/// <summary> /// Sets up the KDF parameter with the ephemeral data provided by the two parties to be used in the key derivation process. /// </summary> /// <param name="kdfParameter">The kdfParameter parameter in which to have its ephemeral data set.</param> /// <param name="otherPartyKeyingMaterial">The other party keying material.</param> /// <param name="z">The shared secret z.</param> private void SetKdfEphemeralData(IKdfParameter kdfParameter, ISecretKeyingMaterial otherPartyKeyingMaterial, BitString z) { BitString initiatorData = null; BitString responderData = null; kdfParameter.Z = z; switch (SchemeParameters.KeyAgreementRole) { case KeyAgreementRole.InitiatorPartyU: initiatorData = GetEphemeralDataFromKeyContribution( ThisPartyKeyingMaterial); responderData = GetEphemeralDataFromKeyContribution( otherPartyKeyingMaterial); break; case KeyAgreementRole.ResponderPartyV: initiatorData = GetEphemeralDataFromKeyContribution( otherPartyKeyingMaterial); responderData = GetEphemeralDataFromKeyContribution( ThisPartyKeyingMaterial); break; default: throw new ArgumentException($"Invalid {nameof(SchemeParameters.KeyAgreementRole)}"); } kdfParameter.SetEphemeralData(initiatorData, responderData); }
public KeyAgreementResult ComputeResult(ISecretKeyingMaterial otherPartyKeyingMaterial) { var z = ComputeSharedSecret(otherPartyKeyingMaterial); var keyingMaterialPartyU = SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU ? ThisPartyKeyingMaterial : otherPartyKeyingMaterial; var keyingMaterialPartyV = SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV ? ThisPartyKeyingMaterial : otherPartyKeyingMaterial; if (SchemeParameters.KasMode == KasMode.NoKdfNoKc) { return(new KeyAgreementResult(keyingMaterialPartyU, keyingMaterialPartyV, z)); } var fixedInfo = GetFixedInfo(otherPartyKeyingMaterial); var dkm = DeriveKey(otherPartyKeyingMaterial, z, fixedInfo); if (_keyConfirmationFactory == null) { return(new KeyAgreementResult(keyingMaterialPartyU, keyingMaterialPartyV, z, fixedInfo, dkm)); } var keyConfirmationKey = dkm.GetMostSignificantBits(_keyConfirmationParameter.KeyLength); var keyConfirmationResult = KeyConfirmation(otherPartyKeyingMaterial, keyConfirmationKey); return(new KeyAgreementResult( keyingMaterialPartyU, keyingMaterialPartyV, z, fixedInfo, dkm, keyConfirmationKey, keyConfirmationResult.MacData, keyConfirmationResult.Mac)); }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { var domainParameters = (EccDomainParameters)ThisPartyKeyingMaterial.DomainParameters; // static secret composed of both parties static key parts var staticSecret = _diffieHellman.GenerateSharedSecretZ( domainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ; // differing ephemeralSecret logic depending on key agreement role BitString ephemeralSecret; if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU) { ephemeralSecret = _diffieHellman.GenerateSharedSecretZ( domainParameters, (EccKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ; } else { ephemeralSecret = _diffieHellman.GenerateSharedSecretZ( domainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.EphemeralKeyPair ).SharedSecretZ; } // Shared secret is composed (Z_e || Z_s) return(BitString.ConcatenateBits(ephemeralSecret, staticSecret)); }
protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial) { if (secretKeyingMaterial.EphemeralKeyPair != null) { var domainParam = (EccDomainParameters)secretKeyingMaterial.DomainParameters; var exactLength = CurveAttributesHelper.GetCurveAttribute(domainParam.CurveE.CurveName).DegreeOfPolynomial;; var ephemKey = (EccKeyPair)secretKeyingMaterial.EphemeralKeyPair; if (ephemKey.PublicQ.X != 0) { return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.Y, exactLength) )); } } if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0) { return(secretKeyingMaterial.EphemeralNonce); } return(secretKeyingMaterial.DkmNonce); }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { // Party U uses both its static and ephemeral keys, and Party V's static public key if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU) { return(_mqv.GenerateSharedSecretZ( (EccDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (EccKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ); } // Party V uses its static key, and party U's static and ephemeral keys return(_mqv.GenerateSharedSecretZ( (EccDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.EphemeralKeyPair ).SharedSecretZ); }
/// <summary> /// Performs key confirmation using both parties contributions to the key establishment. /// </summary> /// <param name="otherPartyKeyingMaterial">The other parties contributions to the scheme.</param> /// <param name="keyToTransport">The key that was derived in the KAS or KTS scheme.</param> /// <returns></returns> private ComputeKeyMacResult KeyConfirmation(ISecretKeyingMaterial otherPartyKeyingMaterial, BitString keyToTransport) { var keyConfParam = GetKeyConfirmationParameters(otherPartyKeyingMaterial, keyToTransport); var keyConfirmation = _keyConfirmationFactory.GetInstance(keyConfParam); return(keyConfirmation.ComputeMac()); }
/// <summary> /// Construct the Result for KAS without a KDF or KeyConfirmation (component test) /// </summary> /// <param name="secretKeyingMaterialPartyU">The secret keying material for party U.</param> /// <param name="secretKeyingMaterialPartyV">The secret keying material for party V.</param> /// <param name="z">The shared secret.</param> public KeyAgreementResult(ISecretKeyingMaterial secretKeyingMaterialPartyU, ISecretKeyingMaterial secretKeyingMaterialPartyV, BitString z) { SecretKeyingMaterialPartyU = secretKeyingMaterialPartyU; SecretKeyingMaterialPartyV = secretKeyingMaterialPartyV; Z = z; }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { return(_diffieHellman.GenerateSharedSecretZ( (EccDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ); }
/// <summary> /// Construct the Result for KAS without KeyConfirmation /// </summary> /// <param name="secretKeyingMaterialPartyU">The secret keying material for party U.</param> /// <param name="secretKeyingMaterialPartyV">The secret keying material for party V.</param> /// <param name="z">The shared secret.</param> /// <param name="fixedInfo">The fixed info used as a KDF input parameter.</param> /// <param name="dkm">The derived keying material.</param> public KeyAgreementResult( ISecretKeyingMaterial secretKeyingMaterialPartyU, ISecretKeyingMaterial secretKeyingMaterialPartyV, BitString z, BitString fixedInfo, BitString dkm) : this(secretKeyingMaterialPartyU, secretKeyingMaterialPartyV, z) { FixedInfo = fixedInfo; Dkm = dkm; }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { return(_mqv.GenerateSharedSecretZ( (FfcDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (FfcKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (FfcKeyPair)otherPartyKeyingMaterial.StaticKeyPair, (FfcKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (FfcKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (FfcKeyPair)otherPartyKeyingMaterial.EphemeralKeyPair ).SharedSecretZ); }
/// <summary> /// Construct the Result for KAS using key confirmation. /// </summary> /// <param name="secretKeyingMaterialPartyU">The secret keying material for party U.</param> /// <param name="secretKeyingMaterialPartyV">The secret keying material for party V.</param> /// <param name="z">The shared secret.</param> /// <param name="fixedInfo">The fixed info used as a KDF input parameter.</param> /// <param name="dkm">The derived keying material.</param> /// <param name="macKey">The key used in a MAC function.</param> /// <param name="macData">The data used in a MAC function.</param> /// <param name="tag">The resulting tag of MAC(macKey, macData).</param> public KeyAgreementResult(ISecretKeyingMaterial secretKeyingMaterialPartyU, ISecretKeyingMaterial secretKeyingMaterialPartyV, BitString z, BitString fixedInfo, BitString dkm, BitString macKey, BitString macData, BitString tag) : this(secretKeyingMaterialPartyU, secretKeyingMaterialPartyV, z, fixedInfo, dkm) { MacKey = macKey; MacData = macData; Tag = tag; }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU) { return(_diffieHellman.GenerateSharedSecretZ( (FfcDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (FfcKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (FfcKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ); } return(_diffieHellman.GenerateSharedSecretZ( (FfcDomainParameters)ThisPartyKeyingMaterial.DomainParameters, (FfcKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (FfcKeyPair)otherPartyKeyingMaterial.EphemeralKeyPair ).SharedSecretZ); }
/// <summary> /// Gets the fixed info to be used as an input to a KDF. /// </summary> /// <param name="otherPartyKeyingMaterial">The other party keying material.</param> /// <returns></returns> private BitString GetFixedInfo(ISecretKeyingMaterial otherPartyKeyingMaterial) { var fixedInfo = _fixedInfoFactory.Get(); var thisPartyFixedInfo = GetPartyFixedInfo(ThisPartyKeyingMaterial); var otherPartyFixedInfo = GetPartyFixedInfo(otherPartyKeyingMaterial); _fixedInfoParameter.SetFixedInfo( SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU ? thisPartyFixedInfo : otherPartyFixedInfo, SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV ? thisPartyFixedInfo : otherPartyFixedInfo ); return(fixedInfo.Get(_fixedInfoParameter)); }
protected SchemeBase( SchemeParameters schemeParameters, ISecretKeyingMaterial thisPartyKeyingMaterial, IFixedInfoFactory fixedInfoFactory, FixedInfoParameter fixedInfoParameter, IKdfFactory kdfFactory, IKdfParameter kdfParameter, IKeyConfirmationFactory keyConfirmationFactory, MacParameters keyConfirmationParameter) { SchemeParameters = schemeParameters; ThisPartyKeyingMaterial = thisPartyKeyingMaterial; _fixedInfoFactory = fixedInfoFactory; _fixedInfoParameter = fixedInfoParameter; _kdfFactory = kdfFactory; _kdfParameter = kdfParameter; _keyConfirmationFactory = keyConfirmationFactory; _keyConfirmationParameter = keyConfirmationParameter; }
protected override BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial) { var domainParameters = (EccDomainParameters)ThisPartyKeyingMaterial.DomainParameters; var staticSecret = _diffieHellman.GenerateSharedSecretZ( domainParameters, (EccKeyPair)ThisPartyKeyingMaterial.StaticKeyPair, (EccKeyPair)otherPartyKeyingMaterial.StaticKeyPair ).SharedSecretZ; var ephemeralSecret = _diffieHellman.GenerateSharedSecretZ( domainParameters, (EccKeyPair)ThisPartyKeyingMaterial.EphemeralKeyPair, (EccKeyPair)otherPartyKeyingMaterial.EphemeralKeyPair ).SharedSecretZ; // Shared secret is composed (Z_e || Z_s) return(BitString.ConcatenateBits(ephemeralSecret, staticSecret)); }
protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial) { if (secretKeyingMaterial.EphemeralKeyPair != null) { var ephemKey = (FfcKeyPair)secretKeyingMaterial.EphemeralKeyPair; if (ephemKey.PublicKeyY != 0) { return(new BitString(ephemKey.PublicKeyY).PadToModulusMsb(32)); } } if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0) { return(secretKeyingMaterial.EphemeralNonce); } return(secretKeyingMaterial.DkmNonce); }
protected SchemeBaseEcc( SchemeParameters schemeParameters, ISecretKeyingMaterial thisPartyKeyingMaterial, IFixedInfoFactory fixedInfoFactory, FixedInfoParameter fixedInfoParameter, IKdfFactory kdfFactory, IKdfParameter kdfParameter, IKeyConfirmationFactory keyConfirmationFactory, MacParameters keyConfirmationParameter) : base( schemeParameters, thisPartyKeyingMaterial, fixedInfoFactory, fixedInfoParameter, kdfFactory, kdfParameter, keyConfirmationFactory, keyConfirmationParameter) { }
/// <summary> /// Generate the <see cref="IKeyConfirmationParameters"/> based on the two parties information. /// </summary> /// <param name="otherPartyKeyingMaterial">The other parties keying information.</param> /// <param name="keyToTransport">The derived keying material.</param> /// <returns></returns> private IKeyConfirmationParameters GetKeyConfirmationParameters(ISecretKeyingMaterial otherPartyKeyingMaterial, BitString keyToTransport) { var thisPartyEphemData = GetEphemeralDataFromKeyContribution(ThisPartyKeyingMaterial); var otherPartyEphemData = GetEphemeralDataFromKeyContribution(otherPartyKeyingMaterial); return(new KeyConfirmationParameters( SchemeParameters.KeyAgreementRole, SchemeParameters.KeyConfirmationRole, SchemeParameters.KeyConfirmationDirection, _keyConfirmationParameter.MacType, _keyConfirmationParameter.KeyLength, _keyConfirmationParameter.MacLength, ThisPartyKeyingMaterial.PartyId, otherPartyKeyingMaterial.PartyId, thisPartyEphemData, otherPartyEphemData, keyToTransport )); }
public SchemeEccFullUnified( SchemeParameters schemeParameters, ISecretKeyingMaterial thisPartyKeyingMaterial, IFixedInfoFactory fixedInfoFactory, FixedInfoParameter fixedInfoParameter, IKdfFactory kdfFactory, IKdfParameter kdfParameter, IKeyConfirmationFactory keyConfirmationFactory, MacParameters keyConfirmationParameter, IDiffieHellman <EccDomainParameters, EccKeyPair> diffieHellman) : base( schemeParameters, thisPartyKeyingMaterial, fixedInfoFactory, fixedInfoParameter, kdfFactory, kdfParameter, keyConfirmationFactory, keyConfirmationParameter) { _diffieHellman = diffieHellman; }
public SchemeEccFullMqv( SchemeParameters schemeParameters, ISecretKeyingMaterial thisPartyKeyingMaterial, IFixedInfoFactory fixedInfoFactory, FixedInfoParameter fixedInfoParameter, IKdfFactory kdfFactory, IKdfParameter kdfParameter, IKeyConfirmationFactory keyConfirmationFactory, MacParameters keyConfirmationParameter, IMqv <EccDomainParameters, EccKeyPair> mqv) : base( schemeParameters, thisPartyKeyingMaterial, fixedInfoFactory, fixedInfoParameter, kdfFactory, kdfParameter, keyConfirmationFactory, keyConfirmationParameter) { _mqv = mqv; }
public SchemeFfcDhHybridOneFlow( SchemeParameters schemeParameters, ISecretKeyingMaterial thisPartyKeyingMaterial, IFixedInfoFactory fixedInfoFactory, FixedInfoParameter fixedInfoParameter, IKdfFactory kdfFactory, IKdfParameter kdfParameter, IKeyConfirmationFactory keyConfirmationFactory, MacParameters keyConfirmationParameter, IDiffieHellman <FfcDomainParameters, FfcKeyPair> diffieHellman) : base( schemeParameters, thisPartyKeyingMaterial, fixedInfoFactory, fixedInfoParameter, kdfFactory, kdfParameter, keyConfirmationFactory, keyConfirmationParameter) { _diffieHellman = diffieHellman; }
public ISchemeBuilder WithThisPartyKeyingMaterial(ISecretKeyingMaterial value) { _thisPartyKeyingMaterial = value; return(this); }
/// <summary> /// Construct the Result for KAS without a KDF or KeyConfirmation (component test). /// In this instance the hash of Z is performed to accommodate implementations unable /// to return Z in the clear /// </summary> /// <param name="secretKeyingMaterialPartyU">The secret keying material for party U.</param> /// <param name="secretKeyingMaterialPartyV">The secret keying material for party V.</param> /// <param name="z">The shared secret.</param> /// <param name="hashZ">The hash of the shared secret.</param> public KeyAgreementResult(ISecretKeyingMaterial secretKeyingMaterialPartyU, ISecretKeyingMaterial secretKeyingMaterialPartyV, BitString z, BitString hashZ) : this(secretKeyingMaterialPartyU, secretKeyingMaterialPartyV, z) { HashZ = hashZ; }
/// <summary> /// Derives a key using a KDF in conjunction with a shared secret Z, and <see cref="ISecretKeyingMaterial"/> from two parties. /// </summary> /// <param name="otherPartyKeyingMaterial">The other party keying material.</param> /// <param name="z">The shared secret.</param> /// <param name="fixedInfo">The constructed fixed information from ephemeral data provided by each party.</param> /// <returns>The derived keying material.</returns> private BitString DeriveKey(ISecretKeyingMaterial otherPartyKeyingMaterial, BitString z, BitString fixedInfo) { SetKdfEphemeralData(_kdfParameter, otherPartyKeyingMaterial, z); return(_kdfFactory.GetKdf().DeriveKey(_kdfParameter, fixedInfo).DerivedKey); }
/// <summary> /// Get the <see cref="PartyFixedInfo"/> as it pertains to the provided <see cref="ISecretKeyingMaterial"/> /// for the specified <see cref="KeyAgreementRole"/>. /// </summary> /// <param name="secretKeyingMaterial">The secret keying material for the party.</param> /// <param name="keyAgreementRole">The parties key agreement role.</param> /// <returns></returns> private PartyFixedInfo GetPartyFixedInfo(ISecretKeyingMaterial secretKeyingMaterial) { return(new PartyFixedInfo(secretKeyingMaterial.PartyId, GetEphemeralDataFromKeyContribution(secretKeyingMaterial))); }
/// <summary> /// The ephemeral data provided by a party's secret keying material to be used as a part of fixedInfo construction. /// </summary> /// <param name="secretKeyingMaterial">a party's secret keying material</param> /// <returns>The ephemeral data for a party's contribution to fixedInfo.</returns> protected abstract BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial);
public KeyAgreementResult ComputeResult(ISecretKeyingMaterial otherPartyKeyingMaterial) { return(Scheme.ComputeResult(otherPartyKeyingMaterial)); }
/// <summary> /// Computes a shared secret Z using secret keying material from two parties. /// </summary> /// <param name="otherPartyKeyingMaterial">The other party secret keying material.</param> /// <returns>Shared secret Z.</returns> protected abstract BitString ComputeSharedSecret(ISecretKeyingMaterial otherPartyKeyingMaterial);