/// <summary>
/// Here we generate the key from random data, then we will use the TLS 1.3 Expand function to ensure that
/// if there is a weakness in our randoms it is harder to reverse
/// </summary>
private void GenerateKeys(SecretSchedulePool pool, int numberOfKeys)
{
var buffer = pool.GetKeyBuffer();
//We use the crypto random function to fill the key buffer initially
_cryptoProvider.FillWithRandom(buffer.Span);
//We use the Hkdf expand method to make it harder to exploit any weakness in the random number generator
_cryptoProvider.HashProvider.HkdfExpandLabel(HashType.SHA512, buffer.Span, _ticketLabel, new ReadOnlySpan <byte>(), buffer.Span);
_keys.Add(_cryptoProvider.BulkCipherProvider.GetCipherKey(_cipherType, buffer));
for (var i = 0; i < (numberOfKeys - 1); i++)
{
var newBuffer = pool.GetKeyBuffer();
buffer.Memory.Span.CopyTo(newBuffer.Memory.Span);
_keys.Add(_cryptoProvider.BulkCipherProvider.GetCipherKey(_cipherType, newBuffer));
}
}
public EphemeralSessionProviderFaster(int numberOfKeys, ICryptoProvider provider, BulkCipherType cipherType, SecretSchedulePool secretPool)
{
_cryptoProvider = provider;
_cipherType = cipherType;
_keyGuid = Guid.NewGuid();
GenerateKeys(secretPool, numberOfKeys);
}
public EphemeralSessionProvider(ICryptoProvider provider, BulkCipherType cipherType, SecretSchedulePool secretPool)
{
_cryptoProvider = provider;
_cipherType = cipherType;
var keyBuffer = secretPool.GetKeyBuffer();
_key = GenerateKey(keyBuffer);
_keyGuid = Guid.NewGuid();
}