private IKeyAgreement FromDiffieHellmanDomainParameters(KrbSubjectPublicKeyInfo clientPublicValue) { var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value); IKeyAgreement agreement; if (this.IsSupportedAlgorithm(KeyAgreementAlgorithm.DiffieHellmanModp14, Oakley.Group14.Prime, parameters.P)) { var cachedKey = this.Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14); agreement = CryptoPal.Platform.DiffieHellmanModp14(cachedKey); } else if (this.IsSupportedAlgorithm(KeyAgreementAlgorithm.DiffieHellmanModp2, Oakley.Group2.Prime, parameters.P)) { var cachedKey = this.Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2); agreement = CryptoPal.Platform.DiffieHellmanModp2(cachedKey); } else { var length = parameters.P.Length * 8; throw new InvalidOperationException($"Unsupported Diffie Hellman key agreement parameter with length {length}"); } var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey, agreement.PublicKey.KeyLength); agreement.ImportPartnerKey(publicKey); return(agreement); }
public void ParsePaPkAsReq_SignedAuthPack_ParseAuthPack() { KrbPaPkAsReq asreq = KrbPaPkAsReq.Decode(signedPkAsReq); SignedCms signedCms = new SignedCms(); signedCms.Decode(asreq.SignedAuthPack.ToArray()); signedCms.CheckSignature(verifySignatureOnly: true); KrbAuthPack authPack = KrbAuthPack.Decode(signedCms.ContentInfo.Content); Assert.IsNotNull(authPack); var param = authPack.ClientPublicValue.Algorithm.Parameters.Value; var b64 = Convert.ToBase64String(param.ToArray()); var domainParams = KrbDiffieHellmanDomainParameters.DecodeSpecial(param); Assert.IsNotNull(domainParams); var special = domainParams.EncodeSpecial(); Assert.IsTrue(special.Span.SequenceEqual(param.ToArray())); var decodedPk = CryptEncode.CryptDecodePublicParameter(authPack.ClientPublicValue.SubjectPublicKey).Slice(16); }
private async Task <IKeyAgreement> FromDiffieHellmanDomainParametersAsync(KrbSubjectPublicKeyInfo clientPublicValue) { var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value); IKeyAgreement agreement = null; switch (parameters.P.Length) { case 128: agreement = CryptoPal.Platform.DiffieHellmanModp2( await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2) ); break; case 256: agreement = CryptoPal.Platform.DiffieHellmanModp14( await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14) ); break; default: throw new InvalidOperationException("Unknown key agreement parameter"); } var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey, agreement.PublicKey.KeyLength); agreement.ImportPartnerKey(publicKey); return(agreement); }
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body) { using (var sha1 = CryptoPal.Platform.Sha1()) { var encoded = body.Encode(); var paChecksum = sha1.ComputeHash(encoded.Span); var parametersAreCached = this.CacheKeyAgreementParameters(this.agreement); if (parametersAreCached) { var etype = GetPreferredEType(body.EType, this.Configuration.Defaults.AllowWeakCrypto); if (etype is null) { throw new InvalidOperationException("Cannot find a common EType"); } this.clientDHNonce = GenerateNonce(etype.Value, this.agreement.PublicKey.KeyLength); } var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(this.agreement); var authPack = new KrbAuthPack { PKAuthenticator = new KrbPKAuthenticator { Nonce = body.Nonce, PaChecksum = paChecksum }, ClientPublicValue = new KrbSubjectPublicKeyInfo { Algorithm = new KrbAlgorithmIdentifier { Algorithm = DiffieHellman, Parameters = domainParams.EncodeSpecial() }, SubjectPublicKey = this.agreement.PublicKey.EncodePublicKey() }, ClientDHNonce = this.clientDHNonce }; return(authPack); } }
private async Task <IKeyAgreement> FromDiffieHellmanDomainParametersAsync(KrbSubjectPublicKeyInfo clientPublicValue) { var parameters = KrbDiffieHellmanDomainParameters.DecodeSpecial(clientPublicValue.Algorithm.Parameters.Value); var agreement = parameters.P.Length switch { 128 => CryptoPal.Platform.DiffieHellmanModp2( await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp2) ), 256 => CryptoPal.Platform.DiffieHellmanModp14( await Service.Principals.RetrieveKeyCache(KeyAgreementAlgorithm.DiffieHellmanModp14) ), _ => throw new InvalidOperationException("Unknown key agreement parameter"), }; var publicKey = DiffieHellmanKey.ParsePublicKey(clientPublicValue.SubjectPublicKey); agreement.ImportPartnerKey(publicKey); return(agreement); }
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body) { using (var sha1 = CryptoPal.Platform.Sha1()) { var encoded = body.Encode(); var paChecksum = sha1.ComputeHash(encoded.Span); var parametersAreCached = CacheKeyAgreementParameters(agreement); if (parametersAreCached) { clientDHNonce = GenerateNonce(body.EType.First(), agreement.PublicKey.KeyLength); } var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(agreement); var authPack = new KrbAuthPack { PKAuthenticator = new KrbPKAuthenticator { Nonce = body.Nonce, PaChecksum = paChecksum }, ClientPublicValue = new KrbSubjectPublicKeyInfo { Algorithm = new KrbAlgorithmIdentifier { Algorithm = DiffieHellman, Parameters = domainParams.EncodeSpecial() }, SubjectPublicKey = agreement.PublicKey.EncodePublicKey() }, ClientDHNonce = clientDHNonce }; return(authPack); } }