/// <summary>
/// Adds an elliptic-curve private key on the NIST P-256 curve. Multiple private keys can be added to support
/// graceful key rotations.
/// </summary>
/// <param name="privateKey">Elliptic-curve private key</param>
public void AddPrivateKey(ECPrivateKeyParameters privateKey)
{
if (!KeyParser.ValidateCurve(privateKey))
{
throw new ArgumentException("Invalid private key format or not on NIST P-256 curve", "privateKey");
}
_privateKeys.Add(privateKey);
}
public DerivedKeys Derive(ECPrivateKeyParameters privateKey, string ephemeralPublicKey)
{
byte[] publicKeyBytes = Base64.Decode(ephemeralPublicKey);
ECPublicKeyParameters publicKey = KeyParser.ParsePublicKey(publicKeyBytes);
byte[] sharedSecret = ComputeSharedSecret(privateKey, publicKey);
byte[] ikm = publicKeyBytes.Concat(sharedSecret).ToArray();
return(new DerivedKeys(ComputeHkdf(ikm), _symmetricKeySize, _macKeySize));
}
internal static byte[] ComputeSharedSecret(ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKey)
{
if (!KeyParser.ValidateCurve(privateKey))
{
throw new ArgumentException("Private key not on NIST P-256 curve", "privateKey");
}
if (!KeyParser.ValidateCurve(publicKey))
{
throw new ArgumentException("Public key not on NIST P-256 curve", "publicKey");
}
var ecdhAgreement = new ECDHBasicAgreement();
ecdhAgreement.Init(privateKey);
BigInteger secret = ecdhAgreement.CalculateAgreement(publicKey);
return(BigIntegers.AsUnsignedByteArray(SharedSecretSize, secret));
}
/// <summary> /// Adds an Elliptic Curve private key on the NIST P-256 curve. Multiple private keys can be added to support /// graceful key rotations. /// </summary> /// <param name="privateKeyBytes">Elliptic-curve private key encoded in the ASN.1 byte format</param> public void AddPrivateKey(byte[] privateKeyBytes) => _privateKeys.Add(KeyParser.ParsePrivateKeyDer(privateKeyBytes));
