private SenderKeyState(uint id, uint iteration, byte[] chainKey,
IEcPublicKey signatureKeyPublic,
May <IEcPrivateKey> signatureKeyPrivate)
{
StorageProtos.SenderKeyStateStructure.Types.SenderChainKey senderChainKeyStructure =
StorageProtos.SenderKeyStateStructure.Types.SenderChainKey.CreateBuilder()
.SetIteration(iteration)
.SetSeed(ByteString.CopyFrom(chainKey))
.Build();
StorageProtos.SenderKeyStateStructure.Types.SenderSigningKey.Builder signingKeyStructure =
StorageProtos.SenderKeyStateStructure.Types.SenderSigningKey.CreateBuilder()
.SetPublic(ByteString.CopyFrom(signatureKeyPublic.Serialize()));
if (signatureKeyPrivate.HasValue)
{
signingKeyStructure.SetPrivate(ByteString.CopyFrom(signatureKeyPrivate.ForceGetValue().Serialize()));
}
_senderKeyStateStructure = StorageProtos.SenderKeyStateStructure.CreateBuilder()
.SetSenderKeyId(id)
.SetSenderChainKey(senderChainKeyStructure)
.SetSenderSigningKey(signingKeyStructure)
.Build();
}
private SenderKeyState(uint id, uint iteration, byte[] chainKey,
IEcPublicKey signatureKeyPublic,
May <IEcPrivateKey> signatureKeyPrivate)
{
SenderKeyStateStructure.Types.SenderChainKey senderChainKeyStructure = new SenderKeyStateStructure.Types.SenderChainKey
{
Iteration = iteration,
Seed = ByteString.CopyFrom(chainKey)
};
SenderKeyStateStructure.Types.SenderSigningKey signingKeyStructure = new SenderKeyStateStructure.Types.SenderSigningKey
{
Public = ByteString.CopyFrom(signatureKeyPublic.Serialize())
};
if (signatureKeyPrivate.HasValue)
{
signingKeyStructure.Private = ByteString.CopyFrom(signatureKeyPrivate.ForceGetValue().Serialize());
}
_senderKeyStateStructure = new SenderKeyStateStructure
{
SenderKeyId = id,
SenderChainKey = senderChainKeyStructure,
SenderSigningKey = signingKeyStructure
};
}
public PreKeySignalMessage(uint messageVersion, uint registrationId, May <uint> preKeyId,
uint signedPreKeyId, IEcPublicKey baseKey, IdentityKey identityKey,
SignalMessage message)
{
_version = messageVersion;
_registrationId = registrationId;
_preKeyId = preKeyId;
_signedPreKeyId = signedPreKeyId;
_baseKey = baseKey;
_identityKey = identityKey;
_message = message;
PreKeySignalMessage preKeySignalMessage = new PreKeySignalMessage
{
SignedPreKeyId = signedPreKeyId,
BaseKey = ByteString.CopyFrom(baseKey.Serialize()),
IdentityKey = ByteString.CopyFrom(identityKey.Serialize()),
Message = ByteString.CopyFrom(message.Serialize()),
RegistrationId = registrationId
};
if (preKeyId.HasValue) // .isPresent()
{
preKeySignalMessage.PreKeyId = preKeyId.ForceGetValue(); // get()
}
byte[] versionBytes = { ByteUtil.IntsToByteHighAndLow((int)_version, (int)CurrentVersion) };
byte[] messageBytes = preKeySignalMessage.ToByteArray();
_serialized = ByteUtil.Combine(versionBytes, messageBytes);
}
public SignalMessage(uint messageVersion, byte[] macKey, IEcPublicKey senderRatchetKey,
uint counter, uint previousCounter, byte[] ciphertext,
IdentityKey senderIdentityKey,
IdentityKey receiverIdentityKey)
{
byte[] version = { ByteUtil.IntsToByteHighAndLow((int)messageVersion, (int)CurrentVersion) };
byte[] message = new SignalMessage
{
ratchedKeyOneofCase_ = RatchedKeyOneofOneofCase.RatchetKey,
RatchetKey = ByteString.CopyFrom(senderRatchetKey.Serialize()), //TODO serialize ok?
counterOneofCase_ = CounterOneofOneofCase.Counter,
Counter = counter,
previousCounterOneofCase_ = PreviousCounterOneofOneofCase.PreviousCounter,
PreviousCounter = previousCounter,
ciphertextOneofCase_ = CiphertextOneofOneofCase.Ciphertext,
Ciphertext = ByteString.CopyFrom(ciphertext),
}.ToByteArray();
byte[] mac = GetMac(senderIdentityKey, receiverIdentityKey, macKey, ByteUtil.Combine(version, message));
_serialized = ByteUtil.Combine(version, message, mac);
_senderRatchetKey = senderRatchetKey;
_counter = counter;
_previousCounter = previousCounter;
_ciphertext = ciphertext;
_messageVersion = messageVersion;
}
public PreKeySignalMessage(uint messageVersion, uint registrationId, May <uint> preKeyId,
uint signedPreKeyId, IEcPublicKey baseKey, IdentityKey identityKey,
SignalMessage message)
{
_version = messageVersion;
_registrationId = registrationId;
_preKeyId = preKeyId;
_signedPreKeyId = signedPreKeyId;
_baseKey = baseKey;
_identityKey = identityKey;
_message = message;
WhisperProtos.PreKeySignalMessage.Builder builder =
WhisperProtos.PreKeySignalMessage.CreateBuilder()
.SetSignedPreKeyId(signedPreKeyId)
.SetBaseKey(ByteString.CopyFrom(baseKey.Serialize()))
.SetIdentityKey(ByteString.CopyFrom(identityKey.Serialize()))
.SetMessage(ByteString.CopyFrom(message.Serialize()))
.SetRegistrationId(registrationId);
if (preKeyId.HasValue) // .isPresent()
{
builder.SetPreKeyId(preKeyId.ForceGetValue()); // get()
}
byte[] versionBytes = { ByteUtil.IntsToByteHighAndLow((int)_version, (int)CurrentVersion) };
byte[] messageBytes = builder.Build().ToByteArray();
_serialized = ByteUtil.Combine(versionBytes, messageBytes);
}
public void SetUnacknowledgedPreKeyMessage(May <uint> preKeyId, uint signedPreKeyId, IEcPublicKey baseKey)
{
SessionStructure.Types.PendingPreKey pending = new SessionStructure.Types.PendingPreKey
{
SignedPreKeyId = (int)signedPreKeyId,
BaseKey = ByteString.CopyFrom(baseKey.Serialize())
};
if (preKeyId.HasValue)
{
pending.PreKeyId = preKeyId.ForceGetValue();
}
_sessionStructure.PendingPreKey = pending;
}
public SenderKeyDistributionMessage(uint id, uint iteration, byte[] chainKey, IEcPublicKey signatureKey)
{
byte[] version = { ByteUtil.IntsToByteHighAndLow((int)CurrentVersion, (int)CurrentVersion) };
byte[] protobuf = WhisperProtos.SenderKeyDistributionMessage.CreateBuilder()
.SetId(id)
.SetIteration(iteration)
.SetChainKey(ByteString.CopyFrom(chainKey))
.SetSigningKey(ByteString.CopyFrom(signatureKey.Serialize()))
.Build().ToByteArray();
_id = id;
_iteration = iteration;
_chainKey = chainKey;
_signatureKey = signatureKey;
_serialized = ByteUtil.Combine(version, protobuf);
}
public SenderKeyDistributionMessage(uint id, uint iteration, byte[] chainKey, IEcPublicKey signatureKey)
{
byte[] version = { ByteUtil.IntsToByteHighAndLow((int)CurrentVersion, (int)CurrentVersion) };
byte[] protobuf = new SenderKeyDistributionMessage
{
Id = id,
Iteration = iteration,
ChainKey = ByteString.CopyFrom(chainKey),
SigningKey = ByteString.CopyFrom(signatureKey.Serialize())
}.ToByteArray();
_id = id;
_iteration = iteration;
_chainKey = chainKey;
_signatureKey = signatureKey;
_serialized = ByteUtil.Combine(version, protobuf);
}
public void AddReceiverChain(IEcPublicKey senderRatchetKey, ChainKey chainKey)
{
SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = new SessionStructure.Types.Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(chainKey.GetKey()),
Index = chainKey.GetIndex()
};
SessionStructure.Types.Chain chain = new SessionStructure.Types.Chain
{
ChainKey = chainKeyStructure,
SenderRatchetKey = ByteString.CopyFrom(senderRatchetKey.Serialize())
};
_sessionStructure.ReceiverChains.Add(chain);
while (_sessionStructure.ReceiverChains.Count > 5)
{
_sessionStructure.ReceiverChains.RemoveAt(0); //TODO why was here a TODO?
}
}
public SignalMessage(uint messageVersion, byte[] macKey, IEcPublicKey senderRatchetKey,
uint counter, uint previousCounter, byte[] ciphertext,
IdentityKey senderIdentityKey,
IdentityKey receiverIdentityKey)
{
byte[] version = { ByteUtil.IntsToByteHighAndLow((int)messageVersion, (int)CurrentVersion) };
byte[] message = WhisperProtos.SignalMessage.CreateBuilder()
.SetRatchetKey(ByteString.CopyFrom(senderRatchetKey.Serialize()))
.SetCounter(counter)
.SetPreviousCounter(previousCounter)
.SetCiphertext(ByteString.CopyFrom(ciphertext))
.Build().ToByteArray();
byte[] mac = GetMac(messageVersion, senderIdentityKey, receiverIdentityKey, macKey,
ByteUtil.Combine(version, message));
_serialized = ByteUtil.Combine(version, message, mac);
_senderRatchetKey = senderRatchetKey;
_counter = counter;
_previousCounter = previousCounter;
_ciphertext = ciphertext;
_messageVersion = messageVersion;
}
public byte[] Serialize()
{
return(_publicKey.Serialize());
}
public void SetUnacknowledgedPreKeyMessage(May <uint> preKeyId, uint signedPreKeyId, IEcPublicKey baseKey)
{
StorageProtos.SessionStructure.Types.PendingPreKey.Builder pending = StorageProtos.SessionStructure.Types.PendingPreKey.CreateBuilder()
.SetSignedPreKeyId((int)signedPreKeyId)
.SetBaseKey(ByteString.CopyFrom(baseKey.Serialize()));
if (preKeyId.HasValue)
{
pending.SetPreKeyId(preKeyId.ForceGetValue());
}
_sessionStructure = _sessionStructure.ToBuilder()
.SetPendingPreKey(pending.Build())
.Build();
}
public void AddReceiverChain(IEcPublicKey senderRatchetKey, ChainKey chainKey)
{
StorageProtos.SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = StorageProtos.SessionStructure.Types.Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.GetKey()))
.SetIndex(chainKey.GetIndex())
.Build();
StorageProtos.SessionStructure.Types.Chain chain = StorageProtos.SessionStructure.Types.Chain.CreateBuilder()
.SetChainKey(chainKeyStructure)
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKey.Serialize()))
.Build();
_sessionStructure = _sessionStructure.ToBuilder().AddReceiverChains(chain).Build();
if (_sessionStructure.ReceiverChainsList.Count > 5)
{
_sessionStructure = _sessionStructure.ToBuilder() /*.ClearReceiverChains()*/.Build(); //RemoveReceiverChains(0) TODO: why does it work without
}
}
public void TestSignature()
{
byte[] aliceIdentityPrivate =
{
0xc0, 0x97, 0x24, 0x84, 0x12,
0xe5, 0x8b, 0xf0, 0x5d, 0xf4,
0x87, 0x96, 0x82, 0x05, 0x13,
0x27, 0x94, 0x17, 0x8e, 0x36,
0x76, 0x37, 0xf5, 0x81, 0x8f,
0x81, 0xe0, 0xe6, 0xce, 0x73,
0xe8, 0x65
};
byte[] aliceIdentityPublic =
{
0x05, 0xab, 0x7e, 0x71, 0x7d,
0x4a, 0x16, 0x3b, 0x7d, 0x9a,
0x1d, 0x80, 0x71, 0xdf, 0xe9,
0xdc, 0xf8, 0xcd, 0xcd, 0x1c,
0xea, 0x33, 0x39, 0xb6, 0x35,
0x6b, 0xe8, 0x4d, 0x88, 0x7e,
0x32, 0x2c, 0x64
};
byte[] aliceEphemeralPublic =
{
0x05, 0xed, 0xce, 0x9d, 0x9c,
0x41, 0x5c, 0xa7, 0x8c, 0xb7,
0x25, 0x2e, 0x72, 0xc2, 0xc4,
0xa5, 0x54, 0xd3, 0xeb, 0x29,
0x48, 0x5a, 0x0e, 0x1d, 0x50,
0x31, 0x18, 0xd1, 0xa8, 0x2d,
0x99, 0xfb, 0x4a
};
byte[] aliceSignature =
{
0x5d, 0xe8, 0x8c, 0xa9, 0xa8,
0x9b, 0x4a, 0x11, 0x5d, 0xa7,
0x91, 0x09, 0xc6, 0x7c, 0x9c,
0x74, 0x64, 0xa3, 0xe4, 0x18,
0x02, 0x74, 0xf1, 0xcb, 0x8c,
0x63, 0xc2, 0x98, 0x4e, 0x28,
0x6d, 0xfb, 0xed, 0xe8, 0x2d,
0xeb, 0x9d, 0xcd, 0x9f, 0xae,
0x0b, 0xfb, 0xb8, 0x21, 0x56,
0x9b, 0x3d, 0x90, 0x01, 0xbd,
0x81, 0x30, 0xcd, 0x11, 0xd4,
0x86, 0xce, 0xf0, 0x47, 0xbd,
0x60, 0xb8, 0x6e, 0x88
};
IEcPrivateKey alicePrivateKey = Curve.DecodePrivatePoint(aliceIdentityPrivate);
IEcPublicKey alicePublicKey = Curve.DecodePoint(aliceIdentityPublic, 0);
IEcPublicKey aliceEphemeral = Curve.DecodePoint(aliceEphemeralPublic, 0);
if (!Curve.VerifySignature(alicePublicKey, aliceEphemeral.Serialize(), aliceSignature))
{
Assert.Fail("Sig verification failed!");
}
for (int i = 0; i < aliceSignature.Length; i++)
{
byte[] modifiedSignature = new byte[aliceSignature.Length];
System.Buffer.BlockCopy(aliceSignature, 0, modifiedSignature, 0, modifiedSignature.Length);
modifiedSignature[i] ^= 0x01;
if (Curve.VerifySignature(alicePublicKey, aliceEphemeral.Serialize(), modifiedSignature))
{
Assert.Fail("Sig verification succeeded!");
}
}
}
