public void filter_users()
{
KeyPair keypair1 = new KeyPair();
KeyPair keypair2 = new KeyPair();
keypair1.generate();
keypair2.generate();
PicoBuffer expected = new PicoBuffer(0);
PicoBuffer symmetricKey1 = new PicoBuffer(0);
PicoBuffer symmetricKey2 = new PicoBuffer(0);
PicoBuffer symmetricKey;
CryptoSupport.generate_symmetric_key(symmetricKey1, CryptoSupport.AESKEY_SIZE);
CryptoSupport.generate_symmetric_key(symmetricKey2, CryptoSupport.AESKEY_SIZE);
Assert.IsFalse(symmetricKey1.equals(symmetricKey2));
IntPtr pub1 = keypair1.getpublickey();
IntPtr pub2 = keypair2.getpublickey();
Users users = new Users();
Assert.AreEqual(users.search_by_key(pub1).getIntPtr(), IntPtr.Zero);
Assert.AreEqual(users.search_by_key(pub2).getIntPtr(), IntPtr.Zero);
users.add_user("one", pub1, symmetricKey1);
users.add_user("two", pub2, symmetricKey2);
PicoBuffer user = users.search_by_key(pub1);
expected.clear();
expected.append("one");
Assert.IsTrue(user.equals(expected));
user = users.search_by_key(pub2);
expected.clear();
expected.append("two");
Assert.IsTrue(user.equals(expected));
Users filtered = new Users();
users.filter_by_name("one", filtered);
Assert.AreEqual(filtered.search_by_key(pub2).getIntPtr(), IntPtr.Zero);
user = users.search_by_key(pub1);
expected.clear();
expected.append("one");
Assert.IsTrue(user.equals(expected));
// Check the correct symmetric keys are returned
symmetricKey = users.search_symmetrickey_by_key(pub1);
Assert.IsTrue(symmetricKey.equals(symmetricKey1));
symmetricKey = users.search_symmetrickey_by_key(pub2);
Assert.IsTrue(symmetricKey.equals(symmetricKey2));
users.delete();
expected.delete();
filtered.delete();
keypair1.delete();
keypair2.delete();
}
void receive_status_message(Channel channel, EncKeys keys, string expected_extra_data)
{
Json json = new Json();
PicoBuffer buf = new PicoBuffer(0);
PicoBuffer iv = new PicoBuffer(0);
PicoBuffer cleartext = new PicoBuffer(0);
channel.read(buf);
json.deserialize(buf);
Assert.AreEqual(json.get_decimal("sessionId"), 0);
Base64.decode(json.get_string("iv"), iv);
buf.clear();
Base64.decode(json.get_string("encryptedData"), buf);
CryptoSupport.decrypt(keys.vEncKey, iv, buf, cleartext);
PicoBuffer receivedExtraData = new PicoBuffer(0);
byte[] status = new byte[2];
cleartext.copy_to_array(status, 2);
Assert.AreEqual(status[0], 0x00);
cleartext.copy_lengthprepend(1, receivedExtraData);
receivedExtraData.append(new byte[] { 0x00 });
Assert.AreEqual(receivedExtraData.to_string(), expected_extra_data);
json.delete();
buf.delete();
cleartext.delete();
iv.delete();
receivedExtraData.delete();
}
void send_pico_auth_message(Channel channel, EncKeys keys, Nonce serviceNonce, KeyPair picoIdentityKey, KeyPair picoEphemeralKey, string extra_data_to_send)
{
Json json = new Json();
PicoBuffer buf = new PicoBuffer(0);
PicoBuffer toEncrypt = new PicoBuffer(0);
picoIdentityKey.getpublicder(buf);
toEncrypt.append_lengthprepend(buf);
PicoBuffer toSign = new PicoBuffer(0);
toSign.append(serviceNonce.get_buffer(), serviceNonce.get_length());
toSign.append(new byte[] { 0x00, 0x00, 0x00, 0x00 });
buf.clear();
picoEphemeralKey.getpublicder(buf);
toSign.append(buf);
buf.clear();
picoIdentityKey.sign_data(toSign, buf);
toEncrypt.append_lengthprepend(buf);
PicoBuffer mac = new PicoBuffer(0);
buf.clear();
picoIdentityKey.getpublicder(buf);
CryptoSupport.generate_mac(keys.pMacKey, buf, mac);
toEncrypt.append_lengthprepend(mac);
PicoBuffer extraData = new PicoBuffer(0);
extraData.append(extra_data_to_send);
toEncrypt.append_lengthprepend(extraData);
PicoBuffer iv = new PicoBuffer(16);
CryptoSupport.generate_iv(iv);
PicoBuffer encrypted = new PicoBuffer(0);
CryptoSupport.encrypt(keys.pEncKey, iv, toEncrypt, encrypted);
buf.clear();
Base64.encode(encrypted, buf);
json.add("encryptedData", buf);
buf.clear();
Base64.encode(iv, buf);
json.add("iv", buf);
json.add("sessionId", 0);
buf.clear();
json.serialize(buf);
channel.write_buffer(buf);
json.delete();
buf.delete();
toEncrypt.delete();
toSign.delete();
mac.delete();
extraData.delete();
iv.delete();
encrypted.delete();
}
void receive_service_auth_message(Channel channel, ref EncKeys keys, KeyPair picoEphemeralKey, Nonce picoNonce, ref IntPtr serviceEphemKey, ref Nonce serviceNonce)
{
Json json = new Json();
PicoBuffer buf = new PicoBuffer(0);
PicoBuffer iv = new PicoBuffer(0);
PicoBuffer cleartext = new PicoBuffer(0);
channel.read(buf);
json.deserialize(buf);
Assert.AreEqual(json.get_decimal("sessionId"), 0);
serviceEphemKey = CryptoSupport.read_base64_string_public_key(json.get_string("serviceEphemPublicKey"));
buf.clear();
Base64.decode(json.get_string("serviceNonce"), buf);
serviceNonce = new Nonce();
serviceNonce.set_buffer(buf);
Base64.decode(json.get_string("iv"), iv);
// Generate shared secrets
PicoBuffer sharedSecret;
IntPtr vEphemPriv;
SigmaKeyDeriv sigmakeyderiv;
sharedSecret = new PicoBuffer(0);
vEphemPriv = picoEphemeralKey.getprivatekey();
KeyAgreement.generate_secret(vEphemPriv, serviceEphemKey, sharedSecret);
sigmakeyderiv = new SigmaKeyDeriv();
sigmakeyderiv.set(sharedSecret, picoNonce, serviceNonce);
sharedSecret.delete();
keys.pMacKey = new PicoBuffer(0);
keys.pEncKey = new PicoBuffer(0);
keys.vMacKey = new PicoBuffer(0);
keys.vEncKey = new PicoBuffer(0);
keys.sharedKey = new PicoBuffer(0);
sigmakeyderiv.get_next_key(keys.pMacKey, 256);
sigmakeyderiv.get_next_key(keys.pEncKey, 128);
sigmakeyderiv.get_next_key(keys.vMacKey, 256);
sigmakeyderiv.get_next_key(keys.vEncKey, 128);
sigmakeyderiv.get_next_key(keys.sharedKey, 128);
sigmakeyderiv.delete();
buf.clear();
Base64.decode(json.get_string("encryptedData"), buf);
CryptoSupport.decrypt(keys.vEncKey, iv, buf, cleartext);
int start = 0;
int next = 0;
PicoBuffer servicePublicKeyBytes = new PicoBuffer(0);
PicoBuffer serviceSignature = new PicoBuffer(0);
PicoBuffer serviceMac = new PicoBuffer(0);
next = cleartext.copy_lengthprepend(start, servicePublicKeyBytes);
IntPtr servicePublicKey = CryptoSupport.read_buffer_public_key(servicePublicKeyBytes);
Assert.IsTrue(next > start);
next = cleartext.copy_lengthprepend(start, serviceSignature);
Assert.IsTrue(next > start);
next = cleartext.copy_lengthprepend(start, serviceMac);
Assert.IsTrue(next > start);
// TODO assert signature
json.delete();
buf.delete();
cleartext.delete();
servicePublicKeyBytes.delete();
serviceSignature.delete();
serviceMac.delete();
}