public SharedSecretResponse GenerateSharedSecretZ(
EccDomainParameters domainParameters,
EccKeyPair xPrivateKeyPartyA,
EccKeyPair yPublicKeyPartyB,
EccKeyPair rPrivateKeyPartyA,
EccKeyPair tPublicKeyPartyA,
EccKeyPair tPublicKeyPartyB)
{
var exactBitSize = domainParameters.CurveE.OrderN.ExactBitLength();
var associateValueQeA = AssociateValueFunction(exactBitSize, tPublicKeyPartyA);
var associateValueQeB = AssociateValueFunction(exactBitSize, tPublicKeyPartyB);
var implicitSigA =
(rPrivateKeyPartyA.PrivateD + associateValueQeA
* xPrivateKeyPartyA.PrivateD) % domainParameters.CurveE.OrderN;
var p = domainParameters.CurveE.Multiply(yPublicKeyPartyB.PublicQ, associateValueQeB);
p = domainParameters.CurveE.Add(p, tPublicKeyPartyB.PublicQ);
p = domainParameters.CurveE.Multiply(p, implicitSigA);
p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH);
if (p.Infinity)
{
return(new SharedSecretResponse("Point is infinity"));
}
var pExactLength = domainParameters.CurveE.FieldSizeQ.ExactBitLength();
BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, pExactLength);
return(new SharedSecretResponse(z));
}
protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial)
{
if (secretKeyingMaterial.EphemeralKeyPair != null)
{
var domainParam = (EccDomainParameters)secretKeyingMaterial.DomainParameters;
var exactLength = CurveAttributesHelper.GetCurveAttribute(domainParam.CurveE.CurveName).DegreeOfPolynomial;;
var ephemKey = (EccKeyPair)secretKeyingMaterial.EphemeralKeyPair;
if (ephemKey.PublicQ.X != 0)
{
return(BitString.ConcatenateBits(
SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.X, exactLength),
SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.Y, exactLength)
));
}
}
if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0)
{
return(secretKeyingMaterial.EphemeralNonce);
}
return(secretKeyingMaterial.DkmNonce);
}
/// <inheritdoc />
protected override BitString GetEphemeralKeyOrNonce(EccKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce)
{
if (ephemeralPublicKey?.PublicQ != null && ephemeralPublicKey.PublicQ?.X != 0)
{
var exactLength = CurveAttributesHelper.GetCurveAttribute(DomainParameters.CurveE.CurveName).DegreeOfPolynomial;
return(BitString.ConcatenateBits(
SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.X, exactLength),
SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.Y, exactLength)
));
}
if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0)
{
return(ephemeralNonce);
}
return(dkmNonce);
}
public SharedSecretResponse GenerateSharedSecretZ(
EccDomainParameters domainParameters,
EccKeyPair dA,
EccKeyPair qB
)
{
var p = domainParameters.CurveE.Multiply(qB.PublicQ, dA.PrivateD);
p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH);
if (p.Infinity)
{
return(new SharedSecretResponse("Point is infinity"));
}
var curveAttributes = CurveAttributesHelper.GetCurveAttribute(domainParameters.CurveE.CurveName);
BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, curveAttributes.DegreeOfPolynomial);
return(new SharedSecretResponse(z));
}