I am trying to replace a openssl code to CNG winapi code. Below is the barebone openssl code which i have.
const char *generator = ""; // 256 character hex string
const char *prime = ""; // 256 character hex string
dh = DH_new();
// Initialize dh's generator and prime
BN_hex2bn(&(dh->g), generator);
BN_hex2bn(&(dh->p), prime);
// Generate public and private keys
DH_generate_key(dh);
// Extract server's public key from init_msg's 'key'
BIGNUM *server_pub_key = BN_new();
BN_hex2bn(&server_pub_key, " *** 256 character server public key as hex string ***");
// Use DH to calculate the shared key
vector<unsigned char> shared_key;
shared_key.resize(DH_size(dh));
err = DH_compute_key(shared_key.data(), server_pub_key, dh);
the above code generated a shared key of 256 characters hex string(128 Bytes). What is the key agreement function used by openssl to create such key. Thanks in advance.
It doesn't. Or "the NULL KDF", or f(x) -> x.
DH_compute_key does the raw DH operation and returns the result.
None of the documented KDF values to BCryptDeriveKey return the raw value. It's always possible that they've added BCRYPT_KDF values that haven't made it to docs yet, you'd need to check bcrypt.h from the latest SDK releases.