Hi,

ich muss für eine Entschlüsselung einen HKDFKey als SharedKey aus folgenden Werten berechnen:

markieren

Delphi-Quellcode:

echdSharedSecret:=$8F 81 9B C0 85 A9 CF 72 B4 15 67 16 BF A4 87 65 6C F7 A4 89 B4 F4 6A FC 67 48 03 8F 60 3E D6 2D
salt:=$70 2F A6 37 16 BB 17 61 3A A1 14 1A 25 F8 C7 63 7A 9B 67 28 B7 5E C4 C9 BD 04 60 C6 F4 5E 24 8A 1F 17 9F 6B B6 AD 2C CF C5 68 89 F6 6C 6B 68 52 BF D2 08 DE B8 BA F9 F7 28 6B 40 2D 5E 38 00 0F 1E 81 D6 E7 C5 18 23 06 E3 88 41 8C 4F 51 E6 F9 31 59 97 29 00 16 E8 98 9F 3A 6F F2 2C 0C E9 AC A6 86 F4 7C 88 60 5C 5C 47 35 A2 BD 29 E5 51 77 92 C4 9D E5 64 48 7C 1E C8 F1 A7 55 8A 6D 00 72
expected result: $AE FC 45 FB E4 9B 90 15 17 B1 4B C4 E7 83 D2 0E 43 74 D4 52 37 66 C7 CA 86 39 75 17 35 88 80 C8 23 99 CB A1

Ich habe es mit TMSCryptography-Pack ausprobiert, war aber noch nicht erfolgreich:

zusammenfalten · markieren

Delphi-Quellcode:

function getHKDFKey(echdSharedSecret,salt:String):String;
var hkdf: THKDFKeyDerivation;
    ecdhSharedSecret,salt:String;
    PRK: string;
begin
    hkdf:= THKDFKeyDerivation.Create();
    try
      hkdf.Unicode:= TUnicode.yesUni;
      hkdf.OutputFormat:= hexa;
      hkdf.hashFunction := hsha2;
      hkdf.hashSizeBits := 256;

      //ECDH secret obtained in the previous step
      //A Message Digest function (also known as Hash function), in this case is SHA256
      //A key length, 36 bytes in this case
      //A Salt value, which in this case is the concatenation of both public keys,
      //the device public key material received and the local public key material, in that order

      //• Constructor Create(AOwner: TComponent); overload; override; the default constructor from the TComponent class
      //• Constructor Create; overload; the default constructor
      //• Constructor Create(outputFormat: TConvertType; uni: TUnicode; hashF:THashFunction; hashSB: Integer); overload;
      //• function Extract(s, salt: string): string; to generate a pseudo random key from a message s and a salt
      //• function Expand(s, info: string; len: Integer): string; to generate a key of length len from the resulting key of Extract function, s, and an info string
      //• property hashFunction: THashFunction read FHashFunction write FHashFunction; to read and write the hash function used into HKDF algorithm
      //• property OutputFormat: TConvertType read FOutputFormat write FoutputFormat; to read and write the output format of the data (see Converter class section)
      //• property hashSizeBits: Integer read FHashSizeBits write SetHashSizeBits; to read and write the number of output bits of the hash function used in HKDF algorithm
      //• property Unicode: TUnicode read FUni write FUni; to indicate whether the input buffer has Unicode characters

      PRK:= hkdf.Extract(ecdhSharedSecret, salt);
      result:= hkdf.Expand(PRK, '', 36);
    finally
      HKDF.Free;
    end;
end;

Hat da jemand eine andere Idee? Gerne auch per DEC, da ich diese schon im nächsten Schritt (erfolgreich) für die Entschlüsselung der eigentlichen Kommunikation nutze.

Grüße, Philipp

Grüße, Philipp

Hi,

As i have no idea how TMSCryptography-Pack works, also i can't find the documentation online (i remember saw them on their site in that past),


1) Are these commented lines from TMS on how to use ?
2) What is this ? and how this is working with salt declared like that ?

Zitat:

function getHKDFKey(echdSharedSecret,salt:String):String;
var hkdf: THKDFKeyDerivation;
ecdhSharedSecret,salt:String;
PRK: string;

3) This is definitely is wrong here
      hkdf.Unicode:= TUnicode.yesUni; if you are using raw bytes as source for HKDF then it can't be handled as string or UnicodeString as input, this only can be helpful if you are trying to get key HKDF generated from something like password


4) Main question now :

markieren

Delphi-Quellcode:

      hkdf.OutputFormat:= hexa;
      hkdf.hashFunction := hsha2;
      hkdf.hashSizeBits := 256;
      PRK:= hkdf.Extract(ecdhSharedSecret, salt);
      result:= hkdf.Expand(PRK, '', 36);

This either your own algorithm, which is.... lets say OKAY, or you need some defined algorithm to follow, in case of HKDF these parameters will change the output for sure, so why PRK followed by Expand ? , why the output is hexa ?
if the commented lines are documentation then PRK is not needed here, it is something to get bit entropy from limited source like (again) password, so Expand following Extract make no sense.

I suggest to make your needs clear first then write the usage HKDF, because the mentioned code is making little sense and not logically clear.

On other hand: DEC has examples and tests for HKDF and they do pass, means it should work, if you are familiar with it then stick to it, if you can't make it show some specific result then ask about that, and don't forget to provide the needed steps/algorithm/parameters for HKDF, in case there is specification for follow, if there is not and all what you want is HKDF, i mean your own, then again repeat (exact steps) any example from TMS or DEC, both will do.

1) Yes, the commented lines are the documentation from TMSSoftware.
2) Was a typo only, in the original method the ECDH-Shared-Secret is calculated first with TMS Crypto-Pack and this is working fine.

And I've checked with DEC but get also something different:

ecdhSharedSecret:='8F819BC085A9CF72B4156716BFA4876 56CF7A489B4F46AFC6748038F603ED62D';
salt:=''702FA63716BB17613AA1141A25F8C7637A9B6728B7 5EC4C9BD0460C6F45E248A1F179F6BB6AD2CCFC56889F66C6B 6852BFD208DEB8BAF9F7286B402D5E38000F1E81D6E7C51823 06E388418C4F51E6F9315997290016E8989F3A6FF22C0CE9AC A686F47C88605C5C4735A2BD29E5517792C49DE564487C1EC8 F1A7558A6D0072'';
result:=BytesToHexStr(THash_SHA256.KDF2(HexStrToBy tes(ecdhSharedSecret),HexStrToBytes(salt),36));

result= AE FC 45 FB E4 9B 90 15 17 B1 4B C4 E7 83 D2 0E 43 74 D4 52 37 66 C7 CA 86 39 75 17 35 88 80 C8 23 99 CB A1
expected=44 C8 6D CF 44 F4 18 0B C2 B2 20 88 DC FC D5 89 CD B0 2C CC 64 8A 48 9E 3C 03 1B 73 BD 2B 13 FC 17 25 46 CB

And this is the C# example that is working fine:

HKDF.DeriveKey(HashAlgorithmName.SHA256, sharedSecretBytes, EncryptionUtils.HKDF_LENGTH, salt);

And yes, here Expand and Extract is not used but only DeriveKey.

Works now, implemented my own HKDF implementation:

zusammenfalten · markieren

Delphi-Quellcode:

unit HKDF;

interface

uses
  System.SysUtils, System.Hash, System.Classes;

type
  THKDF = class
  public
    class function HMAC_SHA256(const Key, Data: TBytes): TBytes;
    class function Extract(const Salt, IKM: TBytes): TBytes;
    class function Expand(const PRK, Info: TBytes; L: Integer): TBytes;
    class function DeriveKey(const IKM, Salt, Info: TBytes; L: Integer): TBytes;
  end;

{ THKDF }

implementation

class function THKDF.HMAC_SHA256(const Key, Data: TBytes): TBytes;
begin
  Result := THashSHA2.GetHMACAsBytes(Data, Key, THashSHA2.TSHA2Version.SHA256);
end;

class function THKDF.Extract(const Salt, IKM: TBytes): TBytes;
var
  ActualSalt: TBytes;
begin
  if Length(Salt) = 0 then
  begin
    SetLength(ActualSalt, 32); // SHA256 BlockSize
    FillChar(ActualSalt[0], 32, 0);
  end
  else
    ActualSalt := Salt;

  Result := HMAC_SHA256(ActualSalt, IKM);
end;

class function THKDF.Expand(const PRK, Info: TBytes; L: Integer): TBytes;
var
  N, I: Integer;
  T, Block: TBytes;
  Counter: Byte;
  HashLen: Integer;
begin
  HashLen := 32; // SHA256
  N := (L + HashLen - 1) div HashLen;
  SetLength(Result, 0);
  SetLength(T, 0);

  for I := 1 to N do
  begin
    Counter := I;
    Block := T + Info + [Counter];
    T := HMAC_SHA256(PRK, Block);
    Result := Result + T;
  end;

  SetLength(Result, L);
end;

class function THKDF.DeriveKey(const IKM, Salt, Info: TBytes; L: Integer): TBytes;
var
  PRK: TBytes;
begin
  PRK := Extract(Salt, IKM);
  Result := Expand(PRK, Info, L);
end;

end.