c# - 获取临时键 x 和 y 坐标

Question

使用 .NET Core 3.1、C#。
我对这种加密货币一点也不擅长。有人能帮我吗？

如何获取新生成的临时公钥 X 和 Y 字节？ [编辑:得到这个工作!请参阅下面的代码]。

如何生成未散列的 DerivedKeyMaterial？也许这没有意义，但我被要求不要申请ecdh.HashAlgorithm = CngAlgorithm.Sha256;但 null 不是一个选项。

这是我目前为获取 X 和 Y 字节所做的事情，但我认为这是错误的，因为当我在控制台中将其打印出来时，它与客户端生成的 key 不同。

public byte[] GetEphSecret(byte[] myPublicKey) {
    using var ecdh = new ECDiffieHellmanCng();

    ecdh.ImportSubjectPublicKeyInfo(myPublicKey, out _);
    ecdh.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;


    ecdh.HashAlgorithm = CngAlgorithm.Sha256;
    ecdh.GenerateKey(ECCurve.NamedCurves.nistP256);

    // 1. Obtain Ephemeral Key public x and y [Edit: Succesfully obtained with the following:]

    var x = ecdh.PublicKey.ExportParameters().Q.X;
    var y = ecdh.PublicKey.ExportParameters().Q.Y;
  
    CngKey cngKey = ImportEcPublicKey(myPublicKey);

    // 2. Is it possible to derive a Key that is not hashed?
    var derivedKey = ecdh.DeriveKeyMaterial(cngKey);
    return derivedKeyMaterial;
}

Answer 1

由于第一个问题已经由你自己回答了，我只回答第二个问题。
ECDiffieHellmanCng#DeriveKeyMaterial() 不返回原始 key 协议(protocol)，而仅返回从中派生的值。此外，所使用的函数是不可逆的，因此无法确定原始 key 协议(protocol)。
key 派生的详细信息在 ECDiffieHellmanCng#KeyDerivationFunction 中配置。和 ECDiffieHellmanCng#HashAlgorithm 特性。在发布的代码中，返回 key 协议(protocol)的 SHA256 哈希( ECDiffieHellmanKeyDerivationFunction.Hash ， CngAlgorithm.Sha256 )。
没有强制返回原始 key 协议(protocol)的选项，另见 here和 here .因此，要确定原始 key 协议(protocol)，除了使用另一个库或从头重新计算 key 协议(protocol)外，别无选择。
关于第一个变体，BouncyCaSTLe 是一种选择。一种可能的实现是:

private static byte[] GetKeyAgreementBC(X9ECParameters ecParams, ECPoint publicKey, byte[] privateKey)
{
    ECDomainParameters eCDomainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N);
    Org.BouncyCastle.Math.EC.ECCurve curve = eCDomainParameters.Curve;
    
    Org.BouncyCastle.Math.EC.ECPoint pubKey = curve.CreatePoint(new BigInteger(1, publicKey.X), new BigInteger(1, publicKey.Y));
    BigInteger privKey = new BigInteger(1, privateKey);
    
    ECPublicKeyParameters ecPubKeyParams = new ECPublicKeyParameters("ECDH", pubKey, SecObjectIdentifiers.SecP256r1);
    ECPrivateKeyParameters ecPrivKeyParams = new ECPrivateKeyParameters(privKey, eCDomainParameters);
    
    IBasicAgreement basicAgreement = AgreementUtilities.GetBasicAgreement("ECDH");
    basicAgreement.Init(ecPrivKeyParams);
    byte[] keyAgreement = basicAgreement.CalculateAgreement(ecPubKeyParams).ToByteArrayUnsigned();
    return keyAgreement;
}

关于第二个变体，必须记住一侧的 key 协议(protocol)是 EC 点的 X 坐标，该坐标是通过将这一侧的私钥与另一侧的公钥相乘获得的，参见 Elliptic-curve Diffie-Hellman (使用椭圆曲线的算术)。同样，BouncyCaSTLe 可用于必要的计算。一个可能的实现是:

private static byte[] GetKeyAgreementExplicit(X9ECParameters ecParams, ECPoint publicKey, byte[] privateKey)
{
    ECDomainParameters eCDomainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N);
    Org.BouncyCastle.Math.EC.ECCurve curve = eCDomainParameters.Curve;
    
    Org.BouncyCastle.Math.EC.ECPoint pubKey = curve.CreatePoint(new BigInteger(1, publicKey.X), new BigInteger(1, publicKey.Y));
    BigInteger privKey = new BigInteger(1, privateKey);
    
    Org.BouncyCastle.Math.EC.ECPoint keyAgreementECPoint = pubKey.Multiply(privKey).Normalize();
    byte[] keyAgreement = keyAgreementECPoint.XCoord.ToBigInteger().ToByteArrayUnsigned();
    return keyAgreement;
}

如前所述，两种实现在功能上是相同的，因此可以互换。可以使用以下代码对其进行测试:

using Org.BouncyCastle.Asn1.Nist;
using Org.BouncyCastle.Asn1.Sec;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities.Encoders;
using System;
using System.Security.Cryptography;
...
using (var ecdhAlice = new ECDiffieHellmanCng())
using (var ecdhBob = new ECDiffieHellmanCng())
{
    // Generate Alice's private and public key
    ecdhAlice.HashAlgorithm = CngAlgorithm.Sha256;
    ecdhAlice.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
    ecdhAlice.GenerateKey(ECCurve.NamedCurves.nistP256);
    byte[] privateKeyAlice = ecdhAlice.ExportParameters(true).D;
    ECPoint publicKeyAlice = ecdhAlice.ExportParameters(false).Q;

    // Generate Bob's private and public key
    ecdhBob.HashAlgorithm = CngAlgorithm.Sha256;
    ecdhBob.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
    ecdhBob.GenerateKey(ECCurve.NamedCurves.nistP256);
    byte[] privateKeyBob = ecdhBob.ExportParameters(true).D;
    ECPoint publicKeyBob = ecdhBob.ExportParameters(false).Q;

    // Alice's key agreement
    byte[] keyAgreementAlice = GetKeyAgreementBC(NistNamedCurves.GetByName("P-256"), publicKeyBob, privateKeyAlice);
    byte[] keyAgreementSHA256Alice = SHA256.Create().ComputeHash(keyAgreementAlice);
    byte[] keyAgreementCngAlice = ecdhAlice.DeriveKeyMaterial(ecdhBob.PublicKey);
    Console.WriteLine("Alice's raw key agreement (BC):        " + Hex.ToHexString(keyAgreementAlice));
    Console.WriteLine("Alice's hashed key agreement (BC):     " + Hex.ToHexString(keyAgreementSHA256Alice));
    Console.WriteLine("Alice's key agreement (.NET):          " + Hex.ToHexString(keyAgreementCngAlice));
    Console.WriteLine();

    // Bob's key agreement
    byte[] keyAgreementBob = GetKeyAgreementExplicit(NistNamedCurves.GetByName("P-256"), publicKeyAlice, privateKeyBob);
    byte[] keyAgreementSHA256Bob = SHA256.Create().ComputeHash(keyAgreementBob);
    byte[] keyAgreementCngBob = ecdhBob.DeriveKeyMaterial(ecdhAlice.PublicKey);
    Console.WriteLine("Bob's raw key agreement (explicit):    " + Hex.ToHexString(keyAgreementBob));
    Console.WriteLine("Bob's hashed key agreement (explicit): " + Hex.ToHexString(keyAgreementSHA256Bob));
    Console.WriteLine("Bob's key agreement (.NET):            " + Hex.ToHexString(keyAgreementCngBob));
    Console.WriteLine();
}

为简单起见，该示例省略了导出公钥(例如使用 ExportSubjectPublicKeyInfo() )和导入公钥(例如使用 ImportSubjectPublicKeyInfo() )的步骤。当代码执行时，例如以下输出结果:

Alice's raw key agreement (BC):        d6f337d4c0d8e8bb34848d4f0c1c6834f66f69bbf9f284df5b87c7aee0584fc7
Alice's hashed key agreement (BC):     fb95a6b3b95d0882fa6796c28aa5f1a88d14c5b9a3f302b5deae50316cb7a273
Alice's key agreement (.NET):          fb95a6b3b95d0882fa6796c28aa5f1a88d14c5b9a3f302b5deae50316cb7a273

Bob's raw key agreement (explicit):    d6f337d4c0d8e8bb34848d4f0c1c6834f66f69bbf9f284df5b87c7aee0584fc7
Bob's hashed key agreement (explicit): fb95a6b3b95d0882fa6796c28aa5f1a88d14c5b9a3f302b5deae50316cb7a273
Bob's key agreement (.NET):            fb95a6b3b95d0882fa6796c28aa5f1a88d14c5b9a3f302b5deae50316cb7a273 

代码中，Alice 的原始 key 协议(protocol) keyAgreementAlice使用 GetKeyAgreementBC() 生成和 Bob 的原始 key 协议(protocol) keyAgreementBob使用 GetKeyAgreementExplicit() 生成.两种实现的等效性通过两个变体返回相同的原始 key 协议(protocol)这一事实来证明。
此外， ECDiffieHellmanCng#DeriveKeyMaterial() 的(散列) key 协议(protocol)，即 keyAgreementCngAlice和 keyAgreementCngBob , 分别是 SHA256 哈希时的结果，即 keyAgreementSHA256Alice和 keyAgreementSHA256Bob由于上述原因，分别从原始 key 协议(protocol)生成。