private static void AssertKeysAgree(IKeyAgreement alice, IKeyAgreement bob)
{
var aliceDerived = alice.GenerateAgreement();
var bobDerived = bob.GenerateAgreement();
var match = aliceDerived.Span.SequenceEqual(bobDerived.Span);
if (!match)
{
Hex.Debug(aliceDerived.ToArray());
Hex.Debug(bobDerived.ToArray());
}
Assert.IsTrue(match);
var empty = new byte[aliceDerived.Length];
Assert.IsFalse(aliceDerived.Span.SequenceEqual(empty));
}
private ReadOnlyMemory <byte> DeriveDHKeyAgreement(KrbKdcRep kdcRep, KrbPaPkAsRep pkRep)
{
var dhKeyInfo = ValidateDHReply(pkRep);
var kdcPublicKey = DiffieHellmanKey.ParsePublicKey(dhKeyInfo.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(kdcPublicKey);
var derivedKey = agreement.GenerateAgreement();
ReadOnlySpan <byte> serverDHNonce = default;
if (pkRep.DHInfo.ServerDHNonce.HasValue)
{
serverDHNonce = pkRep.DHInfo.ServerDHNonce.Value.Span;
}
var transform = CryptoService.CreateTransform(kdcRep.EncPart.EType);
return(PKInitString2Key.String2Key(derivedKey.Span, transform.KeySize, clientDHNonce.Span, serverDHNonce));
}
