public void TestExpiredSignature()
{
ECKeyPair serverKey = Curve.generateKeyPair();
ECKeyPair key = Curve.generateKeyPair();
byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate()
{
Sender = "+14152222222",
SenderDevice = 1,
Expires = 31337,
IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()),
Signer = GetServerCertificate(serverKey)
}.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes);
SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray());
try
{
new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31338);
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
public UnidentifiedSenderMessageContent(byte[] serialized)
{
try
{
var message = libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.Parser.ParseFrom(serialized);
if (message.TypeOneofCase != libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.TypeOneofOneofCase.Type ||
message.SenderCertificateOneofCase != libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.SenderCertificateOneofOneofCase.SenderCertificate ||
message.ContentOneofCase != libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.ContentOneofOneofCase.Content)
{
throw new InvalidMetadataMessageException("Missing fields");
}
switch (message.Type)
{
case libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.Types.Type.Message: Type = (int)CiphertextMessage.WHISPER_TYPE; break;
case libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.Types.Type.PrekeyMessage: Type = (int)CiphertextMessage.PREKEY_TYPE; break;
default: throw new InvalidMetadataMessageException("Unknown type: " + message.Type);
}
SenderCertificate = new SenderCertificate(message.SenderCertificate.ToByteArray());
Content = message.Content.ToByteArray();
Serialized = serialized;
}
catch (InvalidProtocolBufferException e)
{
throw new InvalidMetadataMessageException(e);
}
}
public void TestEncryptFromWrongIdentity()
{
TestInMemorySignalProtocolStore aliceStore = new TestInMemorySignalProtocolStore();
TestInMemorySignalProtocolStore bobStore = new TestInMemorySignalProtocolStore();
InitializeSessions(aliceStore, bobStore);
ECKeyPair trustRoot = Curve.generateKeyPair();
ECKeyPair randomKeyPair = Curve.generateKeyPair();
SenderCertificate senderCertificate = CreateCertificateFor(trustRoot, "+14151111111", 1, randomKeyPair.getPublicKey(), 31337);
SealedSessionCipher aliceCipher = new SealedSessionCipher(aliceStore, new SignalProtocolAddress("+14151111111", 1));
byte[] ciphertext = aliceCipher.Encrypt(new SignalProtocolAddress("+14152222222", 1),
senderCertificate, Encoding.ASCII.GetBytes("smert za smert"));
SealedSessionCipher bobCipher = new SealedSessionCipher(bobStore, new SignalProtocolAddress("+14152222222", 1));
try
{
bobCipher.Decrypt(new CertificateValidator(trustRoot.getPublicKey()), ciphertext, 31335);
}
catch (InvalidMetadataMessageException)
{
// good
}
}
public UnidentifiedSenderMessageContent(int type, SenderCertificate senderCertificate, byte[] content)
{
Serialized = new libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message()
{
Type = (libsignalmetadata.protobuf.UnidentifiedSenderMessage.Types.Message.Types.Type)GetProtoType(type),
SenderCertificate = libsignalmetadata.protobuf.SenderCertificate.Parser.ParseFrom(senderCertificate.Serialized),
Content = ByteString.CopyFrom(content)
}.ToByteArray();
Type = type;
SenderCertificate = senderCertificate;
Content = content;
}
public void TestBadSignature()
{
ECKeyPair serverKey = Curve.generateKeyPair();
ECKeyPair key = Curve.generateKeyPair();
byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate()
{
Sender = "+14152222222",
SenderDevice = 1,
Expires = 31337,
IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()),
Signer = GetServerCertificate(serverKey)
}.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes);
for (int i = 0; i < certificateSignature.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badSignature = new byte[certificateSignature.Length];
Array.Copy(certificateSignature, 0, badSignature, 0, certificateSignature.Length);
badSignature[i] = (byte)(badSignature[i] ^ 1 << b);
SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(badSignature)
}.ToByteArray());
try
{
new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31336);
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
}
public byte[] Encrypt(SignalProtocolAddress destinationAddress, SenderCertificate senderCertificate, byte[] paddedPlaintext)
{
CiphertextMessage message = new SessionCipher(SignalProtocolStore, destinationAddress).encrypt(paddedPlaintext);
IdentityKeyPair ourIdentity = SignalProtocolStore.GetIdentityKeyPair();
ECPublicKey theirIdentity = SignalProtocolStore.GetIdentity(destinationAddress).getPublicKey();
ECKeyPair ephemeral = Curve.generateKeyPair();
byte[] ephemeralSalt = ByteUtil.combine(Encoding.ASCII.GetBytes("UnidentifiedDelivery"), theirIdentity.serialize(), ephemeral.getPublicKey().serialize());
EphemeralKeys ephemeralKeys = CalculateEphemeralKeys(theirIdentity, ephemeral.getPrivateKey(), ephemeralSalt);
byte[] staticKeyCiphertext = Encrypt(ephemeralKeys.CipherKey, ephemeralKeys.MacKey, ourIdentity.getPublicKey().getPublicKey().serialize());
byte[] staticSalt = ByteUtil.combine(ephemeralKeys.ChainKey, staticKeyCiphertext);
StaticKeys staticKeys = CalculateStaticKeys(theirIdentity, ourIdentity.getPrivateKey(), staticSalt);
UnidentifiedSenderMessageContent content = new UnidentifiedSenderMessageContent((int)message.getType(), senderCertificate, message.serialize());
byte[] messageBytes = Encrypt(staticKeys.CipherKey, staticKeys.MacKey, content.Serialized);
return(new UnidentifiedSenderMessage(ephemeral.getPublicKey(), staticKeyCiphertext, messageBytes).Serialized);
}
public void TestEncryptDecrypt()
{
TestInMemorySignalProtocolStore aliceStore = new TestInMemorySignalProtocolStore();
TestInMemorySignalProtocolStore bobStore = new TestInMemorySignalProtocolStore();
InitializeSessions(aliceStore, bobStore);
ECKeyPair trustRoot = Curve.generateKeyPair();
SenderCertificate senderCertificate = CreateCertificateFor(trustRoot, "+14151111111", 1, aliceStore.GetIdentityKeyPair().getPublicKey().getPublicKey(), 31337);
SealedSessionCipher aliceCipher = new SealedSessionCipher(aliceStore, new SignalProtocolAddress("+14151111111", 1));
byte[] ciphertext = aliceCipher.Encrypt(new SignalProtocolAddress("+14152222222", 1),
senderCertificate, Encoding.ASCII.GetBytes("smert za smert"));
SealedSessionCipher bobCipher = new SealedSessionCipher(bobStore, new SignalProtocolAddress("+14152222222", 1));
(SignalProtocolAddress, byte[])plaintext = bobCipher.Decrypt(new CertificateValidator(trustRoot.getPublicKey()), ciphertext, 31335);
CollectionAssert.AreEqual(plaintext.Item2, Encoding.ASCII.GetBytes("smert za smert"));
Assert.AreEqual(plaintext.Item1.Name, "+14151111111");
Assert.AreEqual(plaintext.Item1.DeviceId, (uint)1);
}
public UnidentifiedAccess(byte[] unidentifiedAccessKey, byte[] unidentifiedCertificate)
{
UnidentifiedAccessKey = unidentifiedAccessKey;
UnidentifiedCertificate = new SenderCertificate(unidentifiedCertificate);
}