS1
BCRYPT_ECDSA_PRIVATE_P256_MAGIC = 0x32534345, // ECS2
BCRYPT_ECDSA_PUBLIC_P384_MAGIC = 0x33534345, // ECS3
BCRYPT_ECDSA_PRIVATE_P384_MAGIC = 0x34534345, // ECS4
BCRYPT_ECDSA_PUBLIC_P521_MAGIC = 0x35534345, // ECS5
BCRYPT_ECDSA_PRIVATE_P521_MAGIC = 0x36534345,// ECS6
BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC = 0x50444345, // ECDP
BCRYPT_ECDSA_PRIVATE_GENERIC_MAGIC = 0x56444345, // ECDV
}
|
ECDiffieHelman :: GetSharedSecret
@bartonjs The
NETCOREAPP2_1
code to useECDiffieHellman
to derive a shared secret from a privateCngKey
and a publicCngKey
is very messy/complicated, compared toNET462
code. Can it be improved?Ex. the
NETCOREAPP2_1
code above creates 2 instances ofECDiffieHellman
, instead of 1. There seems to be no other way to createECDiffieHellmanPublicKey
instance out of public-key blob/byte[], other than by creating an extra dummyECDiffieHellman
instance to get its.PublicKey
, which is a lot of extra code.The text was updated successfully, but these errors were encountered: