/// <summary>
/// Validate client Hello
/// </summary>
/// <remark>
/// Here the server verifies that the received message length is 64
/// bytes, then extracts the client's ephemeral key and also verifies
/// that the hmac was signed with the network key.
///
/// This sets the object's <see cref="_ephemeral_client_pk"/>
/// </remark>
/// <exception cref="ArgumentException">
/// Thrown if the client Hello <paramref name="msg"/> fails to pass the
/// checks.
/// </exception>
/// <param name="msg">
/// The received message, the first 32 bytes correspond to the client
/// ephemeral key and the last 32 bytes to the hmac.
/// </param>
public void AcceptHello(byte[] msg)
{
if (msg.Length != 64)
{
throw new ArgumentException("The received message is not 64 bytes");
}
// Separate the message in ephemeral key and hmac
var ephemeral_client_key = new byte[SECTION_LENGTH];
Buffer.BlockCopy(msg, SECTION_LENGTH, ephemeral_client_key, 0, SECTION_LENGTH);
var hmac = new byte[SECTION_LENGTH];
Buffer.BlockCopy(msg, 0, hmac, 0, SECTION_LENGTH);
// Check if the key used to sign the hmac of the ephemeral_client_key is
// valid
//
// Aka, check if we are in the same network
if (!SecretKeyAuth.Verify(ephemeral_client_key, hmac, _network_key))
{
throw new ArgumentException("The hmac does not match");
}
else
{
this._ephemeral_client_pk = ephemeral_client_key;
}
// Now that we have the client's ephemeral public key we can derive
// the first 2 secrets
this.DeriveSecrets();
}
public void SimpleVerifyTest()
{
var actual = SecretKeyAuth.Verify(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
Assert.AreEqual(true, actual);
}
public void SecretKeyAuthVerifyWithBadSignature()
{
Assert.Throws <SignatureOutOfRangeException>(() =>
{
SecretKeyAuth.Verify(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321"),
Encoding.UTF8.GetBytes("01234567890123456789012345678901"));
});
}
public void SignAndVerifyTest()
{
byte[] key = SecretKeyAuth.GenerateKey();
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
byte[] signature = SecretKeyAuth.Sign(message, key);
bool verification = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(verification);
}
public void OpenTest()
{
var key = Convert.FromBase64String("wYSsnapy7G9F+NTo/bVvIpnRv/ULd97XSMPLoe4+abM=");
byte[] signature = Convert.FromBase64String("hQ4vOFX+pPJNhXxnbMfzAtLjSVeRBBGCOIjlNoIWvzA=");
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
bool result = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(result);
}
public void SecretKeyAuthSignAndVerifyTest()
{
byte[] key = SecretKeyAuth.GenerateKey();
String message = "Hello, World!";
byte[] signature = SecretKeyAuth.Sign(System.Text.Encoding.UTF8.GetBytes(message), key);
Assert.AreEqual(32, signature.Length);
bool verification = SecretKeyAuth.Verify(System.Text.Encoding.UTF8.GetBytes(message), signature, key);
Assert.IsTrue(verification);
signature = SecretKeyAuth.Sign(message, key);
Assert.AreEqual(32, signature.Length);
verification = SecretKeyAuth.Verify(message, signature, key);
Assert.IsTrue(verification);
}
public void SecretKeyAuthVerifyWithBadKey()
{
SecretKeyAuth.Verify(Encoding.UTF8.GetBytes("Adam Caudill"),
Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"),
Encoding.UTF8.GetBytes("012345678901234567890123456789"));
}
