onix-labs
diff --git a/‎OnixLabs.Security.Cryptography.UnitTests/EcdhKeyTests.cs
+56 b/‎OnixLabs.Security.Cryptography.UnitTests/EcdhKeyTests.cs
+56
diff --git a/‎OnixLabs.Security.Cryptography.UnitTests/SecretTests.cs
+123 b/‎OnixLabs.Security.Cryptography.UnitTests/SecretTests.cs
+123
diff --git a/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Create.cs
+56 b/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Create.cs
+56
diff --git a/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Derive.cs
+34 b/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Derive.cs
+34
diff --git a/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Export.cs
+43 b/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Export.cs
+43
diff --git a/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Get.cs
+31 b/‎OnixLabs.Security.Cryptography/EcdhPrivateKey.Get.cs
+31
@@ -0,0 +1,56 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Security.Cryptography;
+using Xunit;
+
+namespace OnixLabs.Security.Cryptography.UnitTests;
+
+public sealed class EcdhKeyTests
+{
+    [Fact(DisplayName = "EC Diffie-Hellman DeriveSharedSecret should produce identical secrets")]
+    public void EcdhDeriveSharedSecretShouldProduceIdenticalSecrets()
+    {
+        // Given
+        IEcdhPrivateKey alice = EcdhPrivateKey.Create();
+        IEcdhPrivateKey bob = EcdhPrivateKey.Create();
+
+        // When
+        Secret aliceSecret = alice.DeriveSharedSecret(bob.GetPublicKey());
+        Secret bobSecret = bob.DeriveSharedSecret(alice.GetPublicKey());
+
+        // Then
+        Assert.Equal(aliceSecret, bobSecret);
+    }
+
+    [Fact(DisplayName = "EC Diffie-Hellman PKCS #8 round-trip DeriveSharedSecret should produce identical secrets")]
+    public void EcdhPkcs8RoundTripDeriveSharedSecretShouldProduceIdenticalSecrets()
+    {
+        // Given
+        using HashAlgorithm algorithm = SHA256.Create();
+        PbeParameters parameters = new(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 10);
+        byte[] aliceExportedBytes = EcdhPrivateKey.Create().ExportPkcs8PrivateKey("AlicePassword", parameters);
+        byte[] bobExportedBytes = EcdhPrivateKey.Create().ExportPkcs8PrivateKey("BobPassword", parameters);
+
+        IEcdhPrivateKey alice = EcdhPrivateKey.ImportPkcs8PrivateKey(aliceExportedBytes, "AlicePassword");
+        IEcdhPrivateKey bob = EcdhPrivateKey.ImportPkcs8PrivateKey(bobExportedBytes, "BobPassword");
+
+        // When
+        Secret aliceSecret = alice.DeriveSharedSecret(bob.GetPublicKey());
+        Secret bobSecret = bob.DeriveSharedSecret(alice.GetPublicKey());
+
+        // Then
+        Assert.Equal(aliceSecret, bobSecret);
+    }
+}
@@ -0,0 +1,123 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using Xunit;
+
+namespace OnixLabs.Security.Cryptography.UnitTests;
+
+public sealed class SecretTests
+{
+    [Fact(DisplayName = "Secret should be constructable from bytes")]
+    public void SecretShouldBeConstructableFromBytes()
+    {
+        // Given
+        byte[] value = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15];
+        const string expected = "000102030405060708090a0b0c0d0e0f";
+
+        // When
+        Secret candidate = new(value);
+        string actual = candidate.ToString();
+
+        // Then
+        Assert.Equal(expected, actual);
+    }
+
+    [Fact(DisplayName = "Secret value should not be modified when altering the original byte array")]
+    public void SecretValueShouldNotBeModifiedWhenAlteringTheOriginalByteArray()
+    {
+        // Given
+        byte[] value = [1, 2, 3, 4];
+        Secret candidate = new(value);
+        const string expected = "01020304";
+
+        // When
+        value[0] = 0;
+        string actual = candidate.ToString();
+
+        // Then
+        Assert.Equal(expected, actual);
+    }
+
+    [Fact(DisplayName = "Secret value should not be modified when altering the obtained byte array")]
+    public void SecretValueShouldNotBeModifiedWhenAlteringTheObtainedByteArray()
+    {
+        // Given
+        Secret candidate = new([1, 2, 3, 4]);
+        const string expected = "01020304";
+
+        // When
+        byte[] value = candidate.ToByteArray();
+        value[0] = 0;
+        string actual = candidate.ToString();
+
+        // Then
+        Assert.Equal(expected, actual);
+    }
+
+    [Fact(DisplayName = "Identical secret values should be considered equal")]
+    public void IdenticalSecretValuesShouldBeConsideredEqual()
+    {
+        // Given
+        Secret left = new([1, 2, 3, 4]);
+        Secret right = new([1, 2, 3, 4]);
+
+        // Then
+        Assert.Equal(left, right);
+        Assert.True(left.Equals(right));
+        Assert.True(left == right);
+    }
+
+    [Fact(DisplayName = "Different secret values should not be considered equal")]
+    public void DifferentSecretValuesShouldNotBeConsideredEqual()
+    {
+        // Given
+        Secret left = new([1, 2, 3, 4]);
+        Secret right = new([5, 6, 7, 8]);
+
+        // Then
+        Assert.NotEqual(left, right);
+        Assert.False(left.Equals(right));
+        Assert.True(left != right);
+    }
+
+    [Fact(DisplayName = "Identical secret values should produce identical hash codes")]
+    public void IdenticalSecretValuesShouldProduceIdenticalSecretCodes()
+    {
+        // Given
+        Secret left = new([1, 2, 3, 4]);
+        Secret right = new([1, 2, 3, 4]);
+
+        // When
+        int leftHashCode = left.GetHashCode();
+        int rightHashCode = right.GetHashCode();
+
+        // Then
+        Assert.Equal(leftHashCode, rightHashCode);
+    }
+
+    [Fact(DisplayName = "Different secret values should produce different hash codes")]
+    public void DifferentSecretValuesShouldProduceDifferentSecretCodes()
+    {
+        // Given
+        Secret left = new([1, 2, 3, 4]);
+        Secret right = new([5, 6, 7, 8]);
+
+        // When
+        int leftHashCode = left.GetHashCode();
+        int rightHashCode = right.GetHashCode();
+
+        // Then
+        Assert.NotEqual(leftHashCode, rightHashCode);
+    }
+}
@@ -0,0 +1,56 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Security.Cryptography;
+
+namespace OnixLabs.Security.Cryptography;
+
+public sealed partial class EcdhPrivateKey
+{
+    /// <summary>
+    /// Creates a new EC Diffie-Hellman cryptographic private key.
+    /// </summary>
+    /// <returns>Returns a new <see cref="EcdsaPrivateKey"/> instance.</returns>
+    public static EcdhPrivateKey Create()
+    {
+        using ECDiffieHellman key = ECDiffieHellman.Create();
+        byte[] keyData = key.ExportECPrivateKey();
+        return new EcdhPrivateKey(keyData);
+    }
+
+    /// <summary>
+    /// Creates a new EC Diffie-Hellman cryptographic private key.
+    /// </summary>
+    /// <param name="curve">The elliptic curve from which to create a new EC Diffie-Hellman cryptographic private key.</param>
+    /// <returns>Returns a new <see cref="EcdsaPrivateKey"/> instance.</returns>
+    public static EcdhPrivateKey Create(ECCurve curve)
+    {
+        using ECDiffieHellman key = ECDiffieHellman.Create(curve);
+        byte[] keyData = key.ExportECPrivateKey();
+        return new EcdhPrivateKey(keyData);
+    }
+
+    /// <summary>
+    /// Creates a new EC Diffie-Hellman cryptographic private key.
+    /// </summary>
+    /// <param name="parameters">The elliptic curve parameters from which to create a new EC Diffie-Hellman cryptographic private key.</param>
+    /// <returns>Returns a new <see cref="EcdsaPrivateKey"/> instance.</returns>
+    public static EcdhPrivateKey Create(ECParameters parameters)
+    {
+        using ECDiffieHellman key = ECDiffieHellman.Create(parameters);
+        byte[] keyData = key.ExportECPrivateKey();
+        return new EcdhPrivateKey(keyData);
+    }
+}
@@ -0,0 +1,34 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Security.Cryptography;
+
+namespace OnixLabs.Security.Cryptography;
+
+public sealed partial class EcdhPrivateKey
+{
+    /// <summary>
+    /// Derives a cryptographic shared secret from the current EC Diffie-Hellman cryptographic private key, and the specified cryptographic public key.
+    /// </summary>
+    /// <param name="publicKey">The EC Diffie-Hellman cryptographic public key from which to derive cryptographic shared secret.</param>
+    /// <returns>Returns a cryptographic shared secret, derived from the current EC Diffie-Hellman cryptographic private key, and the specified cryptographic public key.</returns>
+    public Secret DeriveSharedSecret(IEcdhPublicKey publicKey)
+    {
+        using ECDiffieHellman ourKey = ImportKeyData();
+        using ECDiffieHellman theirKey = ECDiffieHellman.Create();
+        theirKey.ImportSubjectPublicKeyInfo(publicKey.ToByteArray(), out int _);
+        byte[] secretData = ourKey.DeriveKeyMaterial(theirKey.PublicKey);
+        return new Secret(secretData);
+    }
+}
@@ -0,0 +1,43 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Security.Cryptography;
+
+namespace OnixLabs.Security.Cryptography;
+
+public sealed partial class EcdhPrivateKey
+{
+    /// <summary>
+    /// Exports the current EC Diffie-Hellman cryptographic private key data in PKCS #8 format.
+    /// </summary>
+    /// <returns>Returns a new <see cref="T:Byte[]"/> instance containing the EC Diffie-Hellman cryptographic private key data in PKCS #8 format.</returns>
+    public byte[] ExportPkcs8PrivateKey()
+    {
+        using ECDiffieHellman key = ImportKeyData();
+        return key.ExportPkcs8PrivateKey();
+    }
+
+    /// <summary>
+    /// Exports the EC Diffie-Hellman cryptographic private key data in encrypted PKCS #8 format.
+    /// </summary>
+    /// <param name="password">The password to use for encryption.</param>
+    /// <param name="parameters">The parameters required for password based encryption.</param>
+    /// <returns>Returns a new <see cref="T:Byte[]"/> instance containing the EC Diffie-Hellman cryptographic private key data in PKCS #8 format.</returns>
+    public byte[] ExportPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters parameters)
+    {
+        using ECDiffieHellman key = ImportKeyData();
+        return key.ExportEncryptedPkcs8PrivateKey(password, parameters);
+    }
+}
@@ -0,0 +1,31 @@
+// Copyright 2020 ONIXLabs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Security.Cryptography;
+
+namespace OnixLabs.Security.Cryptography;
+
+public sealed partial class EcdhPrivateKey
+{
+    /// <summary>
+    /// Gets the EC Diffie-Hellman cryptographic public key component from the current cryptographic private key.
+    /// </summary>
+    /// <returns>Returns the EC Diffie-Hellman cryptographic public key component from the current cryptographic private key.</returns>
+    public EcdhPublicKey GetPublicKey()
+    {
+        using ECDiffieHellman key = ImportKeyData();
+        byte[] keyData = key.ExportSubjectPublicKeyInfo();
+        return new EcdhPublicKey(keyData);
+    }
+}