public bool deriveKeyAndNonce(byte[] key, byte[] auth,
out byte[] bits, out byte[] nonce,
byte[] pub, byte[] senderPub, byte[] salt)
{
var authKdf = new Hkdf();
var authInfo = new List <byte>();
authInfo.AddRange(System.Text.Encoding.UTF8.GetBytes("WebPush: info\0"));
//authInfo.AddRange(System.Text.Encoding.UTF8.GetBytes(pub));
//authInfo.AddRange(System.Text.Encoding.UTF8.GetBytes(senderPub));
authInfo.AddRange(pub);
authInfo.AddRange(senderPub);
var prk = authKdf.DeriveKey(auth, key, authInfo.ToArray(), 32);
var prkKdf = new Hkdf();
var keyInfo = new List <byte>();
keyInfo.AddRange(System.Text.Encoding.UTF8.GetBytes("Content-Encoding: aes128gcm\0"));
var keyInfoPrk = prkKdf.DeriveKey(salt, prk, keyInfo.ToArray(), 16);
var Kdf = new Hkdf();
var nonceInfo = new List <byte>();
nonceInfo.AddRange(System.Text.Encoding.UTF8.GetBytes("Content-Encoding: nonce\0"));
var nonceInfoPrk = prkKdf.DeriveKey(salt, prk, nonceInfo.ToArray(), 12);
bits = keyInfoPrk;
nonce = nonceInfoPrk;
return(true);
}
public void Default()
{
Span <byte> output = stackalloc byte[82];
for (var i = 0; i < Max; ++i)
{
Hkdf.DeriveKey(DigestType.Sha256, _ikm, output, _salt, _info);
}
}
public static byte[] getPasswordAuthenticationKey(String userId,
String userPassword,
String poolName,
Tuple <BigInteger, BigInteger> Aa,
BigInteger B,
BigInteger salt)
{
// Authenticate the password
// u = H(A, B)
HashAlgorithm messageDigest = THREAD_MESSAGE_DIGEST;
byte[] aArr = Aa.Item1.ToByteArray();
byte[] bArr = B.ToByteArray();
byte[] content = new byte[aArr.Length + bArr.Length];
Buffer.BlockCopy(aArr, 0, content, 0, aArr.Length);
Buffer.BlockCopy(bArr, 0, content, aArr.Length, bArr.Length);
byte[] digest = messageDigest.ComputeHash(content);
BigInteger u = new BigInteger(1, digest);
if (u.Equals(BigInteger.Zero))
{
throw new Exception("Hash of A and B cannot be zero");
}
// x = H(salt | H(poolName | userId | ":" | password))
byte[] poolArr = Encoding.UTF8.GetBytes(poolName);
byte[] idArr = Encoding.UTF8.GetBytes(userId);
byte[] colonArr = Encoding.UTF8.GetBytes(":");
byte[] passArr = Encoding.UTF8.GetBytes(userPassword);
byte[] userIdContent = new byte[poolArr.Length + idArr.Length + colonArr.Length + passArr.Length];
Buffer.BlockCopy(poolArr, 0, userIdContent, 0, poolArr.Length);
Buffer.BlockCopy(idArr, 0, userIdContent, poolArr.Length, idArr.Length);
Buffer.BlockCopy(colonArr, 0, userIdContent, poolArr.Length + idArr.Length, colonArr.Length);
Buffer.BlockCopy(passArr, 0, userIdContent, poolArr.Length + idArr.Length + colonArr.Length, passArr.Length);
byte[] userIdHash = messageDigest.ComputeHash(userIdContent);
byte[] saltArr = salt.ToByteArray();
byte[] xArr = new byte[saltArr.Length + userIdHash.Length];
Buffer.BlockCopy(saltArr, 0, xArr, 0, saltArr.Length);
Buffer.BlockCopy(userIdHash, 0, xArr, saltArr.Length, userIdHash.Length);
byte[] xDigest = messageDigest.ComputeHash(xArr);
BigInteger x = new BigInteger(1, xDigest);
BigInteger S = (B.Subtract(k.Multiply(g.ModPow(x, N))).ModPow(Aa.Item2.Add(u.Multiply(x)), N)).Mod(N);
Hkdf hkdf = new Hkdf();
byte[] key = hkdf.DeriveKey(u.ToByteArray(), S.ToByteArray(), Encoding.UTF8.GetBytes(DERIVED_KEY_INFO), DERIVED_KEY_SIZE);
return(key);
}
private IAEADCrypto CreateSessionCrypto()
{
Span <byte> sessionKey = SessionKeySpan;
Hkdf.DeriveKey(
DigestType.Sha1,
MasterKeySpan,
sessionKey,
SaltSpan,
ShadowsocksCrypto.InfoBytes
);
return(CreateCrypto(sessionKey));
}
public void HkdfShouldProduceCorrectResults(ModeValues mode, DigestSizes digest, string ikm, string salt, string info, int length, string okm)
{
var hmac = new HmacFactory(new NativeShaFactory()).GetHmacInstance(new HashFunction(mode, digest));
var hkdf = new Hkdf(hmac);
var ikmBs = new BitString(ikm);
var saltBs = new BitString(salt);
var infoBs = new BitString(info);
var okmBs = new BitString(okm);
var result = hkdf.DeriveKey(saltBs, ikmBs, infoBs, length);
Assert.IsTrue(result.Success);
Assert.AreEqual(okmBs, result.DerivedKey);
}
private static void TestCase3()
{
byte[] inputKeyingMaterial = Utilities.HexToBinary("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var salt = Array.Empty <byte>();
var info = Array.Empty <byte>();
int outputLength = 42;
string expectedPrk = "19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04";
string expectedOkm = "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8";
string actualPrk = Utilities.BinaryToHex(Hkdf.Extract(HashAlgorithmName.SHA256, inputKeyingMaterial, salt));
string actualOkm = Utilities.BinaryToHex(Hkdf.DeriveKey(HashAlgorithmName.SHA256, inputKeyingMaterial, outputLength, info, salt));
Console.WriteLine($"Test 3.1: {(expectedPrk == actualPrk ? Success : Fail)}");
Console.WriteLine($"Test 3.2: {(expectedOkm == actualOkm ? Success : Fail)}");
}
private static void TestCase2()
{
byte[] inputKeyingMaterial = Utilities.HexToBinary("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f");
byte[] salt = Utilities.HexToBinary("606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
byte[] info = Utilities.HexToBinary("b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
int outputLength = 82;
string expectedPrk = "06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244";
string expectedOkm = "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87";
string actualPrk = Utilities.BinaryToHex(Hkdf.Extract(HashAlgorithmName.SHA256, inputKeyingMaterial, salt));
string actualOkm = Utilities.BinaryToHex(Hkdf.DeriveKey(HashAlgorithmName.SHA256, inputKeyingMaterial, outputLength, info, salt));
Console.WriteLine($"Test 2.1: {(expectedPrk == actualPrk ? Success : Fail)}");
Console.WriteLine($"Test 2.2: {(expectedOkm == actualOkm ? Success : Fail)}");
}
private static void TestCase1()
{
byte[] inputKeyingMaterial = Utilities.HexToBinary("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Utilities.HexToBinary("000102030405060708090a0b0c");
byte[] info = Utilities.HexToBinary("f0f1f2f3f4f5f6f7f8f9");
int outputLength = 42;
string expectedPrk = "077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5";
string expectedOkm = "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865";
string actualPrk = Utilities.BinaryToHex(Hkdf.Extract(HashAlgorithmName.SHA256, inputKeyingMaterial, salt));
string actualOkm = Utilities.BinaryToHex(Hkdf.DeriveKey(HashAlgorithmName.SHA256, inputKeyingMaterial, outputLength, info, salt));
Console.WriteLine($"Test 1.1: {(expectedPrk == actualPrk ? Success : Fail)}");
Console.WriteLine($"Test 1.2: {(expectedOkm == actualOkm ? Success : Fail)}");
}
// Decrypt a byte array into a byte array using a key and an IV
private byte[] Decrypt(byte[] cipherData, byte[] Key, byte[] IV)
{
Hkdf hkdf = new Hkdf();
byte[] output = hkdf.DeriveKey(salt, this.key, info, 48);
Array.Copy(output, 0, this.key, 0, 32);
Array.Copy(output, 32, InitV, 0, 16);
MemoryStream ms = new MemoryStream();
Rijndael alg = Rijndael.Create();
alg.Key = Key;
alg.IV = InitV;
alg.Padding = PaddingMode.None;
CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write);
cs.Write(cipherData, 0, cipherData.Length);
cs.Close();
byte[] decryptedData = ms.ToArray();
return(decryptedData);
}
// Encrypt a byte array into a byte array using a key and an IV
private byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
{
Hkdf hkdf = new Hkdf();
byte[] output = hkdf.DeriveKey(salt, this.key, info, 48);
Array.Copy(output, 0, this.key, 0, 32);
Array.Copy(output, 32, InitV, 0, 16);
// Create a MemoryStream that is going to accept the encrypted bytes
MemoryStream ms = new MemoryStream();
Rijndael alg = Rijndael.Create();
alg.Key = Key;
alg.IV = InitV;
alg.Padding = PaddingMode.None;
CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(clearData, 0, clearData.Length);
cs.Close();
byte[] encryptedData = ms.ToArray();
return(encryptedData);
}