/// <summary> /// Return an ASN.1 encoded representation of the implementing key in a SubjectPublicKeyInfo structure. /// </summary> /// <returns>An encoded representation of the key.</returns> public override byte[] GetEncoded() { DHDomainParameters dhParams = this.DomainParameters; if (publicKeyInfo != null) { return(KeyUtils.GetEncodedInfo(publicKeyInfo)); } if (dhParams.Q == null) { if (Algorithm.Name.StartsWith("ELGAMAL")) { return(KeyUtils.GetEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm, new ElGamalParameter(dhParams.P, dhParams.G)), new DerInteger(mY))); } return(KeyUtils.GetEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.DhKeyAgreement, new DHParameter(dhParams.P, dhParams.G, dhParams.L)), new DerInteger(mY))); } else { DHValidationParameters validationParameters = dhParams.ValidationParameters; if (validationParameters != null) { return(KeyUtils.GetEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.DHPublicNumber, new Asn1.X9.DHDomainParameters(dhParams.P, dhParams.G, dhParams.Q, dhParams.J, new DHValidationParms(validationParameters.GetSeed(), BigInteger.ValueOf(validationParameters.Counter)))), new DerInteger(mY))); } else { return(KeyUtils.GetEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.DHPublicNumber, new Asn1.X9.DHDomainParameters(dhParams.P, dhParams.G, dhParams.Q, dhParams.J, null)), new DerInteger(mY))); } } }
public bool Equals( object obj) { if (!(obj is DHDomainParameters)) { return(false); } DHDomainParameters pm = (DHDomainParameters)obj; return(pm.P.Equals(p) && pm.G.Equals(g)); }
internal static BigInteger Validated(DHDomainParameters dhParams, BigInteger y) { if (dhParams.Q != null) { // "SP 800-56A ASSURANCES", "The module is performing SP 800-56A Assurances self-test" // "CONDITIONAL TEST", "SP 800-56A ASSURANCES CHECK", "Invoke SP 800-56A Assurances test" if (BigInteger.One.Equals(y.ModPow(dhParams.Q, dhParams.P))) { // "SP 800-56A ASSURANCES CHECK", "CONDITIONAL TEST", "SP 800-56A Assurances test successful" return(y); } // "SP 800-56A ASSURANCES CHECK", "CONDITIONAL TEST", "SP 800-56A Assurances test failed" throw new ArgumentException("Y value does not appear to be in correct group"); } else { return(y); // we can't validate without Q. } }
public AsymmetricDHPublicKey(Algorithm algorithm, DHDomainParameters parameters, BigInteger y) : base(algorithm, parameters) { this.mY = KeyUtils.Validated(parameters, y); }
/// <summary> /// Base constructor for a Diffie-Hellman private key. /// </summary> /// <param name="algorithm">The algorithm marker for this key.</param> /// <param name="parameters">The domain parameters for this key.</param> /// <param name="x">The private X value for this key.</param> public AsymmetricDHPrivateKey(Algorithm algorithm, DHDomainParameters parameters, BigInteger x) : base(algorithm, parameters) { this.x = x; this.hashCode = CalculateHashCode(); }
private void checkKeyPairForConsistency(TPub publicKey, TPriv privateKey) { if (publicKey is AsymmetricECKey && privateKey is AsymmetricECKey) { AsymmetricECPrivateKey priv = privateKey as AsymmetricECPrivateKey; AsymmetricECPublicKey pub = publicKey as AsymmetricECPublicKey; if (!priv.DomainParameters.Equals(pub.DomainParameters)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("EC keys do not have the same domain parameters"); } if (!priv.DomainParameters.G.Multiply(priv.S).Normalize().Equals(pub.W)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("EC public key not consistent with EC private key"); } } else if (publicKey is AsymmetricDsaKey && privateKey is AsymmetricDsaKey) { AsymmetricDsaPrivateKey priv = privateKey as AsymmetricDsaPrivateKey; AsymmetricDsaPublicKey pub = publicKey as AsymmetricDsaPublicKey; DsaDomainParameters dsaParameters = priv.DomainParameters; if (!dsaParameters.Equals(pub.DomainParameters)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("DSA keys do not have the same domain parameters"); } if (!dsaParameters.G.ModPow(priv.X, dsaParameters.P).Equals(pub.Y)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("DSA public key not consistent with DSA private key"); } } else if (publicKey is AsymmetricRsaKey && privateKey is AsymmetricRsaKey) { AsymmetricRsaPrivateKey priv = privateKey as AsymmetricRsaPrivateKey; AsymmetricRsaPublicKey pub = publicKey as AsymmetricRsaPublicKey; if (!priv.Modulus.Equals(pub.Modulus)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("RSA keys do not have the same modulus"); } BigInteger val = BigInteger.Two; if (!val.ModPow(priv.PrivateExponent, priv.Modulus).ModPow(pub.PublicExponent, priv.Modulus).Equals(val)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("RSA public key not consistent with RSA private key"); } } else if (publicKey is AsymmetricDHKey && privateKey is AsymmetricDHKey) { AsymmetricDHPrivateKey priv = privateKey as AsymmetricDHPrivateKey; AsymmetricDHPublicKey pub = publicKey as AsymmetricDHPublicKey; DHDomainParameters dhParameters = priv.DomainParameters; if (!dhParameters.Equals(pub.DomainParameters)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("DH keys do not have the same domain parameters"); } if (!dhParameters.G.ModPow(priv.X, dhParameters.P).Equals(pub.Y)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("DH public key not consistent with DH private key"); } } else if (publicKey is AsymmetricSphincsKey && privateKey is AsymmetricSphincsKey) { AsymmetricSphincsPrivateKey priv = privateKey as AsymmetricSphincsPrivateKey; AsymmetricSphincsPublicKey pub = publicKey as AsymmetricSphincsPublicKey; if (priv.TreeDigestAlgorithm != pub.TreeDigestAlgorithm) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("Sphincs256 public key not consistent with Sphincs256 private key"); } if (!IsRangeSame(priv.GetKeyData(), SPHINCS256Config.SEED_BYTES, pub.GetKeyData(), 0, Horst.N_MASKS * SPHINCS256Config.HASH_BYTES)) { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("Sphincs256 public key not consistent with Sphincs256 private key"); } } else if (publicKey is AsymmetricNHKey && privateKey is AsymmetricNHKey) { AsymmetricNHPrivateKey priv = privateKey as AsymmetricNHPrivateKey; AsymmetricNHPublicKey pub = publicKey as AsymmetricNHPublicKey; // currently there doesn't either a good approach or much point to this one as the keys should be ephemeral and always generated locally. } else { // FSM_TRANS:5.IKP.2, "IMPORTED KEY PAIR CONSISTENCY TEST", "USER COMMAND REJECTED", "Consistency test on imported key pair failed" throw new ArgumentException("Key pair inconsistent"); } }
internal AsymmetricDHKey(Algorithm algorithm, AlgorithmIdentifier algorithmIdentifier) { this.approvedModeOnly = CryptoServicesRegistrar.IsInApprovedOnlyMode(); this.algorithm = algorithm; this.domainParameters = DecodeDomainParameters(algorithmIdentifier); }
internal AsymmetricDHKey(Algorithm algorithm, DHDomainParameters domainParameters) { this.approvedModeOnly = CryptoServicesRegistrar.IsInApprovedOnlyMode(); this.algorithm = algorithm; this.domainParameters = domainParameters; }