public virtual void Exchange(byte[] clientEcdhPubkey, byte[] cRandomUnused, byte[] sRandomUnused, object privateParameters) { // "TLS1.3 ciphersuite does not include KeyExchange methods" // just for shared_secret calculation here var shared_secret = new byte[32]; if (privateParameters is Parameters.X25519PrivateKeyParameters x25519Prv) { var clientPub = new Parameters.X25519PublicKeyParameters(clientEcdhPubkey, 0); x25519Prv.GenerateSecret(clientPub, shared_secret, 0); } else if (privateParameters is Parameters.X448PrivateKeyParameters x448Prv) { var clientPub = new Parameters.X448PublicKeyParameters(clientEcdhPubkey, 0); x448Prv.GenerateSecret(clientPub, shared_secret, 0); } else if (privateParameters is Parameters.ECPrivateKeyParameters serverPrv) { var ecDomainParam = serverPrv.Parameters; var clientQ = TlsEccUtilities.DeserializeECPoint(new byte[] { 0x04 }, ecDomainParam.Curve, clientEcdhPubkey); var clientPub = new Parameters.ECPublicKeyParameters(clientQ, ecDomainParam); shared_secret = TlsEccUtilities.CalculateECDHBasicAgreement(clientPub, serverPrv); } else { throw new NotSupportedException("Unsupported KeyShare Group"); } SharedSecret = shared_secret; }
public void GenerateSecret(X25519PublicKeyParameters publicKey, byte[] buf, int off) { byte[] encoded = new byte[X25519.PointSize]; publicKey.Encode(encoded, 0); if (!X25519.CalculateAgreement(data, 0, encoded, 0, buf, off)) { throw new InvalidOperationException("X25519 agreement failed"); } }
protected override void GenerateMasterSecret(byte[] clientEcdhPubkey, byte[] clientRandom, byte[] serverRandom, object privateParameters) { var pre_master = new byte[32]; if (privateParameters is Parameters.X25519PrivateKeyParameters x25519Prv) { var clientPub = new Parameters.X25519PublicKeyParameters(clientEcdhPubkey, 0); x25519Prv.GenerateSecret(clientPub, pre_master, 0); } else if (privateParameters is Parameters.X448PrivateKeyParameters x448Prv) { var clientPub = new Parameters.X448PublicKeyParameters(clientEcdhPubkey, 0); x448Prv.GenerateSecret(clientPub, pre_master, 0); } else if (privateParameters is Parameters.ECPrivateKeyParameters serverPrv) { var ecDomainParam = serverPrv.Parameters; var clientQ = TlsEccUtilities.DeserializeECPoint(new byte[] { 0x04 }, ecDomainParam.Curve, clientEcdhPubkey); var clientPub = new Parameters.ECPublicKeyParameters(clientQ, ecDomainParam); pre_master = TlsEccUtilities.CalculateECDHBasicAgreement(clientPub, serverPrv); } MasterSecret = RandomFunction.PRF.GetBytes_HMACSHA256(pre_master, "master secret", clientRandom.Concat(serverRandom).ToArray(), 48); }
public void GenerateSecret(X25519PublicKeyParameters publicKey, byte[] buf, int off) { byte[] encoded = new byte[X25519.PointSize]; publicKey.Encode(encoded, 0); X25519.ScalarMult(data, 0, encoded, 0, buf, off); }