public void EncryptWithADTestWithoutPlainTextMacTest()
{
String key = "e68f69b7f096d7917245f5e5cf8ae1595febe4d4644333c99f9c4a1282031c9f";
String additionalData = "9e0e7de8bb75554f21db034633de04be41a2b8a18da7a319a03c803bf02b396c";
String expectedCipherResult = "0df6086551151f58b8afe6c195782c6a";
Nonce nonce = new Nonce();
(byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), new byte[0]);
Assert.Equal(new byte[0], actualCipherText);
Assert.Equal(expectedCipherResult, mac.ToHex());
}
public void EncryptWithADTestWithPlainText()
{
String key = "908b166535c01a935cf1e130a5fe895ab4e6f3ef8855d87e9b7581c4ab663ddc";
String additionalData = "90578e247e98674e661013da3c5c1ca6a8c8f48c90b485c0dfa1494e23d56d72";
String plaintext = "034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa";
String expectedCipherResult = "b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c3822";
Nonce nonce = new Nonce();
nonce.Increment();
(byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), plaintext.HexToByteArray());
Assert.Equal(expectedCipherResult, actualCipherText.ToHex() + mac.ToHex());
}
public byte[] ApplyActOne(ECKeyPair ephemeralKeyPair = null)
{
if (_state.HandshakeState != HandshakeState.Initialized)
{
throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized");
}
_state.EphemeralKeyPair = ephemeralKeyPair ?? Secp256K1.GenerateKeyPair();
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed));
byte[] ss = ECDH.ComputeHashedPoint(_state.RemoteAddress.PublicKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
_state.ChainingKey = chainingKey;
(_, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK1, _state.SendNonce.GetBytes(), handshakeHash, new byte[0]);
handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag));
_state.HandshakeHash = handshakeHash;
_state.HandshakeState = HandshakeState.Act1;
return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag));
}
public byte[] ApplyActTwo(ECKeyPair initiatorEphemeralKey, ECKeyPair localEphemeralKey = null)
{
if (_state.HandshakeState != HandshakeState.Act1)
{
throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act1");
}
_state.EphemeralKeyPair = localEphemeralKey ?? Secp256K1.GenerateKeyPair();
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed));
byte[] ss = ECDH.ComputeHashedPoint(initiatorEphemeralKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK2) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
(_, byte[] tag1) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, new byte[12], handshakeHash, new byte[0]);
handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag1));
_state.HandshakeHash = handshakeHash;
_state.ChainingKey = chainingKey;
_state.TempKey2 = tempK2;
_state.HandshakeState = HandshakeState.Act2;
return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag1));
}
public byte[] Build(byte[] messageData)
{
if (messageData.Length > 65535)
{
throw new MessageException("Message size exceeds maximum size.");
}
(byte[] encryptedLength, byte[] lengthMac) = ChaCha20Poly1305.EncryptWithAdditionalData(_transportState.SendEncryptionKey,
_transportState.SendNonce.GetBytes(), new byte[0], ((ushort)messageData.Length).GetBytesBigEndian());
_transportState.SendNonce.Increment();
(byte[] encryptedMessage, byte[] messageMac) = ChaCha20Poly1305.EncryptWithAdditionalData(_transportState.SendEncryptionKey,
_transportState.SendNonce.GetBytes(), new byte[0], messageData);
_transportState.SendNonce.Increment();
if (_transportState.SendNonce.Value == 1000)
{
_transportState.RotateSendKey();
}
return(ByteExtensions.Combine(encryptedLength, lengthMac, encryptedMessage, messageMac));
}
public byte[] ApplyActThree(byte[] tempK2, ECKeyPair responderEphemeralKey)
{
if (_state.HandshakeState != HandshakeState.Act2)
{
throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act2");
}
(byte[] cipherText, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, _state.SendNonce.GetBytes(), _state.HandshakeHash, _state.LocalKeyPair.PublicKeyCompressed);
byte[] cipherAndMac = cipherText.ConcatToNewArray(tag);
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(cipherAndMac));
byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK3) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
(_, byte[] tag2) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK3, new byte[12], handshakeHash, new byte[0]);
(byte[] encryptKey, byte[] decryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]);
_state.HandshakeHash = handshakeHash;
_state.ChainingKey = chainingKey;
_state.SendEncryptionKey = encryptKey;
_state.ReceiveDecryptionKey = decryptKey;
_state.SendNonce.Reset();
_state.ReceiveNonce.Reset();
_state.HandshakeState = HandshakeState.Finished;
return(ByteExtensions.Combine(new byte[] { 0 }, cipherAndMac, tag2));
}
