Esempio n. 1
0
        protected void RunDiscreteVectorTest(int number, DiscreteVectorDigestTestCase testCase)
        {
            var hashFunctionEnum = testCase.Primitive;

            IHash authenticator = AuthenticatorFactory.CreateHashPrimitive(hashFunctionEnum);

            authenticator.BlockUpdate(testCase.Message, 0, testCase.Message.Length);
            var output = new byte[authenticator.OutputSize];

            authenticator.DoFinal(output, 0);

            Assert.IsTrue(testCase.Output.SequenceEqualShortCircuiting(output),
                          "Test #{0} (\"{1}\") failed!", number, testCase.Name);
        }
Esempio n. 2
0
        public static void KeyExchange(ArraySegment <byte> sharedKey, ArraySegment <byte> publicKey, ArraySegment <byte> privateKey, bool naclCompat = false)
        {
            if (sharedKey.Array == null)
            {
                throw new ArgumentNullException("sharedKey.Array");
            }
            if (publicKey.Array == null)
            {
                throw new ArgumentNullException("publicKey.Array");
            }
            if (privateKey.Array == null)
            {
                throw new ArgumentNullException("privateKey");
            }
            if (sharedKey.Count != SharedKeySizeInBytes)
            {
                throw new ArgumentException("sharedKey.Count != 32");
            }
            if (publicKey.Count != PublicKeySizeInBytes)
            {
                throw new ArgumentException("publicKey.Count != 32");
            }
            if (privateKey.Count != ExpandedPrivateKeySizeInBytes)
            {
                throw new ArgumentException("privateKey.Count != 64");
            }

            FieldElement montgomeryX, edwardsY, edwardsZ, sharedMontgomeryX;

            FieldOperations.fe_frombytes(out edwardsY, publicKey.Array, publicKey.Offset);
            FieldOperations.fe_1(out edwardsZ);
            Curve25519.EdwardsToMontgomeryX(out montgomeryX, ref edwardsY, ref edwardsZ);

            IHash hasher = AuthenticatorFactory.CreateHashPrimitive(HashFunction.Sha512);

            hasher.BlockUpdate(privateKey.Array, privateKey.Offset, 32);
            byte[] h = new byte[64];
            hasher.DoFinal(h, 0);
            ScalarOperations.sc_clamp(h, 0);
            MontgomeryOperations.scalarmult(out sharedMontgomeryX, h, 0, ref montgomeryX);
            h.SecureWipe();
            FieldOperations.fe_tobytes(sharedKey.Array, sharedKey.Offset, ref sharedMontgomeryX);

            if (naclCompat)
            {
                Curve25519.KeyExchangeOutputHashNaCl(sharedKey.Array, sharedKey.Offset);
            }
        }
Esempio n. 3
0
        static StratCom()
        {
            var digest = AuthenticatorFactory.CreateHashPrimitive(EntropyHashFunction);

            var digestRng = new DigestCsRng(digest);

            digestRng.AddSeedMaterial(((UInt64)DateTime.UtcNow.Ticks).ToLittleEndian());

            var seed = new byte[InitialSeedSize];

            new ThreadedSeedRng().NextBytes(seed, 0, InitialSeedSize / 2);
            var rrwRng = new ReversedRandomWindowRng(digestRng,
                                                     Athena.Cryptography.HashFunctions[EntropyHashFunction].OutputSizeBits.BitsToBytes());

            rrwRng.NextBytes(seed, InitialSeedSize / 2, InitialSeedSize / 2);
            rrwRng.AddSeedMaterial(seed);
            rrwRng.NextBytes(seed);
            digestRng.AddSeedMaterial(seed);

            EntropySupplier = digestRng;
        }
Esempio n. 4
0
        private static void TestEcJPake(string curveName, HashFunction hashFunction)
        {
            const string password = "******";
            var          ecParams = EcInformationStore.GetECCurveData(curveName).GetParameters();
            var          digest   = AuthenticatorFactory.CreateHashPrimitive(hashFunction);

            var alice = new ECJpakeSession("ObscurCore_P0", password, ecParams, digest, StratCom.EntropySupplier);
            var bob   = new ECJpakeSession("ObscurCore_P1", password, ecParams, digest, StratCom.EntropySupplier);

            var sw = System.Diagnostics.Stopwatch.StartNew();

            // Round 1
            var aliceR1 = alice.CreateRound1ToSend();
            var bobR1   = bob.CreateRound1ToSend();

            alice.ValidateRound1Received(bobR1);
            bob.ValidateRound1Received(aliceR1);
            // Round 2
            var aliceR2 = alice.CreateRound2ToSend();
            var bobR2   = bob.CreateRound2ToSend();

            alice.ValidateRound2Received(bobR2);
            bob.ValidateRound2Received(aliceR2);
            // Round 3 (key confirmation)
            byte[] aliceKey, bobKey;
            var    aliceR3 = alice.CreateRound3ToSend();
            var    bobR3   = bob.CreateRound3ToSend();

            alice.ValidateRound3Received(bobR3, out aliceKey);
            bob.ValidateRound3Received(aliceR3, out bobKey);

            sw.Stop();

            Assert.IsTrue(aliceKey.SequenceEqualShortCircuiting(bobKey), "Keys produced ARE NOT equal! Protocol implementation is broken.");

            Assert.Pass("{0} ms.\nKey = {1}", sw.ElapsedMilliseconds, aliceKey.ToHexString());
        }