public KasIfcResult ComputeResult(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { if (!_isThisPartyKeyingMaterialInitialized) { InitializeThisPartyKeyingMaterial(otherPartyKeyingMaterial); } // When running in NoKdfNoKc mode for KAS SSC, keyToTransport is `z`, otherwise it is `dkm`. var keyToTransport = GetKeyingMaterial(otherPartyKeyingMaterial); var keyingMaterialPartyU = SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU ? ThisPartyKeyingMaterial : otherPartyKeyingMaterial; var keyingMaterialPartyV = SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV ? ThisPartyKeyingMaterial : otherPartyKeyingMaterial; // No key confirmation, return the whole key if (_keyConfirmationFactory == null) { return(new KasIfcResult(keyingMaterialPartyU, keyingMaterialPartyV, keyToTransport)); } var keyConfirmationKey = keyToTransport.GetMostSignificantBits(_macParameters.KeyLength); var keyConfirmationResult = KeyConfirmation(otherPartyKeyingMaterial, keyConfirmationKey); return(new KasIfcResult( keyingMaterialPartyU, keyingMaterialPartyV, keyToTransport, keyConfirmationKey, keyConfirmationResult.MacData, keyConfirmationResult.Mac)); }
public KasIfcResult(IIfcSecretKeyingMaterial keyingMaterialPartyU, IIfcSecretKeyingMaterial keyingMaterialPartyV, BitString dkm) { KeyingMaterialPartyU = keyingMaterialPartyU; KeyingMaterialPartyV = keyingMaterialPartyV; Dkm = dkm; }
/// <summary> /// Performs key confirmation using both parties contributions to the key establishment. /// </summary> /// <param name="otherPartyKeyingMaterial">The other parties contributions to the scheme.</param> /// <param name="keyToTransport">The key that was derived in the KAS or KTS scheme.</param> /// <returns></returns> private ComputeKeyMacResult KeyConfirmation(IIfcSecretKeyingMaterial otherPartyKeyingMaterial, BitString keyToTransport) { var keyConfParam = GetKeyConfirmationParameters(otherPartyKeyingMaterial, keyToTransport); var keyConfirmation = _keyConfirmationFactory.GetInstance(keyConfParam); return(keyConfirmation.ComputeMac()); }
protected override void BuildKeyingMaterialThisParty(IIfcSecretKeyingMaterialBuilder thisPartyKeyingMaterialBuilder, IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { // Note party ID should have been set on the builder outside of the scope of kas. // Public key should have been set on the builder outside the scope of the kas instance. // Create random Z, encrypt with IUT public key to arrive at C. var rsaSveResult = _rsaSve.Generate(otherPartyKeyingMaterial.Key.PubKey); thisPartyKeyingMaterialBuilder.WithZ(rsaSveResult.SharedSecretZ); thisPartyKeyingMaterialBuilder.WithC(rsaSveResult.Ciphertext); }
/// <summary> /// Constructor used to create result for KAS-IFC with key confirmation. /// </summary> /// <param name="dkm">The derived keying material minus any bits used for the macKey.</param> /// <param name="macKey">The macKey that is used for keyConfirmation, taken from most significant bits of the derivedKey.</param> /// <param name="macData">The data that is plugged into the message parameter of a mac function.</param> /// <param name="tag">The resulting tag of H(macKey, macData).</param> public KasIfcResult( IIfcSecretKeyingMaterial keyingMaterialPartyU, IIfcSecretKeyingMaterial keyingMaterialPartyV, BitString dkm, BitString macKey, BitString macData, BitString tag) { KeyingMaterialPartyU = keyingMaterialPartyU; KeyingMaterialPartyV = keyingMaterialPartyV; Dkm = dkm; MacKey = macKey; MacData = macData; Tag = tag; }
protected override BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData) { // KAS1 Party U C // KAS1 Party V NV if (keyAgreementRole == KeyAgreementRole.InitiatorPartyU) { return(secretKeyingMaterial.C); } return(secretKeyingMaterial.DkmNonce); }
protected override BitString GetKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { BitString zU = null; BitString zV = null; BitString initiatorData = null; BitString responderData = null; switch (SchemeParameters.KeyAgreementRole) { case KeyAgreementRole.InitiatorPartyU: zU = ThisPartyKeyingMaterial.Z; // When party U, recover zV from cV var recoverV = _rsaSve.Recover(ThisPartyKeyingMaterial.Key, otherPartyKeyingMaterial.C); zV = recoverV.SharedSecretZ; initiatorData = ThisPartyKeyingMaterial.C; responderData = otherPartyKeyingMaterial.C; break; case KeyAgreementRole.ResponderPartyV: zV = ThisPartyKeyingMaterial.Z; // When party V, recover zU from cU var recoverU = _rsaSve.Recover(ThisPartyKeyingMaterial.Key, otherPartyKeyingMaterial.C); zU = recoverU.SharedSecretZ; initiatorData = otherPartyKeyingMaterial.C; responderData = ThisPartyKeyingMaterial.C; break; default: throw new ArgumentException($"Invalid {nameof(SchemeParameters.KeyAgreementRole)}"); } var z = zU.ConcatenateBits(zV); // Don't run the KDF if NoKdfNoKc, return Z directly, for SSC tests if (SchemeParameters.KasMode == KasMode.NoKdfNoKc) { return(z); } _kdfParameter.Z = z; _kdfParameter.SetEphemeralData(initiatorData, responderData); var fixedInfo = GetFixedInfo(otherPartyKeyingMaterial); return(_kdfParameter.AcceptKdf(_kdfVisitor, fixedInfo).DerivedKey); }
public void InitializeThisPartyKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { _isThisPartyKeyingMaterialInitialized = true; BuildKeyingMaterialThisParty(_thisPartyKeyingMaterialBuilder, otherPartyKeyingMaterial); _thisPartyKeyingMaterial = _thisPartyKeyingMaterialBuilder.Build( SchemeParameters.KasAlgoAttributes.Scheme, SchemeParameters.KasMode, SchemeParameters.KeyAgreementRole, SchemeParameters.KeyConfirmationRole, SchemeParameters.KeyConfirmationDirection ); }
protected override BitString GetKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { BitString initiatorData = null; BitString responderData = null; BitString z = null; switch (SchemeParameters.KeyAgreementRole) { case KeyAgreementRole.InitiatorPartyU: z = ThisPartyKeyingMaterial.Z; initiatorData = ThisPartyKeyingMaterial.C; responderData = otherPartyKeyingMaterial.DkmNonce; break; case KeyAgreementRole.ResponderPartyV: // In this instance, party V recovers the Z value chosen by party U, utilizing party V's RSA private key. var thisPartyKeyPair = ThisPartyKeyingMaterial.Key; z = _rsaSve.Recover(thisPartyKeyPair, otherPartyKeyingMaterial.C).SharedSecretZ; initiatorData = otherPartyKeyingMaterial.C; responderData = ThisPartyKeyingMaterial.DkmNonce; break; default: throw new ArgumentException($"Invalid {nameof(SchemeParameters.KeyAgreementRole)}"); } // Don't run the KDF if NoKdfNoKc, return Z directly, for SSC tests if (SchemeParameters.KasMode == KasMode.NoKdfNoKc) { return(z); } _kdfParameter.Z = z; _kdfParameter.SetEphemeralData(initiatorData, responderData); var fixedInfo = GetFixedInfo(otherPartyKeyingMaterial); return(_kdfParameter.AcceptKdf(_kdfVisitor, fixedInfo).DerivedKey); }
/// <summary> /// Get the FixedInfo BitString for use in KDFs and KTS. /// </summary> /// <param name="otherPartyKeyingMaterial">The other party keying material</param> /// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param> /// <returns></returns> protected BitString GetFixedInfo(IIfcSecretKeyingMaterial otherPartyKeyingMaterial, bool excludeEphemeralData = false) { var fixedInfo = _fixedInfoFactory.Get(); var thisPartyFixedInfo = GetPartyFixedInfo(ThisPartyKeyingMaterial, SchemeParameters.KeyAgreementRole, excludeEphemeralData); var otherPartyRole = KeyGenerationRequirementsHelper.GetOtherPartyKeyAgreementRole(SchemeParameters.KeyAgreementRole); var otherPartyFixedInfo = GetPartyFixedInfo(otherPartyKeyingMaterial, otherPartyRole, excludeEphemeralData); _fixedInfoParameter.SetFixedInfo( SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU ? thisPartyFixedInfo : otherPartyFixedInfo, SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV ? thisPartyFixedInfo : otherPartyFixedInfo ); return(fixedInfo.Get(_fixedInfoParameter)); }
protected override BitString GetKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { var kts = _ktsFactory.Get(_ktsParameter.KtsHashAlg); // Party U has the key, encrypts it with Party V's public key if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU) { return(ThisPartyKeyingMaterial.K); } // Party V has the private key that is used to decrypt the key from party U. BitString fixedInfo = null; if (!string.IsNullOrEmpty(_ktsParameter.AssociatedDataPattern)) { fixedInfo = GetFixedInfo(otherPartyKeyingMaterial, true); } var thisPartyKey = ThisPartyKeyingMaterial.Key; var otherPartyCiphertext = otherPartyKeyingMaterial.C; return(kts.Decrypt(thisPartyKey, otherPartyCiphertext, fixedInfo).SharedSecretZ); }
protected override void BuildKeyingMaterialThisParty(IIfcSecretKeyingMaterialBuilder thisPartyKeyingMaterialBuilder, IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { switch (SchemeParameters.KeyAgreementRole) { case KeyAgreementRole.InitiatorPartyU: // Create a key of L length, wrap it with the other parties public key. var keyToEncodeEncrypt = EntropyProvider.GetEntropy(SchemeParameters.KasAlgoAttributes.L); var kts = _ktsFactory.Get(_ktsParameter.KtsHashAlg); BitString fixedInfo = null; if (!string.IsNullOrEmpty(_ktsParameter.AssociatedDataPattern)) { ThisPartyKeyingMaterial = _thisPartyKeyingMaterialBuilder.Build( SchemeParameters.KasAlgoAttributes.Scheme, SchemeParameters.KasMode, SchemeParameters.KeyAgreementRole, SchemeParameters.KeyConfirmationRole, SchemeParameters.KeyConfirmationDirection ); fixedInfo = GetFixedInfo(otherPartyKeyingMaterial); } var c = kts.Encrypt(otherPartyKeyingMaterial.Key.PubKey, keyToEncodeEncrypt, fixedInfo).SharedSecretZ; thisPartyKeyingMaterialBuilder.WithK(keyToEncodeEncrypt); thisPartyKeyingMaterialBuilder.WithC(c); break; case KeyAgreementRole.ResponderPartyV: // Key should have been set outside the scope of the kas instance break; default: throw new ArgumentException($"Invalid {nameof(SchemeParameters.KeyAgreementRole)}"); } }
/// <summary> /// Generate the <see cref="IKeyConfirmationParameters"/> based on the two parties information. /// </summary> /// <param name="otherPartyKeyingMaterial">The other parties keying information.</param> /// <param name="keyToTransport">The derived keying material.</param> /// <returns></returns> private IKeyConfirmationParameters GetKeyConfirmationParameters(IIfcSecretKeyingMaterial otherPartyKeyingMaterial, BitString keyToTransport) { var thisPartyEphemData = GetEphemeralDataFromKeyContribution(ThisPartyKeyingMaterial, SchemeParameters.KeyAgreementRole, false); var otherPartyEphemData = GetEphemeralDataFromKeyContribution(otherPartyKeyingMaterial, KeyGenerationRequirementsHelper.GetOtherPartyKeyAgreementRole(SchemeParameters.KeyAgreementRole), false); return(new KeyConfirmationParameters( SchemeParameters.KeyAgreementRole, SchemeParameters.KeyConfirmationRole, SchemeParameters.KeyConfirmationDirection, _macParameters.MacType, _macParameters.KeyLength, _macParameters.MacLength, ThisPartyKeyingMaterial.PartyId, otherPartyKeyingMaterial.PartyId, thisPartyEphemData, otherPartyEphemData, keyToTransport )); }
protected override void BuildKeyingMaterialThisParty(IIfcSecretKeyingMaterialBuilder thisPartyKeyingMaterialBuilder, IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { // Note party ID should have been set on the builder outside of the scope of kas. switch (SchemeParameters.KeyAgreementRole) { case KeyAgreementRole.InitiatorPartyU: // Create random Z, encrypt with IUT public key to arrive at C var rsaSveResult = _rsaSve.Generate(otherPartyKeyingMaterial.Key.PubKey); thisPartyKeyingMaterialBuilder.WithZ(rsaSveResult.SharedSecretZ); thisPartyKeyingMaterialBuilder.WithC(rsaSveResult.Ciphertext); break; case KeyAgreementRole.ResponderPartyV: // Provides public key and nonce. Public key should have been set on the builder outside the scope of the kas instance. thisPartyKeyingMaterialBuilder.WithDkmNonce( EntropyProvider.GetEntropy(SchemeParameters.KasAlgoAttributes.Modulo)); break; default: throw new ArgumentException($"Invalid {nameof(SchemeParameters.KeyAgreementRole)} for building keying material."); } }
public void InitializeThisPartyKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { Scheme.InitializeThisPartyKeyingMaterial(otherPartyKeyingMaterial); }
/// <summary> /// Get the <see cref="PartyFixedInfo"/> as it pertains to the provided <see cref="IIfcSecretKeyingMaterial"/> /// for the specified <see cref="KeyAgreementRole"/>. /// </summary> /// <param name="secretKeyingMaterial">The secret keying material for the party.</param> /// <param name="keyAgreementRole">The parties key agreement role.</param> /// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param> /// <returns></returns> private PartyFixedInfo GetPartyFixedInfo(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData) { return(new PartyFixedInfo(secretKeyingMaterial.PartyId, GetEphemeralDataFromKeyContribution(secretKeyingMaterial, keyAgreementRole, excludeEphemeralData))); }
public ISchemeIfcBuilder WithThisPartyKeyingMaterial(IIfcSecretKeyingMaterial value) { _thisPartyKeyingMaterial = value; return(this); }
/// <summary> /// Creates/Gets/Recovers a key for a KAS/KTS scheme. /// </summary> /// <param name="otherPartyKeyingMaterial"></param> /// <returns></returns> protected abstract BitString GetKeyingMaterial(IIfcSecretKeyingMaterial otherPartyKeyingMaterial);
/// <summary> /// The ephemeral data can be composed of any of C, CU, CV, NV, depending on the party, and scheme /// /// Scheme Party Ephemeral Data /// KAS1 Party U C /// KAS1 Party V NV /// KAS2 Party U CU /// KAS2 Party V CV /// KTS Party U C /// KTS Party V null /// </summary> /// <param name="secretKeyingMaterial">a party's secret keying material</param> /// <param name="keyAgreementRole">a party's key agreement role</param> /// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param> /// <returns></returns> protected abstract BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData);
protected abstract void BuildKeyingMaterialThisParty( IIfcSecretKeyingMaterialBuilder thisPartyKeyingMaterialBuilder, IIfcSecretKeyingMaterial otherPartyKeyingMaterial);
protected override BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData) { return(secretKeyingMaterial.C); }
public KasIfcResult ComputeResult(IIfcSecretKeyingMaterial otherPartyKeyingMaterial) { return(Scheme.ComputeResult(otherPartyKeyingMaterial)); }