public void InitialChainSymmetryTest1()
{
byte[] rk = rng.Generate(32);
byte[] rhk = rng.Generate(32);
byte[] shk = rng.Generate(32);
var skey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
byte[] spub1 = skey1.GetPublicKey();
byte[] spub2 = skey2.GetPublicKey();
byte[] cpub1 = ckey1.GetPublicKey();
byte[] cpub2 = ckey2.GetPublicKey();
var secdhstep = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub1, skey2, rhk, shk);
var cecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, shk, rhk, ckey2);
// the initialized client can send to the server
var clientkeys = cecdhsteps[0].SendingChain.RatchetForSending(kdf);
var serverkeys = secdhstep.ReceivingChain.RatchetForReceiving(kdf, clientkeys.generation);
Assert.Equal(clientkeys.key, serverkeys.key);
}
public void SecondChainRatchetTest()
{
byte[] rk = rng.Generate(32);
byte[] rhk = rng.Generate(32);
byte[] shk = rng.Generate(32);
var skey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey3 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey3 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
byte[] spub1 = skey1.GetPublicKey();
byte[] spub2 = skey2.GetPublicKey();
byte[] spub3 = skey3.GetPublicKey();
byte[] cpub1 = ckey1.GetPublicKey();
byte[] cpub2 = ckey2.GetPublicKey();
byte[] cpub3 = ckey2.GetPublicKey();
var secdhstep1 = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub1, skey2, rhk, shk);
var cecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, shk, rhk, ckey2);
var secdhstep2 = secdhstep1.Ratchet(kdf, digest,
cpub2, skey3);
// and the server sends back
var cecdhstep3 = cecdhsteps[1].Ratchet(kdf, digest,
spub3, ckey3);
var serverkeys = secdhstep2.SendingChain.RatchetForSending(kdf);
var clientkeys = cecdhstep3.ReceivingChain.RatchetForReceiving(kdf, serverkeys.generation);
Assert.Equal(serverkeys.key, clientkeys.key);
}
public void InitialChainRatchetTest()
{
byte[] rk = rng.Generate(32);
byte[] rhk = rng.Generate(32);
byte[] shk = rng.Generate(32);
var skey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey3 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
byte[] spub1 = skey1.GetPublicKey();
byte[] spub2 = skey2.GetPublicKey();
byte[] spub3 = skey3.GetPublicKey();
byte[] cpub1 = ckey1.GetPublicKey();
byte[] cpub2 = ckey2.GetPublicKey();
var secdhstep1 = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub1, skey2, rhk, shk);
var cecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, shk, rhk, ckey2);
// client sends new ECDH to server
var secdhstep2 = secdhstep1.Ratchet(kdf, digest,
cpub2, skey3);
// which means the client now can send using its latest step
var clientkeys = cecdhsteps[1].SendingChain.RatchetForSending(kdf);
var serverkeys = secdhstep2.ReceivingChain.RatchetForReceiving(kdf, clientkeys.generation);
Assert.Equal(clientkeys.key, serverkeys.key);
}
public void ClientInitializeReferenceTest(byte[] rk, byte[] rhk, byte[] shk, byte[] _ckey1, byte[] _ckey2, byte[] spub1, byte[] spub2, byte[] rckey, byte[] sckey)
{
var ckey1 = new KeyAgreement(_ckey1);
var ckey2 = new KeyAgreement(_ckey2);
var ecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, rhk, shk, ckey2);
Assert.Equal(rckey, ecdhsteps[1].ReceivingChain.ChainKey);
Assert.Equal(sckey, ecdhsteps[0].SendingChain.ChainKey);
}
public void ServerInitializeReferenceTest(byte[] rk, byte[] rhk, byte[] shk, byte[] _skey1, byte[] _skey2, byte[] cpub, byte[] rckey, byte[] sckey)
{
var skey1 = new KeyAgreement(_skey1);
var skey2 = new KeyAgreement(_skey2);
var ecdhstep = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub, skey2, rhk, shk);
Assert.Equal(rckey, ecdhstep.ReceivingChain.ChainKey);
Assert.Equal(sckey, ecdhstep.SendingChain.ChainKey);
}
public void RatchetReferenceTest(byte[] nrk, byte[] rhk, byte[] nrhk, byte[] rck, byte[] shk, byte[] nshk, byte[] sck, byte[] _key, byte[] rpk, byte[] erck)
{
var key = new KeyAgreement(_key);
var step0 = EcdhRatchetStep.Create(key, nrk,
0, rhk, nrhk, rck,
0, shk, nshk, sck);
var step1 = step0.Ratchet(kdf, digest, rpk, new KeyAgreement(KeyGeneration.GeneratePrivateKey()));
Assert.Equal(erck, step1.ReceivingChain.ChainKey);
}
public void RatchetReferenceTest2(byte[] nrk, byte[] rhk, byte[] nrhk, byte[] rck, byte[] shk, byte[] nshk, byte[] sck, byte[] _key, byte[] rpk, byte[] _nkey, byte[] esck)
{
var key = new KeyAgreement(_key);
var nkey = new KeyAgreement(_nkey);
var step0 = EcdhRatchetStep.Create(key, nrk,
0, rhk, nrhk, rck,
0, shk, nshk, sck);
var step1 = step0.Ratchet(kdf, digest, rpk, nkey);
Assert.Equal(esck, step1.SendingChain.ChainKey);
}
public void InitialChainSymmetryReferenceTest(byte[] rk, byte[] rhk, byte[] shk, byte[] _skey1, byte[] _skey2, byte[] _ckey1, byte[] _ckey2, byte[] rckey, byte[] sckey)
{
var skey1 = new KeyAgreement(_skey1);
var skey2 = new KeyAgreement(_skey2);
var ckey1 = new KeyAgreement(_ckey1);
var ckey2 = new KeyAgreement(_ckey2);
byte[] spub1 = skey1.GetPublicKey();
byte[] spub2 = skey2.GetPublicKey();
byte[] cpub1 = ckey1.GetPublicKey();
byte[] cpub2 = ckey2.GetPublicKey();
var secdhstep = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub1, skey2, rhk, shk);
var cecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, shk, rhk, ckey2);
Assert.Equal(rckey, secdhstep.ReceivingChain.ChainKey);
Assert.Equal(rckey, cecdhsteps[0].SendingChain.ChainKey);
Assert.Equal(sckey, secdhstep.SendingChain.ChainKey);
Assert.Equal(sckey, cecdhsteps[1].ReceivingChain.ChainKey);
}
public void ServerInitializeTest()
{
byte[] rk = rng.Generate(32);
byte[] rhk = rng.Generate(32);
byte[] shk = rng.Generate(32);
var skey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var skey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
byte[] ckey = KeyGeneration.GeneratePrivateKey();
byte[] cpub = KeyGeneration.GetPublicKeyFromPrivateKey(ckey);
var ecdhstep = EcdhRatchetStep.InitializeServer(kdf, digest,
skey1, rk, cpub, skey2, rhk, shk);
Assert.NotNull(ecdhstep);
Assert.NotNull(ecdhstep.NextReceiveHeaderKey);
Assert.NotNull(ecdhstep.NextSendHeaderKey);
Assert.NotNull(ecdhstep.NextRootKey);
Assert.NotNull(ecdhstep.ReceiveHeaderKey);
Assert.NotNull(ecdhstep.ReceivingChain.ChainKey);
Assert.Equal(0, ecdhstep.ReceivingChain.Generation);
Assert.NotNull(ecdhstep.SendingChain.ChainKey);
Assert.Equal(0, ecdhstep.SendingChain.Generation);
}
public void ClientInitializeTest()
{
byte[] rk = rng.Generate(32);
byte[] rhk = rng.Generate(32);
byte[] shk = rng.Generate(32);
var ckey1 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
var ckey2 = new KeyAgreement(KeyGeneration.GeneratePrivateKey());
byte[] skey1 = KeyGeneration.GeneratePrivateKey();
byte[] skey2 = KeyGeneration.GeneratePrivateKey();
byte[] spub1 = KeyGeneration.GetPublicKeyFromPrivateKey(skey1);
byte[] spub2 = KeyGeneration.GetPublicKeyFromPrivateKey(skey2);
var ecdhsteps = EcdhRatchetStep.InitializeClient(kdf, digest,
rk, spub1, spub2, ckey1, rhk, shk, ckey2);
Assert.NotNull(ecdhsteps);
Assert.NotNull(ecdhsteps[0]);
Assert.NotNull(ecdhsteps[1]);
Assert.Null(ecdhsteps[0].NextReceiveHeaderKey);
Assert.Null(ecdhsteps[0].NextSendHeaderKey);
Assert.Null(ecdhsteps[0].NextRootKey);
Assert.Null(ecdhsteps[0].ReceiveHeaderKey);
Assert.Null(ecdhsteps[0].ReceivingChain.ChainKey);
Assert.NotNull(ecdhsteps[0].SendHeaderKey);
Assert.NotNull(ecdhsteps[0].SendingChain.ChainKey);
Assert.Equal(0, ecdhsteps[0].SendingChain.Generation);
Assert.NotNull(ecdhsteps[1].NextReceiveHeaderKey);
Assert.NotNull(ecdhsteps[1].NextSendHeaderKey);
Assert.NotNull(ecdhsteps[1].NextRootKey);
Assert.NotNull(ecdhsteps[1].ReceiveHeaderKey);
Assert.NotNull(ecdhsteps[1].ReceivingChain.ChainKey);
Assert.Equal(0, ecdhsteps[1].ReceivingChain.Generation);
Assert.NotNull(ecdhsteps[1].SendingChain.ChainKey);
Assert.Equal(0, ecdhsteps[1].SendingChain.Generation);
}
