/// <summary>
/// Derives a shared secret key from a private key and another persons public key
/// </summary>
/// <param name="myPrivateKey">the private key which is used</param>
/// <param name="otherPartyPublicKey">the public key of the other person</param>
/// <returns></returns>
public byte[] DeriveKey(byte[] myPrivateKey, byte[] otherPartyPublicKey)
{
DHPrivateKeyParameters privKey = null;
try
{
privKey = (DHPrivateKeyParameters)CreateAsymmetricKeyParameterFromPrivateKeyInfo(myPrivateKey);
}
catch (InvalidCastException exception)
{
string message = "Private Key Import Failed!\n" +
$"{exception.Message}.\n" +
"The contents of the source do not represent a valid DH key parameter\n" +
"Verify that the key is not corrupted.\n" +
"- or - Verify that the correct key is selected.";
throw new CryptoException(message, exception);
}
var a1 = new DHAgreement();
a1.Init(privKey);
BigInteger m1 = a1.CalculateMessage();
DHPublicKeyParameters pubKey = null;
try
{
pubKey = (DHPublicKeyParameters)CreateAsymmetricKeyParameterFromPublicKeyInfo(otherPartyPublicKey);
}
catch (InvalidCastException exception)
{
string message = "Public Key Import Failed!\n" +
$"{exception.Message}.\n" +
"The contents of the source do not represent a valid DH key parameter\n" +
"Verify that the key is not corrupted.\n" +
"- or - Verify that the correct key is selected.";
throw new CryptoException(message, exception);
}
//Both party keys must share the same DHParameters to be able to calculate the agreement
BigInteger k1 = a1.CalculateAgreement(pubKey, m1);
return(k1.ToByteArrayUnsigned());
}
/// <summary>
///
/// </summary>
/// <param name="newagrlen">agreement length in bytes. Valid values are 32, 96, 128</param>
public ECDHWrapper(int newagrlen)
{
DHKeyPairGenerator kpGen;
this.initPG(newagrlen);
kpGen = this.getDHKeyPairGenerator(this.g, this.p);
this.agrlen = newagrlen;
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
this.pu1 = (DHPublicKeyParameters)pair.Public;
this.pv1 = (DHPrivateKeyParameters)pair.Private;
this.e1 = new DHAgreement();
this.e1.Init(new ParametersWithRandom(this.pv1, new SecureRandom()));
this.m1 = this.e1.CalculateMessage();
this.pubdata = this.getPubData();
}
private void doTestDH(
int size,
BigInteger g,
BigInteger p)
{
DHKeyPairGenerator kpGen = getDHKeyPairGenerator(g, p);
//
// generate first pair
//
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;
//
// generate second pair
//
pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;
//
// two way
//
DHAgreement e1 = new DHAgreement();
DHAgreement e2 = new DHAgreement();
e1.Init(pv1);
e2.Init(pv2);
BigInteger m1 = e1.CalculateMessage();
BigInteger m2 = e2.CalculateMessage();
BigInteger k1 = e1.CalculateAgreement(pu2, m2);
BigInteger k2 = e2.CalculateAgreement(pu1, m1);
if (!k1.Equals(k2))
{
Fail(size + " bit 2-way test failed");
}
}
private void doTestGPWithRandom(
DHKeyPairGenerator kpGen)
{
//
// generate first pair
//
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;
//
// generate second pair
//
pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;
//
// two way
//
DHAgreement e1 = new DHAgreement();
DHAgreement e2 = new DHAgreement();
e1.Init(new ParametersWithRandom(pv1, new SecureRandom()));
e2.Init(new ParametersWithRandom(pv2, new SecureRandom()));
BigInteger m1 = e1.CalculateMessage();
BigInteger m2 = e2.CalculateMessage();
BigInteger k1 = e1.CalculateAgreement(pu2, m2);
BigInteger k2 = e2.CalculateAgreement(pu1, m1);
if (!k1.Equals(k2))
{
Fail("basic with random 2-way test failed");
}
}
public override void PerformTest()
{
doTestDHBasic(512, 0, g512, p512);
doTestDHBasic(768, 0, g768, p768);
doTestDHBasic(1024, 0, g1024, p1024);
doTestDHBasic(512, 64, g512, p512);
doTestDHBasic(768, 128, g768, p768);
doTestDHBasic(1024, 256, g1024, p1024);
doTestDH(512, g512, p512);
doTestDH(768, g768, p768);
doTestDH(1024, g1024, p1024);
//
// generation test.
//
doTestGeneration(256);
//
// with random test
//
DHBasicKeyPairGenerator kpBasicGen = getDHBasicKeyPairGenerator(g512, p512, 0);
doTestSimpleWithRandom(kpBasicGen);
DHKeyPairGenerator kpGen = getDHKeyPairGenerator(g512, p512);
doTestGPWithRandom(kpGen);
//
// parameter tests
//
DHAgreement dh = new DHAgreement();
AsymmetricCipherKeyPair dhPair = kpGen.GenerateKeyPair();
try
{
dh.Init(dhPair.Public);
Fail("DHAgreement key check failed");
}
catch (ArgumentException)
{
// ignore
}
DHKeyPairGenerator kpGen768 = getDHKeyPairGenerator(g768, p768);
try
{
dh.Init(dhPair.Private);
dh.CalculateAgreement((DHPublicKeyParameters)kpGen768.GenerateKeyPair().Public, BigInteger.ValueOf(100));
Fail("DHAgreement agreement check failed");
}
catch (ArgumentException)
{
// ignore
}
DHBasicAgreement dhBasic = new DHBasicAgreement();
AsymmetricCipherKeyPair dhBasicPair = kpBasicGen.GenerateKeyPair();
try
{
dhBasic.Init(dhBasicPair.Public);
Fail("DHBasicAgreement key check failed");
}
catch (ArgumentException)
{
// expected
}
DHBasicKeyPairGenerator kpBasicGen768 = getDHBasicKeyPairGenerator(g768, p768, 0);
try
{
dhBasic.Init(dhPair.Private);
dhBasic.CalculateAgreement((DHPublicKeyParameters)kpBasicGen768.GenerateKeyPair().Public);
Fail("DHBasicAgreement agreement check failed");
}
catch (ArgumentException)
{
// expected
}
}
