0

Currently I started working with the cryptography framework on python. I'm trying to build a SSH Suit by my own but I ran into some problem with the library. I'm trying to build my own Elliptic Curve Key Exchange Init Packet (with scapy).

I'm trying to do an Elliptic Curve Diffie-Hellman key exchange with the curve secp256r1. I'm able to generate the key-pair on my client with out any problem. But after I created the public key object im kinda confused how to get the 32-byte public key for exchange via network packets.

my code so far (which doesn't work for me): from cryptography.hazmat.primitives import hashes

from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serilization

curve = SECP256R1()
peer_private_key = ec.generate_private_key(curve)
peer_public_key = peer_private_key.public_key()

peer_public_pkt = peer_public_key.public_bytes(encoding=serilization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)

But this peer_public_pkt is not 32 Byte long.

Another Problem is when i get like an ECDH Public Key Value via Scapy or Wireshark from a Server via Network i cant translate the value back with

srv_public_key = ec.EllipticCurvePublicKey.from_encoded_point(curve, data_from_wireshark)

I think I'm missing some crucial steps here but I looked at the documentation for two hours and into some older examples on different sites but I can't find help (or see the solution).

Hopefully you can help me :). If something about my problem is not clear just ask.

Bruno Rohée
  • 3,436
  • 27
  • 32
EviLDgL
  • 3
  • 2

1 Answers1

1

EllipticCurvePublicKey.from_encoded_point takes compressed/uncompressed points. You can obtain those from public_bytes via a format of PublicFormat.CompressedPoint and format of Encoding.X962. SubjectPublicKeyInfo DER serialization is an ASN.1 format with additional structure.

Your assumption of 32 bytes on a secp256r1 key is also incorrect, as a compressed public point adds one byte defining the sign for unambiguous point reconstruction.

Paul Kehrer
  • 13,466
  • 4
  • 40
  • 57
  • Thanks for your answer. That helped me. But do you know if the encoding and format is somehow standartised by the curve itself or by the algorith that uses it? – EviLDgL Nov 02 '20 at 18:12
  • I dont really understand what the actuall Public Key Q_S (which is transmitted in an Elliptic Curve Diffie Hellman Init) is in the SSH protocol. Is it just an compressed point which got cut off its first byte? @Paul Kehrer – EviLDgL Nov 02 '20 at 20:33
  • RFC 5656 may be helpful in understanding how SSH does this. – Paul Kehrer Nov 03 '20 at 05:07
  • I read the rfc already but its just not clear for me how to use this octet-string conversion with cryptography – EviLDgL Nov 04 '20 at 17:44