Can Fido2 hardware tokens be used for key agreement or Diffie-Hellman?

Question

With Fido2 becoming more popular we see more and more affordable Fido2 hardware security keys on the market.

Can we use those tokens also for establishing a shared secret between two tokens?

I would like to use them to perform something similar to ECDH. But to my knowledge they only support ECDSA/DSA operations?

Creative solutions and hacks are welcome :D

Answer 1

No, you cannot use two FIDO2 keys to perform key agreement with ECDH.

The reason is because ECDH requires that the other side's public key be multiplied by our side's secret scalar, but the FIDO2 protocol doesn't provide any way to perform that operation. It only knows how to perform ECDSA signatures of a message, which involves hashing that message with SHA-256, and operation which is not present in ECDH.

There are also reasons why this would not be a good idea even if it were possible. In general, it's not a good idea to use the same key for multiple purposes, since sometimes this can lead to interesting attacks, especially when one side can act as an oracle (that is, it will sign or decrypt some set of messages provided by an attacker). In addition, in most modern protocols, we want our ECDH keys to have a short lifetime so that we can provide perfect forward secrecy, which usually implies not reusing the secret portion. Using a hardware token defeats the purpose of ephemeral ECDH keys, so we'd want to avoid that.

Answer 2

Not directly - as @bk2204 says, there's no support for key exchange built into FIDO2 (and although many FIDO2 devices support functionality beyond FIDO2, I don't know of any that specifically support key exchange) - but there's no need for direct support. What FIDO2 (or anything else that supports signing with a private key) can do is authenticate the public parameters of a[n] [EC]DH key exchange (by signing yours / providing a public key to verify the signature of the other party). This solves the biggest security weakness in [EC]DH - the fact that it's unauthenticated and thus vulnerable to MitM by default - assuming you have the ability to securely distribute/verify the public keys (this could be done via e.g. x.509 certificates, web of trust, etc.). It also allows using ephemeral keys, which provides forward secrecy and solves another major threat to online key exchanges. Used in this way, the FIDO2 token acts as an HSM for securely establishing an ephemeral shared secret on demand.

The flow looks something like this, overall (Important disclaimer: I am not a cryptographer and may have made errors; always get third-party review before implementing a new protocol):

1. "Enroll" the counterparty (could be a specific person/account/device or an arbitrary service) using FIDO2. This generates a unique pubic/private key pair, tied to that counterparty. If relevant, sign the public key or cause it to be signed (e.g. by putting it in a certificate signing requires that a CA signs to produce a certificate) such that your ownership of it can be verified.
2. Distribute/receive the public key (optionally in a certificate or otherwise signed) to/from the counterparty, and verify its authenticity. This step can be done ahead of time, or combined with step #4.
3. When you want to exchange a secret with the counterparty, generate ephemeral [EC]DH parameters in a format the counterparty expects, and sign the public parameter as though it is a FIDO challenge from the counterparty.
4. Transmit your signed public parameter, and receive the counterparty's. Verify the signature on their parameter using the authenticated public key you have for them; this authenticates the key exchange.
5. Complete the [EC]DH process to generate an ephemeral shared secret. Assuming neither side's FIDO2 token has been lost/compromised, you can at this point be sure that both sides are who they say they are (to within the limits of the specificity you have on their public key's associated identity), both sides have the same secret, and that nobody else knows it (to within the limits of the security of each device and the cryptographic constructions used).