public IIfcSecretKeyingMaterial Build(IfcScheme scheme, KasMode kasMode, KeyAgreementRole thisPartyKeyAgreementRole,
KeyConfirmationRole keyConfirmationRole, KeyConfirmationDirection keyConfirmationDirection,
bool shouldValidateContributions = true)
{
if (shouldValidateContributions)
{
var generationRequirements = KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
scheme, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection);
ValidateNonce(generationRequirements);
ValidateKey(generationRequirements);
ValidatePartyId(generationRequirements);
ValidateK(generationRequirements, scheme);
}
return(new IfcSecretKeyingMaterial()
{
C = _c,
DkmNonce = _dkmNonce,
K = _k,
Key = _key,
PartyId = _partyId,
Z = _z,
});
}
/// <summary>
/// Get the FixedInfo BitString for use in KDFs and KTS.
/// </summary>
/// <param name="otherPartyKeyingMaterial">The other party keying material</param>
/// <param name="excludeEphemeralData">Should the ephemeral data be excluded? (Used for KTS fixed info generation)</param>
/// <returns></returns>
protected BitString GetFixedInfo(IIfcSecretKeyingMaterial otherPartyKeyingMaterial, bool excludeEphemeralData = false)
{
var fixedInfo = _fixedInfoFactory.Get();
var thisPartyFixedInfo = GetPartyFixedInfo(ThisPartyKeyingMaterial, SchemeParameters.KeyAgreementRole, excludeEphemeralData);
var otherPartyRole =
KeyGenerationRequirementsHelper.GetOtherPartyKeyAgreementRole(SchemeParameters.KeyAgreementRole);
var otherPartyFixedInfo = GetPartyFixedInfo(otherPartyKeyingMaterial, otherPartyRole, excludeEphemeralData);
_fixedInfoParameter.SetFixedInfo(
SchemeParameters.KeyAgreementRole == KeyAgreementRole.InitiatorPartyU
? thisPartyFixedInfo
: otherPartyFixedInfo,
SchemeParameters.KeyAgreementRole == KeyAgreementRole.ResponderPartyV
? thisPartyFixedInfo
: otherPartyFixedInfo
);
return(fixedInfo.Get(_fixedInfoParameter));
}
/// <summary>
/// Generate the <see cref="IKeyConfirmationParameters"/> based on the two parties information.
/// </summary>
/// <param name="otherPartyKeyingMaterial">The other parties keying information.</param>
/// <param name="keyToTransport">The derived keying material.</param>
/// <returns></returns>
private IKeyConfirmationParameters GetKeyConfirmationParameters(IIfcSecretKeyingMaterial otherPartyKeyingMaterial, BitString keyToTransport)
{
var thisPartyEphemData =
GetEphemeralDataFromKeyContribution(ThisPartyKeyingMaterial, SchemeParameters.KeyAgreementRole, false);
var otherPartyEphemData =
GetEphemeralDataFromKeyContribution(otherPartyKeyingMaterial,
KeyGenerationRequirementsHelper.GetOtherPartyKeyAgreementRole(SchemeParameters.KeyAgreementRole),
false);
return(new KeyConfirmationParameters(
SchemeParameters.KeyAgreementRole,
SchemeParameters.KeyConfirmationRole,
SchemeParameters.KeyConfirmationDirection,
_macParameters.MacType,
_macParameters.KeyLength,
_macParameters.MacLength,
ThisPartyKeyingMaterial.PartyId,
otherPartyKeyingMaterial.PartyId,
thisPartyEphemData,
otherPartyEphemData,
keyToTransport
));
}
public static (SchemeKeyNonceGenRequirement requirments, KasAlgorithm kasAlgo) GetSchemeRequirements(KasScheme scheme, KasMode kasMode, KeyAgreementRole thisPartyKeyAgreementRole, KeyConfirmationRole keyConfirmationRole, KeyConfirmationDirection keyConfirmationDirection)
{
FfcMap.TryFirst(f => f.Value == scheme, out var ffcResult);
EccMap.TryFirst(f => f.Value == scheme, out var eccResult);
if (ffcResult.Key == FfcScheme.None && eccResult.Key == EccScheme.None)
{
throw new ArgumentException($"Unable to map {nameof(scheme)} to {nameof(ffcResult)} or {nameof(eccResult)}");
}
if (ffcResult.Key != FfcScheme.None)
{
return(
KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
ffcResult.Key, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection),
KasAlgorithm.Ffc);
}
return(
KeyGenerationRequirementsHelper.GetKeyGenerationOptionsForSchemeAndRole(
eccResult.Key, kasMode, thisPartyKeyAgreementRole, keyConfirmationRole, keyConfirmationDirection),
KasAlgorithm.Ecc);
}
public void ShouldReturnCorrectKcRole(KeyConfirmationRole rolePartyA, KeyConfirmationRole expectedRolePartyB)
{
var result = KeyGenerationRequirementsHelper.GetOtherPartyKeyConfirmationRole(rolePartyA);
Assert.AreEqual(expectedRolePartyB, result);
}
