private async Task <IKeyAgreement> FromDiffieHellmanDomainParametersAsync(KrbSubjectPublicKeyInfo clientPublicValue)
{
var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value);
IKeyAgreement agreement = null;
switch (parameters.P.Length)
{
case 128:
agreement = CryptoPal.Platform.DiffieHellmanModp2(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2)
);
break;
case 256:
agreement = CryptoPal.Platform.DiffieHellmanModp14(
await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14)
);
break;
default:
throw new InvalidOperationException("Unknown key agreement parameter");
}
var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(publicKey);
return(agreement);
}
private ReadOnlyMemory <byte> DeriveDHKeyAgreement(KrbKdcRep kdcRep, KrbPaPkAsRep pkRep)
{
var dhKeyInfo = ValidateDHReply(pkRep);
var kdcPublicKey = DiffieHellmanKey.ParsePublicKey(dhKeyInfo.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(kdcPublicKey);
var derivedKey = agreement.GenerateAgreement();
ReadOnlySpan <byte> serverDHNonce = default;
if (pkRep.DHInfo.ServerDHNonce.HasValue)
{
serverDHNonce = pkRep.DHInfo.ServerDHNonce.Value.Span;
}
var transform = CryptoService.CreateTransform(kdcRep.EncPart.EType);
return(PKInitString2Key.String2Key(derivedKey.Span, transform.KeySize, clientDHNonce.Span, serverDHNonce));
}