public DeviceConsistencyMessage(DeviceConsistencyCommitment commitment, IdentityKeyPair identityKeyPair)
{
try
{
byte[] signatureBytes = Curve.CalculateVrfSignature(identityKeyPair.GetPrivateKey(), commitment.ToByteArray());
byte[] vrfOutputBytes = Curve.VerifyVrfSignature(identityKeyPair.GetPublicKey().GetPublicKey(), commitment.ToByteArray(), signatureBytes);
_generation = commitment.GetGeneration();
_signature = new DeviceConsistencySignature(signatureBytes, vrfOutputBytes);
_serialized = SignalProtos.DeviceConsistencyCodeMessage.CreateBuilder()
.SetGeneration((uint)commitment.GetGeneration())
.SetSignature(ByteString.CopyFrom(_signature.GetSignature()))
.Build()
.ToByteArray();
}
catch (InvalidKeyException e)
{
Debug.Assert(false);
throw e;
}
catch (VrfSignatureVerificationFailedException e)
{
Debug.Assert(false);
throw e;
}
}
public void StoreLocalData(uint registrationId, IdentityKeyPair identityKey)
{
IdentityKeysRepository identityKeysRepository = new IdentityKeysRepository();
IdentityKeys newKeys = new IdentityKeys()
{
RecipientId = "-1",
RegistrationId = Convert.ToString(registrationId),
PublicKey = identityKey.GetPublicKey().Serialize(),
PrivateKey = identityKey.GetPrivateKey().Serialize()
};
identityKeysRepository.Save(newKeys);
}
/// <summary>
///
/// </summary>
/// <param name="registrationId"></param>
/// <param name="identityKey"></param>
public void StoreLocalData(uint registrationId, IdentityKeyPair identityKey)
{
if (IdentitiesObjectDic.ContainsKey("-1"))
{
IdentitiesObjectDic.Remove("-1");
}
IdentitiesObjectDic.Add("-1", new IdentitiesObject()
{
RecipientId = "-1",
RegistrationId = registrationId.ToString(),
PublicKey = identityKey.GetPublicKey().Serialize(),
PrivateKey = identityKey.GetPrivateKey().Serialize()
});
}
public void SetPendingKeyExchange(uint sequence,
EcKeyPair ourBaseKey,
EcKeyPair ourRatchetKey,
IdentityKeyPair ourIdentityKey)
{
SessionStructure.Types.PendingKeyExchange structure = new SessionStructure.Types.PendingKeyExchange
{
LocalBaseKey = ByteString.CopyFrom(ourBaseKey.GetPublicKey().Serialize()),
LocalBaseKeyPrivate = ByteString.CopyFrom(ourBaseKey.GetPrivateKey().Serialize()),
LocalRatchetKey = ByteString.CopyFrom(ourRatchetKey.GetPublicKey().Serialize()),
LocalRatchetKeyPrivate = ByteString.CopyFrom(ourRatchetKey.GetPrivateKey().Serialize()),
LocalIdentityKey = ByteString.CopyFrom(ourIdentityKey.GetPublicKey().Serialize()),
LocalIdentityKeyPrivate = ByteString.CopyFrom(ourIdentityKey.GetPrivateKey().Serialize())
};
_sessionStructure.PendingKeyExchange = structure;
}
public void TestDeviceConsistency()
{
IdentityKeyPair deviceOne = KeyHelper.GenerateIdentityKeyPair();
IdentityKeyPair deviceTwo = KeyHelper.GenerateIdentityKeyPair();
IdentityKeyPair deviceThree = KeyHelper.GenerateIdentityKeyPair();
List <IdentityKey> keyList = new List <IdentityKey>(new[]
{
deviceOne.GetPublicKey(),
deviceTwo.GetPublicKey(),
deviceThree.GetPublicKey()
});
Random random = new Random();
HelperMethods.Shuffle(keyList, random);
DeviceConsistencyCommitment deviceOneCommitment = new DeviceConsistencyCommitment(1, keyList);
HelperMethods.Shuffle(keyList, random);
DeviceConsistencyCommitment deviceTwoCommitment = new DeviceConsistencyCommitment(1, keyList);
HelperMethods.Shuffle(keyList, random);
DeviceConsistencyCommitment deviceThreeCommitment = new DeviceConsistencyCommitment(1, keyList);
CollectionAssert.AreEqual(deviceOneCommitment.ToByteArray(), deviceTwoCommitment.ToByteArray());
CollectionAssert.AreEqual(deviceTwoCommitment.ToByteArray(), deviceThreeCommitment.ToByteArray());
DeviceConsistencyMessage deviceOneMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceOne);
DeviceConsistencyMessage deviceTwoMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceTwo);
DeviceConsistencyMessage deviceThreeMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceThree);
DeviceConsistencyMessage receivedDeviceOneMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceOneMessage.GetSerialized(), deviceOne.GetPublicKey());
DeviceConsistencyMessage receivedDeviceTwoMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceTwoMessage.GetSerialized(), deviceTwo.GetPublicKey());
DeviceConsistencyMessage receivedDeviceThreeMessage = new DeviceConsistencyMessage(deviceOneCommitment, deviceThreeMessage.GetSerialized(), deviceThree.GetPublicKey());
CollectionAssert.AreEqual(deviceOneMessage.GetSignature().GetVrfOutput(), receivedDeviceOneMessage.GetSignature().GetVrfOutput());
CollectionAssert.AreEqual(deviceTwoMessage.GetSignature().GetVrfOutput(), receivedDeviceTwoMessage.GetSignature().GetVrfOutput());
CollectionAssert.AreEqual(deviceThreeMessage.GetSignature().GetVrfOutput(), receivedDeviceThreeMessage.GetSignature().GetVrfOutput());
string codeOne = GenerateCode(deviceOneCommitment, deviceOneMessage, receivedDeviceTwoMessage, receivedDeviceThreeMessage);
string codeTwo = GenerateCode(deviceTwoCommitment, deviceTwoMessage, receivedDeviceThreeMessage, receivedDeviceOneMessage);
string codeThree = GenerateCode(deviceThreeCommitment, deviceThreeMessage, receivedDeviceTwoMessage, receivedDeviceOneMessage);
Assert.AreEqual(codeOne, codeTwo);
Assert.AreEqual(codeTwo, codeThree);
}
public void SetPendingKeyExchange(uint sequence,
ECKeyPair ourBaseKey,
ECKeyPair ourRatchetKey,
IdentityKeyPair ourIdentityKey)
{
PendingKeyExchange structure =
PendingKeyExchange.CreateBuilder()
.SetSequence(sequence)
.SetLocalBaseKey(ByteString.CopyFrom(ourBaseKey.GetPublicKey().Serialize()))
.SetLocalBaseKeyPrivate(ByteString.CopyFrom(ourBaseKey.GetPrivateKey().Serialize()))
.SetLocalRatchetKey(ByteString.CopyFrom(ourRatchetKey.GetPublicKey().Serialize()))
.SetLocalRatchetKeyPrivate(ByteString.CopyFrom(ourRatchetKey.GetPrivateKey().Serialize()))
.SetLocalIdentityKey(ByteString.CopyFrom(ourIdentityKey.GetPublicKey().Serialize()))
.SetLocalIdentityKeyPrivate(ByteString.CopyFrom(ourIdentityKey.GetPrivateKey().Serialize()))
.Build();
this.sessionStructure = this.sessionStructure.ToBuilder()
.SetPendingKeyExchange(structure)
.Build();
}
private void InitializeSessionsV3(SessionState aliceSessionState, SessionState bobSessionState)
{
EcKeyPair aliceIdentityKeyPair = Curve.GenerateKeyPair();
IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.GetPublicKey()),
aliceIdentityKeyPair.GetPrivateKey());
EcKeyPair aliceBaseKey = Curve.GenerateKeyPair();
EcKeyPair aliceEphemeralKey = Curve.GenerateKeyPair();
EcKeyPair alicePreKey = aliceBaseKey;
EcKeyPair bobIdentityKeyPair = Curve.GenerateKeyPair();
IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.GetPublicKey()),
bobIdentityKeyPair.GetPrivateKey());
EcKeyPair bobBaseKey = Curve.GenerateKeyPair();
EcKeyPair bobEphemeralKey = bobBaseKey;
EcKeyPair bobPreKey = Curve.GenerateKeyPair();
AliceSignalProtocolParameters aliceParameters = AliceSignalProtocolParameters.NewBuilder()
.SetOurBaseKey(aliceBaseKey)
.SetOurIdentityKey(aliceIdentityKey)
.SetTheirOneTimePreKey(May <IEcPublicKey> .NoValue)
.SetTheirRatchetKey(bobEphemeralKey.GetPublicKey())
.SetTheirSignedPreKey(bobBaseKey.GetPublicKey())
.SetTheirIdentityKey(bobIdentityKey.GetPublicKey())
.Create();
BobSignalProtocolParameters bobParameters = BobSignalProtocolParameters.NewBuilder()
.SetOurRatchetKey(bobEphemeralKey)
.SetOurSignedPreKey(bobBaseKey)
.SetOurOneTimePreKey(May <EcKeyPair> .NoValue)
.SetOurIdentityKey(bobIdentityKey)
.SetTheirIdentityKey(aliceIdentityKey.GetPublicKey())
.SetTheirBaseKey(aliceBaseKey.GetPublicKey())
.Create();
RatchetingSession.InitializeSession(aliceSessionState, aliceParameters);
RatchetingSession.InitializeSession(bobSessionState, bobParameters);
}
public void TestRatchetingSessionAsBob()
{
byte[] bobPublic = { (byte)0x05, (byte)0x2c, (byte)0xb4, (byte)0x97,
(byte)0x76, (byte)0xb8, (byte)0x77, (byte)0x02,
(byte)0x05, (byte)0x74, (byte)0x5a, (byte)0x3a,
(byte)0x6e, (byte)0x24, (byte)0xf5, (byte)0x79,
(byte)0xcd, (byte)0xb4, (byte)0xba, (byte)0x7a,
(byte)0x89, (byte)0x04, (byte)0x10, (byte)0x05,
(byte)0x92, (byte)0x8e, (byte)0xbb, (byte)0xad,
(byte)0xc9, (byte)0xc0, (byte)0x5a, (byte)0xd4,
(byte)0x58 };
byte[] bobPrivate = { (byte)0xa1, (byte)0xca, (byte)0xb4, (byte)0x8f,
(byte)0x7c, (byte)0x89, (byte)0x3f, (byte)0xaf,
(byte)0xa9, (byte)0x88, (byte)0x0a, (byte)0x28,
(byte)0xc3, (byte)0xb4, (byte)0x99, (byte)0x9d,
(byte)0x28, (byte)0xd6, (byte)0x32, (byte)0x95,
(byte)0x62, (byte)0xd2, (byte)0x7a, (byte)0x4e,
(byte)0xa4, (byte)0xe2, (byte)0x2e, (byte)0x9f,
(byte)0xf1, (byte)0xbd, (byte)0xd6, (byte)0x5a };
byte[] bobIdentityPublic = { (byte)0x05, (byte)0xf1, (byte)0xf4, (byte)0x38,
(byte)0x74, (byte)0xf6, (byte)0x96, (byte)0x69,
(byte)0x56, (byte)0xc2, (byte)0xdd, (byte)0x47,
(byte)0x3f, (byte)0x8f, (byte)0xa1, (byte)0x5a,
(byte)0xde, (byte)0xb7, (byte)0x1d, (byte)0x1c,
(byte)0xb9, (byte)0x91, (byte)0xb2, (byte)0x34,
(byte)0x16, (byte)0x92, (byte)0x32, (byte)0x4c,
(byte)0xef, (byte)0xb1, (byte)0xc5, (byte)0xe6,
(byte)0x26 };
byte[] bobIdentityPrivate = { (byte)0x48, (byte)0x75, (byte)0xcc, (byte)0x69,
(byte)0xdd, (byte)0xf8, (byte)0xea, (byte)0x07,
(byte)0x19, (byte)0xec, (byte)0x94, (byte)0x7d,
(byte)0x61, (byte)0x08, (byte)0x11, (byte)0x35,
(byte)0x86, (byte)0x8d, (byte)0x5f, (byte)0xd8,
(byte)0x01, (byte)0xf0, (byte)0x2c, (byte)0x02,
(byte)0x25, (byte)0xe5, (byte)0x16, (byte)0xdf,
(byte)0x21, (byte)0x56, (byte)0x60, (byte)0x5e };
byte[] aliceBasePublic = { (byte)0x05, (byte)0x47, (byte)0x2d, (byte)0x1f,
(byte)0xb1, (byte)0xa9, (byte)0x86, (byte)0x2c,
(byte)0x3a, (byte)0xf6, (byte)0xbe, (byte)0xac,
(byte)0xa8, (byte)0x92, (byte)0x02, (byte)0x77,
(byte)0xe2, (byte)0xb2, (byte)0x6f, (byte)0x4a,
(byte)0x79, (byte)0x21, (byte)0x3e, (byte)0xc7,
(byte)0xc9, (byte)0x06, (byte)0xae, (byte)0xb3,
(byte)0x5e, (byte)0x03, (byte)0xcf, (byte)0x89,
(byte)0x50 };
byte[] aliceEphemeralPublic = { (byte)0x05, (byte)0x6c, (byte)0x3e, (byte)0x0d,
(byte)0x1f, (byte)0x52, (byte)0x02, (byte)0x83,
(byte)0xef, (byte)0xcc, (byte)0x55, (byte)0xfc,
(byte)0xa5, (byte)0xe6, (byte)0x70, (byte)0x75,
(byte)0xb9, (byte)0x04, (byte)0x00, (byte)0x7f,
(byte)0x18, (byte)0x81, (byte)0xd1, (byte)0x51,
(byte)0xaf, (byte)0x76, (byte)0xdf, (byte)0x18,
(byte)0xc5, (byte)0x1d, (byte)0x29, (byte)0xd3,
(byte)0x4b };
byte[] aliceIdentityPublic = { (byte)0x05, (byte)0xb4, (byte)0xa8, (byte)0x45,
(byte)0x56, (byte)0x60, (byte)0xad, (byte)0xa6,
(byte)0x5b, (byte)0x40, (byte)0x10, (byte)0x07,
(byte)0xf6, (byte)0x15, (byte)0xe6, (byte)0x54,
(byte)0x04, (byte)0x17, (byte)0x46, (byte)0x43,
(byte)0x2e, (byte)0x33, (byte)0x39, (byte)0xc6,
(byte)0x87, (byte)0x51, (byte)0x49, (byte)0xbc,
(byte)0xee, (byte)0xfc, (byte)0xb4, (byte)0x2b,
(byte)0x4a };
byte[] bobSignedPreKeyPublic = { (byte)0x05, (byte)0xac, (byte)0x24, (byte)0x8a, (byte)0x8f,
(byte)0x26, (byte)0x3b, (byte)0xe6, (byte)0x86, (byte)0x35,
(byte)0x76, (byte)0xeb, (byte)0x03, (byte)0x62, (byte)0xe2,
(byte)0x8c, (byte)0x82, (byte)0x8f, (byte)0x01, (byte)0x07,
(byte)0xa3, (byte)0x37, (byte)0x9d, (byte)0x34, (byte)0xba,
(byte)0xb1, (byte)0x58, (byte)0x6b, (byte)0xf8, (byte)0xc7,
(byte)0x70, (byte)0xcd, (byte)0x67 };
byte[] bobSignedPreKeyPrivate = { (byte)0x58, (byte)0x39, (byte)0x00, (byte)0x13, (byte)0x1f,
(byte)0xb7, (byte)0x27, (byte)0x99, (byte)0x8b, (byte)0x78,
(byte)0x03, (byte)0xfe, (byte)0x6a, (byte)0xc2, (byte)0x2c,
(byte)0xc5, (byte)0x91, (byte)0xf3, (byte)0x42, (byte)0xe4,
(byte)0xe4, (byte)0x2a, (byte)0x8c, (byte)0x8d, (byte)0x5d,
(byte)0x78, (byte)0x19, (byte)0x42, (byte)0x09, (byte)0xb8,
(byte)0xd2, (byte)0x53 };
byte[] senderChain = { (byte)0x97, (byte)0x97, (byte)0xca, (byte)0xca, (byte)0x53,
(byte)0xc9, (byte)0x89, (byte)0xbb, (byte)0xe2, (byte)0x29,
(byte)0xa4, (byte)0x0c, (byte)0xa7, (byte)0x72, (byte)0x70,
(byte)0x10, (byte)0xeb, (byte)0x26, (byte)0x04, (byte)0xfc,
(byte)0x14, (byte)0x94, (byte)0x5d, (byte)0x77, (byte)0x95,
(byte)0x8a, (byte)0x0a, (byte)0xed, (byte)0xa0, (byte)0x88,
(byte)0xb4, (byte)0x4d };
IdentityKey bobIdentityKeyPublic = new IdentityKey(bobIdentityPublic, 0);
IEcPrivateKey bobIdentityKeyPrivate = Curve.DecodePrivatePoint(bobIdentityPrivate);
IdentityKeyPair bobIdentityKey = new IdentityKeyPair(bobIdentityKeyPublic, bobIdentityKeyPrivate);
IEcPublicKey bobEphemeralPublicKey = Curve.DecodePoint(bobPublic, 0);
IEcPrivateKey bobEphemeralPrivateKey = Curve.DecodePrivatePoint(bobPrivate);
EcKeyPair bobEphemeralKey = new EcKeyPair(bobEphemeralPublicKey, bobEphemeralPrivateKey);
EcKeyPair bobBaseKey = bobEphemeralKey;
EcKeyPair bobSignedPreKey = new EcKeyPair(Curve.DecodePoint(bobSignedPreKeyPublic, 0), Curve.DecodePrivatePoint(bobSignedPreKeyPrivate));
IEcPublicKey aliceBasePublicKey = Curve.DecodePoint(aliceBasePublic, 0);
IEcPublicKey aliceEphemeralPublicKey = Curve.DecodePoint(aliceEphemeralPublic, 0);
IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0);
BobSignalProtocolParameters parameters = BobSignalProtocolParameters.NewBuilder()
.SetOurIdentityKey(bobIdentityKey)
.SetOurSignedPreKey(bobSignedPreKey)
.SetOurRatchetKey(bobEphemeralKey)
.SetOurOneTimePreKey(May <EcKeyPair> .NoValue)
.SetTheirIdentityKey(aliceIdentityPublicKey)
.SetTheirBaseKey(aliceBasePublicKey)
.Create();
SessionState session = new SessionState();
RatchetingSession.InitializeSession(session, parameters);
Assert.AreEqual <IdentityKey>(session.GetLocalIdentityKey(), bobIdentityKey.GetPublicKey());
Assert.AreEqual <IdentityKey>(session.GetRemoteIdentityKey(), aliceIdentityPublicKey);
CollectionAssert.AreEqual(session.GetSenderChainKey().GetKey(), senderChain);
}
