Retrieve shared secret contents from BCRYPT_SECRET_HANDLE RRS feed

  • Question

  • Hello -

    I am porting an SSH client from Crypto API to CNG, and need to retrieve the contents of the shared secret from a BCRYPT_SECRET_HANDLE. For normal DHE and ECDHE I am able to "fake it" 99.8% of the time, because the SSH protocol includes a signature of a hash derived from the shared secret, so BCryptDeriveKey using prepended null byte or not works almost 50% of the time. However if the high 9 bits of the shared secret are zero, SSH protocol requires trimming leading zero bytes, so in 0.2% (1/512 to be precise) of the time, there is no way to derive the correct key, since the shared secret contents are hidden from the developer.

    Is there some obscure way to retrieve the shared secret?

    I found a post from 2013 by David Heys (search for "How to get the raw agreed secret" to find the post) which suggests implementing a custom "do nothing" hash algorithm, which when used in BCryptDeriveKey, allows the shared secret to be obtained. I have created my own implementation of "null hash" and this appears to work in Windows 7, but fails to work in Windows 10. In fact, Windows 10 never even loads the dll containing the custom hash algorithm when used in BCryptDeriveKey, but works fine in BCryptCreateHash. However, even if there is a way to make this work in Windows 10, the drawback is that registering the custom hash algorithm requires administrator privileges.

    Please help.


    Peter Schellenbach

    Wednesday, December 13, 2017 11:11 PM