/**
* Build a new session from a {@link org.whispersystems.libaxolotl.state.PreKeyBundle} retrieved from
* a server.
*
* @param preKey A PreKey for the destination recipient, retrieved from a server.
* @throws InvalidKeyException when the {@link org.whispersystems.libaxolotl.state.PreKeyBundle} is
* badly formatted.
* @throws org.whispersystems.libaxolotl.UntrustedIdentityException when the sender's
* {@link IdentityKey} is not
* trusted.
*/
public void Process(PreKeyBundle preKey)
{
lock (SessionCipher.SESSION_LOCK)
{
if (!identityKeyStore.IsTrustedIdentity(remoteAddress.GetName(), preKey.GetIdentityKey()))
{
throw new UntrustedIdentityException(remoteAddress.GetName(), preKey.GetIdentityKey());
}
if (preKey.GetSignedPreKey() != null &&
!Curve.VerifySignature(preKey.GetIdentityKey().GetPublicKey(),
preKey.GetSignedPreKey().Serialize(),
preKey.GetSignedPreKeySignature()))
{
throw new InvalidKeyException("Invalid Signature on Device Key!");
}
if (preKey.GetSignedPreKey() == null && preKey.GetPreKey() == null)
{
throw new InvalidKeyException("Both Signed and Unsigned Prekeys are Absent!");
}
bool supportsV3 = preKey.GetSignedPreKey() != null;
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
ECKeyPair ourBaseKey = Curve.GenerateKeyPair();
ECPublicKey theirSignedPreKey = supportsV3 ? preKey.GetSignedPreKey() : preKey.GetPreKey();
ECPublicKey test = preKey.GetPreKey(); // TODO: Cleanup
May <ECPublicKey> theirOneTimePreKey = (test == null) ? May <ECPublicKey> .NoValue : new May <ECPublicKey>(test);
May <uint> theirOneTimePreKeyId = theirOneTimePreKey.HasValue ? new May <uint>(preKey.GetPreKeyId()) : May <uint> .NoValue;
AliceAxolotlParameters.Builder parameters = AliceAxolotlParameters.NewBuilder();
parameters.SetOurBaseKey(ourBaseKey)
.SetOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.SetTheirIdentityKey(preKey.GetIdentityKey())
.SetTheirSignedPreKey(theirSignedPreKey)
.SetTheirRatchetKey(theirSignedPreKey)
.SetTheirOneTimePreKey(supportsV3 ? theirOneTimePreKey : May <ECPublicKey> .NoValue);
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(),
supportsV3 ? (uint)3 : 2,
parameters.Create());
sessionRecord.GetSessionState().SetUnacknowledgedPreKeyMessage(theirOneTimePreKeyId, preKey.GetSignedPreKeyId(), ourBaseKey.GetPublicKey());
sessionRecord.GetSessionState().SetLocalRegistrationId(identityKeyStore.GetLocalRegistrationId());
sessionRecord.GetSessionState().SetRemoteRegistrationId(preKey.GetRegistrationId());
sessionRecord.GetSessionState().SetAliceBaseKey(ourBaseKey.GetPublicKey().Serialize());
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.GetName(), preKey.GetIdentityKey());
}
}
/// <summary>
/// Build a new session from a {@link org.whispersystems.libsignal.state.PreKeyBundle} retrieved from
/// a server.
/// </summary>
/// @param preKey A PreKey for the destination recipient, retrieved from a server.
/// @throws InvalidKeyException when the {@link org.whispersystems.libsignal.state.PreKeyBundle} is
/// badly formatted.
/// @throws org.whispersystems.libsignal.UntrustedIdentityException when the sender's
/// {@link IdentityKey} is not
/// trusted.
///
public void Process(PreKeyBundle preKey)
{
lock (SessionCipher.SessionLock)
{
if (!_identityKeyStore.IsTrustedIdentity(_remoteAddress, preKey.GetIdentityKey(), Direction.Sending))
{
throw new UntrustedIdentityException(_remoteAddress.Name, preKey.GetIdentityKey());
}
if (preKey.GetSignedPreKey() != null &&
!Curve.VerifySignature(preKey.GetIdentityKey().GetPublicKey(),
preKey.GetSignedPreKey().Serialize(),
preKey.GetSignedPreKeySignature()))
{
throw new InvalidKeyException("Invalid signature on device key!");
}
if (preKey.GetSignedPreKey() == null)
{
throw new InvalidKeyException("No signed prekey!");
}
SessionRecord sessionRecord = _sessionStore.LoadSession(_remoteAddress);
EcKeyPair ourBaseKey = Curve.GenerateKeyPair();
IEcPublicKey theirSignedPreKey = preKey.GetSignedPreKey();
IEcPublicKey test = preKey.GetPreKey();
May <IEcPublicKey> theirOneTimePreKey = (test == null) ? May <IEcPublicKey> .NoValue : new May <IEcPublicKey>(test);
May <uint> theirOneTimePreKeyId = theirOneTimePreKey.HasValue ? new May <uint>(preKey.GetPreKeyId()) :
May <uint> .NoValue;
AliceSignalProtocolParameters.Builder parameters = AliceSignalProtocolParameters.NewBuilder();
parameters.SetOurBaseKey(ourBaseKey)
.SetOurIdentityKey(_identityKeyStore.GetIdentityKeyPair())
.SetTheirIdentityKey(preKey.GetIdentityKey())
.SetTheirSignedPreKey(theirSignedPreKey)
.SetTheirRatchetKey(theirSignedPreKey)
.SetTheirOneTimePreKey(theirOneTimePreKey);
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(), parameters.Create());
sessionRecord.GetSessionState().SetUnacknowledgedPreKeyMessage(theirOneTimePreKeyId, preKey.GetSignedPreKeyId(), ourBaseKey.GetPublicKey());
sessionRecord.GetSessionState().SetLocalRegistrationId(_identityKeyStore.GetLocalRegistrationId());
sessionRecord.GetSessionState().SetRemoteRegistrationId(preKey.GetRegistrationId());
sessionRecord.GetSessionState().SetAliceBaseKey(ourBaseKey.GetPublicKey().Serialize());
_identityKeyStore.SaveIdentity(_remoteAddress, preKey.GetIdentityKey());
_sessionStore.StoreSession(_remoteAddress, sessionRecord);
}
}
private KeyExchangeMessage ProcessInitiate(KeyExchangeMessage message)
{
uint flags = KeyExchangeMessage.RESPONSE_FLAG;
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
if (message.GetVersion() >= 3 &&
!Curve.VerifySignature(message.GetIdentityKey().GetPublicKey(),
message.GetBaseKey().Serialize(),
message.GetBaseKeySignature()))
{
throw new InvalidKeyException("Bad signature!");
}
SymmetricAxolotlParameters.Builder builder = SymmetricAxolotlParameters.NewBuilder();
if (!sessionRecord.GetSessionState().HasPendingKeyExchange())
{
builder.SetOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.SetOurBaseKey(Curve.GenerateKeyPair())
.SetOurRatchetKey(Curve.GenerateKeyPair());
}
else
{
builder.SetOurIdentityKey(sessionRecord.GetSessionState().GetPendingKeyExchangeIdentityKey())
.SetOurBaseKey(sessionRecord.GetSessionState().GetPendingKeyExchangeBaseKey())
.SetOurRatchetKey(sessionRecord.GetSessionState().GetPendingKeyExchangeRatchetKey());
flags |= KeyExchangeMessage.SIMULTAENOUS_INITIATE_FLAG;
}
builder.SetTheirBaseKey(message.GetBaseKey())
.SetTheirRatchetKey(message.GetRatchetKey())
.SetTheirIdentityKey(message.GetIdentityKey());
SymmetricAxolotlParameters parameters = builder.Create();
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(),
Math.Min(message.GetMaxVersion(), CipherTextMessage.CURRENT_VERSION),
parameters);
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.GetName(), message.GetIdentityKey());
byte[] baseKeySignature = Curve.CalculateSignature(parameters.GetOurIdentityKey().GetPrivateKey(),
parameters.GetOurBaseKey().GetPublicKey().Serialize());
return(new KeyExchangeMessage(sessionRecord.GetSessionState().GetSessionVersion(),
message.GetSequence(), flags,
parameters.GetOurBaseKey().GetPublicKey(),
baseKeySignature, parameters.GetOurRatchetKey().GetPublicKey(),
parameters.GetOurIdentityKey().GetPublicKey()));
}
private void ProcessResponse(KeyExchangeMessage message)
{
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
SessionState sessionState = sessionRecord.GetSessionState();
bool hasPendingKeyExchange = sessionState.HasPendingKeyExchange();
bool isSimultaneousInitiateResponse = message.IsResponseForSimultaneousInitiate();
if (!hasPendingKeyExchange || sessionState.GetPendingKeyExchangeSequence() != message.GetSequence())
{
//Log.w(TAG, "No matching sequence for response. Is simultaneous initiate response: " + isSimultaneousInitiateResponse);
if (!isSimultaneousInitiateResponse)
{
throw new StaleKeyExchangeException();
}
else
{
return;
}
}
SymmetricAxolotlParameters.Builder parameters = SymmetricAxolotlParameters.NewBuilder();
parameters.SetOurBaseKey(sessionRecord.GetSessionState().GetPendingKeyExchangeBaseKey())
.SetOurRatchetKey(sessionRecord.GetSessionState().GetPendingKeyExchangeRatchetKey())
.SetOurIdentityKey(sessionRecord.GetSessionState().GetPendingKeyExchangeIdentityKey())
.SetTheirBaseKey(message.GetBaseKey())
.SetTheirRatchetKey(message.GetRatchetKey())
.SetTheirIdentityKey(message.GetIdentityKey());
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(),
Math.Min(message.GetMaxVersion(), CipherTextMessage.CURRENT_VERSION),
parameters.Create());
if (sessionRecord.GetSessionState().GetSessionVersion() >= 3 &&
!Curve.VerifySignature(message.GetIdentityKey().GetPublicKey(),
message.GetBaseKey().Serialize(),
message.GetBaseKeySignature()))
{
throw new InvalidKeyException("Base key signature doesn't match!");
}
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.GetName(), message.GetIdentityKey());
}
private May <uint> ProcessV3(SessionRecord sessionRecord, PreKeySignalMessage message)
{
if (sessionRecord.HasSessionState(message.GetMessageVersion(), message.GetBaseKey().Serialize()))
{
Debug.WriteLine("We've already setup a session for this V3 message, letting bundled message fall through...");
return(May <uint> .NoValue);
}
EcKeyPair ourSignedPreKey = _signedPreKeyStore.LoadSignedPreKey(message.GetSignedPreKeyId()).GetKeyPair();
BobSignalProtocolParameters.Builder parameters = BobSignalProtocolParameters.NewBuilder();
parameters.SetTheirBaseKey(message.GetBaseKey())
.SetTheirIdentityKey(message.GetIdentityKey())
.SetOurIdentityKey(_identityKeyStore.GetIdentityKeyPair())
.SetOurSignedPreKey(ourSignedPreKey)
.SetOurRatchetKey(ourSignedPreKey);
if (message.GetPreKeyId().HasValue)
{
parameters.SetOurOneTimePreKey(new May <EcKeyPair>(_preKeyStore.LoadPreKey(message.GetPreKeyId().ForceGetValue()).GetKeyPair()));
}
else
{
parameters.SetOurOneTimePreKey(May <EcKeyPair> .NoValue);
}
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(), parameters.Create());
sessionRecord.GetSessionState().SetLocalRegistrationId(_identityKeyStore.GetLocalRegistrationId());
sessionRecord.GetSessionState().SetRemoteRegistrationId(message.GetRegistrationId());
sessionRecord.GetSessionState().SetAliceBaseKey(message.GetBaseKey().Serialize());
if (message.GetPreKeyId().HasValue)
{
return(message.GetPreKeyId());
}
else
{
return(May <uint> .NoValue);
}
}
private May <uint> ProcessV3(SessionRecord sessionRecord, PreKeyWhisperMessage message)
{
if (sessionRecord.HasSessionState(message.GetMessageVersion(), message.GetBaseKey().Serialize()))
{
return(May <uint> .NoValue);
}
SignedPreKeyRecord signedPreKeyRecord = signedPreKeyStore.LoadSignedPreKey(message.GetSignedPreKeyId());
ECKeyPair ourSignedPreKey = signedPreKeyRecord.GetKeyPair();
BobAxolotlParameters.Builder parameters = BobAxolotlParameters.NewBuilder();
parameters.SetTheirBaseKey(message.GetBaseKey())
.SetTheirIdentityKey(message.GetIdentityKey())
.SetOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.SetOurSignedPreKey(ourSignedPreKey)
.SetOurRatchetKey(ourSignedPreKey);
if (message.GetPreKeyId().HasValue)
{
parameters.SetOurOneTimePreKey(new May <ECKeyPair>(preKeyStore.LoadPreKey(message.GetPreKeyId().ForceGetValue()).GetKeyPair()));
}
else
{
parameters.SetOurOneTimePreKey(May <ECKeyPair> .NoValue);
}
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(), message.GetMessageVersion(), parameters.Create());
sessionRecord.GetSessionState().SetLocalRegistrationId(identityKeyStore.GetLocalRegistrationId());
sessionRecord.GetSessionState().SetRemoteRegistrationId(message.GetRegistrationId());
sessionRecord.GetSessionState().SetAliceBaseKey(message.GetBaseKey().Serialize());
if (message.GetPreKeyId().HasValue&& message.GetPreKeyId().ForceGetValue() != Medium.MAX_VALUE)
{
return(message.GetPreKeyId());
}
else
{
return(May <uint> .NoValue);
}
}
private May <uint> ProcessV2(SessionRecord sessionRecord, PreKeyWhisperMessage message)
{
if (!message.GetPreKeyId().HasValue)
{
throw new InvalidKeyIdException("V2 message requires one time prekey id!");
}
if (!preKeyStore.ContainsPreKey(message.GetPreKeyId().ForceGetValue()) &&
sessionStore.ContainsSession(remoteAddress))
{
return(May <uint> .NoValue);
}
ECKeyPair ourPreKey = preKeyStore.LoadPreKey(message.GetPreKeyId().ForceGetValue()).GetKeyPair();
BobAxolotlParameters.Builder parameters = BobAxolotlParameters.NewBuilder();
parameters.SetOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.SetOurSignedPreKey(ourPreKey)
.SetOurRatchetKey(ourPreKey)
.SetOurOneTimePreKey(May <ECKeyPair> .NoValue) //absent
.SetTheirIdentityKey(message.GetIdentityKey())
.SetTheirBaseKey(message.GetBaseKey());
if (!sessionRecord.IsFresh())
{
sessionRecord.ArchiveCurrentState();
}
RatchetingSession.InitializeSession(sessionRecord.GetSessionState(), message.GetMessageVersion(), parameters.Create());
sessionRecord.GetSessionState().SetLocalRegistrationId(identityKeyStore.GetLocalRegistrationId());
sessionRecord.GetSessionState().SetRemoteRegistrationId(message.GetRegistrationId());
sessionRecord.GetSessionState().SetAliceBaseKey(message.GetBaseKey().Serialize());
if (message.GetPreKeyId().ForceGetValue() != Medium.MAX_VALUE)
{
return(message.GetPreKeyId());
}
else
{
return(May <uint> .NoValue); // May.absent();
}
}
private void InitializeSessionsV3(SessionState aliceSessionState, SessionState bobSessionState)
{
EcKeyPair aliceIdentityKeyPair = Curve.GenerateKeyPair();
IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.GetPublicKey()),
aliceIdentityKeyPair.GetPrivateKey());
EcKeyPair aliceBaseKey = Curve.GenerateKeyPair();
EcKeyPair aliceEphemeralKey = Curve.GenerateKeyPair();
EcKeyPair alicePreKey = aliceBaseKey;
EcKeyPair bobIdentityKeyPair = Curve.GenerateKeyPair();
IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.GetPublicKey()),
bobIdentityKeyPair.GetPrivateKey());
EcKeyPair bobBaseKey = Curve.GenerateKeyPair();
EcKeyPair bobEphemeralKey = bobBaseKey;
EcKeyPair bobPreKey = Curve.GenerateKeyPair();
AliceSignalProtocolParameters aliceParameters = AliceSignalProtocolParameters.NewBuilder()
.SetOurBaseKey(aliceBaseKey)
.SetOurIdentityKey(aliceIdentityKey)
.SetTheirOneTimePreKey(May <IEcPublicKey> .NoValue)
.SetTheirRatchetKey(bobEphemeralKey.GetPublicKey())
.SetTheirSignedPreKey(bobBaseKey.GetPublicKey())
.SetTheirIdentityKey(bobIdentityKey.GetPublicKey())
.Create();
BobSignalProtocolParameters bobParameters = BobSignalProtocolParameters.NewBuilder()
.SetOurRatchetKey(bobEphemeralKey)
.SetOurSignedPreKey(bobBaseKey)
.SetOurOneTimePreKey(May <EcKeyPair> .NoValue)
.SetOurIdentityKey(bobIdentityKey)
.SetTheirIdentityKey(aliceIdentityKey.GetPublicKey())
.SetTheirBaseKey(aliceBaseKey.GetPublicKey())
.Create();
RatchetingSession.InitializeSession(aliceSessionState, aliceParameters);
RatchetingSession.InitializeSession(bobSessionState, bobParameters);
}
public void TestRatchetingSessionAsBob()
{
byte[] bobPublic = { (byte)0x05, (byte)0x2c, (byte)0xb4, (byte)0x97,
(byte)0x76, (byte)0xb8, (byte)0x77, (byte)0x02,
(byte)0x05, (byte)0x74, (byte)0x5a, (byte)0x3a,
(byte)0x6e, (byte)0x24, (byte)0xf5, (byte)0x79,
(byte)0xcd, (byte)0xb4, (byte)0xba, (byte)0x7a,
(byte)0x89, (byte)0x04, (byte)0x10, (byte)0x05,
(byte)0x92, (byte)0x8e, (byte)0xbb, (byte)0xad,
(byte)0xc9, (byte)0xc0, (byte)0x5a, (byte)0xd4,
(byte)0x58 };
byte[] bobPrivate = { (byte)0xa1, (byte)0xca, (byte)0xb4, (byte)0x8f,
(byte)0x7c, (byte)0x89, (byte)0x3f, (byte)0xaf,
(byte)0xa9, (byte)0x88, (byte)0x0a, (byte)0x28,
(byte)0xc3, (byte)0xb4, (byte)0x99, (byte)0x9d,
(byte)0x28, (byte)0xd6, (byte)0x32, (byte)0x95,
(byte)0x62, (byte)0xd2, (byte)0x7a, (byte)0x4e,
(byte)0xa4, (byte)0xe2, (byte)0x2e, (byte)0x9f,
(byte)0xf1, (byte)0xbd, (byte)0xd6, (byte)0x5a };
byte[] bobIdentityPublic = { (byte)0x05, (byte)0xf1, (byte)0xf4, (byte)0x38,
(byte)0x74, (byte)0xf6, (byte)0x96, (byte)0x69,
(byte)0x56, (byte)0xc2, (byte)0xdd, (byte)0x47,
(byte)0x3f, (byte)0x8f, (byte)0xa1, (byte)0x5a,
(byte)0xde, (byte)0xb7, (byte)0x1d, (byte)0x1c,
(byte)0xb9, (byte)0x91, (byte)0xb2, (byte)0x34,
(byte)0x16, (byte)0x92, (byte)0x32, (byte)0x4c,
(byte)0xef, (byte)0xb1, (byte)0xc5, (byte)0xe6,
(byte)0x26 };
byte[] bobIdentityPrivate = { (byte)0x48, (byte)0x75, (byte)0xcc, (byte)0x69,
(byte)0xdd, (byte)0xf8, (byte)0xea, (byte)0x07,
(byte)0x19, (byte)0xec, (byte)0x94, (byte)0x7d,
(byte)0x61, (byte)0x08, (byte)0x11, (byte)0x35,
(byte)0x86, (byte)0x8d, (byte)0x5f, (byte)0xd8,
(byte)0x01, (byte)0xf0, (byte)0x2c, (byte)0x02,
(byte)0x25, (byte)0xe5, (byte)0x16, (byte)0xdf,
(byte)0x21, (byte)0x56, (byte)0x60, (byte)0x5e };
byte[] aliceBasePublic = { (byte)0x05, (byte)0x47, (byte)0x2d, (byte)0x1f,
(byte)0xb1, (byte)0xa9, (byte)0x86, (byte)0x2c,
(byte)0x3a, (byte)0xf6, (byte)0xbe, (byte)0xac,
(byte)0xa8, (byte)0x92, (byte)0x02, (byte)0x77,
(byte)0xe2, (byte)0xb2, (byte)0x6f, (byte)0x4a,
(byte)0x79, (byte)0x21, (byte)0x3e, (byte)0xc7,
(byte)0xc9, (byte)0x06, (byte)0xae, (byte)0xb3,
(byte)0x5e, (byte)0x03, (byte)0xcf, (byte)0x89,
(byte)0x50 };
byte[] aliceEphemeralPublic = { (byte)0x05, (byte)0x6c, (byte)0x3e, (byte)0x0d,
(byte)0x1f, (byte)0x52, (byte)0x02, (byte)0x83,
(byte)0xef, (byte)0xcc, (byte)0x55, (byte)0xfc,
(byte)0xa5, (byte)0xe6, (byte)0x70, (byte)0x75,
(byte)0xb9, (byte)0x04, (byte)0x00, (byte)0x7f,
(byte)0x18, (byte)0x81, (byte)0xd1, (byte)0x51,
(byte)0xaf, (byte)0x76, (byte)0xdf, (byte)0x18,
(byte)0xc5, (byte)0x1d, (byte)0x29, (byte)0xd3,
(byte)0x4b };
byte[] aliceIdentityPublic = { (byte)0x05, (byte)0xb4, (byte)0xa8, (byte)0x45,
(byte)0x56, (byte)0x60, (byte)0xad, (byte)0xa6,
(byte)0x5b, (byte)0x40, (byte)0x10, (byte)0x07,
(byte)0xf6, (byte)0x15, (byte)0xe6, (byte)0x54,
(byte)0x04, (byte)0x17, (byte)0x46, (byte)0x43,
(byte)0x2e, (byte)0x33, (byte)0x39, (byte)0xc6,
(byte)0x87, (byte)0x51, (byte)0x49, (byte)0xbc,
(byte)0xee, (byte)0xfc, (byte)0xb4, (byte)0x2b,
(byte)0x4a };
byte[] bobSignedPreKeyPublic = { (byte)0x05, (byte)0xac, (byte)0x24, (byte)0x8a, (byte)0x8f,
(byte)0x26, (byte)0x3b, (byte)0xe6, (byte)0x86, (byte)0x35,
(byte)0x76, (byte)0xeb, (byte)0x03, (byte)0x62, (byte)0xe2,
(byte)0x8c, (byte)0x82, (byte)0x8f, (byte)0x01, (byte)0x07,
(byte)0xa3, (byte)0x37, (byte)0x9d, (byte)0x34, (byte)0xba,
(byte)0xb1, (byte)0x58, (byte)0x6b, (byte)0xf8, (byte)0xc7,
(byte)0x70, (byte)0xcd, (byte)0x67 };
byte[] bobSignedPreKeyPrivate = { (byte)0x58, (byte)0x39, (byte)0x00, (byte)0x13, (byte)0x1f,
(byte)0xb7, (byte)0x27, (byte)0x99, (byte)0x8b, (byte)0x78,
(byte)0x03, (byte)0xfe, (byte)0x6a, (byte)0xc2, (byte)0x2c,
(byte)0xc5, (byte)0x91, (byte)0xf3, (byte)0x42, (byte)0xe4,
(byte)0xe4, (byte)0x2a, (byte)0x8c, (byte)0x8d, (byte)0x5d,
(byte)0x78, (byte)0x19, (byte)0x42, (byte)0x09, (byte)0xb8,
(byte)0xd2, (byte)0x53 };
byte[] senderChain = { (byte)0x97, (byte)0x97, (byte)0xca, (byte)0xca, (byte)0x53,
(byte)0xc9, (byte)0x89, (byte)0xbb, (byte)0xe2, (byte)0x29,
(byte)0xa4, (byte)0x0c, (byte)0xa7, (byte)0x72, (byte)0x70,
(byte)0x10, (byte)0xeb, (byte)0x26, (byte)0x04, (byte)0xfc,
(byte)0x14, (byte)0x94, (byte)0x5d, (byte)0x77, (byte)0x95,
(byte)0x8a, (byte)0x0a, (byte)0xed, (byte)0xa0, (byte)0x88,
(byte)0xb4, (byte)0x4d };
IdentityKey bobIdentityKeyPublic = new IdentityKey(bobIdentityPublic, 0);
IEcPrivateKey bobIdentityKeyPrivate = Curve.DecodePrivatePoint(bobIdentityPrivate);
IdentityKeyPair bobIdentityKey = new IdentityKeyPair(bobIdentityKeyPublic, bobIdentityKeyPrivate);
IEcPublicKey bobEphemeralPublicKey = Curve.DecodePoint(bobPublic, 0);
IEcPrivateKey bobEphemeralPrivateKey = Curve.DecodePrivatePoint(bobPrivate);
EcKeyPair bobEphemeralKey = new EcKeyPair(bobEphemeralPublicKey, bobEphemeralPrivateKey);
EcKeyPair bobBaseKey = bobEphemeralKey;
EcKeyPair bobSignedPreKey = new EcKeyPair(Curve.DecodePoint(bobSignedPreKeyPublic, 0), Curve.DecodePrivatePoint(bobSignedPreKeyPrivate));
IEcPublicKey aliceBasePublicKey = Curve.DecodePoint(aliceBasePublic, 0);
IEcPublicKey aliceEphemeralPublicKey = Curve.DecodePoint(aliceEphemeralPublic, 0);
IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0);
BobSignalProtocolParameters parameters = BobSignalProtocolParameters.NewBuilder()
.SetOurIdentityKey(bobIdentityKey)
.SetOurSignedPreKey(bobSignedPreKey)
.SetOurRatchetKey(bobEphemeralKey)
.SetOurOneTimePreKey(May <EcKeyPair> .NoValue)
.SetTheirIdentityKey(aliceIdentityPublicKey)
.SetTheirBaseKey(aliceBasePublicKey)
.Create();
SessionState session = new SessionState();
RatchetingSession.InitializeSession(session, parameters);
Assert.AreEqual <IdentityKey>(session.GetLocalIdentityKey(), bobIdentityKey.GetPublicKey());
Assert.AreEqual <IdentityKey>(session.GetRemoteIdentityKey(), aliceIdentityPublicKey);
CollectionAssert.AreEqual(session.GetSenderChainKey().GetKey(), senderChain);
}