public void SrpIntegerFromHexToHex() { var si = SrpInteger.FromHex("02"); Assert.AreEqual("02", si.ToHex()); // 512-bit prime number si = SrpInteger.FromHex("D4C7F8A2B32C11B8FBA9581EC4BA4F1B04215642EF7355E37C0FC0443EF756EA2C6B8EEB755A1C723027663CAA265EF785B8FF6A9B35227A52D86633DBDFCA43"); Assert.AreEqual("d4c7f8a2b32c11b8fba9581ec4ba4f1b04215642ef7355e37c0fc0443ef756ea2c6b8eeb755a1c723027663caa265ef785b8ff6a9b35227a52d86633dbdfca43", si.ToHex()); // should keep padding when going back and forth Assert.AreEqual("a", SrpInteger.FromHex("a").ToHex()); Assert.AreEqual("0a", SrpInteger.FromHex("0a").ToHex()); Assert.AreEqual("00a", SrpInteger.FromHex("00a").ToHex()); Assert.AreEqual("000a", SrpInteger.FromHex("000a").ToHex()); Assert.AreEqual("0000a", SrpInteger.FromHex("0000a").ToHex()); Assert.AreEqual("00000a", SrpInteger.FromHex("00000a").ToHex()); }
public void SrpIntegerToByteArrayConversion() { var si = SrpInteger.FromHex("02"); var arr = new byte[] { 0x02 }; Assert.IsTrue(Enumerable.SequenceEqual(arr, si.ToByteArray())); si = SrpInteger.FromHex("01F2C3A4B506"); arr = new byte[] { 0x01, 0xF2, 0xC3, 0xA4, 0xB5, 0x06 }; Assert.IsTrue(Enumerable.SequenceEqual(arr, si.ToByteArray())); si = SrpInteger.FromHex("ed3250071433e544b62b5dd0341564825a697357b5379f07aabca795a4e0a109"); arr = new byte[] { 0xed, 0x32, 0x50, 0x07, 0x14, 0x33, 0xe5, 0x44, 0xb6, 0x2b, 0x5d, 0xd0, 0x34, 0x15, 0x64, 0x82, 0x5a, 0x69, 0x73, 0x57, 0xb5, 0x37, 0x9f, 0x07, 0xaa, 0xbc, 0xa7, 0x95, 0xa4, 0xe0, 0xa1, 0x09 }; Assert.IsTrue(Enumerable.SequenceEqual(arr, si.ToByteArray())); si = new SrpInteger("B0", 10); arr = new byte[] { 0, 0, 0, 0, 0xb0 }; Assert.IsTrue(Enumerable.SequenceEqual(arr, si.ToByteArray())); }
public void SrpClientDerivesThePrivateKeyAndVerifier() { // validate intermediate steps var userName = "******"; var password = "******"; H H = new SrpHash <SHA256>().ComputeHash; var step1 = H($"{userName}:{password}"); Assert.AreEqual(SrpInteger.FromHex("ed3250071433e544b62b5dd0341564825a697357b5379f07aabca795a4e0a109"), step1); // step1.1 var salt = "34ada39bbabfa6e663f1aad3d7814121"; var s = SrpInteger.FromHex(salt); var step11 = H(s); Assert.AreEqual(SrpInteger.FromHex("a5acfc1292e1b8e171b7c9a0f7b5bcd9bbcd4a3485c18d9d4fcf4480e8573442"), step11); // step1.2 var step12 = H(step1); Assert.AreEqual(SrpInteger.FromHex("446d597ddf0e65ca0395926665e70f10a2b0f8194f633243e71359028895be6f"), step12); // step2 var step2 = H(s, step1); Assert.AreEqual(SrpInteger.FromHex("e2db59181003e48e326292b3b307a1173a5f1fd12c6ffde55f7289503065fd6c"), step2); // private key derivation is deterministic for the same s, I, p var privateKey = new SrpClient().DerivePrivateKey(salt, userName, password); Assert.AreEqual("e2db59181003e48e326292b3b307a1173a5f1fd12c6ffde55f7289503065fd6c", privateKey); // verifier var verifier = new SrpClient().DeriveVerifier(privateKey); Assert.AreEqual("622dad56d6c282a949f9d2702941a9866b7dd277af92a6e538b2d7cca42583275a2f4b64bd61369a24b23170223faf212e2f3bdddc529204c61055687c4162aa2cd0fd41ced0186406b8a6dda4802fa941c54f5115ca69953a8e265210349a4cb89dda3febc96c86df08a87823235ff6c87a170cc1618f38ec493e758e2cac4c04db3dcdac8656458296dbcc3599fc1f66cde1e62e477dd1696c65dbeb413d8ed832adc7304e68566b46a7849126eea62c95d5561306f76fe1f8a77a3bd85db85e6b0262064d665890ff46170f96ce403a9b485abe387e91ca85e3522d6276e2fff41754d57a71dee6da62aea614725da100631efd7442cf68a294001d8134e9", verifier); }
public void SrpIntegetModPowCompatibleWithJsbn() { // jsbn results: // 5 ^ 3 % 1000 = <SRPInteger 7d> = 125 // -5 ^ 3 % 1000 = <SRPInteger f83> = 0x1000-0x7d // 5 ^ 33 % 1000 = <SRPInteger 2bd> = 701 //-5 ^ 33 % 1000 = <SRPInteger d43> = 0x1000-0x2bd, // 5 ^ 90 % 1000 = <SRPInteger dc1> //-5 ^ 90 % 1000 = <SRPInteger dc1> var p5 = SrpInteger.FromHex("5"); var n5 = SrpInteger.FromHex("-5"); var x3 = SrpInteger.FromHex("3"); var x33 = SrpInteger.FromHex("33"); var x90 = SrpInteger.FromHex("90"); var m = SrpInteger.FromHex("1000"); var result = p5.ModPow(x3, m); Assert.AreEqual("007d", result.ToHex()); result = p5.ModPow(x33, m); Assert.AreEqual("02bd", result.ToHex()); result = p5.ModPow(x90, m); Assert.AreEqual("0dc1", result.ToHex()); result = n5.ModPow(x3, m); Assert.AreEqual("0f83", result.ToHex()); result = n5.ModPow(x33, m); Assert.AreEqual("0d43", result.ToHex()); result = n5.ModPow(x90, m); Assert.AreEqual("0dc1", result.ToHex()); }
internal Tlv HandlePairSetupM5Raw(ConnectionSession session, out KeyPair keyPair) { var hdkf = new HkdfSha512(); var accessory = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(session.ServerSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Info"), 32); keyPair = KeyGenerator.GenerateNewPair(); var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId); var material = accessory.Concat(serverUsername).Concat(keyPair.PublicKey).ToArray(); var signature = Chaos.NaCl.Ed25519.Sign(material, keyPair.PrivateKey); var encoder = new Tlv(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.PublicKey, keyPair.PublicKey); encoder.AddType(Constants.Signature, signature); return(encoder); }
private void VerifyTestVector(TestVectorSet.TestVector testVector) { // prepare parameters var parameters = testVector.CreateParameters(); if (parameters == null) { // not supported hash function Assert.Warn($"Unsupported hash function, skipping: {testVector.H}"); return; } var N = parameters.Prime; var g = parameters.Generator; var H = parameters.Hash; // validate the multiplier parameter var k = parameters.Multiplier; var kx = SrpInteger.FromHex(testVector.k); Assert.AreEqual(kx, k); // prepare user name, password and salt var I = testVector.I; var P = testVector.P; var s = SrpInteger.FromHex(testVector.s).ToHex(); var client = new SrpClient(parameters); var server = new SrpServer(parameters); // validate the private key var x = SrpInteger.FromHex(client.DerivePrivateKey(s, I, P)); var xx = SrpInteger.FromHex(testVector.x); Assert.AreEqual(xx, x); // validate the verifier var v = SrpInteger.FromHex(client.DeriveVerifier(x)); var vx = SrpInteger.FromHex(testVector.v); Assert.AreEqual(vx, v); // client ephemeral var a = SrpInteger.FromHex(testVector.a); var A = client.ComputeA(a); var Ax = SrpInteger.FromHex(testVector.A); Assert.AreEqual(Ax, A); var clientEphemeral = new SrpEphemeral { Public = A, Secret = a }; // server ephemeral var b = SrpInteger.FromHex(testVector.b); var B = server.ComputeB(v, b); var Bx = SrpInteger.FromHex(testVector.B); Assert.AreEqual(Bx, B); var serverEphemeral = new SrpEphemeral { Public = B, Secret = a }; // validate u var u = client.ComputeU(A, B); var ux = SrpInteger.FromHex(testVector.u); Assert.AreEqual(ux, u); // premaster secret — client version var S = client.ComputeS(a, B, u, x); var Sx = SrpInteger.FromHex(testVector.S); Assert.AreEqual(Sx, S); // premaster secret — server version S = server.ComputeS(A, b, u, v); Assert.AreEqual(Sx, S); // client session var clientSession = client.DeriveSession(a, B, s, I, x); if (testVector.M1 != null) { Assert.AreEqual(testVector.M1, clientSession.Proof); } // server session var serverSession = server.DeriveSession(b, A, s, I, v, clientSession.Proof); Assert.AreEqual(clientSession.Key, serverSession.Key); if (testVector.M2 != null) { Assert.AreEqual(testVector.M2, serverSession.Proof); } // verify server session client.VerifySession(A, clientSession, serverSession.Proof); if (testVector.K != null) { Assert.AreEqual(testVector.K, serverSession.Key); } }
public void HardcodedVersionOfRfc5054TestVector() { // https://www.ietf.org/rfc/rfc5054.txt var N = SrpInteger.FromHex(@"EEAF0AB9 ADB38DD6 9C33F80A FA8FC5E8 60726187 75FF3C0B 9EA2314C 9C256576 D674DF74 96EA81D3 383B4813 D692C6E0 E0D5D8E2 50B98BE4 8E495C1D 6089DAD1 5DC7D7B4 6154D6B6 CE8EF4AD 69B15D49 82559B29 7BCF1885 C529F566 660E57EC 68EDBC3C 05726CC0 2FD4CBF4 976EAA9A FD5138FE 8376435B 9FC61D2F C0EB06E3" ); var g = SrpInteger.FromHex("02"); var p = SrpParameters.Create <SHA1>(N, g); var H = p.Hash; var k = p.Multiplier; var kx = SrpInteger.FromHex(@"7556AA04 5AEF2CDD 07ABAF0F 665C3E81 8913186F"); Assert.AreEqual(kx, k); // prepare known parameters var I = "alice"; var P = "password123"; var s = SrpInteger.FromHex(@"BEB25379 D1A8581E B5A72767 3A2441EE").ToHex(); var client = new SrpClient(p); var server = new SrpServer(p); // validate the private key var x = SrpInteger.FromHex(client.DerivePrivateKey(s, I, P)); var xx = SrpInteger.FromHex(@"94B7555A ABE9127C C58CCF49 93DB6CF8 4D16C124"); Assert.AreEqual(xx, x); // validate the verifier var v = SrpInteger.FromHex(client.DeriveVerifier(x)); var vx = SrpInteger.FromHex(@" 7E273DE8 696FFC4F 4E337D05 B4B375BE B0DDE156 9E8FA00A 9886D812 9BADA1F1 822223CA 1A605B53 0E379BA4 729FDC59 F105B478 7E5186F5 C671085A 1447B52A 48CF1970 B4FB6F84 00BBF4CE BFBB1681 52E08AB5 EA53D15C 1AFF87B2 B9DA6E04 E058AD51 CC72BFC9 033B564E 26480D78 E955A5E2 9E7AB245 DB2BE315 E2099AFB" ); Assert.AreEqual(vx, v); // client ephemeral var a = SrpInteger.FromHex("60975527 035CF2AD 1989806F 0407210B C81EDC04 E2762A56 AFD529DD DA2D4393"); var A = client.ComputeA(a); var Ax = SrpInteger.FromHex(@" 61D5E490 F6F1B795 47B0704C 436F523D D0E560F0 C64115BB 72557EC4 4352E890 3211C046 92272D8B 2D1A5358 A2CF1B6E 0BFCF99F 921530EC 8E393561 79EAE45E 42BA92AE ACED8251 71E1E8B9 AF6D9C03 E1327F44 BE087EF0 6530E69F 66615261 EEF54073 CA11CF58 58F0EDFD FE15EFEA B349EF5D 76988A36 72FAC47B 0769447B" ); Assert.AreEqual(Ax, A); var clientEphemeral = new SrpEphemeral { Public = A, Secret = a }; // server ephemeral var b = SrpInteger.FromHex("E487CB59 D31AC550 471E81F0 0F6928E0 1DDA08E9 74A004F4 9E61F5D1 05284D20"); var B = server.ComputeB(v, b); var Bx = SrpInteger.FromHex(@" BD0C6151 2C692C0C B6D041FA 01BB152D 4916A1E7 7AF46AE1 05393011 BAF38964 DC46A067 0DD125B9 5A981652 236F99D9 B681CBF8 7837EC99 6C6DA044 53728610 D0C6DDB5 8B318885 D7D82C7F 8DEB75CE 7BD4FBAA 37089E6F 9C6059F3 88838E7A 00030B33 1EB76840 910440B1 B27AAEAE EB4012B7 D7665238 A8E3FB00 4B117B58" ); Assert.AreEqual(Bx, B); var serverEphemeral = new SrpEphemeral { Public = B, Secret = a }; // u var u = client.ComputeU(A, B); var ux = SrpInteger.FromHex("CE38B959 3487DA98 554ED47D 70A7AE5F 462EF019"); Assert.AreEqual(ux, u); // premaster secret — client version var S = client.ComputeS(a, B, u, x); var Sx = SrpInteger.FromHex(@" B0DC82BA BCF30674 AE450C02 87745E79 90A3381F 63B387AA F271A10D 233861E3 59B48220 F7C4693C 9AE12B0A 6F67809F 0876E2D0 13800D6C 41BB59B6 D5979B5C 00A172B4 A2A5903A 0BDCAF8A 709585EB 2AFAFA8F 3499B200 210DCC1F 10EB3394 3CD67FC8 8A2F39A4 BE5BEC4E C0A3212D C346D7E4 74B29EDE 8A469FFE CA686E5A" ); Assert.AreEqual(Sx, S); // premaster secret — server version S = server.ComputeS(A, b, u, v); Assert.AreEqual(Sx, S); // client session var clientSession = client.DeriveSession(a, B, s, I, x); Assert.AreEqual("017eefa1cefc5c2e626e21598987f31e0f1b11bb", clientSession.Key); Assert.AreEqual("3f3bc67169ea71302599cf1b0f5d408b7b65d347", clientSession.Proof); // server session var serverSession = server.DeriveSession(b, A, s, I, v, clientSession.Proof); Assert.AreEqual("017eefa1cefc5c2e626e21598987f31e0f1b11bb", serverSession.Key); Assert.AreEqual("9cab3c575a11de37d3ac1421a9f009236a48eb55", serverSession.Proof); // verify server session client.VerifySession(A, clientSession, serverSession.Proof); }
public void SrpIntegerSubtract() { var result = SrpInteger.FromHex("5340") - SrpInteger.FromHex("5181"); Assert.AreEqual("01bf", result.ToHex()); }
public void SrpIntegerAdd() { var result = SrpInteger.FromHex("353") + SrpInteger.FromHex("181"); Assert.AreEqual("4d4", result.ToHex()); }
public void SrpIntegerModulo() { var result = SrpInteger.FromHex("10") % SrpInteger.FromHex("9"); Assert.AreEqual("7", result.ToHex()); }
public void SrpIntegerDivide() { var result = SrpInteger.FromHex("faced") / SrpInteger.FromHex("BABE"); Assert.AreEqual("00015", result.ToHex()); }
public void SrpIntegerMultiply() { var result = SrpInteger.FromHex("CAFE") * SrpInteger.FromHex("babe"); Assert.AreEqual("94133484", result.ToHex(8)); }
public PairSetupReturn Post(Tlv parts) { var customParams = SrpParameters.Create3072 <SHA512>(); var state = parts.GetTypeAsInt(Constants.State); if (state == 1) //srp sign up { var rnd = new Random(); _salt = new byte[16]; rnd.NextBytes(_salt); _saltInt = SrpInteger.FromByteArray(_salt); var srp = new SrpClient(customParams); _privateKey = srp.DerivePrivateKey(_saltInt.ToHex(), Username, _code); _verifier = srp.DeriveVerifier(_privateKey); _server = new SrpServer(customParams); _serverEphemeral = _server.GenerateEphemeral(_verifier); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 2); responseTlv.AddType(Constants.PublicKey, StringToByteArray(_serverEphemeral.Public)); responseTlv.AddType(Constants.Salt, _salt); return(new PairSetupReturn { State = 1, TlvData = responseTlv, Ok = true }); } if (state == 3) //srp authenticate { _logger.LogDebug("Pair Setup Step 3/6"); _logger.LogDebug("SRP Verify Request"); var pubKey = parts.GetType(Constants.PublicKey); var proof = parts.GetType(Constants.Proof); var iOsPublicKey = SrpInteger.FromByteArray(pubKey); var iOsProof = SrpInteger.FromByteArray(proof); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 4); var ok = true; try { _serverSession = _server.DeriveSession(_serverEphemeral.Secret, iOsPublicKey.ToHex(), _saltInt.ToHex(), Username, _verifier, iOsProof.ToHex()); _logger.LogInformation("Verification was successful. Generating Server Proof (M2)"); responseTlv.AddType(Constants.Proof, StringToByteArray(_serverSession.Proof)); } catch (Exception) { ok = false; _logger.LogError("Verification failed as iOS provided code was incorrect"); responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); } return(new PairSetupReturn { State = 3, Ok = ok, TlvData = responseTlv }); } if (state == 5) { _logger.LogDebug("Pair Setup Step 5/6"); _logger.LogDebug("Exchange Response"); try { var iOsEncryptedData = parts.GetType(Constants.EncryptedData).AsSpan(); // A var zeros = new byte[] { 0, 0, 0, 0 }; var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg05")); var hdkf = new HkdfSha512(); var hkdfEncKey = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Info"), 32); var decrypt = AeadAlgorithm.ChaCha20Poly1305.Decrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], iOsEncryptedData, out var output); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 6); if (!decrypt) { responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = false }); } var subData = TlvParser.Parse(output); byte[] username = subData.GetType(Constants.Identifier); byte[] ltpk = subData.GetType(Constants.PublicKey); byte[] proof = subData.GetType(Constants.Signature); var okm = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Info"), 32); var completeData = okm.Concat(username).Concat(ltpk).ToArray(); if (!SignatureAlgorithm.Ed25519.Verify( PublicKey.Import(SignatureAlgorithm.Ed25519, ltpk, KeyBlobFormat.RawPublicKey), completeData, proof)) { var errorTlv = new Tlv(); errorTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = errorTlv, Ok = false }); } var accessory = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Info"), 32); var seed = new byte[32]; RandomNumberGenerator.Create().GetBytes(seed); Chaos.NaCl.Ed25519.KeyPairFromSeed(out var accessoryLtpk, out var accessoryLtsk, seed); var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId); var material = accessory.Concat(serverUsername).Concat(accessoryLtpk).ToArray(); var signature = Chaos.NaCl.Ed25519.Sign(material, accessoryLtsk); var encoder = new Tlv(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.PublicKey, accessoryLtpk); encoder.AddType(Constants.Signature, signature); var plaintext = TlvParser.Serialise(encoder); var nonce6 = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg06")); var encryptedOutput = AeadAlgorithm.ChaCha20Poly1305.Encrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce6, new byte[0], plaintext); responseTlv.AddType(Constants.EncryptedData, encryptedOutput); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = true, Ltsk = ByteArrayToString(accessoryLtsk), Ltpk = ByteArrayToString(ltpk) }); } catch (Exception e) { _logger.LogError(e, "Could not exchange request"); throw; } } return(null); }
public byte[] GenerateSalt(int length) { return(SrpInteger.FromHex("deff10eeac3d2c5cf370a2dae3310a4f").ToByteArray()); }
public static string ToB64(string hex) => Convert.ToBase64String(SrpInteger.FromHex(hex).ToByteArray());
internal PairSetupReturn HandlePairSetupM5(Tlv parts, ConnectionSession session) { _logger.LogDebug("Pair Setup Step 5/5"); _logger.LogDebug("Exchange Response"); try { var iOsEncryptedData = parts.GetType(Constants.EncryptedData).AsSpan(); // A var zeros = new byte[] { 0, 0, 0, 0 }; var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg05")); var hdkf = new HkdfSha512(); var hkdfEncKey = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(session.ServerSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Info"), 32); var decrypt = AeadAlgorithm.ChaCha20Poly1305.Decrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], iOsEncryptedData, out var output); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 6); if (!decrypt) { responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = false }); } var subData = TlvParser.Parse(output); byte[] username = subData.GetType(Constants.Identifier); byte[] ltpk = subData.GetType(Constants.PublicKey); byte[] proof = subData.GetType(Constants.Signature); var okm = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(session.ServerSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Info"), 32); var completeData = okm.Concat(username).Concat(ltpk).ToArray(); if (!SignatureAlgorithm.Ed25519.Verify( PublicKey.Import(SignatureAlgorithm.Ed25519, ltpk, KeyBlobFormat.RawPublicKey), completeData, proof)) { var errorTlv = new Tlv(); errorTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = errorTlv, Ok = false }); } var m5Response = HandlePairSetupM5Raw(session, out var keyPair); var plaintext = TlvParser.Serialize(m5Response); _logger.LogDebug($"Decrypted payload {Automatica.Core.Driver.Utility.Utils.ByteArrayToString(plaintext.AsSpan())}"); var nonce6 = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg06")); var encryptedOutput = AeadAlgorithm.ChaCha20Poly1305.Encrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce6, new byte[0], plaintext); responseTlv.AddType(Constants.EncryptedData, encryptedOutput); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = true, Ltsk = ByteArrayToString(keyPair.PrivateKey), Ltpk = ByteArrayToString(ltpk) }); } catch (Exception e) { _logger.LogError(e, $"{e}, Could not exchange request"); throw; } }