public void TestECDSAImportExport()
{
var key = ECDsaHelper.CreateECDsaCng256();
var expPubKey = key.ExportPublicKeyRaw();
var impPubKey = ECDsaHelper.ImportPublicKey(expPubKey);
Assert.NotNull(impPubKey);
var expPriKey = key.ExportPrivateKeyRaw();
var impPriKey = ECDsaHelper.ImportPrivateKey(expPubKey, expPriKey);
Assert.NotNull(impPriKey);
}
private void SignAndVerify(byte[] publicKeyRaw, byte[] privateKeyRaw)
{
var privateKey = ECDsaHelper.ImportPrivateKey(publicKeyRaw, privateKeyRaw);
Assert.NotNull(privateKey);
var nonce = ByteHelper.GetRandom(32);
var nonceSigned = privateKey.SignData(nonce);
var publicKey = ECDsaHelper.ImportPublicKey(publicKeyRaw);
Assert.NotNull(publicKey);
Assert.IsTrue(publicKey.VerifyData(nonce, nonceSigned));
}
public bool GetServerProofOfIdentity(byte[] encryptedClientProofOfIdentity, out byte[] serverProofOfIdentity)
{
serverProofOfIdentity = null;
// Decrypt Client Finished message signed with symmetric key
var ivOffset = encryptedClientProofOfIdentity.Extract(0, 16);
var clientProofOfIdentity = EncryptionMode == ScpConfig.EncryptionMode.AESCTR
? encryptedClientProofOfIdentity.Extract(16).AesCtrDecrypt(Session.SymmetricKey, ivOffset)
: encryptedClientProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(Session.SymmetricKey, ivOffset);
if (!ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity cpoi))
{
return(false);
}
// Verify eph pub key
if (!cpoi.ephDHKey.SequenceEqual(Session.ClientEphDHPubKey))
{
return(false);
}
// Verify signature
var clientsECDsaCng = ECDsaHelper.ImportPublicKey(cpoi.publicKey);
if (!clientsECDsaCng.VerifyData(cpoi.nonce, cpoi.nonceSigned))
{
return(false);
}
Session.ClientPubKey = cpoi.publicKey;
// Prepare answer
var nonce = ByteHelper.GetRandom(32);
var msg = "Hey you! Welcome to Secretarium!".ToBytes();
var signed = SecretariumKey.SignData(ByteHelper.Combine(nonce, msg));
// Generate a random IV offset
ivOffset = ByteHelper.GetRandom(16);
// Encrypt
var combined = ByteHelper.Combine(nonce, signed);
var encrypted = EncryptionMode == ScpConfig.EncryptionMode.AESCTR
? combined.AesCtrEncrypt(Session.SymmetricKey, ivOffset)
: combined.AesGcmEncryptWithOffset(Session.SymmetricKey, ivOffset);
serverProofOfIdentity = ByteHelper.Combine(ivOffset, encrypted);
return(true);
}
private bool FullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium)
{
// Client keys
Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config));
Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng clientECDsaKeyCng, "SecretariumTestClient256"));
var clientPub = clientECDsaKeyCng.ExportPublicKeyRaw();
// Client Hello
var clientEph = ECDHHelper.CreateCngKey();
var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph);
var clientEphPub = clientEphCng.PublicKey();
var clientHello = clientEphPub;
Assert.IsTrue(ClientHello.Parse(clientHello, out ClientHello clientHelloObj));
// Server Hello
secretarium = new MockedSecretarium(encryptionMode);
secretarium.GetServerHello(clientHello, out byte[] serverHello);
Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj));
// Client ClientProofOfWork
Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork));
var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey);
Assert.IsTrue(ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork clientProofOfWorkObj));
// Server Identity
secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity);
Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj));
// Client computes symmetric key
symmetricKey = DiffieHellmanHelper.GetSymmetricKey(
clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret);
// Client Proof Of Identity
var nonce = ByteHelper.GetRandom(32);
var nonceSigned = clientECDsaKeyCng.SignData(nonce);
var clientProofOfIdentity = ByteHelper.Combine(nonce, clientEphPub, clientPub, nonceSigned);
Assert.IsTrue(ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity clientProofOfIdentityObj));
// Client Encrypts Client Proof Of Identity
var ivOffset = ByteHelper.GetRandom(16);
var encryptedClientProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR
? clientProofOfIdentity.AesCtrEncrypt(symmetricKey, ivOffset)
: clientProofOfIdentity.AesGcmEncryptWithOffset(symmetricKey, ivOffset);
var encryptedClientProofOfIdentityWithIvOffset = ByteHelper.Combine(ivOffset, encryptedClientProofOfIdentity);
// Server Checks And Sends Proof Of Identity
Assert.IsTrue(secretarium.GetServerProofOfIdentity(
encryptedClientProofOfIdentityWithIvOffset, out byte[] encryptedServerProofOfIdentity));
// Client Decrypts Server Proof Of Identity
ivOffset = encryptedServerProofOfIdentity.Extract(0, 16);
var serverProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR
? encryptedServerProofOfIdentity.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset)
: encryptedServerProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset);
Assert.IsTrue(ServerProofOfIdentity.Parse(serverProofOfIdentity, out ServerProofOfIdentity serverProofOfIdentityObj));
// Client Checks Server Proof Of Idendity
var msg = "Hey you! Welcome to Secretarium!".ToBytes();
var secretariumECDsaCng = ECDsaHelper.ImportPublicKey(serverIdentityObj.publicKey);
Assert.IsTrue(secretariumECDsaCng.VerifyData(
ByteHelper.Combine(serverProofOfIdentityObj.nonce, msg), serverProofOfIdentityObj.welcomeSigned));
return(true);
}
