public static bool verify(string message, string signature, string key)
{
var encodedSignature = Encoding.UTF8.GetBytes(signature);
var encodedKey = Encoding.UTF8.GetBytes(key);
return(SecretKeyAuth.VerifyHmacSha512(message, encodedSignature, encodedKey));
}
/// <summary>
/// Validate client Hello
/// </summary>
/// <remark>
/// Here the server verifies that the received message length is 64
/// bytes, then extracts the client's ephemeral key and also verifies
/// that the hmac was signed with the network key.
///
/// This sets the object's <see cref="_ephemeral_client_pk"/>
/// </remark>
/// <exception cref="ArgumentException">
/// Thrown if the client Hello <paramref name="msg"/> fails to pass the
/// checks.
/// </exception>
/// <param name="msg">
/// The received message, the first 32 bytes correspond to the client
/// ephemeral key and the last 32 bytes to the hmac.
/// </param>
public void AcceptHello(byte[] msg)
{
if (msg.Length != 64)
{
throw new ArgumentException("The received message is not 64 bytes");
}
// Separate the message in ephemeral key and hmac
var ephemeral_client_key = new byte[SECTION_LENGTH];
Buffer.BlockCopy(msg, SECTION_LENGTH, ephemeral_client_key, 0, SECTION_LENGTH);
var hmac = new byte[SECTION_LENGTH];
Buffer.BlockCopy(msg, 0, hmac, 0, SECTION_LENGTH);
// Check if the key used to sign the hmac of the ephemeral_client_key is
// valid
//
// Aka, check if we are in the same network
if (!SecretKeyAuth.Verify(ephemeral_client_key, hmac, _network_key))
{
throw new ArgumentException("The hmac does not match");
}
else
{
this._ephemeral_client_pk = ephemeral_client_key;
}
// Now that we have the client's ephemeral public key we can derive
// the first 2 secrets
this.DeriveSecrets();
}
public static string sign(string privateKey, string cipherText)
{
var encodedKey = Encoding.UTF8.GetBytes(privateKey);
byte[] signature = SecretKeyAuth.SignHmacSha512(cipherText, encodedKey);
return(Encoding.UTF8.GetString(signature));
}
public void SimpleAuthTest()
{
var expected = Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0");
var actual = SecretKeyAuth.Sign(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
CollectionAssert.AreEqual(expected, actual);
}
/// <summary>
/// Given the keys obtained during the handshake generates a pair of
/// Boxer/Unboxer.
/// </summary>
/// <remarks>
/// <para>
/// TODO: Write about the process detailed in the spec
/// </para>
/// </remarks>
/// <param name="derived_secret">
/// The secret derived from the client long term key and the server's
/// ephemeral key (Ab).
/// </param>
/// <param name="foreing_pubkey">
/// The public key that identifies the other peer, that is, the server
/// public key if this is called from the client and vice versa.
/// </param>
/// <param name="self_pubkey">
/// The public key that identifies the entity calling this.
/// </param>
/// <param name="network_key">
/// The key that identifies the network, in the case of scuttlebutt is
/// the one posted in the scuttlebutt protocol
/// <see href="https://ssbc.github.io/scuttlebutt-protocol-guide/">
/// guide
/// </see>.
/// </param>
/// <param name="a">
/// The client's ephemeral public key used during the handshake.
/// </param>
/// <param name="b">
/// The server's ephemeral public key used during the handshake.
/// </param>
/// <returns>
/// The Boxer/Unboxer pair that a client or server can use to
/// communicate with the other.
/// </returns>
public static (Boxer, Unboxer) Build(
byte[] derived_secret,
byte[] foreing_pubkey,
byte[] self_pubkey,
byte[] network_key,
byte[] a,
byte[] b
)
{
var common = CryptoHash.Sha256(CryptoHash.Sha256(derived_secret));
var send_key = CryptoHash.Sha256(Utils.Concat(common, foreing_pubkey));
var recv_key = CryptoHash.Sha256(Utils.Concat(common, self_pubkey));
var send_nonce = new byte[24];
var recv_nonce = new byte[24];
var bhmac = SecretKeyAuth.Sign(b, network_key);
var ahmac = SecretKeyAuth.Sign(a, network_key);
Buffer.BlockCopy(send_nonce, 0, bhmac, 0, 24);
Buffer.BlockCopy(recv_nonce, 0, ahmac, 0, 24);
var boxer = new Boxer(send_key, send_nonce);
var unboxer = new Unboxer(recv_key, recv_nonce);
return(boxer, unboxer);
}
public void SecretKeyAuthVerify512WithBadSignature()
{
SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary(
"9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
}
public void SecretKeyAuthSign512WithBadKey()
{
Assert.Throws <KeyOutOfRangeException>(() =>
{
SecretKeyAuth.SignHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("012345678901234567890123456789"));
});
}
public void SimpleVerifyHmacSha512Test()
{
var actual = SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235d2"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
Assert.AreEqual(true, actual);
}
public void SimpleVerifyHmacSha256Test()
{
var actual = SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("1cc0012cfd200becfce64bba779025d02cb349d203e15d44a308e4249e2b7245"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
Assert.AreEqual(true, actual);
}
public void SimpleAuthHmacSha256Test()
{
var expected = Utilities.HexToBinary("1cc0012cfd200becfce64bba779025d02cb349d203e15d44a308e4249e2b7245");
var actual = SecretKeyAuth.SignHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
CollectionAssert.AreEqual(expected, actual);
}
public void SimpleVerifyTest()
{
var actual = SecretKeyAuth.Verify(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
Assert.AreEqual(true, actual);
}
public void SecretKeyAuthVerify256WithBadSignature()
{
Assert.Throws <SignatureOutOfRangeException>(() =>
{
SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
});
}
public void OpenTest()
{
var key = Convert.FromBase64String("wYSsnapy7G9F+NTo/bVvIpnRv/ULd97XSMPLoe4+abM=");
byte[] signature = Convert.FromBase64String("hQ4vOFX+pPJNhXxnbMfzAtLjSVeRBBGCOIjlNoIWvzA=");
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
bool result = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(result);
}
public void SignAndVerifyTest()
{
byte[] key = SecretKeyAuth.GenerateKey();
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
byte[] signature = SecretKeyAuth.Sign(message, key);
bool verification = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(verification);
}
public void SecretKeyAuthVerify512WithBadKey()
{
Assert.Throws <KeyOutOfRangeException>(() =>
{
SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary(
"9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235d2"),
Encoding.UTF8.GetBytes("012345678901234567890123456789"));
});
}
public void SignTest()
{
// Test signing given a known key and signature generated from libsodium
byte[] key = Convert.FromBase64String("wYSsnapy7G9F+NTo/bVvIpnRv/ULd97XSMPLoe4+abM=");
String expectedSignature = "hQ4vOFX+pPJNhXxnbMfzAtLjSVeRBBGCOIjlNoIWvzA=";
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
byte[] signature = SecretKeyAuth.Sign(message, key);
Assert.AreEqual(expectedSignature, Convert.ToBase64String(signature));
}
/// <summary>
/// Crafts the client's hello message.
/// </summary>
/// <remark>
/// Signs the ephemeral public key with the network key and appends
/// that key.
/// </remark>
/// <returns>
/// The message to be sent
/// </returns>
public byte[] Hello()
{
var signed_key = SecretKeyAuth.Sign(
this._ephemeral_client_keypair.PublicKey,
this._network_key
);
var msg = Utils.Concat(
signed_key, _ephemeral_client_keypair.PublicKey
);
return(msg);
}
/// <summary>
/// Craft server response to client hello
/// </summary>
/// <returns>
/// Returns the message ready to be sent, consisting of the server
/// ephemeral key and an hmac of the server key signed with the
/// network key.
/// </returns>
public byte[] Hello()
{
var hmac = SecretKeyAuth.Sign(
_ephemeral_server_keypair.PublicKey,
_network_key
);
var msg = Utils.Concat(
hmac, _ephemeral_server_keypair.PublicKey
);
return(msg);
}
public void SecretKeyAuthSignAndVerifyTest()
{
byte[] key = SecretKeyAuth.GenerateKey();
String message = "Hello, World!";
byte[] signature = SecretKeyAuth.Sign(System.Text.Encoding.UTF8.GetBytes(message), key);
Assert.AreEqual(32, signature.Length);
bool verification = SecretKeyAuth.Verify(System.Text.Encoding.UTF8.GetBytes(message), signature, key);
Assert.IsTrue(verification);
signature = SecretKeyAuth.Sign(message, key);
Assert.AreEqual(32, signature.Length);
verification = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(verification);
}
public void HmacSha512Test()
{
var key = SecretKeyAuth.GenerateKey();
string message = "Hello, World!";
byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message);
var sig1 = SecretKeyAuth.SignHmacSha512(message, key);
var sig2 = SecretKeyAuth.SignHmacSha512(byteMessage, key);
// Verify the overload works
Assert.AreEqual(Convert.ToBase64String(sig1), Convert.ToBase64String(sig2));
var result = SecretKeyAuth.VerifyHmacSha512(message, sig1, key);
Assert.IsTrue(result);
result = SecretKeyAuth.VerifyHmacSha512(message, sig2, key);
Assert.IsTrue(result);
result = SecretKeyAuth.VerifyHmacSha512(byteMessage, sig1, key);
Assert.IsTrue(result);
result = SecretKeyAuth.VerifyHmacSha512(byteMessage, sig2, key);
Assert.IsTrue(result);
}
public void TestGenerateKey()
{
Assert.AreEqual(32, SecretKeyAuth.GenerateKey().Length);
}
public void SecretKeyAuthSignWithBadKey()
{
SecretKeyAuth.Sign(Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("0123456789012345678901234567890"));
}
public void SecretKeyAuthSign512WithBadKey()
{
SecretKeyAuth.SignHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("012345678901234567890123456789"));
}
public void SecretKeyAuthVerify256WithBadKey()
{
SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"),
Encoding.UTF8.GetBytes("012345678901234567890123456789"));
}
