コード例 #1
0
        private MessageKeys GetOrCreateMessageKeys(SessionState sessionState,
                                                   IEcPublicKey theirEphemeral,
                                                   ChainKey chainKey, uint counter)

        {
            if (chainKey.GetIndex() > counter)
            {
                if (sessionState.HasMessageKeys(theirEphemeral, counter))
                {
                    return(sessionState.RemoveMessageKeys(theirEphemeral, counter));
                }
                else
                {
                    throw new DuplicateMessageException($"Received message with old counter: {chainKey.GetIndex()}  , {counter}");
                }
            }

            //Avoiding a uint overflow
            uint chainKeyIndex = chainKey.GetIndex();

            if ((counter > chainKeyIndex) && (counter - chainKeyIndex > 2000))
            {
                throw new InvalidMessageException("Over 2000 messages into the future!");
            }

            while (chainKey.GetIndex() < counter)
            {
                MessageKeys messageKeys = chainKey.GetMessageKeys();
                sessionState.SetMessageKeys(theirEphemeral, messageKeys);
                chainKey = chainKey.GetNextChainKey();
            }

            sessionState.SetReceiverChainKey(theirEphemeral, chainKey.GetNextChainKey());
            return(chainKey.GetMessageKeys());
        }
コード例 #2
0
        public void TestChainKeyDerivationV3()
        {
            byte[] seed =
            {
                0x8a, 0xb7, 0x2d, 0x6f, 0x4c,
                0xc5, 0xac, 0x0d, 0x38, 0x7e,
                0xaf, 0x46, 0x33, 0x78, 0xdd,
                0xb2, 0x8e, 0xdd, 0x07, 0x38,
                0x5b, 0x1c, 0xb0, 0x12, 0x50,
                0xc7, 0x15, 0x98, 0x2e, 0x7a,
                0xd4, 0x8f
            };

            byte[] messageKey =
            {
                /* 0x02*/
                0xbf, 0x51, 0xe9, 0xd7,
                0x5e, 0x0e, 0x31, 0x03, 0x10,
                0x51, 0xf8, 0x2a, 0x24, 0x91,
                0xff, 0xc0, 0x84, 0xfa, 0x29,
                0x8b, 0x77, 0x93, 0xbd, 0x9d,
                0xb6, 0x20, 0x05, 0x6f, 0xeb,
                0xf4, 0x52, 0x17
            };

            byte[] macKey =
            {
                0xc6, 0xc7, 0x7d, 0x6a, 0x73,
                0xa3, 0x54, 0x33, 0x7a, 0x56,
                0x43, 0x5e, 0x34, 0x60, 0x7d,
                0xfe, 0x48, 0xe3, 0xac, 0xe1,
                0x4e, 0x77, 0x31, 0x4d, 0xc6,
                0xab, 0xc1, 0x72, 0xe7, 0xa7,
                0x03, 0x0b
            };

            byte[] nextChainKey =
            {
                0x28, 0xe8, 0xf8, 0xfe, 0xe5,
                0x4b, 0x80, 0x1e, 0xef, 0x7c,
                0x5c, 0xfb, 0x2f, 0x17, 0xf3,
                0x2c, 0x7b, 0x33, 0x44, 0x85,
                0xbb, 0xb7, 0x0f, 0xac, 0x6e,
                0xc1, 0x03, 0x42, 0xa2, 0x46,
                0xd1, 0x5d
            };

            ChainKey chainKey = new ChainKey(Hkdf.CreateFor(3), seed, 0);

            CollectionAssert.AreEqual(seed, chainKey.GetKey());
            CollectionAssert.AreEqual(messageKey, chainKey.GetMessageKeys().GetCipherKey());
            CollectionAssert.AreEqual(macKey, chainKey.GetMessageKeys().GetMacKey());
            CollectionAssert.AreEqual(nextChainKey, chainKey.GetNextChainKey().GetKey());
            Assert.AreEqual <uint>(0, chainKey.GetIndex());
            Assert.AreEqual <uint>(0, chainKey.GetMessageKeys().GetCounter());
            Assert.AreEqual <uint>(1, chainKey.GetNextChainKey().GetIndex());
            Assert.AreEqual <uint>(1, chainKey.GetNextChainKey().GetMessageKeys().GetCounter());
        }
コード例 #3
0
        public void TestChainKeyDerivationV2()
        {
            byte[] seed =
            {
                0x8a, 0xb7, 0x2d, 0x6f, 0x4c,
                0xc5, 0xac, 0x0d, 0x38, 0x7e,
                0xaf, 0x46, 0x33, 0x78, 0xdd,
                0xb2, 0x8e, 0xdd, 0x07, 0x38,
                0x5b, 0x1c, 0xb0, 0x12, 0x50,
                0xc7, 0x15, 0x98, 0x2e, 0x7a,
                0xd4, 0x8f
            };

            byte[] messageKey =
            {
                0x02, 0xa9, 0xaa, 0x6c, 0x7d,
                0xbd, 0x64, 0xf9, 0xd3, 0xaa,
                0x92, 0xf9, 0x2a, 0x27, 0x7b,
                0xf5, 0x46, 0x09, 0xda, 0xdf,
                0x0b, 0x00, 0x82, 0x8a, 0xcf,
                0xc6, 0x1e, 0x3c, 0x72, 0x4b,
                0x84, 0xa7
            };

            byte[] macKey =
            {
                0xbf, 0xbe, 0x5e, 0xfb, 0x60,
                0x30, 0x30, 0x52, 0x67, 0x42,
                0xe3, 0xee, 0x89, 0xc7, 0x02,
                0x4e, 0x88, 0x4e, 0x44, 0x0f,
                0x1f, 0xf3, 0x76, 0xbb, 0x23,
                0x17, 0xb2, 0xd6, 0x4d, 0xeb,
                0x7c, 0x83
            };

            byte[] nextChainKey =
            {
                0x28, 0xe8, 0xf8, 0xfe, 0xe5,
                0x4b, 0x80, 0x1e, 0xef, 0x7c,
                0x5c, 0xfb, 0x2f, 0x17, 0xf3,
                0x2c, 0x7b, 0x33, 0x44, 0x85,
                0xbb, 0xb7, 0x0f, 0xac, 0x6e,
                0xc1, 0x03, 0x42, 0xa2, 0x46,
                0xd1, 0x5d
            };

            ChainKey chainKey = new ChainKey(Hkdf.CreateFor(2), seed, 0);

            Assert.AreEqual(seed, chainKey.GetKey());
            CollectionAssert.AreEqual(messageKey, chainKey.GetMessageKeys().GetCipherKey());
            CollectionAssert.AreEqual(macKey, chainKey.GetMessageKeys().GetMacKey());
            CollectionAssert.AreEqual(nextChainKey, chainKey.GetNextChainKey().GetKey());
            Assert.AreEqual <uint>(0, chainKey.GetIndex());
            Assert.AreEqual <uint>(0, chainKey.GetMessageKeys().GetCounter());
            Assert.AreEqual <uint>(1, chainKey.GetNextChainKey().GetIndex());
            Assert.AreEqual <uint>(1, chainKey.GetNextChainKey().GetMessageKeys().GetCounter());
        }
コード例 #4
0
        /**
         * Encrypt a message.
         *
         * @param  paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
         * @return A ciphertext message encrypted to the recipient+device tuple.
         */
        public CiphertextMessage Encrypt(byte[] paddedMessage)
        {
            lock (SessionLock)
            {
                SessionRecord sessionRecord   = _sessionStore.LoadSession(_remoteAddress);
                SessionState  sessionState    = sessionRecord.GetSessionState();
                ChainKey      chainKey        = sessionState.GetSenderChainKey();
                MessageKeys   messageKeys     = chainKey.GetMessageKeys();
                IEcPublicKey  senderEphemeral = sessionState.GetSenderRatchetKey();
                uint          previousCounter = sessionState.GetPreviousCounter();
                uint          sessionVersion  = sessionState.GetSessionVersion();

                byte[]            ciphertextBody    = GetCiphertext(sessionVersion, messageKeys, paddedMessage);
                CiphertextMessage ciphertextMessage = new SignalMessage(sessionVersion, messageKeys.GetMacKey(),
                                                                        senderEphemeral, chainKey.GetIndex(),
                                                                        previousCounter, ciphertextBody,
                                                                        sessionState.GetLocalIdentityKey(),
                                                                        sessionState.GetRemoteIdentityKey());

                if (sessionState.HasUnacknowledgedPreKeyMessage())
                {
                    SessionState.UnacknowledgedPreKeyMessageItems items = sessionState.GetUnacknowledgedPreKeyMessageItems();
                    uint localRegistrationId = sessionState.GetLocalRegistrationId();

                    ciphertextMessage = new PreKeySignalMessage(sessionVersion, localRegistrationId, items.GetPreKeyId(),
                                                                items.GetSignedPreKeyId(), items.GetBaseKey(),
                                                                sessionState.GetLocalIdentityKey(),
                                                                (SignalMessage)ciphertextMessage);
                }

                sessionState.SetSenderChainKey(chainKey.GetNextChainKey());
                _sessionStore.StoreSession(_remoteAddress, sessionRecord);
                return(ciphertextMessage);
            }
        }