private async Task <IKeyAgreement> FromDiffieHellmanDomainParametersAsync(KrbSubjectPublicKeyInfo clientPublicValue)
{
var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value);
IKeyAgreement agreement = null;
switch (parameters.P.Length)
{
case 128:
agreement = CryptoPal.Platform.DiffieHellmanModp2(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2)
);
break;
case 256:
agreement = CryptoPal.Platform.DiffieHellmanModp14(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14)
);
break;
default:
throw new InvalidOperationException("Unknown key agreement parameter");
}
var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(publicKey);
return(agreement);
}
private IKeyAgreement FromDiffieHellmanDomainParameters(KrbSubjectPublicKeyInfo clientPublicValue)
{
var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value);
IKeyAgreement agreement;
if (this.IsSupportedAlgorithm(KeyAgreementAlgorithm.DiffieHellmanModp14, Oakley.Group14.Prime, parameters.P))
{
var cachedKey = this.Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14);
agreement = CryptoPal.Platform.DiffieHellmanModp14(cachedKey);
}
else if (this.IsSupportedAlgorithm(KeyAgreementAlgorithm.DiffieHellmanModp2, Oakley.Group2.Prime, parameters.P))
{
var cachedKey = this.Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2);
agreement = CryptoPal.Platform.DiffieHellmanModp2(cachedKey);
}
else
{
var length = parameters.P.Length * 8;
throw new InvalidOperationException($"Unsupported Diffie Hellman key agreement parameter with length {length}");
}
var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(publicKey);
return(agreement);
}
private static Dictionary <string, object> ConvertKey(DiffieHellmanKey key)
{
return(new Dictionary <string, object> {
{ "KeyLength", key.KeyLength },
{ "Type", key.Type },
{ "Modulus", key.Modulus.ToArray() },
{ "Generator", key.Generator.ToArray() },
{ "PublicKey", key.Public.ToArray() },
{ "Factor", key.Factor.ToArray() },
{ "PrivateKey", key.Private.ToArray() }
});
}
private DiffieHellmanKey ConvertKey(Dictionary <string, object> dictionary)
{
var key = new DiffieHellmanKey
{
KeyLength = (int)(long)dictionary["KeyLength"],
Type = (AsymmetricKeyType)((long)dictionary["Type"]),
Modulus = Convert.FromBase64String(dictionary["Modulus"].ToString()),
Generator = Convert.FromBase64String(dictionary["Generator"].ToString()),
Public = Convert.FromBase64String(dictionary["PublicKey"].ToString()),
Factor = Convert.FromBase64String(dictionary["Factor"].ToString()),
Private = Convert.FromBase64String(dictionary["PrivateKey"].ToString())
};
return(key);
}
private static IExchangeKey GetRightPublicKey(IExchangeKey a, IExchangeKey b)
{
var left = a as DiffieHellmanKey;
var right = b as DiffieHellmanKey;
var pub = right.PublicComponent.ToArray();
var key = new DiffieHellmanKey
{
KeyLength = left.Modulus.Length,
Modulus = left.Modulus.ToArray(),
Generator = left.Generator.ToArray(),
PublicComponent = pub
};
return(key);
}
public byte[] GenerateKey(byte[] otherPublicKey, byte[] clientNonce, byte[] serverNonce, int size)
{
DiffieHellmanKey diffieHellmanKey = new DiffieHellmanKey();
diffieHellmanKey.PublicComponent = otherPublicKey;
diffieHellmanKey.KeyLength = otherPublicKey.Length;
diffieHellmanKey.Type = AsymmetricKeyType.Public;
diffieHellman.ImportPartnerKey(diffieHellmanKey);
byte[] sharedSecret = diffieHellman.GenerateAgreement();
byte[] x = new byte[sharedSecret.Length + clientNonce.Length + serverNonce.Length];
sharedSecret.CopyTo(x, 0);
clientNonce.CopyTo(x, sharedSecret.Length);
serverNonce.CopyTo(x, sharedSecret.Length + clientNonce.Length);
return(kTruncate(size, x));
}
private ReadOnlyMemory <byte> DeriveDHKeyAgreement(KrbKdcRep kdcRep, KrbPaPkAsRep pkRep)
{
var dhKeyInfo = ValidateDHReply(pkRep);
var kdcPublicKey = DiffieHellmanKey.ParsePublicKey(dhKeyInfo.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(kdcPublicKey);
var derivedKey = agreement.GenerateAgreement();
ReadOnlySpan <byte> serverDHNonce = default;
if (pkRep.DHInfo.ServerDHNonce.HasValue)
{
serverDHNonce = pkRep.DHInfo.ServerDHNonce.Value.Span;
}
var transform = CryptoService.CreateTransform(kdcRep.EncPart.EType);
return(PKInitString2Key.String2Key(derivedKey.Span, transform.KeySize, clientDHNonce.Span, serverDHNonce));
}
private async Task <IKeyAgreement> FromDiffieHellmanDomainParametersAsync(KrbSubjectPublicKeyInfo clientPublicValue)
{
var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value);
var agreement = parameters.P.Length switch
{
128 => CryptoPal.Platform.DiffieHellmanModp2(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2)
),
256 => CryptoPal.Platform.DiffieHellmanModp14(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14)
),
_ => throw new InvalidOperationException("Unknown key agreement parameter"),
};
var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey);
agreement.ImportPartnerKey(publicKey);
return(agreement);
}
