private void button4_Click(object sender, EventArgs e)
{
if (loadedPartnerKey && loadedKeychain)
{
OpenFileDialog theDialog = new OpenFileDialog();
theDialog.Title = "Open file to decrypt";
theDialog.Filter = "CurveBox encrypted file |*.curvebox";
if (theDialog.ShowDialog() == DialogResult.OK)
{
string filename = theDialog.FileName;
dataPath = filename;
loadedFile = true;
}
if (!loadedFile)
{
MessageBox.Show("No file loaded!");
return;
}
byte[] sharedKey = Curve25519.GetSharedSecret(loadedPrivateKey, loadedPartnerPublicKey);
byte[] hashedKey = sha256(System.Text.Encoding.UTF8.GetString(sharedKey));
AES_Decrypt(dataPath, Encoding.UTF8.GetString(sharedKey));
MessageBox.Show(String.Format("Wrote decrypted data to {0}", dataPath + ".decrypted"));
}
else
{
MessageBox.Show("Please load your keychain and your partners public key");
return;
}
}
public byte[] CalculateAndHashSharedSecret(byte[] privateKey, byte[] publicKey)
{
Guard.NotNull(privateKey, publicKey);
var sharedSecret = Curve25519.GetSharedSecret(privateKey, publicKey);
var sharedSecretHash = this._platform.ComputeSHA256(sharedSecret);
return(sharedSecretHash);
}
/// <summary>
/// 交换密钥
/// </summary>
/// <param name="exchange">交换流程(输入值是我方公钥,返回值是对端公钥)</param>
/// <returns>密钥</returns>
public byte[] ExchangeSecret(Func <byte[], byte[]> exchange)
{
Guard.Requires <ArgumentNullException>(exchange != null);
var randBytes = new byte[32];
RandomNumberGenerator.Create().GetBytes(randBytes);
var privateKey = Curve25519.ClampPrivateKey(randBytes);
var publicKey = Curve25519.GetPublicKey(privateKey);
return(Curve25519.GetSharedSecret(privateKey, exchange.Invoke(publicKey)));
}
public void DiffieHellmanSuccess()
{
Random random = TestHelpers.CreateSemiRandomGenerator(); // not truly random in case we need to reproduce test values
for (int i = 0; i < 1000; i++)
{
byte[] alicePrivate = Curve25519.ClampPrivateKey(TestHelpers.GetRandomBytes(random, 32));
byte[] alicePublic = Curve25519.GetPublicKey(alicePrivate);
byte[] bobPrivate = Curve25519.ClampPrivateKey(TestHelpers.GetRandomBytes(random, 32));
byte[] bobPublic = Curve25519.GetPublicKey(bobPrivate);
byte[] aliceShared = Curve25519.GetSharedSecret(alicePrivate, bobPublic);
byte[] bobShared = Curve25519.GetSharedSecret(bobPrivate, alicePublic);
Assert.AreEqual(aliceShared, bobShared);
}
}
public void DiffieHellmanFail()
{
Random random = TestHelpers.CreateSemiRandomGenerator();
for (int i = 0; i < 1000; i++)
{
byte[] alicePrivate = Curve25519.ClampPrivateKey(TestHelpers.GetRandomBytes(random, 32));
byte[] alicePublic = Curve25519.GetPublicKey(alicePrivate);
byte[] bobPrivate = Curve25519.ClampPrivateKey(TestHelpers.GetRandomBytes(random, 32));
byte[] bobPublic = Curve25519.GetPublicKey(bobPrivate);
byte[] aliceShared = Curve25519.GetSharedSecret(alicePrivate, bobPublic);
byte[] alicePublicWithBitToggled = TestHelpers.ToggleBitInKey(alicePublic, random);
byte[] bobShared = Curve25519.GetSharedSecret(bobPrivate, alicePublicWithBitToggled);
Assert.AreNotEqual(aliceShared, bobShared);
}
}
public void TestMethod1()
{
byte[] aliceRandomBytes = new byte[32];
byte[] privateKeyBytes = new byte[]
{
40, 146, 87, 95, 87, 167, 114, 250, 89, 24, 160, 144, 158, 233, 161, 185,
9, 153, 71, 88, 153, 107, 3, 49, 159, 174, 55, 184, 136, 80, 214, 123
};
//RNGCryptoServiceProvider.Create().GetBytes(aliceRandomBytes);
//var clampPrivateKey = Curve25519.ClampPrivateKey(privateKeyBytes);
//var publicKey = Curve25519.GetPublicKey(clampPrivateKey);
//var result = Curve25519.GetSharedSecret(clampPrivateKey, publicKey);
var priv = new byte[]
{
0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d,
0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45,
0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a
};
var pub = new byte[]
{
0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4,
0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37,
0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d,
0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f
};
var res = new byte[]
{
0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42
};
var sharedSecret = Curve25519.GetSharedSecret(Curve25519.ClampPrivateKey(priv), pub);
Assert.IsTrue(sharedSecret.SequenceEqual(res));
}
private void DisplayNewMessage(EncMessage message)
{
if (!message.UsedForDHExchange)
{
// TODO: Here we will decrypt the message and show it
using (Aes aes = Aes.Create())
{
this.messagesListBox.Items.Add($"{message.Sender.Username}> " +
$"{AesEncryption.DecryptStringFromBytes(message.Payload, _clientsPrivateKeys[message.Sender.Username], new byte[16])}");
}
}
else
{
if (message.Payload[0] == 0x34 && message.Payload.Length == 1)
{
byte[] rndBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(rndBytes);
privateKey = Curve25519.ClampPrivateKey(rndBytes);
byte[] publicKey = Curve25519.GetPublicKey(privateKey);
var pubKeyMessage = new EncMessage()
{
Recipient = message.Sender,
Sender = message.Recipient,
UsedForDHExchange = true,
Payload = publicKey
};
_serverChannel.SendMessage(pubKeyMessage);
}
else
{
if (!_clientsPrivateKeys.ContainsKey(message.Sender.Username))
{
_clientsPrivateKeys[message.Sender.Username] = Curve25519.GetSharedSecret(privateKey, message.Payload);
}
}
}
}
public byte[] GetSharedSecret(byte[] peerPublicKey)
{
return(Curve25519.GetSharedSecret(m_privateKey, peerPublicKey));
}
static byte[] curve25519GenerateKeyAgreement(byte[] privateKey, byte[] publicKey)
{
return(Curve25519.GetSharedSecret(privateKey, publicKey));
}
// call this method when the public key has been received from the endpoint.
public void GenerateSharedSecret(byte[] OtherPublicKey)
{
_sharedKey = Curve25519.GetSharedSecret(_privateKey, OtherPublicKey);
_allKeysGenerated = true;
}
public Tuple <string, byte[]> Post(byte[] body, ControllerSession session)
{
var parts = TLVParser.Parse(body);
var state = parts.GetTypeAsInt(Constants.State);
if (state == 1)
{
Console.WriteLine("* Pair Verify Step 1/4");
Console.WriteLine("* Verify Start Request");
var clientPublicKey = parts.GetType(Constants.PublicKey);
byte[] privateKey = new byte[32];
SecureRandom random = new SecureRandom();
random.NextBytes(privateKey);
var publicKey = Curve25519.GetPublicKey(privateKey);
var sharedSecret = Curve25519.GetSharedSecret(privateKey, clientPublicKey);
var serverUsername = Encoding.UTF8.GetBytes(Program.ID);
byte[] material = publicKey.Concat(serverUsername).Concat(clientPublicKey).ToArray();
var accessoryLTSK = File.ReadAllBytes("PrivateKey");
byte[] proof = Ed25519.Sign(material, accessoryLTSK);
HKDF g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Info"));
var outputKey = g.GetBytes(32);
TLV encoder = new TLV();
encoder.AddType(Constants.Identifier, serverUsername);
encoder.AddType(Constants.Signature, proof);
byte[] plaintext = TLVParser.Serialise(encoder);
var nonce = Cnv.FromHex("00000000").Concat(Encoding.UTF8.GetBytes("PV-Msg02")).ToArray();
var aad = new byte[0];
byte[] outputTag = new byte[0];
var encryptedOutput = Aead.Encrypt(out outputTag, plaintext, outputKey, nonce, aad, Aead.Algorithm.Chacha20_Poly1305);
byte[] ret = encryptedOutput.Concat(outputTag).ToArray();
TLV responseTLV = new TLV();
responseTLV.AddType(Constants.State, 2);
responseTLV.AddType(Constants.PublicKey, publicKey);
responseTLV.AddType(Constants.EncryptedData, ret);
// Store the details on the session.
//
session.ClientPublicKey = clientPublicKey;
session.PrivateKey = privateKey;
session.PublicKey = publicKey;
session.SharedSecret = sharedSecret;
session.HkdfPairEncKey = outputKey;
var encSalt = Encoding.UTF8.GetBytes("Control-Salt");
var infoRead = Encoding.UTF8.GetBytes("Control-Read-Encryption-Key");
var infoWrite = Encoding.UTF8.GetBytes("Control-Write-Encryption-Key");
g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, encSalt, infoRead);
session.AccessoryToControllerKey = g.GetBytes(32);
g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, encSalt, infoWrite);
session.ControllerToAccessoryKey = g.GetBytes(32);
var output = TLVParser.Serialise(responseTLV);
return(new Tuple <string, byte[]>("application/pairing+tlv8", output));
}
else if (state == 3)
{
Console.WriteLine("* Pair Verify Step 3/4");
Console.WriteLine("* Verify Start Request");
// We're looking good here. Need to set the encryption/settings on this session.
//
session.IsVerified = true;
session.SkipFirstEncryption = true;
TLV responseTLV = new TLV();
responseTLV.AddType(Constants.State, 4);
var output = TLVParser.Serialise(responseTLV);
return(new Tuple <string, byte[]>("application/pairing+tlv8", output));
}
return(null);
}
protected override void OnCreate(Bundle savedInstanceState)
{
base.OnCreate(savedInstanceState);
// Set our view from the "main" layout resource
SetContentView(Resource.Layout.Main);
const string Algorithm = "ECDH"; //What do you think about the other algorithms?
const int KeyBitSize = 2056;
const int NonceBitSize = 128;
const int MacBitSize = 128;
const int DefaultPrimeProbability = 30;
//BEGIN SETUP ALICE
IAsymmetricCipherKeyPairGenerator aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
DHParametersGenerator aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom());
DHParameters aliceParameters = aliceGenerator.GenerateParameters();
KeyGenerationParameters aliceKGP = new DHKeyGenerationParameters(new SecureRandom(), aliceParameters);
aliceKeyGen.Init(aliceKGP);
AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair();
IBasicAgreement aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm);
aliceKeyAgree.Init(aliceKeyPair.Private);
Button a1b = FindViewById <Button>(Resource.Id.a1b);
TextView AliceRandomText = FindViewById <TextView>(Resource.Id.a1t);
Button a2b = FindViewById <Button>(Resource.Id.a2b);
TextView AlicePrivateKeyText = FindViewById <TextView>(Resource.Id.a2t);
Button a3b = FindViewById <Button>(Resource.Id.a3b);
TextView AlicePublicKeyText = FindViewById <TextView>(Resource.Id.a3t);
Button b1b = FindViewById <Button>(Resource.Id.b1b);
TextView BobRandomText = FindViewById <TextView>(Resource.Id.b1t);
Button b2b = FindViewById <Button>(Resource.Id.b2b);
TextView BobPrivateKeyText = FindViewById <TextView>(Resource.Id.b2t);
Button b3b = FindViewById <Button>(Resource.Id.b3b);
TextView BobPublicKeyText = FindViewById <TextView>(Resource.Id.b3t);
Button a4b = FindViewById <Button>(Resource.Id.a4b);
TextView AliceBobSharedKeyText = FindViewById <TextView>(Resource.Id.a4t);
Button b4b = FindViewById <Button>(Resource.Id.b4b);
TextView BobAliceSharedKeyText = FindViewById <TextView>(Resource.Id.b4t);
// what Alice does
byte[] aliceRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(aliceRandomBytes);
byte[] alicePrivate = Curve25519.(aliceRandomBytes);
byte[] alicePublic = Curve25519.GetPublicKey(alicePrivate);
// what Bob does
byte[] bobRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(bobRandomBytes);
byte[] bobPrivate = Curve25519.ClampPrivateKey(bobRandomBytes);
byte[] bobPublic = Curve25519.GetPublicKey(bobPrivate);
// what Alice does with Bob's public key
byte[] aliceShared = Curve25519.GetSharedSecret(alicePrivate, bobPublic);
// what Bob does with Alice' public key
byte[] bobShared = Curve25519.GetSharedSecret(bobPrivate, alicePublic);
// aliceShared == bobShared
a1b.Click += delegate {
alicePrivateBytes = null;
AlicePrivateKeyText.Text = "";
alicePublicBytes = null;
AlicePublicKeyText.Text = "";
aliceBobSharedBytes = null;
bobAliceSharedBytes = null;
AliceBobSharedKeyText.Text = "";
BobAliceSharedKeyText.Text = "";
aliceRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(aliceRandomBytes);
AliceRandomText.Text = BitConverter.ToString(aliceRandomBytes).Replace("-", "");
};
a2b.Click += delegate {
if (aliceRandomBytes != null)
{
alicePrivateBytes = Curve25519.Create(aliceRandomBytes);
AlicePrivateKeyText.Text = BitConverter.ToString(alicePrivateBytes).Replace("-", "");
}
};
a3b.Click += delegate {
if (alicePrivateBytes != null)
{
alicePublicBytes = Curve25519.GetPublicKey(alicePrivateBytes);
AlicePublicKeyText.Text = BitConverter.ToString(alicePublicBytes).Replace("-", "");
}
};
b1b.Click += delegate {
bobPrivateBytes = null;
BobPrivateKeyText.Text = ""; // Reset
bobPublicBytes = null;
BobPublicKeyText.Text = ""; // Reset
aliceBobSharedBytes = null;
bobAliceSharedBytes = null;
AliceBobSharedKeyText.Text = "";
BobAliceSharedKeyText.Text = "";
bobRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(bobRandomBytes);
BobRandomText.Text = BitConverter.ToString(bobRandomBytes).Replace("-", "");
};
b2b.Click += delegate {
if (bobRandomBytes != null)
{
bobPrivateBytes = Curve25519.ClampPrivateKey(bobRandomBytes);
BobPrivateKeyText.Text = BitConverter.ToString(bobPrivateBytes).Replace("-", "");
}
};
b3b.Click += delegate {
if (bobPrivateBytes != null)
{
bobPublicBytes = Curve25519.GetPublicKey(bobPrivateBytes);
BobPublicKeyText.Text = BitConverter.ToString(bobPublicBytes).Replace("-", "");
}
};
a4b.Click += delegate {
if ((alicePrivateBytes != null) && (bobPublicBytes != null))
{
aliceBobSharedBytes = Curve25519.GetSharedSecret(alicePrivateBytes, bobPublicBytes);
AliceBobSharedKeyText.Text = BitConverter.ToString(aliceBobSharedBytes).Replace("-", "");
}
};
b4b.Click += delegate {
if ((bobPrivateBytes != null) && (alicePublicBytes != null))
{
bobAliceSharedBytes = Curve25519.GetSharedSecret(bobPrivateBytes, alicePublicBytes);
BobAliceSharedKeyText.Text = BitConverter.ToString(bobAliceSharedBytes).Replace("-", "");
}
};
}
public PairVerifyReturn Post(Tlv parts, HapSession session)
{
var state = parts.GetTypeAsInt(Constants.State);
if (state == 1)
{
_logger.LogDebug("* Pair Verify Step 1/4");
_logger.LogDebug("* Verify Start Request");
var clientPublicKey = parts.GetType(Constants.PublicKey);
byte[] privateKey = new byte[32];
Random random = new Random();
random.NextBytes(privateKey);
var publicKey = Curve25519.GetPublicKey(privateKey);
var sharedSecret = Curve25519.GetSharedSecret(privateKey, clientPublicKey);
var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId);
var material = publicKey.Concat(serverUsername).Concat(clientPublicKey).ToArray();
var accessoryLtsk = StringToByteArray(HapControllerServer.HapControllerLtsk);
var proof = Chaos.NaCl.Ed25519.Sign(material, accessoryLtsk);
var hdkf = new HkdfSha512();
var hkdfEncKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Salt"),
Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Info"), 32);
var encoder = new Tlv();
encoder.AddType(Constants.Identifier, serverUsername);
encoder.AddType(Constants.Signature, proof);
var plaintext = TlvParser.Serialize(encoder);
var zeros = new byte[] { 0, 0, 0, 0 };
var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PV-Msg02"));
var encryptedOutput = AeadAlgorithm.ChaCha20Poly1305.Encrypt(
Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce,
new byte[0], plaintext);
var responseTlv = new Tlv();
responseTlv.AddType(Constants.State, 2);
responseTlv.AddType(Constants.EncryptedData, encryptedOutput);
responseTlv.AddType(Constants.PublicKey, publicKey);
// Store the details on the session.
//
session.ClientPublicKey = clientPublicKey;
session.PrivateKey = privateKey;
session.PublicKey = publicKey;
session.SharedSecret = sharedSecret;
session.HkdfPairEncKey = hkdfEncKey;
var encSalt = Encoding.UTF8.GetBytes("Control-Salt");
var infoRead = Encoding.UTF8.GetBytes("Control-Read-Encryption-Key");
var infoWrite = Encoding.UTF8.GetBytes("Control-Write-Encryption-Key");
session.AccessoryToControllerKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), encSalt, infoRead, 32);
session.ControllerToAccessoryKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), encSalt, infoWrite, 32);
return(new PairVerifyReturn
{
TlvData = responseTlv,
Ok = true,
HapSession = session
});
}
if (state == 3)
{
_logger.LogDebug("* Pair Verify Step 3/4");
_logger.LogDebug("* Verify Finish Request");
var encryptedData = parts.GetType(Constants.EncryptedData);
var zeros = new byte[] { 0, 0, 0, 0 };
var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PV-Msg03"));
var decrypt = AeadAlgorithm.ChaCha20Poly1305.Decrypt(Key.Import(AeadAlgorithm.ChaCha20Poly1305, session.HkdfPairEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], encryptedData, out var output);
if (!decrypt)
{
var errorTlv = new Tlv();
errorTlv.AddType(Constants.State, 4);
errorTlv.AddType(Constants.Error, ErrorCodes.Authentication);
return(new PairVerifyReturn
{
TlvData = errorTlv,
Ok = false
});
}
var subData = TlvParser.Parse(output);
var clientUserName = subData.GetType(Constants.Identifier);
var signature = subData.GetType(Constants.Signature);
var clientPublicKey = StringToByteArray(HapControllerServer.HapControllerLtpk);
var material = session.ClientPublicKey.Concat(clientUserName).Concat(session.PublicKey).ToArray();
session.ClientUsername = Automatica.Core.Driver.Utility.Utils.ByteArrayToString(in clientUserName);
if (!Chaos.NaCl.Ed25519.Verify(signature, material, clientPublicKey))
{
var errorTlv = new Tlv();
errorTlv.AddType(Constants.State, 4);
errorTlv.AddType(Constants.Error, ErrorCodes.Authentication);
return(new PairVerifyReturn
{
TlvData = errorTlv,
Ok = false
});
}
var responseTlv = new Tlv();
responseTlv.AddType(Constants.State, 4);
session.IsVerified = true;
session.SkipFirstEncryption = true;
return(new PairVerifyReturn
{
Ok = true,
TlvData = responseTlv
});
}
return(null);
}
public static string GenEncrypedPin(string pin, string pinToken, string sessionId, string priKey, ulong it)
{
ulong time = (ulong)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
var bPinToken = UrlBase64.Decode(pinToken);
var bPriToken = UrlBase64.Decode(priKey);
byte[] bPriToken2 = new byte[32];
Array.Copy(bPriToken, bPriToken2, 32);
var bPriToken3 = PrivateKeyToCurve25519(bPriToken2);
Curve25519 pkey = Curve25519.Create(Curve25519.Curve25519Sha256);
pkey.FromPrivateKey(bPriToken3);
byte[] sk = pkey.GetSharedSecret(bPinToken);
var bPin = Encoding.ASCII.GetBytes(pin);
var btime = BitConverter.GetBytes(time);
var biterator = BitConverter.GetBytes(it);
int len = bPin.Length + btime.Length + biterator.Length;
IBlockCipher cipherAes = new AesEngine();
int bsize = cipherAes.GetBlockSize();
KeyParameter keyParameter = new KeyParameter(sk);
int nPadding = bsize - len % bsize;
var bPadding = new byte[nPadding];
len += (len % bsize == 0 ? 0 : nPadding);
var blocks = new byte[len];
Array.Copy(bPin, blocks, bPin.Length);
Array.Copy(btime, 0, blocks, bPin.Length, btime.Length);
Array.Copy(biterator, 0, blocks, bPin.Length + btime.Length, biterator.Length);
Array.Copy(bPadding, 0, blocks, bPin.Length + btime.Length + biterator.Length, nPadding);
var iv = new byte[bsize];
random.NextBytes(iv);
CbcBlockCipher cbcBc = new CbcBlockCipher(cipherAes);
ParametersWithIV parametersWithIV = new ParametersWithIV(keyParameter, iv);
BufferedBlockCipher bc = new BufferedBlockCipher(cbcBc);
bc.Init(true, parametersWithIV);
var bOut = bc.ProcessBytes(blocks);
var rz = new byte[bOut.Length + bsize];
Array.Copy(iv, rz, iv.Length);
Array.Copy(bOut, 0, rz, iv.Length, bOut.Length);
return(UrlBase64.Encode(rz));
}