protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial) { if (secretKeyingMaterial.EphemeralKeyPair != null) { var domainParam = (EccDomainParameters)secretKeyingMaterial.DomainParameters; var exactLength = CurveAttributesHelper.GetCurveAttribute(domainParam.CurveE.CurveName).DegreeOfPolynomial;; var ephemKey = (EccKeyPair)secretKeyingMaterial.EphemeralKeyPair; if (ephemKey.PublicQ.X != 0) { return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.Y, exactLength) )); } } if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0) { return(secretKeyingMaterial.EphemeralNonce); } return(secretKeyingMaterial.DkmNonce); }
public SharedSecretResponse GenerateSharedSecretZ( EccDomainParameters domainParameters, EccKeyPair xPrivateKeyPartyA, EccKeyPair yPublicKeyPartyB, EccKeyPair rPrivateKeyPartyA, EccKeyPair tPublicKeyPartyA, EccKeyPair tPublicKeyPartyB) { var exactBitSize = domainParameters.CurveE.OrderN.ExactBitLength(); var associateValueQeA = AssociateValueFunction(exactBitSize, tPublicKeyPartyA); var associateValueQeB = AssociateValueFunction(exactBitSize, tPublicKeyPartyB); var implicitSigA = (rPrivateKeyPartyA.PrivateD + associateValueQeA * xPrivateKeyPartyA.PrivateD) % domainParameters.CurveE.OrderN; var p = domainParameters.CurveE.Multiply(yPublicKeyPartyB.PublicQ, associateValueQeB); p = domainParameters.CurveE.Add(p, tPublicKeyPartyB.PublicQ); p = domainParameters.CurveE.Multiply(p, implicitSigA); p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH); if (p.Infinity) { return(new SharedSecretResponse("Point is infinity")); } var pExactLength = domainParameters.CurveE.FieldSizeQ.ExactBitLength(); BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, pExactLength); return(new SharedSecretResponse(z)); }
/// <inheritdoc /> protected override BitString GetEphemeralKeyOrNonce(EccKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce) { if (ephemeralPublicKey?.PublicQ != null && ephemeralPublicKey.PublicQ?.X != 0) { var exactLength = CurveAttributesHelper.GetCurveAttribute(DomainParameters.CurveE.CurveName).DegreeOfPolynomial; return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.Y, exactLength) )); } if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0) { return(ephemeralNonce); } return(dkmNonce); }
public SharedSecretResponse GenerateSharedSecretZ( EccDomainParameters domainParameters, EccKeyPair dA, EccKeyPair qB ) { var p = domainParameters.CurveE.Multiply(qB.PublicQ, dA.PrivateD); p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH); if (p.Infinity) { return(new SharedSecretResponse("Point is infinity")); } var curveAttributes = CurveAttributesHelper.GetCurveAttribute(domainParameters.CurveE.CurveName); BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, curveAttributes.DegreeOfPolynomial); return(new SharedSecretResponse(z)); }
public SharedSecretResponse GenerateSharedSecretZ( FfcDomainParameters domainParameters, FfcKeyPair xPrivateStaticKeyPartyA, FfcKeyPair yPublicStaticKeyPartyB, FfcKeyPair rPrivateKeyPartyA, FfcKeyPair tPublicKeyPartyA, FfcKeyPair tPublicKeyPartyB) { // 1. w = ceil (len(q) / 2) var qBitString = new BitString(domainParameters.Q); int lenQ = qBitString.BitLength; int w = lenQ / 2 + ((lenQ % 2 != 0) ? 1 : 0); // 2^w is equal to (1 << w) var tw = BigInteger.One << w; // 2. T_A = t_A mod 2^w + 2^w var T_A = (tPublicKeyPartyA.PublicKeyY % tw) + tw; // 3. S_A = (r_A + T_A x_A) mod q var S_A = (rPrivateKeyPartyA.PrivateKeyX + (T_A * xPrivateStaticKeyPartyA.PrivateKeyX)) % domainParameters.Q; // 4. T_B = (t_B mod 2^w) + 2^w var T_B = (tPublicKeyPartyB.PublicKeyY % tw) + tw; // 5. Z = ((t_B * (y_B^T_B))^S_A) mod p // Two steps: 1. me1 = y_B ^ T_B mod p 2. z = (t_B * me1) ^ S_A mod p var me1 = BigInteger.ModPow(yPublicStaticKeyPartyB.PublicKeyY, T_B, domainParameters.P); var z = new BitString(BigInteger.ModPow((tPublicKeyPartyB.PublicKeyY * me1), S_A, domainParameters.P)); // 6 if z = 1, fail if (z.ToPositiveBigInteger() == 1) { return(new SharedSecretResponse($"{nameof(z)} was 1, error.")); } SharedSecretZHelper.FormatFfcSharedSecretZ(ref z); return(new SharedSecretResponse(z)); }
public SharedSecretResponse GenerateSharedSecretZ( FfcDomainParameters domainParameters, FfcKeyPair xPrivateKeyPartyA, FfcKeyPair yPublicKeyPartyB) { var z = new BitString( BigInteger.ModPow( yPublicKeyPartyB.PublicKeyY, xPrivateKeyPartyA.PrivateKeyX, domainParameters.P ) ); if (z.ToPositiveBigInteger() == 1) { return(new SharedSecretResponse($"{nameof(z)} was 1, error.")); } SharedSecretZHelper.FormatFfcSharedSecretZ(ref z); return(new SharedSecretResponse(z)); }