public static void InitializeSession(SessionState sessionState,
UInt32 sessionVersion,
AliceAxolotlParameters parameters)
{
try {
sessionState.SetSessionVersion(sessionVersion);
sessionState.SetRemoteIdentityKey(parameters.TheirIdentityKey);
sessionState.SetLocalIdentityKey(parameters.OurIdentityKey.PublicKey);
ECKeyPair sendingRatchetKey = Curve.GenerateKeyPair();
byte[] secrets;
using(var stream = new MemoryStream())
using(var sw = new BinaryWriter(stream))
{
byte[] buf;
if (sessionVersion >= 3) {
buf = GetDiscontinuityBytes();
sw.Write(buf);
}
buf = Curve.CalculateAgreement(parameters.TheirSignedPreKey,
parameters.OurIdentityKey.PrivateKey);
sw.Write(buf);
buf = Curve.CalculateAgreement(parameters.TheirIdentityKey.PublicKey,
parameters.OurBaseKey.PrivateKey);
sw.Write(buf);
buf = Curve.CalculateAgreement(parameters.TheirSignedPreKey,
parameters.OurBaseKey.PrivateKey);
sw.Write(buf);
if (sessionVersion >= 3 && parameters.TheirOneTimePreKey.IsSomething()) {
parameters.TheirOneTimePreKey.Do(pKey => {
buf = Curve.CalculateAgreement(pKey,
parameters.OurBaseKey.PrivateKey);
sw.Write(buf);
});
}
sw.Flush();
secrets = stream.ToArray();
}
DerivedKeys derivedKeys = CalculateDerivedKeys(sessionVersion, secrets);
Tuple<RootKey, ChainKey> sendingChain = derivedKeys.RootKey.CreateChain(parameters.TheirRatchetKey, sendingRatchetKey);
sessionState.AddReceiverChain(parameters.TheirRatchetKey, derivedKeys.ChainKey);
sessionState.SetSenderChain(sendingRatchetKey, sendingChain.Item2);
sessionState.RootKey = sendingChain.Item1;
} catch (Exception e) {
throw new InvalidOperationException("Assertion error" + e);
}
}
private ChainKey GetOrCreateChainKey(SessionState sessionState, ECPublicKey theirEphemeral)
{
try
{
if(sessionState.HasReceiverChain(theirEphemeral))
{
return sessionState.GetReceiverChainKey(theirEphemeral);
}
else
{
RootKey rootKey = sessionState.RootKey;
ECKeyPair ourEphemeral = sessionState.SenderRatchetKeyPair;
Tuple<RootKey, ChainKey> receiverChain = rootKey.CreateChain(theirEphemeral, ourEphemeral);
ECKeyPair ourNewEphemeral = Curve.GenerateKeyPair();
Tuple<RootKey, ChainKey> senderChain = receiverChain.Item1.CreateChain(theirEphemeral, ourNewEphemeral);
sessionState.RootKey = senderChain.Item1;
sessionState.AddReceiverChain(theirEphemeral, receiverChain.Item2);
sessionState.PreviousCounter = Math.Max(sessionState.GetSenderChainKey().Index - 1, 0);
sessionState.SetSenderChain(ourNewEphemeral, senderChain.Item2);
return receiverChain.Item2;
}
}
catch(InvalidKeyException e)
{
throw new InvalidMessageException(e);
}
}