public void Test() { byte[] key1 = "2121212121212121212121212121212121212121212121212121212121212121".HexToByteArray(); ECKeyPair privateKey = new ECKeyPair(key1, true); byte[] key2 = "0242a4ae0c5bef18048fbecf995094b74bfb0f7391418d71ed394784373f41e4f3".HexToByteArray(); ECKeyPair publicKey = new ECKeyPair(key2, false); byte[] result = ECDH.ComputeHashedPoint(publicKey.PublicKeyParameters, privateKey.PrivateKey); Assert.Equal("bd8d1d89b9ff4086baf9065df2562ccdd67399a5e9b2c0d427a92d83c1edd8fb", result.ToHex()); }
public byte[] ApplyActOne(ECKeyPair ephemeralKeyPair = null) { if (_state.HandshakeState != HandshakeState.Initialized) { throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized"); } _state.EphemeralKeyPair = ephemeralKeyPair ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(_state.RemoteAddress.PublicKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); _state.ChainingKey = chainingKey; (_, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK1, _state.SendNonce.GetBytes(), handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag)); _state.HandshakeHash = handshakeHash; _state.HandshakeState = HandshakeState.Act1; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag)); }
public byte[] ApplyActTwo(ECKeyPair initiatorEphemeralKey, ECKeyPair localEphemeralKey = null) { if (_state.HandshakeState != HandshakeState.Act1) { throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act1"); } _state.EphemeralKeyPair = localEphemeralKey ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(initiatorEphemeralKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK2) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); (_, byte[] tag1) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, new byte[12], handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag1)); _state.HandshakeHash = handshakeHash; _state.ChainingKey = chainingKey; _state.TempKey2 = tempK2; _state.HandshakeState = HandshakeState.Act2; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag1)); }
private void BtnCreateKey_Click(object sender, EventArgs e) { if (string.IsNullOrEmpty(TbAlicePrivate.Text) || string.IsNullOrEmpty(TbAlicePublic.Text)) { BtnAliceGenParams_Click(null, null); } if (string.IsNullOrEmpty(TbBobPrivate.Text) || string.IsNullOrEmpty(TbBobPublic.Text)) { BtnBobGenParams_Click(null, null); } byte[] alicePrivate = Util.GetBytes(TbAlicePrivate.Text); byte[] alicePublic = Util.GetBytes(TbAlicePublic.Text); byte[] bobPrivate = Util.GetBytes(TbBobPrivate.Text); byte[] bobPublic = Util.GetBytes(TbBobPublic.Text); TbAliceKey.Text = Util.ToHexString(ECDH.DeriveKey(alicePrivate, bobPublic)); TbBobKey.Text = Util.ToHexString(ECDH.DeriveKey(bobPrivate, alicePublic)); }
public (byte[] tempK1, ECKeyPair ephemeralKey) ReadActOneRequest(Span <byte> message, int length) { if (_state.HandshakeState != HandshakeState.Initialized) { throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized"); } if (length != 50) { throw new ArgumentException("ACT1_READ_FAILED"); } byte version = message.Slice(0, 1)[0]; ECKeyPair responderEphemeralKey = new ECKeyPair(message.Slice(1, 33), false); Span <byte> c = message.Slice(34, 16); if (version != 0) { throw new NotSupportedException("ACT1_BAD_VERSION"); } byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(responderEphemeralKey.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); _state.ChainingKey = chainingKey; (_, byte[] mac) = ChaCha20Poly1305.DecryptWithAdditionalData(tempK1, _state.ReceiveNonce.GetBytes(), handshakeHash, new byte[0]); if (!c.SequenceEqual(mac)) { throw new ArgumentException("ACT1_BAD_TAG"); } _state.ReceiveNonce.Increment(); _state.HandshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(c.ToArray())); _state.HandshakeState = HandshakeState.Act1; return(tempK1, responderEphemeralKey); }
public void ReadActThreeRequest(Span <byte> message, int length) { if (length != 66) { throw new ArgumentException("ACT3_READ_FAILED"); } byte version = message.Slice(0, 1)[0]; Span <byte> c = message.Slice(1, 49); //byte[] t = message.SubArray(50, 16); if (version != 0) { throw new NotSupportedException("ACT3_BAD_VERSION"); } (byte[] rs, _) = ChaCha20Poly1305.DecryptWithAdditionalData(_state.TempKey2, _state.ReceiveNonce.GetBytes(), _state.HandshakeHash, c.ToArray()); ECKeyPair rsKey = new ECKeyPair(((Span <byte>)rs).Slice(0, 33), false); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(c.ToArray())); byte[] ss = ECDH.ComputeHashedPoint(rsKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, _) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); //byte[] p, byte[] mac2) = ChaCha20Poly1305.decryptWithAD(tempK3, new byte[12], handshakeHash, t); // TODO: do mac check (byte[] decryptKey, byte[] encryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]); _state.ChainingKey = chainingKey; _state.HandshakeHash = handshakeHash; _state.SendEncryptionKey = encryptKey; _state.ReceiveDecryptionKey = decryptKey; _state.SendNonce.Reset(); _state.ReceiveNonce.Reset(); _state.HandshakeState = HandshakeState.Finished; }
public byte[] ApplyActThree(byte[] tempK2, ECKeyPair responderEphemeralKey) { if (_state.HandshakeState != HandshakeState.Act2) { throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act2"); } (byte[] cipherText, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, _state.SendNonce.GetBytes(), _state.HandshakeHash, _state.LocalKeyPair.PublicKeyCompressed); byte[] cipherAndMac = cipherText.ConcatToNewArray(tag); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(cipherAndMac)); byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK3) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); (_, byte[] tag2) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK3, new byte[12], handshakeHash, new byte[0]); (byte[] encryptKey, byte[] decryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]); _state.HandshakeHash = handshakeHash; _state.ChainingKey = chainingKey; _state.SendEncryptionKey = encryptKey; _state.ReceiveDecryptionKey = decryptKey; _state.SendNonce.Reset(); _state.ReceiveNonce.Reset(); _state.HandshakeState = HandshakeState.Finished; return(ByteExtensions.Combine(new byte[] { 0 }, cipherAndMac, tag2)); }
public static void Main(string[] args) { int i, j = 0, res; int result; string pp = "M0ng00se"; int EGS = ECDH.EGS; int EFS = ECDH.EFS; int EAS = AES.KS; sbyte[] S1 = new sbyte[EGS]; sbyte[] W0 = new sbyte[2 * EFS + 1]; sbyte[] W1 = new sbyte[2 * EFS + 1]; sbyte[] Z0 = new sbyte[EFS]; sbyte[] Z1 = new sbyte[EFS]; sbyte[] RAW = new sbyte[100]; sbyte[] SALT = new sbyte[8]; RAND rng = new RAND(); rng.clean(); for (i = 0; i < 100; i++) { RAW[i] = (sbyte)(i); } rng.seed(100, RAW); //for (j=0;j<100;j++) //{ for (i = 0; i < 8; i++) { SALT[i] = (sbyte)(i + 1); // set Salt } Console.WriteLine("Alice's Passphrase= " + pp); sbyte[] PW = pp.GetBytes(); /* private key S0 of size EGS bytes derived from Password and Salt */ sbyte[] S0 = ECDH.PBKDF2(PW, SALT, 1000, EGS); Console.Write("Alice's private key= 0x"); printBinary(S0); /* Generate Key pair S/W */ ECDH.KEY_PAIR_GENERATE(null, S0, W0); Console.Write("Alice's public key= 0x"); printBinary(W0); res = ECDH.PUBLIC_KEY_VALIDATE(true, W0); if (res != 0) { Console.WriteLine("Alice's public Key is invalid!\n"); return; } /* Random private key for other party */ ECDH.KEY_PAIR_GENERATE(rng, S1, W1); Console.Write("Servers private key= 0x"); printBinary(S1); Console.Write("Servers public key= 0x"); printBinary(W1); res = ECDH.PUBLIC_KEY_VALIDATE(true, W1); if (res != 0) { Console.Write("Server's public Key is invalid!\n"); return; } /* Calculate common key using DH - IEEE 1363 method */ ECDH.ECPSVDP_DH(S0, W1, Z0); ECDH.ECPSVDP_DH(S1, W0, Z1); bool same = true; for (i = 0; i < EFS; i++) { if (Z0[i] != Z1[i]) { same = false; } } if (!same) { Console.WriteLine("*** ECPSVDP-DH Failed"); return; } sbyte[] KEY = ECDH.KDF1(Z0, EAS); Console.Write("Alice's DH Key= 0x"); printBinary(KEY); Console.Write("Servers DH Key= 0x"); printBinary(KEY); //} //System.out.println("Test Completed Successfully"); }
public static void Main(string[] args) { int i, j = 0, res; int result; string pp = "M0ng00se"; int EGS = ECDH.EGS; int EFS = ECDH.EFS; int EAS = AES.KS; sbyte[] S1 = new sbyte[EGS]; sbyte[] W0 = new sbyte[2 * EFS + 1]; sbyte[] W1 = new sbyte[2 * EFS + 1]; sbyte[] Z0 = new sbyte[EFS]; sbyte[] Z1 = new sbyte[EFS]; sbyte[] RAW = new sbyte[100]; sbyte[] SALT = new sbyte[8]; sbyte[] P1 = new sbyte[3]; sbyte[] P2 = new sbyte[4]; sbyte[] V = new sbyte[2 * EFS + 1]; sbyte[] M = new sbyte[17]; sbyte[] T = new sbyte[12]; sbyte[] CS = new sbyte[EGS]; sbyte[] DS = new sbyte[EGS]; RAND rng = new RAND(); rng.clean(); for (i = 0; i < 100; i++) { RAW[i] = (sbyte)(i); } rng.seed(100, RAW); //for (j=0;j<100;j++) //{ for (i = 0; i < 8; i++) { SALT[i] = (sbyte)(i + 1); // set Salt } Console.WriteLine("Alice's Passphrase= " + pp); sbyte[] PW = pp.GetBytes(); /* private key S0 of size EGS bytes derived from Password and Salt */ sbyte[] S0 = ECDH.PBKDF2(PW, SALT, 1000, EGS); Console.Write("Alice's private key= 0x"); printBinary(S0); /* Generate Key pair S/W */ ECDH.KEY_PAIR_GENERATE(null, S0, W0); Console.Write("Alice's public key= 0x"); printBinary(W0); res = ECDH.PUBLIC_KEY_VALIDATE(true, W0); if (res != 0) { Console.WriteLine("ECP Public Key is invalid!\n"); return; } /* Random private key for other party */ ECDH.KEY_PAIR_GENERATE(rng, S1, W1); Console.Write("Servers private key= 0x"); printBinary(S1); Console.Write("Servers public key= 0x"); printBinary(W1); res = ECDH.PUBLIC_KEY_VALIDATE(true, W1); if (res != 0) { Console.Write("ECP Public Key is invalid!\n"); return; } /* Calculate common key using DH - IEEE 1363 method */ ECDH.ECPSVDP_DH(S0, W1, Z0); ECDH.ECPSVDP_DH(S1, W0, Z1); bool same = true; for (i = 0; i < EFS; i++) { if (Z0[i] != Z1[i]) { same = false; } } if (!same) { Console.WriteLine("*** ECPSVDP-DH Failed"); return; } sbyte[] KEY = ECDH.KDF1(Z0, EAS); Console.Write("Alice's DH Key= 0x"); printBinary(KEY); Console.Write("Servers DH Key= 0x"); printBinary(KEY); Console.WriteLine("Testing ECIES"); P1[0] = 0x0; P1[1] = 0x1; P1[2] = 0x2; P2[0] = 0x0; P2[1] = 0x1; P2[2] = 0x2; P2[3] = 0x3; for (i = 0; i <= 16; i++) { M[i] = (sbyte)i; } sbyte[] C = ECDH.ECIES_ENCRYPT(P1, P2, rng, W1, M, V, T); Console.WriteLine("Ciphertext= "); Console.Write("V= 0x"); printBinary(V); Console.Write("C= 0x"); printBinary(C); Console.Write("T= 0x"); printBinary(T); M = ECDH.ECIES_DECRYPT(P1, P2, V, C, T, S1); if (M.Length == 0) { Console.WriteLine("*** ECIES Decryption Failed\n"); return; } else { Console.WriteLine("Decryption succeeded"); } Console.Write("Message is 0x"); printBinary(M); Console.WriteLine("Testing ECDSA"); if (ECDH.ECPSP_DSA(rng, S0, M, CS, DS) != 0) { Console.WriteLine("***ECDSA Signature Failed"); return; } Console.WriteLine("Signature= "); Console.Write("C= 0x"); printBinary(CS); Console.Write("D= 0x"); printBinary(DS); if (ECDH.ECPVP_DSA(W0, M, CS, DS) != 0) { Console.WriteLine("***ECDSA Verification Failed"); return; } else { Console.WriteLine("ECDSA Signature/Verification succeeded " + j); } //} //System.out.println("Test Completed Successfully"); }