public OtherInfo(
IEntropyProvider entropyProvider,
string otherInfoPattern,
int otherInfoLength,
KeyAgreementRole thisPartyKeyAgreementRole,
PartyOtherInfo thisPartyOtherInfo,
PartyOtherInfo otherPartyOtherInfo
)
{
_thisPartyKeyAgreementRole = thisPartyKeyAgreementRole;
_thisPartyOtherInfo = thisPartyOtherInfo;
_otherPartyOtherInfo = otherPartyOtherInfo;
// split the pattern into pieces
var pieces = otherInfoPattern.Split("||".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
foreach (var piece in pieces)
{
var workingPiece = piece.Replace("||", "");
_otherInfo = _otherInfo.ConcatenateBits(ConcatenatePieceOntoOtherInfo(workingPiece));
}
// Add entropy to hit otherInfoLength
_otherInfo = _otherInfo.ConcatenateBits(entropyProvider.GetEntropy(otherInfoLength - _otherInfo.BitLength));
_otherInfo = _otherInfo.GetMostSignificantBits(otherInfoLength);
}
public ISecretKeyingMaterial Build(KasScheme scheme, KasMode kasMode, KeyAgreementRole thisPartyKeyAgreementRole,
KeyConfirmationRole keyConfirmationRole, KeyConfirmationDirection keyConfirmationDirection)
{
var schemeRequirements = KasEnumMapping.GetSchemeRequirements(
scheme,
kasMode,
thisPartyKeyAgreementRole,
keyConfirmationRole,
keyConfirmationDirection);
ValidateDomainParameters(schemeRequirements.requirments, _domainParameters);
ValidateEphemeralKey(schemeRequirements.requirments, _ephemeralKey);
ValidateStaticKey(schemeRequirements.requirments, _staticKey);
ValidateEphemeralNonce(schemeRequirements.requirments, _ephemeralNonce);
ValidateDkmNonce(schemeRequirements.requirments, _dkmNonce);
ValidatePartyId(schemeRequirements.requirments, _partyId);
ValidateConsistentAlgorithm(schemeRequirements.kasAlgo, schemeRequirements.requirments, _domainParameters, _ephemeralKey, _staticKey);
return(new SecretKeyingMaterial()
{
KasAlgorithm = schemeRequirements.kasAlgo,
DkmNonce = _dkmNonce,
DomainParameters = _domainParameters,
EphemeralNonce = _ephemeralNonce,
EphemeralKeyPair = _ephemeralKey,
StaticKeyPair = _staticKey,
PartyId = _partyId,
});
}
public IIfcSecretKeyingMaterial Build(IfcScheme scheme, KasMode kasMode, KeyAgreementRole thisPartyKeyAgreementRole,
KeyConfirmationRole keyConfirmationRole, KeyConfirmationDirection keyConfirmationDirection,
bool shouldValidateContributions = true)
{
if (shouldValidateContributions)
{
var generationRequirements = KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
scheme, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection);
ValidateNonce(generationRequirements);
ValidateKey(generationRequirements);
ValidatePartyId(generationRequirements);
ValidateK(generationRequirements, scheme);
}
return(new IfcSecretKeyingMaterial()
{
C = _c,
DkmNonce = _dkmNonce,
K = _k,
Key = _key,
PartyId = _partyId,
Z = _z,
});
}
/// <summary>
/// Constructs Kas parameter information
/// </summary>
/// <param name="keyAgreementRole">This party's key agreement role</param>
/// <param name="kasMode">The mode of the KAS attempt</param>
/// <param name="keyConfirmationRole">This party's key confirmation role</param>
/// <param name="keyConfirmationDirection">This party's key confirmation direction</param>
/// <param name="kasAssurances">The assurances associated with the KAS</param>
/// <param name="thisPartyId">The ID associated with this party</param>
protected SchemeParametersBase(
TKasAlgoAttributes kasAlgoAttributes,
KeyAgreementRole keyAgreementRole,
KasMode kasMode,
KeyConfirmationRole keyConfirmationRole,
KeyConfirmationDirection keyConfirmationDirection,
KasAssurance kasAssurances,
BitString thisPartyId
)
{
if (kasMode != KasMode.NoKdfNoKc && BitString.IsZeroLengthOrNull(thisPartyId))
{
throw new ArgumentException(nameof(thisPartyId));
}
if (kasMode == KasMode.KdfKc)
{
if (keyConfirmationRole == KeyConfirmationRole.None ||
keyConfirmationDirection == KeyConfirmationDirection.None)
{
throw new ArgumentException(
$"{nameof(KasMode.KdfKc)} requires a valid (not None) value for both {nameof(keyConfirmationRole)} and {nameof(keyConfirmationDirection)}");
}
}
KasAlgoAttributes = kasAlgoAttributes;
KeyAgreementRole = keyAgreementRole;
KasMode = kasMode;
KeyConfirmationRole = keyConfirmationRole;
KeyConfirmationDirection = keyConfirmationDirection;
KasAssurances = kasAssurances;
ThisPartyId = thisPartyId;
}
/// <summary>
/// Non AES-CCM constructor
/// </summary>
/// <param name="thisPartyKeyAgreementRole"></param>
/// <param name="thisPartyKeyConfirmationRole"></param>
/// <param name="keyConfirmationType"></param>
/// <param name="macType"></param>
/// <param name="keyLength"></param>
/// <param name="macLength"></param>
/// <param name="thisPartyIdentifier"></param>
/// <param name="otherPartyIdentifier"></param>
/// <param name="thisPartyPublicKey"></param>
/// <param name="otherPartyPublicKey"></param>
/// <param name="derivedKeyingMaterial"></param>
public KeyConfirmationParameters(
KeyAgreementRole thisPartyKeyAgreementRole,
KeyConfirmationRole thisPartyKeyConfirmationRole,
KeyConfirmationDirection keyConfirmationType,
KeyAgreementMacType macType,
int keyLength,
int macLength,
BitString thisPartyIdentifier,
BitString otherPartyIdentifier,
BitString thisPartyPublicKey,
BitString otherPartyPublicKey,
BitString derivedKeyingMaterial
)
{
if (macType == KeyAgreementMacType.AesCcm)
{
throw new ArgumentException(nameof(macType));
}
ThisPartyKeyAgreementRole = thisPartyKeyAgreementRole;
ThisPartyKeyConfirmationRole = thisPartyKeyConfirmationRole;
KeyConfirmationType = keyConfirmationType;
MacType = macType;
KeyLength = keyLength;
MacLength = macLength;
ThisPartyIdentifier = thisPartyIdentifier;
OtherPartyIdentifier = otherPartyIdentifier;
ThisPartyPublicKey = thisPartyPublicKey;
OtherPartyPublicKey = otherPartyPublicKey;
DerivedKeyingMaterial = derivedKeyingMaterial;
KeyConfirmationType = keyConfirmationType;
}
public void ShouldReturnCorrectMac(
string label,
KeyAgreementRole thisKaRole,
KeyConfirmationRole thisKcRole,
KeyConfirmationDirection thisKcType,
BitString thisId,
BitString otherId,
BitString thisPublicKey,
BitString otherPublicKey,
BitString expectedMacData)
{
var p = new KeyConfirmationParameters(
thisKaRole,
thisKcRole,
thisKcType,
KeyAgreementMacType.CmacAes,
0,
0,
thisId,
otherId,
thisPublicKey,
otherPublicKey,
new BitString(0)
);
_subject = new FakeKeyConfirmationBase(new KeyConfirmationMacDataCreator(), p);
var result = _subject.GetMacData();
Assert.AreEqual(expectedMacData.ToHex(), result.ToHex());
}
public IOtherInfo GetInstance(
string otherInfoPattern,
int otherInfoLength,
KeyAgreementRole thisPartyKeyAgreementRole,
PartyOtherInfo thisPartySharedInformation,
PartyOtherInfo otherPartySharedInformation)
{
return(new FakeOtherInfo(_otherInfo));
}
public SchemeParametersIfc(
KasAlgoAttributesIfc kasAlgoAttributes,
KeyAgreementRole keyAgreementRole,
KasMode kasMode,
KeyConfirmationRole keyConfirmationRole,
KeyConfirmationDirection keyConfirmationDirection,
KasAssurance kasAssurances,
BitString thisPartyId)
: base(kasAlgoAttributes, keyAgreementRole, kasMode, keyConfirmationRole, keyConfirmationDirection, kasAssurances, thisPartyId)
{
}
protected override BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial,
KeyAgreementRole keyAgreementRole, bool excludeEphemeralData)
{
// KAS1 Party U C
// KAS1 Party V NV
if (keyAgreementRole == KeyAgreementRole.InitiatorPartyU)
{
return(secretKeyingMaterial.C);
}
return(secretKeyingMaterial.DkmNonce);
}
/// <summary>
/// Constructor for IFC schemes.
/// </summary>
/// <param name="scheme"></param>
/// <param name="kasMode"></param>
/// <param name="thisPartyKasRole"></param>
/// <param name="thisPartyKeyConfirmationRole"></param>
/// <param name="keyConfirmationDirection"></param>
/// <param name="generatesKeyPair"></param>
/// <param name="generatesEphemeralNonce"></param>
public SchemeKeyNonceGenRequirement(
TScheme scheme,
KasMode kasMode,
KeyAgreementRole thisPartyKasRole,
KeyConfirmationRole thisPartyKeyConfirmationRole,
KeyConfirmationDirection keyConfirmationDirection,
bool generatesKeyPair,
bool generatesEphemeralNonce
) : base(
kasMode, thisPartyKasRole, thisPartyKeyConfirmationRole, keyConfirmationDirection, generatesKeyPair, generatesEphemeralNonce)
{
Scheme = scheme;
}
protected KasBuilderKdfNoKc(
ISchemeBuilder <TKasDsaAlgoAttributes, TOtherPartySharedInfo, TDomainParameters, TKeyPair> schemeBuilder,
TKasDsaAlgoAttributes kasDsaAlgoAttributes,
KeyAgreementRole keyAgreementRole,
KasAssurance assurances,
BitString partyId
)
{
_schemeBuilder = schemeBuilder;
_kasDsaAlgoAttributes = kasDsaAlgoAttributes;
_keyAgreementRole = keyAgreementRole;
_assurances = assurances;
_partyId = partyId;
}
public KasBuilderNoKdfNoKcEcc(
ISchemeBuilder <KasDsaAlgoAttributesEcc, OtherPartySharedInformation <EccDomainParameters, EccKeyPair>, EccDomainParameters, EccKeyPair> schemeBuilder,
KasDsaAlgoAttributesEcc kasDsaAlgoAttributes,
KeyAgreementRole keyAgreementRole,
KasAssurance assurances,
BitString partyId)
: base(
schemeBuilder,
kasDsaAlgoAttributes,
keyAgreementRole,
assurances,
partyId
)
{
}
public SchemeParameters(
KasAlgoAttributes kasAlgoAttributes,
KeyAgreementRole keyAgreementRole,
KasMode kasMode,
KeyConfirmationRole keyConfirmationRole,
KeyConfirmationDirection keyConfirmationDirection,
KasAssurance kasAssurances,
BitString thisPartyId
) : base(kasAlgoAttributes, keyAgreementRole, kasMode, keyConfirmationRole, keyConfirmationDirection, kasAssurances, thisPartyId)
{
KasAlgorithm = KasEnumMapping.GetSchemeRequirements(
kasAlgoAttributes.KasScheme,
kasMode,
keyAgreementRole,
keyConfirmationRole,
keyConfirmationDirection).kasAlgo;
}
public IOtherInfo GetInstance(
string otherInfoPattern,
int otherInfoLength,
KeyAgreementRole thisPartyKeyAgreementRole,
PartyOtherInfo thisPartyOtherInfo,
PartyOtherInfo otherPartyOtherInfo
)
{
return(new OtherInfo(
_entropyProvider,
otherInfoPattern,
otherInfoLength,
thisPartyKeyAgreementRole,
thisPartyOtherInfo,
otherPartyOtherInfo
));
}
public void ShouldReturnCorrectOtherInfoCavsTests(
KeyAgreementRole iutRole,
OtherPartySharedInformation <FfcDomainParameters, FfcKeyPair> uPartySharedInformation,
OtherPartySharedInformation <FfcDomainParameters, FfcKeyPair> vPartySharedInformation,
int otherInfoLength,
BitString expectedOtherInfo
)
{
string otherInfoPattern = "uPartyInfo||vPartyInfo";
TestableEntropyProvider entropyProvider = new TestableEntropyProvider();
// u/v party info comprised of ID, and dkmNonce, find the bitlength of both parties contributed information
// to determine which bits are the "random" bits to inject into the TestableEntropyProvider.
var composedBitLength = uPartySharedInformation.PartyId.BitLength +
uPartySharedInformation.DkmNonce.BitLength +
vPartySharedInformation.PartyId.BitLength;
var entropyBits = expectedOtherInfo.GetLeastSignificantBits(expectedOtherInfo.BitLength - composedBitLength);
entropyProvider.AddEntropy(entropyBits);
var uPartyOtherInfo = new PartyOtherInfo(uPartySharedInformation.PartyId, uPartySharedInformation.DkmNonce);
var vPartyOtherInfo = new PartyOtherInfo(vPartySharedInformation.PartyId, vPartySharedInformation.DkmNonce);
_subject = new OtherInfo(
entropyProvider,
otherInfoPattern,
otherInfoLength,
KeyAgreementRole.InitiatorPartyU,
uPartyOtherInfo,
vPartyOtherInfo
);
var result = _subject.GetOtherInfo();
Assert.AreEqual(expectedOtherInfo.ToHex(), result.ToHex());
}
public static (SchemeKeyNonceGenRequirement requirments, KasAlgorithm kasAlgo) GetSchemeRequirements(KasScheme scheme, KasMode kasMode, KeyAgreementRole thisPartyKeyAgreementRole, KeyConfirmationRole keyConfirmationRole, KeyConfirmationDirection keyConfirmationDirection)
{
FfcMap.TryFirst(f => f.Value == scheme, out var ffcResult);
EccMap.TryFirst(f => f.Value == scheme, out var eccResult);
if (ffcResult.Key == FfcScheme.None && eccResult.Key == EccScheme.None)
{
throw new ArgumentException($"Unable to map {nameof(scheme)} to {nameof(ffcResult)} or {nameof(eccResult)}");
}
if (ffcResult.Key != FfcScheme.None)
{
return(
KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
ffcResult.Key, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection),
KasAlgorithm.Ffc);
}
return(
KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
eccResult.Key, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection),
KasAlgorithm.Ecc);
}
public void ShouldReturnCorrectKasRole(KeyAgreementRole rolePartyA, KeyAgreementRole expectedRolePartyB)
{
var result = KeyGenerationRequirementsHelper.GetOtherPartyKeyAgreementRole(rolePartyA);
Assert.AreEqual(expectedRolePartyB, result);
}
/// <summary>
/// Get the <see cref="PartyFixedInfo"/> as it pertains to the provided <see cref="IIfcSecretKeyingMaterial"/>
/// for the specified <see cref="KeyAgreementRole"/>.
/// </summary>
/// <param name="secretKeyingMaterial">The secret keying material for the party.</param>
/// <param name="keyAgreementRole">The parties key agreement role.</param>
/// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param>
/// <returns></returns>
private PartyFixedInfo GetPartyFixedInfo(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData)
{
return(new PartyFixedInfo(secretKeyingMaterial.PartyId, GetEphemeralDataFromKeyContribution(secretKeyingMaterial, keyAgreementRole, excludeEphemeralData)));
}
/// <summary> /// The ephemeral data can be composed of any of C, CU, CV, NV, depending on the party, and scheme /// /// Scheme Party Ephemeral Data /// KAS1 Party U C /// KAS1 Party V NV /// KAS2 Party U CU /// KAS2 Party V CV /// KTS Party U C /// KTS Party V null /// </summary> /// <param name="secretKeyingMaterial">a party's secret keying material</param> /// <param name="keyAgreementRole">a party's key agreement role</param> /// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param> /// <returns></returns> protected abstract BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial, KeyAgreementRole keyAgreementRole, bool excludeEphemeralData);
WithKeyAgreementRole(KeyAgreementRole value)
{
_keyAgreementRole = value;
return(this);
}
protected override BitString GetEphemeralDataFromKeyContribution(IIfcSecretKeyingMaterial secretKeyingMaterial,
KeyAgreementRole keyAgreementRole, bool excludeEphemeralData)
{
return(secretKeyingMaterial.C);
}
