Esempio n. 1
1
        public static bool IsSignatureVerified(AKEKeys ake_keys, DHKeyPair key_pair, byte[] their_public_key_mpi_byte_array, byte[] encrypted_signature_byte_array,
            byte[] hashed_encrypted_signature_byte_array, bool is_top_half_keys, ref UInt32 public_key_id, ref byte[] dsa_public_key_byte_array_encoded)
        {
            if (encrypted_signature_byte_array == null || encrypted_signature_byte_array.Length < 1)
                throw new ArgumentException("IsSignatureVerified: Encrypted signature byte array cannot be null/empty");

            if (hashed_encrypted_signature_byte_array == null || hashed_encrypted_signature_byte_array.Length < 1)
             throw new ArgumentException("IsSignatureVerified: The hashed encrypted byte array cannot be null/empty");

            if (ake_keys == null)
             throw new ArgumentException("IsSignatureVerified: The AKE keys cannot be null");

            bool _is_hash_verified = false;

            if (is_top_half_keys == true)
                _is_hash_verified = IsHashSignatureVerified(ake_keys.GetMACKey2(), encrypted_signature_byte_array, hashed_encrypted_signature_byte_array);
            else
                _is_hash_verified = IsHashSignatureVerified(ake_keys.GetMACKey4(), encrypted_signature_byte_array, hashed_encrypted_signature_byte_array);

            if (_is_hash_verified == false)
             return false;

             if (IsEncryptedSignatureVerified(ake_keys, key_pair, their_public_key_mpi_byte_array,
                 encrypted_signature_byte_array, 0, is_top_half_keys, ref public_key_id, ref dsa_public_key_byte_array_encoded) == false)
              return false;

               return true;
        }
Esempio n. 2
0
        public AKEKeys ComputeKeys(DHKeyPair my_key_pair, BigInteger public_key)
        {
            if (Utility.IsValidPublicKey(public_key) == false)
            throw new ArgumentException("AKEKeysManager:Public key is invalid");

            if (my_key_pair == null)
                throw new ArgumentException("AKEKeysManager:  My Key Pair cannot be null");

            if (my_key_pair.GetPrivateKey() < 1)
                throw new ArgumentException("AKEKeysManager: Private key in my_key_pair value cannot be less than 0");

            if (public_key < 1)
                throw new ArgumentException("AKEKeysManager: Public key value cannot be less than 0");

               _ake_keys = new AKEKeys();

               _secret = Utility.ComputeSecret(my_key_pair, public_key, OTRConstants.RFC_3526_GENERATOR, OTRConstants.RFC_3526_PRIME_MODULO());

               Utility.SetSecByteMpi(_secret, ref  _sec_data_byte_array_mpi);

               _ake_keys.SetSecData(_sec_data_byte_array_mpi);

               ComputeSessionIDByte();
               ComputeEncryptionKeysBytes();
               ComputeMACKeysBytes();

               return _ake_keys;
        }
Esempio n. 3
0
        public void ComputeSignature(AKEKeys ake_keys, byte[] my_public_key_mpi_byte_array, byte[] key_id_byte_array, byte[] their_public_key_mpi_byte_array, UInt64 aes_counter, bool is_top_half_keys)
        {
            byte[] hashed_m_byte_array_data = ComputeM(ake_keys, my_public_key_mpi_byte_array, their_public_key_mpi_byte_array, _dsa_public_key_bytes_encoded, key_id_byte_array, is_top_half_keys);

            byte[] _x_byte_array_data = ComputeX(_dsa_signer, _dsa_public_key_bytes_encoded, key_id_byte_array, hashed_m_byte_array_data);

            ComputeSignatureValues(ake_keys, _x_byte_array_data,aes_counter,is_top_half_keys);
        }
Esempio n. 4
0
        private void ComputeSignatureValues(AKEKeys ake_keys, byte[] x_byte_array_data, UInt64 aes_counter, bool is_top_half_keys)
        {
            if (ake_keys == null)
             throw new ArgumentException("ComputeSignatureValues: AKE keys object should not be null");

            if (is_top_half_keys == true && (ake_keys.GetAESKey1() == null || ake_keys.GetAESKey1().Length < 1))
                throw new ArgumentException("ComputeSignatureValues: The AKE AES key 1 should not be null/empty");

            if (is_top_half_keys == false && (ake_keys.GetAESKey2() == null || ake_keys.GetAESKey2().Length < 1))
                throw new ArgumentException("ComputeSignatureValues: The AKE AES key 2 should not be null/empty");

            if (x_byte_array_data == null || x_byte_array_data.Length < 1)
                throw new ArgumentException("ComputeSignatureValues: The x_byte_array_data cannot be null/empty");

            if (aes_counter < 0)
             throw new ArgumentException("ComputeSignatureValues: The aes counter value cannot be less than zero");

            byte[] _encrypted_signature_byte_array = null;

             if (is_top_half_keys == true)
            _encrypted_signature_byte_array = Utility.AESGetEncrypt(ake_keys.GetAESKey1(), x_byte_array_data, aes_counter);
             else
             _encrypted_signature_byte_array = Utility.AESGetEncrypt(ake_keys.GetAESKey2(), x_byte_array_data, aes_counter);

            try
            {

                Utility.EncodeOTRDataBE(_encrypted_signature_byte_array, ref _encoded_encrypted_signature_byte_array);
            }
            catch (Exception ex)
            {

                throw new InvalidDataException("ComputeSignatureValues:" + ex.ToString());

            }

            if (is_top_half_keys == true && (ake_keys.GetMACKey2() == null || ake_keys.GetMACKey2().Length < 1))
             throw new InvalidDataException("ComputeSignatureValues: The AKE MAC key 2 should not be null/empty");

            if (is_top_half_keys == false && (ake_keys.GetMACKey4() == null || ake_keys.GetMACKey4().Length < 1))
                throw new InvalidDataException("ComputeSignatureValues: The AKE MAC key 4 should not be null/empty");

            if (is_top_half_keys == true)
            _hashed_encoded_encrypted_byte_array = Utility.SHA256GetKeyedHash(ake_keys.GetMACKey2(), _encoded_encrypted_signature_byte_array);
            else
            _hashed_encoded_encrypted_byte_array = Utility.SHA256GetKeyedHash(ake_keys.GetMACKey4(), _encoded_encrypted_signature_byte_array);

            _truncated_hash_signature = new byte[OTRConstants.MAC_SIGNATURE_LENGTH_BITS / 8];

            Buffer.BlockCopy(_hashed_encoded_encrypted_byte_array, 0, _truncated_hash_signature, 0, _truncated_hash_signature.Length);
        }
Esempio n. 5
0
        private static bool IsEncryptedSignatureVerified(AKEKeys ake_keys, DHKeyPair key_pair, byte[] their_public_key_mpi_byte_array,
            byte[] encryted_byte_array, UInt64 counter, bool is_top_half_keys,ref UInt32 public_key_id, ref byte[] dsa_public_key_byte_array_encoded)
        {
            int _next_start_index = -1;
            bool _is_verified = false;
            byte[] _decrypted_x_data_array = null;
            byte[] _hashed_m_data_signature = null;
            byte[] _dh_kid_bytes = null;
            byte[] _temp_byte_array = null;
            byte[] _dsa_public_key_type = null;

            byte[] _dsa_public_key_param_p_mpi = null;
            byte[] _dsa_public_key_param_q_mpi = null;
            byte[] _dsa_public_key_param_g_mpi = null;
            byte[] _dsa_public_key_param_y_mpi = null;

            try
            {

                /*get encrypted signature bytes*/

                _next_start_index = 0;
                _temp_byte_array = null;
                _next_start_index = Utility.DecodeDataFromBytesBE(encryted_byte_array, _next_start_index, ref _temp_byte_array);

                if (_temp_byte_array == null || _temp_byte_array.Length < 1)
                    throw new InvalidDataException("IsEncryptedSignatureVerified: The decoded Encrypted OTR Data type byte array cannot be null/empty");

                if (is_top_half_keys == true)
                _decrypted_x_data_array = Utility.AESGetDecrypt(ake_keys.GetAESKey1(), _temp_byte_array, counter);
                else
                _decrypted_x_data_array = Utility.AESGetDecrypt(ake_keys.GetAESKey2(), _temp_byte_array, counter);

                if (_decrypted_x_data_array == null || _decrypted_x_data_array.Length < 1)
                    throw new InvalidDataException("IsEncryptedSignatureVerified: The decrypted byte array cannot be null/empty");

                /*get public key parameter bytes*/

                _next_start_index = 0;
                _temp_byte_array = null;

                //get public key type
                int _pub_key_start_index = _next_start_index;
                _next_start_index = Utility.DecodeShortFromBytes(_decrypted_x_data_array, _next_start_index, ref  _dsa_public_key_type);

                if (_dsa_public_key_type == null || _dsa_public_key_type.Length < 1)
                    throw new InvalidDataException("IsEncryptedSignatureVerified: The decoded DSA public key type byte array cannot be null/empty");

                if (BitConverter.ToUInt16(_dsa_public_key_type,0) != OTRConstants.DSA_PUB_KEY_TYPE)
                throw new InvalidDataException("IsEncryptedSignatureVerified: The DSA public key type is invalid");

                //get MPI encoded DSA public key parameters
                _next_start_index = Utility.DecoupleMpiFromBytes(_decrypted_x_data_array, _next_start_index, ref _dsa_public_key_param_p_mpi);
                _next_start_index = Utility.DecoupleMpiFromBytes(_decrypted_x_data_array, _next_start_index, ref _dsa_public_key_param_q_mpi);
                _next_start_index = Utility.DecoupleMpiFromBytes(_decrypted_x_data_array, _next_start_index, ref _dsa_public_key_param_g_mpi);
                _next_start_index = Utility.DecoupleMpiFromBytes(_decrypted_x_data_array, _next_start_index, ref _dsa_public_key_param_y_mpi);

                int _pub_key_end_index = _next_start_index;

                //get the whole encoded DSA key

                dsa_public_key_byte_array_encoded = new byte[_pub_key_end_index - _pub_key_start_index];
                Buffer.BlockCopy(_decrypted_x_data_array, _pub_key_start_index, dsa_public_key_byte_array_encoded, 0, dsa_public_key_byte_array_encoded.Length);

                DsaPublicKeyParameters _dsa_public_key_params = GetDSAPublicKeyParams(_dsa_public_key_param_p_mpi, _dsa_public_key_param_q_mpi, _dsa_public_key_param_g_mpi, _dsa_public_key_param_y_mpi);

                /*Get DH Key ID bytes*/

                _next_start_index = Utility.DecodeIntFromBytes(_decrypted_x_data_array, _next_start_index, ref _dh_kid_bytes);

                if (_dh_kid_bytes == null || _dh_kid_bytes.Length < 1)
                throw new InvalidDataException("IsEncryptedSignatureVerified: The decoded Key ID OTR Int type byte array cannot be null/empty");

                public_key_id = BitConverter.ToUInt32(_dh_kid_bytes, 0);

                /*Get Signed M_b*/

                _hashed_m_data_signature = new byte[_decrypted_x_data_array.Length - _next_start_index];
                Buffer.BlockCopy(_decrypted_x_data_array, _next_start_index, _hashed_m_data_signature, 0, _hashed_m_data_signature.Length);

                if (_hashed_m_data_signature == null || _hashed_m_data_signature.Length < 1)
                throw new InvalidDataException("IsEncryptedSignatureVerified: The extracted Signed byte array, M_b, cannot be null/empty");

                /*Decode r and s  */

                _next_start_index = 0;

                byte[] _decoded_signature_r_byte_array = null;
                byte[] _decoded_signature_s_byte_array = null;

                _next_start_index = Utility.DecodeMacFromBytesBE(_hashed_m_data_signature, _next_start_index, ref _decoded_signature_r_byte_array);
                _next_start_index = Utility.DecodeMacFromBytesBE(_hashed_m_data_signature, _next_start_index, ref _decoded_signature_s_byte_array);

                if (_decoded_signature_r_byte_array == null || _decoded_signature_r_byte_array.Length < 1)
                    throw new InvalidDataException("IsEncryptedSignatureVerified: The decoded DSA signature parameter 'r' byte array cannot be null/empty");

                if (_decoded_signature_s_byte_array == null || _decoded_signature_s_byte_array.Length < 1)
                  throw new InvalidDataException("IsEncryptedSignatureVerified: The decoded DSA signature parameter 's' byte array cannot be null/empty");

                /*Verify Signature*/

                byte[] _hashed_m_data_byte_array = ComputeM(ake_keys, their_public_key_mpi_byte_array, key_pair.GetPublicKeyMpiBytes(), dsa_public_key_byte_array_encoded, _dh_kid_bytes, is_top_half_keys);

                _is_verified = DSASigner.VerifySignature(_dsa_public_key_params, _hashed_m_data_byte_array, _decoded_signature_r_byte_array, _decoded_signature_s_byte_array);

            }
            catch (Exception ex)
            {
                _is_verified = false;
                throw new InvalidDataException("IsEncryptedVerified:" + ex.ToString());

            }

            return _is_verified;
        }
Esempio n. 6
0
        private static byte[] ComputeM(AKEKeys ake_keys, byte[] my_public_key_mpi_byte_array, byte[] their_public_key_mpi_byte_array, byte[] dsa_public_key_bytes_encoded, byte[] key_id_byte_array, bool is_top_half_keys)
        {
            if (my_public_key_mpi_byte_array == null || my_public_key_mpi_byte_array.Length < 1)
                throw new ArgumentException("ComputeM: My public key mpi byte array cannot be null/empty");

            if (their_public_key_mpi_byte_array == null || their_public_key_mpi_byte_array.Length < 1)
                throw new ArgumentException("ComputeM: Their public key mpi byte array cannot be null/empty");

            if (key_id_byte_array == null || key_id_byte_array.Length < 1)
                throw new ArgumentException("ComputeM: The id byte array cannot be null/empty");

            if (dsa_public_key_bytes_encoded == null || dsa_public_key_bytes_encoded.Length < 1)
                throw new ArgumentException("ComputeM: The encoded DSA public key byte array cannot be null/empty");

            if (ake_keys == null)
              throw new ArgumentException("ComputeM: AKE keys object cannot be null");

            byte[] _encoded_key_id_byte_array = null;

            try
            {
                Utility.EncodeOTRInt(key_id_byte_array, ref _encoded_key_id_byte_array);
            }
            catch (Exception ex)
            {
                throw new InvalidDataException("ComputeM:" + ex.ToString());

            }

            int _m_data_array_length = _encoded_key_id_byte_array.Length + my_public_key_mpi_byte_array.Length +
                 their_public_key_mpi_byte_array.Length +
                 dsa_public_key_bytes_encoded.Length;

            byte [] _m_data_array = new byte[_m_data_array_length];

            Buffer.BlockCopy(my_public_key_mpi_byte_array, 0, _m_data_array, 0, my_public_key_mpi_byte_array.Length);
            Buffer.BlockCopy(their_public_key_mpi_byte_array, 0, _m_data_array, my_public_key_mpi_byte_array.Length, their_public_key_mpi_byte_array.Length);

            Buffer.BlockCopy(dsa_public_key_bytes_encoded, 0, _m_data_array, my_public_key_mpi_byte_array.Length + their_public_key_mpi_byte_array.Length, dsa_public_key_bytes_encoded.Length);
            Buffer.BlockCopy(_encoded_key_id_byte_array, 0, _m_data_array, my_public_key_mpi_byte_array.Length + their_public_key_mpi_byte_array.Length + dsa_public_key_bytes_encoded.Length, _encoded_key_id_byte_array.Length);

            if (is_top_half_keys == true && (ake_keys.GetMACKey1() == null || ake_keys.GetMACKey1().Length < 1))
             throw new ArgumentException("ComputeM: The AKE MAC key 1 cannot be null/empty");

            if (is_top_half_keys == false && (ake_keys.GetMACKey3() == null || ake_keys.GetMACKey3().Length < 1))
             throw new ArgumentException("ComputeM: The AKE MAC key 3 cannot be null/empty");

            if (is_top_half_keys == true)
            return Utility.SHA256GetKeyedHash(ake_keys.GetMACKey1(),_m_data_array);
            else
             return Utility.SHA256GetKeyedHash(ake_keys.GetMACKey3(), _m_data_array);
        }
Esempio n. 7
0
        private void CloseOTRSession(string session_closed_message)
        {
            DebugPrint("Ending OTR session");

            _otr_event_args = new OTREventArgs();
            _otr_event_args.SetMessage(session_closed_message);
            _otr_event_args.SetOTREvent(OTR_EVENT.CLOSED);
            DoOTREvent(_otr_event_args);

            _message_state = OTR_MESSAGE_STATE.MSG_STATE_PLAINTEXT;
            _message_manager = null;
            _ake_keys_manager = null;
            _dsa_signer = null;
            _signature_manager = null;
            _smp_manager = null;
            _ake_keys = null;
            _my_unique_id = string.Empty;
            _my_buddy_unique_id = string.Empty;
            _otr_fragment_object = null;
            EndSMPSession();
        }
Esempio n. 8
0
        private void ProcessRevealSigMessage(OTRMessage otr_message)
        {
            DebugPrint("Received Reveal Signature Message");

            _otr_event_args = new OTREventArgs();

            if (_authentication_state != OTR_AUTH_STATE.AUTH_STATE_AWAITING_REVEAL_SIG)
            {
                OTRError("ProcessRevealSigMessage: OTR Engine is not in the AUTH_STATE_AWAITING_REVEAL_SIG state",
                  "ProcessRevealSigMessage: OTR Engine is not in the AUTH_STATE_AWAITING_REVEAL_SIG state",
             null);

                return;

            }

            if (otr_message.GetRevealedKey() == null || otr_message.GetRevealedKey().Length < 1)
            {
                OTRError("ProcessRevealSigMessage: The AES revealed key byte array cannot be null/empty", null,
                    "OTR Failed. Unexpected error");
                 return;
            }

            if (otr_message.GetEncodedEncryptedSignature() == null || otr_message.GetEncodedEncryptedSignature().Length < 1)
            {
                OTRError("ProcessRevealSigMessage: The encoded encrypted signature byte array cannot be null/empty", null,
                    "OTR Failed. Unexpected error");
                return;
            }

            if (otr_message.GetMacDSignature() == null || otr_message.GetMacDSignature().Length < 1)
            {
                OTRError("ProcessRevealSigMessage: The MAC'd signature byte array cannot be null/empty", null,
                    "OTR Failed. Unexpected error");
                return;
            }

            _otr_event_args.SetOTREvent(OTR_EVENT.ERROR);

            if (_dh_commit_message == null || _dh_commit_message.GetEncryptedGxMpi() == null || _dh_commit_message.GetEncryptedGxMpi().Length < 1)
            {
                OTRError("ProcessRevealSigMessage: The MPI encoded encrypted public key (g^x mpi) should not be null/empty",
                  "ProcessRevealSigMessage: The MPI encoded encrypted public key (g^x mpi) should not be null/empty",
             "OTR Failed. Unexpected error");

                return;

            }

            if (_otr_session_object.IsSetMyBuddyFirstPublicKey(otr_message.GetRevealedKey(), _dh_commit_message.GetEncryptedGxMpi(),
                _dh_commit_message.GetHashedGxMpi()) == false)
            {

                OTRError("ProcessRevealSigMessage: The MPI encoded decrypted public key (g^x mpi) should not be null/empty",
                "ProcessRevealSigMessage: The MPI encoded decrypted public key (g^x mpi) should not be null/empty",
                "OTR Failed. Unexpected error");
                return;

            }

            _ake_keys = _ake_keys_manager.ComputeKeys(_otr_session_object.GetMyRecentDHKeyPair(), _otr_session_object.GetBuddyRecentPublicKey());

            byte[] dsa_public_key_byte_array_encoded = null;

            bool _is_sig_verified = SignatureManager.IsSignatureVerified(_ake_keys, _otr_session_object.GetMyRecentDHKeyPair(), _otr_session_object.GetBuddyRecentPublicKeyMpi(),
                otr_message.GetEncodedEncryptedSignature(), otr_message.GetMacDSignature(), true, ref _temp_int_32_val, ref dsa_public_key_byte_array_encoded);

            if (_otr_session_object.IsComputeBuddyFingerPrint(dsa_public_key_byte_array_encoded) == false)
            {

                OTRError("ProcessRevealSigMessage:" + _my_buddy_unique_id + "'s DSA public key fingerprint computation failed",
                 "ProcessRevealSigMessage:" + _my_buddy_unique_id + "'s DSA public key fingerprint computation failed",
                 null);
                _authentication_state = OTR_AUTH_STATE.AUTH_STATE_NONE;
                return;
            }

            if (_is_sig_verified != true)
            {

                OTRError("ProcessRevealSigMessage:" + _my_buddy_unique_id + "'s signature verification failed",
                   "ProcessRevealSigMessage:" + _my_buddy_unique_id + "'s signature verification failed",
                  "OTR Failed. Unexpected error");

                _authentication_state = OTR_AUTH_STATE.AUTH_STATE_NONE;

                return;
            }

            _signature_manager.ComputeSignature(_ake_keys, _otr_session_object.GetMyRecentDHKeyPair().GetPublicKeyMpiBytes(), _otr_session_object.GetMyRecentDHKeyPair().GetKeyIDBytes(),
               _otr_session_object.GetBuddyRecentPublicKeyMpi(), _otr_session_object.GetCounter(), false);

            //Send signature message
            byte[] _dh_signature_byte_array = _message_manager.FormatSignature(_signature_manager.GetSignatureDataBytes());

            DebugPrint("Sending Signature Message");
            SendOTRMessage(_dh_signature_byte_array);

            /* Inform client of OTR readiness  */
            _otr_session_object.SetFirstBuddyPublicKeyID(_temp_int_32_val);
            _authentication_state = OTR_AUTH_STATE.AUTH_STATE_NONE;
            _message_state = OTR_MESSAGE_STATE.MSG_STATE_ENCRYPTED;
            _otr_event_args.SetOTREvent(OTR_EVENT.READY);
            _otr_event_args.SetMessage(_my_buddy_unique_id + "'s signature verification successful");

            DoOTREvent(_otr_event_args);
        }
Esempio n. 9
0
        private void ProcessDHKeyMessage(OTRMessage otr_message)
        {
            DebugPrint("Received DH Key Message");

            _otr_event_args = new OTREventArgs();

            if (_authentication_state != OTR_AUTH_STATE.AUTH_STATE_AWAITING_DH_KEY)
            {

                OTRError("ProcessDHKeyMessage: OTR Engine is not in the AUTH_STATE_AWAITING_DH_KEY state", "ProcessDHKeyMessage: OTR Engine is not in the AUTH_STATE_AWAITING_DH_KEY state",
                null);

                return;

            }

            if (otr_message.GetGxMpi() == null || otr_message.GetGxMpi().Length < 1)
            {
                OTRError("ProcessDHKeyMessage: The received MPI encoded public key byte array cannot be null/empty", null,
                    "OTR Failed. Unexpected error");
                return;
            }

            if (_otr_session_object.IsSetBuddyFirstPublicKey(otr_message.GetGxMpi()) == false)
            {

                OTRError("ProcessDHKeyMessage:" + _my_buddy_unique_id + "'s DH public key is invalid",
                    "ProcessDHKeyMessage:" + _my_buddy_unique_id + "'s DH public key is invalid",
               "OTR Failed. Unexpected error");

                return;
            }

               _ake_keys = _ake_keys_manager.ComputeKeys(_otr_session_object.GetMyRecentDHKeyPair(), _otr_session_object.GetBuddyRecentPublicKey());

            _signature_manager.ComputeSignature(_ake_keys, _otr_session_object.GetMyRecentDHKeyPair().GetPublicKeyMpiBytes(), _otr_session_object.GetMyRecentDHKeyPair().GetKeyIDBytes(),
                 otr_message.GetGxMpi(), _otr_session_object.GetCounter(), true);

            if (_aes_key == null || _aes_key.Length < 1)
            {
                OTRError("ProcessDHKeyMessage: The AES key byte array cannot be null/empty", null,
                    "OTR Failed. Unexpected error");
                return;
            }

            Utility.EncodeOTRDataBE(_aes_key, ref _temp_buffer);

            _temp_buffer_2 = new byte[_temp_buffer.Length + _signature_manager.GetSignatureDataLength()];

            Buffer.BlockCopy(_temp_buffer, 0, _temp_buffer_2, 0, _temp_buffer.Length);
            Buffer.BlockCopy(_signature_manager.GetSignatureDataBytes(), 0, _temp_buffer_2, _temp_buffer.Length, _signature_manager.GetSignatureDataLength());

            byte[] _dh_reveal_byte_array = _message_manager.FormatRevealSig(_temp_buffer_2);

            _authentication_state = OTR_AUTH_STATE.AUTH_STATE_AWAITING_SIG;

            DebugPrint("Sending Reveal Signature Message");
            SendOTRMessage(_dh_reveal_byte_array);
        }