protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial) { if (secretKeyingMaterial.EphemeralKeyPair != null) { var domainParam = (EccDomainParameters)secretKeyingMaterial.DomainParameters; var exactLength = CurveAttributesHelper.GetCurveAttribute(domainParam.CurveE.CurveName).DegreeOfPolynomial;; var ephemKey = (EccKeyPair)secretKeyingMaterial.EphemeralKeyPair; if (ephemKey.PublicQ.X != 0) { return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.Y, exactLength) )); } } if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0) { return(secretKeyingMaterial.EphemeralNonce); } return(secretKeyingMaterial.DkmNonce); }
/// <inheritdoc /> protected override BitString GetEphemeralKeyOrNonce(EccKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce) { if (ephemeralPublicKey?.PublicQ != null && ephemeralPublicKey.PublicQ?.X != 0) { var exactLength = CurveAttributesHelper.GetCurveAttribute(DomainParameters.CurveE.CurveName).DegreeOfPolynomial; return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.Y, exactLength) )); } if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0) { return(ephemeralNonce); } return(dkmNonce); }
protected override void GenerateKasKeyNonceInformation() { if (DomainParameters == null) { GenerateDomainParameters(); } StaticKeyPair = Dsa.GenerateKeyPair(DomainParameters).KeyPair; var curveAttributes = CurveAttributesHelper.GetCurveAttribute(DomainParameters.CurveE.CurveName); // DKM Nonce required when party U and KdfNoKc/KdfKc if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU && SchemeParameters.KasMode != KasMode.NoKdfNoKc) { DkmNonce = EntropyProvider.GetEntropy(curveAttributes.DegreeOfPolynomial.ValueToMod(BitString.BITSINBYTE)); } // When party V, KC, Bilateral, generate ephemeral nonce // When party V, KC, Unilateral, and the recipient of key confirmation, ephemeral nonce // Otherwise, no ephemeral nonce. if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV && SchemeParameters.KasMode == KasMode.KdfKc) { if (SchemeParameters.KeyConfirmationDirection == KeyConfirmationDirection.Bilateral || ( SchemeParameters.KeyConfirmationDirection == KeyConfirmationDirection.Unilateral && SchemeParameters.KeyConfirmationRole == KeyConfirmationRole.Recipient ) ) { EphemeralNonce = EntropyProvider.GetEntropy(curveAttributes.DegreeOfPolynomial.ValueToMod(BitString.BITSINBYTE)); } } // when party U and KdfNoKc, a NoKeyConfirmationNonce is needed. if (SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU && SchemeParameters.KasMode == KasMode.KdfNoKc) { NoKeyConfirmationNonce = EntropyProvider.GetEntropy(128); } }
public SharedSecretResponse GenerateSharedSecretZ( EccDomainParameters domainParameters, EccKeyPair dA, EccKeyPair qB ) { var p = domainParameters.CurveE.Multiply(qB.PublicQ, dA.PrivateD); p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH); if (p.Infinity) { return(new SharedSecretResponse("Point is infinity")); } var curveAttributes = CurveAttributesHelper.GetCurveAttribute(domainParameters.CurveE.CurveName); BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, curveAttributes.DegreeOfPolynomial); return(new SharedSecretResponse(z)); }