public void nullKey()
{
Sign1Message msg = new Sign1Message();
OneKey key = null;
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.ECDSA_256, Attributes.PROTECTED);
msg.SetContent(rgbContent);
Assert.ThrowsException <NullReferenceException>(() =>
msg.Sign(key));
}
public void noContent()
{
Sign1Message msg = new Sign1Message();
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.ECDSA_256, Attributes.PROTECTED);
CoseException e = Assert.ThrowsException <CoseException>(() =>
msg.Sign(cnKeyPrivate));
Assert.AreEqual(e.Message, ("No Content Specified"));
}
public void noAlgorithm()
{
Sign1Message msg = new Sign1Message();
msg.SetContent(rgbContent);
CoseException e = Assert.ThrowsException <CoseException>(() =>
msg.Sign(cnKeyPrivate));
Assert.AreEqual(e.Message, ("No Algorithm Specified"));
}
public void unsupportedAlgorithm()
{
Sign1Message msg = new Sign1Message();
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.HMAC_SHA_256, Attributes.PROTECTED);
msg.SetContent(rgbContent);
CoseException e = Assert.ThrowsException <CoseException>(() =>
msg.Sign(cnKeyPrivate));
Assert.AreEqual(e.Message, ("Unknown Algorithm Specified"));
}
public void unknownAlgorithm()
{
Sign1Message msg = new Sign1Message();
msg.AddAttribute(HeaderKeys.Algorithm, CBORObject.FromObject("Unknown"), Attributes.PROTECTED);
msg.SetContent(rgbContent);
CoseException e = Assert.ThrowsException <CoseException>(() =>
msg.Sign(cnKeyPrivate));
Assert.AreEqual(e.Message, ("Unknown Algorithm Specified"));
}
public void publicKey()
{
Sign1Message msg = new Sign1Message();
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.ECDSA_256, Attributes.PROTECTED);
msg.SetContent(rgbContent);
CoseException e = Assert.ThrowsException <CoseException>(() =>
msg.Sign(cnKeyPublic));
Assert.AreEqual(e.Message, ("Private key required to sign"));
}
public void testRoundTrip()
{
Sign1Message msg = new Sign1Message();
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.ECDSA_256, Attributes.PROTECTED);
msg.SetContent(rgbContent);
msg.Sign(cnKeyPrivate);
byte[] rgbMsg = msg.EncodeToBytes();
msg = (Sign1Message)Message.DecodeFromBytes(rgbMsg, Tags.Sign1);
Boolean f = msg.Validate(cnKeyPublic);
Assert.AreEqual(f, (true));
}
public byte[] CreateMessage3()
{
CBORObject msg = CBORObject.NewArray();
if (_fSymmetricSecret)
{
msg.Add(6);
}
else
{
msg.Add(3);
}
msg.Add(_SessionId[1]);
byte[] aad_3 = ConcatenateAndHash(new byte[2][] { _LastMessageAuthenticator, msg.EncodeToBytes() }, _MessageDigest);
byte[] signBody = new byte[0];
if (!_fSymmetricSecret)
{
Sign1Message sign1 = new Sign1Message(false, false);
sign1.SetContent(aad_3);
sign1.AddAttribute(HeaderKeys.Algorithm, _algSign, Attributes.DO_NOT_SEND);
sign1.AddAttribute(HeaderKeys.KeyId, _SigningKey[CoseKeyKeys.KeyIdentifier], Attributes.UNPROTECTED);
sign1.Sign(_SigningKey);
CBORObject obj = CBORObject.NewArray();
obj.Add(sign1.EncodeToBytes());
signBody = obj.EncodeToBytes();
}
byte[][] encKeys = _DeriveKeys(_Keys, _SecretSalt, aad_3, _algAEAD);
Encrypt0Message enc = new Encrypt0Message(false);
enc.SetContent(signBody);
enc.SetExternalData(aad_3);
enc.AddAttribute(HeaderKeys.Algorithm, _algAEAD, Attributes.DO_NOT_SEND);
enc.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(encKeys[1]), Attributes.DO_NOT_SEND);
enc.Encrypt(encKeys[0]);
msg.Add(enc.EncodeToBytes());
byte[] msgOut = msg.EncodeToBytes();
_LastMessageAuthenticator = ConcatenateAndHash(new byte[2][] { _LastMessageAuthenticator, msgOut }, _MessageDigest);
return(msgOut);
}
static public EdhocResponder ParseMessage3(byte[] msgData, KeySet serverKeys)
{
CBORObject algVerify = null;
CBORObject msg = CBORObject.DecodeFromBytes(msgData);
if (msg.Type != CBORType.Array)
{
throw new Exception("Invalid message");
}
EdhocResponder edhoc = MessageList[new ListKey(msg[1].GetByteString())];
edhoc._Messages[2] = msgData;
if (edhoc._fSymmetricSecret)
{
if (msg[0].AsInt16() != 6)
{
throw new Exception("Invalid Message");
}
}
else
{
if (msg[0].AsInt16() != 3)
{
throw new Exception("Invalid Message");
}
}
Encrypt0Message enc0 = (Encrypt0Message)Com.AugustCellars.COSE.Message.DecodeFromBytes(msg[2].GetByteString(), Tags.Encrypt0);
msg.Remove(msg[2]);
byte[] data_3 = msg.EncodeToBytes();
byte[] aad_3 = ConcatenateAndHash(new byte[][] { edhoc._LastMessageAuthenticator, data_3 }, edhoc._MessageDigest);
byte[][] useKeys = _DeriveKeys(edhoc._Keys, edhoc._SecretSalt, aad_3, edhoc._algAEAD);
byte[] encKey = useKeys[0];
enc0.AddAttribute(HeaderKeys.Algorithm, edhoc._algAEAD, Attributes.DO_NOT_SEND);
enc0.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(useKeys[1]), Attributes.DO_NOT_SEND);
enc0.SetExternalData(aad_3);
byte[] body = enc0.Decrypt(encKey);
if (!edhoc._fSymmetricSecret)
{
CBORObject encBody = CBORObject.DecodeFromBytes(body);
Sign1Message sign1 = (Sign1Message)Com.AugustCellars.COSE.Message.DecodeFromBytes(encBody[0].GetByteString(), Tags.Sign1);
sign1.AddAttribute(HeaderKeys.Algorithm, edhoc._algSign, Attributes.DO_NOT_SEND);
CBORObject kidObject = sign1.FindAttribute(HeaderKeys.KeyId);
byte[] kid = null;
if (kidObject != null)
{
kid = kidObject.GetByteString();
}
sign1.SetExternalData(aad_3);
KeySet keys = new KeySet();
foreach (OneKey sigKey in serverKeys)
{
if (sigKey.HasKid(kid))
{
keys.AddKey(sigKey);
}
}
List <OneKey> ks = new List <OneKey>();
List <OneKey> ks2 = ks.Where(f => f.HasKid(kid)).ToList();
OneKey signingKey = null;
foreach (OneKey sigKey in keys)
{
try {
sign1.Validate(sigKey);
signingKey = sigKey;
}
catch (Exception) {
// nop;
}
}
if (signingKey == null)
{
throw new Exception("Unable to complete - no signing key found");
}
}
else
{
// body is the EXT_3 value
}
edhoc._LastMessageAuthenticator = ConcatenateAndHash(new byte[][] { edhoc._LastMessageAuthenticator, msgData }, edhoc._MessageDigest);
return(edhoc);
}
public byte[] CreateMessage2()
{
CBORObject msg = CBORObject.NewArray();
CBORObject obj;
if (_fSymmetricSecret)
{
msg.Add(5); // Msg Type
}
else
{
msg.Add(2);
}
msg.Add(_SessionId[1]); // S_U
msg.Add(_SessionId[0]); // S_V
msg.Add(_Nonce[0]); // N_V
msg.Add(_Keys[0].PublicKey().AsCBOR()); // E_V
msg.Add(_algKeyAgree); // HKDF_V
msg.Add(_algAEAD); // AEAD_V
if (!_fSymmetricSecret)
{
msg.Add(_algSign); // SIG_V
obj = CBORObject.NewArray();
obj.Add(AlgorithmValuesInt.ECDSA_256);
obj.Add(AlgorithmValues.EdDSA);
msg.Add(obj); // SIGs_V
}
if (_algKeyAgree.Equals(COSE.AlgorithmValues.ECDH_SS_HKDF_256))
{
_MessageDigest = new Sha256Digest();
}
byte[] data2 = msg.EncodeToBytes();
byte[] aad_2 = ConcatenateAndHash(new byte[2][] { _Messages[0], data2 }, _MessageDigest); // M00TODO - hash message[0] before passing it in.
byte[][] useKeys = _DeriveKeys(_Keys, _SecretSalt, aad_2, _algAEAD);
byte[] aeadKey = useKeys[0];
byte[] signResult = new byte[0];
if (!_fSymmetricSecret)
{
Sign1Message sign1 = new Sign1Message(false, false);
sign1.SetContent(aad_2);
sign1.AddAttribute(HeaderKeys.KeyId, _SigningKey[CoseKeyKeys.KeyIdentifier], Attributes.UNPROTECTED);
sign1.AddAttribute(HeaderKeys.Algorithm, _algSign, Attributes.DO_NOT_SEND);
sign1.Sign(_SigningKey);
signResult = sign1.EncodeToBytes();
}
Encrypt0Message enc0 = new Encrypt0Message(true);
enc0.AddAttribute(HeaderKeys.Algorithm, _algAEAD, Attributes.DO_NOT_SEND);
enc0.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(useKeys[1]), Attributes.DO_NOT_SEND);
enc0.SetExternalData(aad_2);
CBORObject encContent = CBORObject.NewArray();
encContent.Add(signResult);
enc0.SetContent(encContent.EncodeToBytes());
enc0.Encrypt(aeadKey);
msg.Add(enc0.EncodeToCBORObject()); // COSE_ENC_2
_Messages[1] = msg.EncodeToBytes();
_LastMessageAuthenticator = ConcatenateAndHash(new byte[][] { _Messages[0], _Messages[1] }, _MessageDigest);
return(_Messages[1]);
}
/// <summary>
///
/// </summary>
/// <param name="msgData"></param>
/// <param name="keySetPublic"></param>
public void ParseMessage2(byte[] msgData, KeySet keySetPublic)
{
int msgIndex;
CBORObject algVerify = null;
CBORObject msg = CBORObject.DecodeFromBytes(msgData);
if (msg.Type != CBORType.Array)
{
throw new Exception("Invalid message");
}
_Messages[1] = msgData;
if (_fSymmetricSecret)
{
if (msg[0].AsInt16() != 5)
{
throw new Exception("Invalid Message");
}
}
else
{
if (msg[0].AsInt16() != 2)
{
throw new Exception("Invalid Message");
}
}
_SessionId[1] = msg[2].GetByteString(); // S_V
_Nonce[1] = msg[3].GetByteString(); // N_V
_Keys[1] = new OneKey(msg[4]); // E_V
_algKeyAgree = msg[5]; // HKDF_V
_algAEAD = msg[6]; // AAEAD_V
if (_fSymmetricSecret)
{
msgIndex = 7;
}
else
{
algVerify = msg[7]; // SIG_V
_algSign = _SelectAlgorithm(msg[8], new CBORObject[] { _SigningKey[CoseKeyKeys.Algorithm] }); // SIG_U
msgIndex = 9;
}
// What is the hash algorithm to use?
switch ((AlgorithmValuesInt)_algKeyAgree.AsInt32())
{
case AlgorithmValuesInt.ECDH_SS_HKDF_256:
_MessageDigest = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDH_SS_HKDF_512:
_MessageDigest = new Sha512Digest();
break;
}
Encrypt0Message enc0 = (Encrypt0Message)Com.AugustCellars.COSE.Message.DecodeFromBytes(msg[msgIndex].EncodeToBytes(), Tags.Encrypt0);
msg.Remove(msg[msgIndex]);
byte[] data_2 = msg.EncodeToBytes();
byte[] aad_2 = ConcatenateAndHash(new byte[2][] { _Messages[0], data_2 }, _MessageDigest);
byte[][] useKeys = _DeriveKeys(_Keys, _SecretSalt, aad_2, _algAEAD);
byte[] encKey = useKeys[0];
enc0.AddAttribute(HeaderKeys.Algorithm, _algAEAD, Attributes.DO_NOT_SEND);
enc0.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(useKeys[1]), Attributes.DO_NOT_SEND);
enc0.SetExternalData(aad_2);
byte[] body = enc0.Decrypt(encKey);
if (!_fSymmetricSecret)
{
CBORObject encBody = CBORObject.DecodeFromBytes(body);
Sign1Message sign1 = (Sign1Message)Com.AugustCellars.COSE.Message.DecodeFromBytes(encBody[0].GetByteString(), Tags.Sign1);
sign1.AddAttribute(HeaderKeys.Algorithm, algVerify, Attributes.DO_NOT_SEND);
CBORObject kid = sign1.FindAttribute(HeaderKeys.KeyId);
sign1.SetExternalData(aad_2);
foreach (OneKey sigKey in keySetPublic)
{
sign1.Validate(sigKey); //FIND KEY);
}
}
else
{
// body is the EXT_2 value
}
_LastMessageAuthenticator = ConcatenateAndHash(new byte[2][] { _LastMessageAuthenticator, msgData }, _MessageDigest);
}
