public SharedSecretResponse GenerateSharedSecretZ( EccDomainParameters domainParameters, EccKeyPair xPrivateKeyPartyA, EccKeyPair yPublicKeyPartyB, EccKeyPair rPrivateKeyPartyA, EccKeyPair tPublicKeyPartyA, EccKeyPair tPublicKeyPartyB) { var exactBitSize = domainParameters.CurveE.OrderN.ExactBitLength(); var associateValueQeA = AssociateValueFunction(exactBitSize, tPublicKeyPartyA); var associateValueQeB = AssociateValueFunction(exactBitSize, tPublicKeyPartyB); var implicitSigA = (rPrivateKeyPartyA.PrivateD + associateValueQeA * xPrivateKeyPartyA.PrivateD) % domainParameters.CurveE.OrderN; var p = domainParameters.CurveE.Multiply(yPublicKeyPartyB.PublicQ, associateValueQeB); p = domainParameters.CurveE.Add(p, tPublicKeyPartyB.PublicQ); p = domainParameters.CurveE.Multiply(p, implicitSigA); p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH); if (p.Infinity) { return(new SharedSecretResponse("Point is infinity")); } var pExactLength = domainParameters.CurveE.FieldSizeQ.ExactBitLength(); BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, pExactLength); return(new SharedSecretResponse(z)); }
protected override BitString GetEphemeralDataFromKeyContribution(ISecretKeyingMaterial secretKeyingMaterial) { if (secretKeyingMaterial.EphemeralKeyPair != null) { var domainParam = (EccDomainParameters)secretKeyingMaterial.DomainParameters; var exactLength = CurveAttributesHelper.GetCurveAttribute(domainParam.CurveE.CurveName).DegreeOfPolynomial;; var ephemKey = (EccKeyPair)secretKeyingMaterial.EphemeralKeyPair; if (ephemKey.PublicQ.X != 0) { return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemKey.PublicQ.Y, exactLength) )); } } if (secretKeyingMaterial.EphemeralNonce != null && secretKeyingMaterial.EphemeralNonce?.BitLength != 0) { return(secretKeyingMaterial.EphemeralNonce); } return(secretKeyingMaterial.DkmNonce); }
/// <inheritdoc /> protected override BitString GetEphemeralKeyOrNonce(EccKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce) { if (ephemeralPublicKey?.PublicQ != null && ephemeralPublicKey.PublicQ?.X != 0) { var exactLength = CurveAttributesHelper.GetCurveAttribute(DomainParameters.CurveE.CurveName).DegreeOfPolynomial; return(BitString.ConcatenateBits( SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.X, exactLength), SharedSecretZHelper.FormatEccSharedSecretZ(ephemeralPublicKey.PublicQ.Y, exactLength) )); } if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0) { return(ephemeralNonce); } return(dkmNonce); }
public SharedSecretResponse GenerateSharedSecretZ( EccDomainParameters domainParameters, EccKeyPair dA, EccKeyPair qB ) { var p = domainParameters.CurveE.Multiply(qB.PublicQ, dA.PrivateD); p = domainParameters.CurveE.Multiply(p, domainParameters.CurveE.CofactorH); if (p.Infinity) { return(new SharedSecretResponse("Point is infinity")); } var curveAttributes = CurveAttributesHelper.GetCurveAttribute(domainParameters.CurveE.CurveName); BitString z = SharedSecretZHelper.FormatEccSharedSecretZ(p.X, curveAttributes.DegreeOfPolynomial); return(new SharedSecretResponse(z)); }