public void TestSignature()
{
ECKeyPair trustRoot = Curve.generateKeyPair();
ECKeyPair keyPair = Curve.generateKeyPair();
var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize())
};
byte[] certificateBytes = certificate.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes);
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray();
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
}
public void TestBadSignature()
{
ECKeyPair trustRoot = Curve.generateKeyPair();
ECKeyPair keyPair = Curve.generateKeyPair();
var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize())
};
byte[] certificateBytes = certificate.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes);
for (int i = 0; i < certificateSignature.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badSignature = new byte[certificateSignature.Length];
Array.Copy(certificateSignature, 0, badSignature, 0, badSignature.Length);
badSignature[i] = (byte)(badSignature[i] ^ (1 << b));
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(badSignature)
}.ToByteArray();
try
{
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
for (int i = 0; i < certificateBytes.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badCertificate = new byte[certificateBytes.Length];
Array.Copy(certificateBytes, 0, badCertificate, 0, badCertificate.Length);
badCertificate[i] = (byte)(badCertificate[i] ^ (1 << b));
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(badCertificate),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray();
try
{
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
}
