private static DHParameters GetDiffieHellmanParameters(int bitLength, int probability)
{
DHParametersGenerator generator = new DHParametersGenerator();
generator.Init(bitLength, probability, new SecureRandom());
return(generator.GenerateParameters());
}
public static DHParameters GenerateParameters()
{
var generator = new DHParametersGenerator();
generator.Init(256, DefaultPrimeProbability, new SecureRandom());
return(generator.GenerateParameters());
}
public void SimpleTest()
{
var generator = new DHParametersGenerator();
generator.Init(1024, 7, new SecureRandom());
var dhParameters = generator.GenerateParameters();
KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), dhParameters);
var keyGen = GeneratorUtilities.GetKeyPairGenerator("DH");
keyGen.Init(kgp);
var serverKeyPair = keyGen.GenerateKeyPair();
var serverKeyAgree = AgreementUtilities.GetBasicAgreement("DH");
serverKeyAgree.Init(serverKeyPair.Private);
var clientKeyPair = keyGen.GenerateKeyPair();
var clientKeyAgree = AgreementUtilities.GetBasicAgreement("DH");
clientKeyAgree.Init(clientKeyPair.Private);
var serverAgree = serverKeyAgree.CalculateAgreement(clientKeyPair.Public);
var clientAgree = clientKeyAgree.CalculateAgreement(serverKeyPair.Public);
Assert.Equal(serverAgree, clientAgree);
}
public static DHParameters GenerateParameters(int keyLength, int probability)
{
DHParametersGenerator generator = new DHParametersGenerator();
generator.Init(keyLength, probability, new SecureRandom());
return(generator.GenerateParameters());
}
public static DHParameters GenerateParameters()
{
var generator = new DHParametersGenerator();
generator.Init(256, 10, new SecureRandom());
return(generator.GenerateParameters());
}
public static void TestMethod()
{
//BEGIN SETUP ALICE
var aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
var aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom());
DHParameters aliceParameters = aliceGenerator.GenerateParameters();
var aliceKGP = new DHKeyGenerationParameters(new SecureRandom(), aliceParameters);
aliceKeyGen.Init(aliceKGP);
AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair();
var aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm);
aliceKeyAgree.Init(aliceKeyPair.Private);
//END SETUP ALICE
/////AT THIS POINT, Alice's Public Key, Alice's Parameter P and Alice's Parameter G are sent unsecure to BOB
//BEGIN SETUP BOB
var bobKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
DHParameters bobParameters = new DHParameters(aliceParameters.P, aliceParameters.G);
KeyGenerationParameters bobKGP = new DHKeyGenerationParameters(new SecureRandom(), bobParameters);
bobKeyGen.Init(bobKGP);
AsymmetricCipherKeyPair bobKeyPair = bobKeyGen.GenerateKeyPair();
IBasicAgreement bobKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm);
bobKeyAgree.Init(bobKeyPair.Private);
//END SETUP BOB
BigInteger aliceAgree = aliceKeyAgree.CalculateAgreement(bobKeyPair.Public);
BigInteger bobAgree = bobKeyAgree.CalculateAgreement(aliceKeyPair.Public);
if (!aliceAgree.Equals(bobAgree))
{
throw new Exception("Keys do not match.");
}
byte[] nonSecretMessage = GetBytes("HeaderMessageForASDF");
byte[] secretMessage = GetBytes("Secret message contents");
byte[] decNonSecretBytes;
KeyParameter sharedKey = new KeyParameter(aliceAgree.ToByteArrayUnsigned());
var encMessage = EncryptMessage(sharedKey, nonSecretMessage, secretMessage);
var decMessage = DecryptMessage(sharedKey, encMessage, out decNonSecretBytes);
var decNonSecretMessage = GetString(decNonSecretBytes);
var decSecretMessage = GetString(decMessage);
Debug.WriteLine(decNonSecretMessage + " - " + decSecretMessage);
return;
}
/**
* this test is can take quiet a while
*/
private void doTestGeneration(
int size)
{
DHParametersGenerator pGen = new DHParametersGenerator();
pGen.Init(size, 10, new SecureRandom());
DHParameters dhParams = pGen.GenerateParameters();
if (dhParams.L != 0)
{
Fail("DHParametersGenerator failed to set J to 0 in generated DHParameters");
}
DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator();
kpGen.Init(dhkgParams);
//
// generate first pair
//
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;
//
// generate second pair
//
dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), pu1.Parameters);
kpGen.Init(dhkgParams);
pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;
//
// two way
//
DHBasicAgreement e1 = new DHBasicAgreement();
DHBasicAgreement e2 = new DHBasicAgreement();
e1.Init(new ParametersWithRandom(pv1, new SecureRandom()));
e2.Init(new ParametersWithRandom(pv2, new SecureRandom()));
BigInteger k1 = e1.CalculateAgreement(pu2);
BigInteger k2 = e2.CalculateAgreement(pu1);
if (!k1.Equals(k2))
{
Fail("basic with " + size + " bit 2-way test failed");
}
}
private void testWithRandomParams(int bits)
{
DHParametersGenerator paramGen = new DHParametersGenerator();
paramGen.Init(bits, 25, random);
DHParameters parameters = paramGen.GenerateParameters();
testMutualVerification(new Srp6GroupParameters(parameters.P, parameters.G));
}
public static int Bits = 512; // 256bit=300ms, 512bit=365ms, 768bit=540ms, 1024bit=1290ms, 2048bit=_too_long_
public static DHKeyPair Generate(bool debug = false)
{
Stopwatch sw = new Stopwatch();
sw.Start();
var generator = new DHParametersGenerator();
generator.Init(Bits, 30, new SecureRandom());
var param = generator.GenerateParameters();
return(Generate(param, debug));
}
/// <summary>
/// Create a key pair for according to the key size
/// </summary>
/// <param name="keySize">the key size in bits</param>
public void CreateKeyPair(int keySize)
{
var dhParamGen = new DHParametersGenerator();
dhParamGen.Init(keySize, 20, new SecureRandom());
var dhParams = dhParamGen.GenerateParameters();
var keyGenerationParameters = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
var keyGenerator = new DHKeyPairGenerator();
keyGenerator.Init(keyGenerationParameters);
keyPair = keyGenerator.GenerateKeyPair();
}
private void testWithRandomParams(int bits)
{
DHParametersGenerator paramGen = new DHParametersGenerator();
paramGen.Init(bits, 25, random);
DHParameters parameters = paramGen.GenerateParameters();
BigInteger g = parameters.G;
BigInteger p = parameters.P;
testMutualVerification(p, g);
}
public void NoncompliantParametersGenerator(int arg)
{
var pGen1 = new DHParametersGenerator();
pGen1.Init(1024, 10, new SecureRandom()); // Noncompliant {{Use a key length of at least 2048 bits for DH cipher algorithm.}}
var pGen2 = new DsaParametersGenerator();
pGen2.Init(1024, 80, new SecureRandom()); // Noncompliant {{Use a key length of at least 2048 bits for DSA cipher algorithm.}}
var kp3 = new RsaKeyPairGenerator();
var r3 = new RsaKeyGenerationParameters(new BigInteger("1"), new SecureRandom(), 1024, 5); // Noncompliant {{Use a key length of at least 2048 bits for RSA cipher algorithm.}}
kp3.Init(r3);
pGen1.Init(arg, 10, new SecureRandom()); // Compliant
var keySize = 4096;
pGen1.Init(keySize, 10, new SecureRandom()); // Compliant
keySize = 1024;
pGen1.Init(keySize, 10, new SecureRandom()); // Noncompliant
}
public void generateKey(out byte[] pri, out byte[] pub)
{
IAsymmetricCipherKeyPairGenerator aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH");
/*
* BigInteger[] safePrimes = geneHelper.DHParametersHelper.GenerateSafePrimes(256, 30, new SecureRandom());
* BigInteger p = safePrimes[0];
* BigInteger _q = safePrimes[1];
* BigInteger g = geneHelper.DHParametersHelper.SelectGenerator(p, _q, new SecureRandom());
*
* var dhPara = new DHParameters(p, g, _q, 100, 0, BigInteger.Two, null);
*/
//var alicePara = new DHParameters();
DHParametersGenerator aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(256, 30, new SecureRandom());
DHParameters dhPara = aliceGenerator.GenerateParameters();
//var aliceParameters = dhPara;
var x92 = ECNamedCurveTable.GetByName("P-256");
var ecc2 = new ECDomainParameters(x92.Curve, x92.G, x92.N, x92.H, x92.GetSeed());
//KeyGenerationParameters aliceKGP = new DHKeyGenerationParameters (new SecureRandom (), aliceParameters);
KeyGenerationParameters aliceKGP = new ECKeyGenerationParameters(ecc2, new SecureRandom());
aliceKeyGen.Init(aliceKGP);
//aliceKeyGen.Init(keygenerationParameters);
//IBasicAgreement aliceKeyAgree = AgreementUtilities.GetBasicAgreement ("ECDH");
//aliceKeyAgree.
AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair();
//var csPri = ((ECPrivateKeyParameters)aliceKeyPair.Private).Parameters.G.GetEncoded();
//var pri_ = ((ECPrivateKeyParameters)aliceKeyPair.Private).D.ToByteArray();
//var _pri = new ECPrivateKeyParameters(new BigInteger(pri_), ecDomPars2).Parameters.G.GetEncoded();
var csPub = ((ECPublicKeyParameters)aliceKeyPair.Public).Q.GetEncoded();
var csPri = ((ECPrivateKeyParameters)aliceKeyPair.Private).D.ToByteArray();
pub = csPub;
pri = csPri;
util.debugWriteLine("pub " + util.getArrStr(pub));
util.debugWriteLine("pub base64 " + System.Convert.ToBase64String(pub));
util.debugWriteLine("pri " + util.getArrStr(pri));
// var auth = System.Convert.FromBase64String("MRxTrqwecC9880jcfqsM9A==");
}
public static DHKeyPair Generate(DHParameters param, bool debug = false)
{
//DHParameters pa = new DHParameters();
var generator = new DHParametersGenerator();
generator.Init(Bits, 30, new SecureRandom());
//DHParameters param = new DHParameters(prime, primativeRootModulo);
var keyGen = GeneratorUtilities.GetKeyPairGenerator("DH");
var kgp = new DHKeyGenerationParameters(new SecureRandom(), param);
keyGen.Init(kgp);
AsymmetricCipherKeyPair keyPair = keyGen.GenerateKeyPair();
var dhPublicKeyParameters = keyPair.Public as DHPublicKeyParameters;
if (dhPublicKeyParameters != null)
{
if (debug)
{
Console.WriteLine("Public Key: {0}", dhPublicKeyParameters.Y.ToString(16));
}
}
else
{
throw new Exception("Invalid Public Key");
}
var dhPrivateKeyParameters = keyPair.Private as DHPrivateKeyParameters;
if (dhPrivateKeyParameters != null)
{
if (debug)
{
Console.WriteLine("Private Key: {0}", dhPrivateKeyParameters.X.ToString(16));
}
}
else
{
throw new Exception("Invalid Private Key");
}
return(new DHKeyPair()
{
Parameters = param,
PublicKeyParameter = dhPublicKeyParameters,
PublicKey = dhPublicKeyParameters.Y.ToString(16),
PrivateKeyParameter = dhPrivateKeyParameters,
PrivateKey = dhPrivateKeyParameters.X.ToString(16)
});
}
public void NoncompliantParametersGenerator()
{
var pGen1 = new DHParametersGenerator();
pGen1.Init(1024, 10, new SecureRandom()); // Noncompliant {{Use a key length of at least 2048 bits for DH cipher algorithm.}}
var pGen2 = new DsaParametersGenerator();
pGen2.Init(1024, 80, new SecureRandom()); // Noncompliant {{Use a key length of at least 2048 bits for DSA cipher algorithm.}}
pGen2.Init(certainty: 80, size: 1024, random: new SecureRandom()); // Noncompliant {{Use a key length of at least 2048 bits for DSA cipher algorithm.}}
var kp3 = new RsaKeyPairGenerator();
var r3 = new RsaKeyGenerationParameters(new BigInteger("1"), new SecureRandom(), 1024, 5); // Noncompliant {{Use a key length of at least 2048 bits for RSA cipher algorithm.}}
r3 = new RsaKeyGenerationParameters(publicExponent: new BigInteger("1"), random: new SecureRandom(), certainty: 5, strength: 1024); // Noncompliant {{Use a key length of at least 2048 bits for RSA cipher algorithm.}}
kp3.Init(r3);
}
public DiffieHellmanObject CreateAlice()
{
var aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
var aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom());
var aliceParameters = aliceGenerator.GenerateParameters();
aliceKeyGen.Init(new DHKeyGenerationParameters(new SecureRandom(), aliceParameters));
var aliceKeyPair = aliceKeyGen.GenerateKeyPair();
return(new DiffieHellmanObject
{
PublicKey = aliceKeyPair.Public,
PrimInteger = aliceParameters.P,
NaturalInteger = aliceParameters.G,
PrivateKey = aliceKeyPair.Private
});
}
public void CompliantParametersGenerator()
{
var pGen1 = new DHParametersGenerator();
pGen1.Init(2048, 10, new SecureRandom()); // Compliant
var pGen2 = new DsaParametersGenerator();
pGen2.Init(2048, 80, new SecureRandom()); // Compliant
var kp1 = new ECKeyPairGenerator(); // OK - ignore for now
var kp2 = new DsaKeyPairGenerator();
var d2 = new DsaParameters(new BigInteger("2"), new BigInteger("2"), new BigInteger("2")); // FN
var r2 = new DsaKeyGenerationParameters(new SecureRandom(), d2);
kp2.Init(r2);
var kp3 = new RsaKeyPairGenerator();
var r3 = new RsaKeyGenerationParameters(new BigInteger("2"), new SecureRandom(), 2048, 5); // Compliant
kp3.Init(r3);
}
protected override void OnCreate(Bundle savedInstanceState)
{
base.OnCreate(savedInstanceState);
// Set our view from the "main" layout resource
SetContentView(Resource.Layout.Main);
const string Algorithm = "ECDH"; //What do you think about the other algorithms?
const int KeyBitSize = 2056;
const int NonceBitSize = 128;
const int MacBitSize = 128;
const int DefaultPrimeProbability = 30;
//BEGIN SETUP ALICE
IAsymmetricCipherKeyPairGenerator aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
DHParametersGenerator aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom());
DHParameters aliceParameters = aliceGenerator.GenerateParameters();
KeyGenerationParameters aliceKGP = new DHKeyGenerationParameters(new SecureRandom(), aliceParameters);
aliceKeyGen.Init(aliceKGP);
AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair();
IBasicAgreement aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm);
aliceKeyAgree.Init(aliceKeyPair.Private);
Button a1b = FindViewById <Button>(Resource.Id.a1b);
TextView AliceRandomText = FindViewById <TextView>(Resource.Id.a1t);
Button a2b = FindViewById <Button>(Resource.Id.a2b);
TextView AlicePrivateKeyText = FindViewById <TextView>(Resource.Id.a2t);
Button a3b = FindViewById <Button>(Resource.Id.a3b);
TextView AlicePublicKeyText = FindViewById <TextView>(Resource.Id.a3t);
Button b1b = FindViewById <Button>(Resource.Id.b1b);
TextView BobRandomText = FindViewById <TextView>(Resource.Id.b1t);
Button b2b = FindViewById <Button>(Resource.Id.b2b);
TextView BobPrivateKeyText = FindViewById <TextView>(Resource.Id.b2t);
Button b3b = FindViewById <Button>(Resource.Id.b3b);
TextView BobPublicKeyText = FindViewById <TextView>(Resource.Id.b3t);
Button a4b = FindViewById <Button>(Resource.Id.a4b);
TextView AliceBobSharedKeyText = FindViewById <TextView>(Resource.Id.a4t);
Button b4b = FindViewById <Button>(Resource.Id.b4b);
TextView BobAliceSharedKeyText = FindViewById <TextView>(Resource.Id.b4t);
// what Alice does
byte[] aliceRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(aliceRandomBytes);
byte[] alicePrivate = Curve25519.(aliceRandomBytes);
byte[] alicePublic = Curve25519.GetPublicKey(alicePrivate);
// what Bob does
byte[] bobRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(bobRandomBytes);
byte[] bobPrivate = Curve25519.ClampPrivateKey(bobRandomBytes);
byte[] bobPublic = Curve25519.GetPublicKey(bobPrivate);
// what Alice does with Bob's public key
byte[] aliceShared = Curve25519.GetSharedSecret(alicePrivate, bobPublic);
// what Bob does with Alice' public key
byte[] bobShared = Curve25519.GetSharedSecret(bobPrivate, alicePublic);
// aliceShared == bobShared
a1b.Click += delegate {
alicePrivateBytes = null;
AlicePrivateKeyText.Text = "";
alicePublicBytes = null;
AlicePublicKeyText.Text = "";
aliceBobSharedBytes = null;
bobAliceSharedBytes = null;
AliceBobSharedKeyText.Text = "";
BobAliceSharedKeyText.Text = "";
aliceRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(aliceRandomBytes);
AliceRandomText.Text = BitConverter.ToString(aliceRandomBytes).Replace("-", "");
};
a2b.Click += delegate {
if (aliceRandomBytes != null)
{
alicePrivateBytes = Curve25519.Create(aliceRandomBytes);
AlicePrivateKeyText.Text = BitConverter.ToString(alicePrivateBytes).Replace("-", "");
}
};
a3b.Click += delegate {
if (alicePrivateBytes != null)
{
alicePublicBytes = Curve25519.GetPublicKey(alicePrivateBytes);
AlicePublicKeyText.Text = BitConverter.ToString(alicePublicBytes).Replace("-", "");
}
};
b1b.Click += delegate {
bobPrivateBytes = null;
BobPrivateKeyText.Text = ""; // Reset
bobPublicBytes = null;
BobPublicKeyText.Text = ""; // Reset
aliceBobSharedBytes = null;
bobAliceSharedBytes = null;
AliceBobSharedKeyText.Text = "";
BobAliceSharedKeyText.Text = "";
bobRandomBytes = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(bobRandomBytes);
BobRandomText.Text = BitConverter.ToString(bobRandomBytes).Replace("-", "");
};
b2b.Click += delegate {
if (bobRandomBytes != null)
{
bobPrivateBytes = Curve25519.ClampPrivateKey(bobRandomBytes);
BobPrivateKeyText.Text = BitConverter.ToString(bobPrivateBytes).Replace("-", "");
}
};
b3b.Click += delegate {
if (bobPrivateBytes != null)
{
bobPublicBytes = Curve25519.GetPublicKey(bobPrivateBytes);
BobPublicKeyText.Text = BitConverter.ToString(bobPublicBytes).Replace("-", "");
}
};
a4b.Click += delegate {
if ((alicePrivateBytes != null) && (bobPublicBytes != null))
{
aliceBobSharedBytes = Curve25519.GetSharedSecret(alicePrivateBytes, bobPublicBytes);
AliceBobSharedKeyText.Text = BitConverter.ToString(aliceBobSharedBytes).Replace("-", "");
}
};
b4b.Click += delegate {
if ((bobPrivateBytes != null) && (alicePublicBytes != null))
{
bobAliceSharedBytes = Curve25519.GetSharedSecret(bobPrivateBytes, alicePublicBytes);
BobAliceSharedKeyText.Text = BitConverter.ToString(bobAliceSharedBytes).Replace("-", "");
}
};
}