public void TestKeyExchange(ScpConfig.EncryptionMode encryptionMode) { // Client side var clientEph = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph); var clientEphPubKey = clientEphCng.PublicKey(); // Server side var secretarium = new MockedSecretarium(encryptionMode); Assert.IsTrue(secretarium.GetServerHello(clientEphPubKey, out byte[] serverHello)); Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj)); // Client side Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork)); var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey); // Server side Assert.IsTrue(secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity)); Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj)); // Client side var symmetricKey = DiffieHellmanHelper.GetSymmetricKey( clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret); // Check keys are the same both sides Assert.IsTrue(symmetricKey.SequenceEqual(secretarium.Session.SymmetricKey)); }
public bool GetServerIdentity(byte[] clientProofOfWork, out byte[] serverIdentity) { serverIdentity = null; if (!ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork cpow)) { return(false); } if (!cpow.knownSecretariumPubKey.SequenceEqual(GenesisPubKey)) { return(false); } // Create ephemereal DH keys var eph = ECDHHelper.CreateCngKey(); var ephCng = ECDHHelper.CreateECDiffieHellmanCngSha256(eph); var ephPubKey = ephCng.PublicKey(); // Get CommonKey from DH var clientPublicCngKey = Session.ClientEphDHPubKey.ToECDHCngKey(); var commonKey = ephCng.DeriveKeyMaterial(clientPublicCngKey); // Generate a random SymmetricKey var symmetricKey = ByteHelper.GetRandom(commonKey.Length); // XOR CommonKey and SymmetricKey to produce a PreMasterSecret var preMasterSecret = commonKey.Xor(symmetricKey); serverIdentity = ByteHelper.Combine(preMasterSecret, ephPubKey, GenesisPubKey); Session.SymmetricKey = symmetricKey; return(true); }
public void TestDiffieHellmanP256() { var clientKey = ECDHHelper.CreateCngKey(); var serverKey = ECDHHelper.CreateCngKey(); var clientECDHCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientKey); var serverECDHCng = ECDHHelper.CreateECDiffieHellmanCngSha256(serverKey); var commonSecretServer = serverECDHCng.DeriveKeyMaterial(clientECDHCng.PublicKey); var commonSecretClient = clientECDHCng.DeriveKeyMaterial(serverECDHCng.PublicKey); Assert.IsTrue(commonSecretClient.SequenceEqual(commonSecretServer)); }
public void TestDiffieHellmanP256IsReplayable() { var clientKey = ECDHHelper.CreateCngKey(); var serverKey = ECDHHelper.CreateCngKey(); var clientECDH1 = ECDHHelper.CreateECDiffieHellmanCngSha256(clientKey); var serverECDH1 = ECDHHelper.CreateECDiffieHellmanCngSha256(serverKey); var commonSecretBytesClient1 = clientECDH1.DeriveKeyMaterial(serverECDH1.PublicKey); var commonSecretBytesServer1 = serverECDH1.DeriveKeyMaterial(clientECDH1.PublicKey); Assert.IsTrue(commonSecretBytesClient1.SequenceEqual(commonSecretBytesServer1)); var clientECDH2 = ECDHHelper.CreateECDiffieHellmanCngSha256(clientKey); var serverECDH2 = ECDHHelper.CreateECDiffieHellmanCngSha256(serverKey); var commonSecretBytesClient2 = clientECDH2.DeriveKeyMaterial(serverECDH2.PublicKey); var commonSecretBytesServer2 = serverECDH2.DeriveKeyMaterial(clientECDH2.PublicKey); Assert.IsTrue(commonSecretBytesClient2.SequenceEqual(commonSecretBytesServer2)); Assert.IsTrue(commonSecretBytesClient1.SequenceEqual(commonSecretBytesClient2)); }
private bool FullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium) { // Client keys Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config)); Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng clientECDsaKeyCng, "SecretariumTestClient256")); var clientPub = clientECDsaKeyCng.ExportPublicKeyRaw(); // Client Hello var clientEph = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph); var clientEphPub = clientEphCng.PublicKey(); var clientHello = clientEphPub; Assert.IsTrue(ClientHello.Parse(clientHello, out ClientHello clientHelloObj)); // Server Hello secretarium = new MockedSecretarium(encryptionMode); secretarium.GetServerHello(clientHello, out byte[] serverHello); Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj)); // Client ClientProofOfWork Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork)); var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey); Assert.IsTrue(ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork clientProofOfWorkObj)); // Server Identity secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity); Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj)); // Client computes symmetric key symmetricKey = DiffieHellmanHelper.GetSymmetricKey( clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret); // Client Proof Of Identity var nonce = ByteHelper.GetRandom(32); var nonceSigned = clientECDsaKeyCng.SignData(nonce); var clientProofOfIdentity = ByteHelper.Combine(nonce, clientEphPub, clientPub, nonceSigned); Assert.IsTrue(ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity clientProofOfIdentityObj)); // Client Encrypts Client Proof Of Identity var ivOffset = ByteHelper.GetRandom(16); var encryptedClientProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? clientProofOfIdentity.AesCtrEncrypt(symmetricKey, ivOffset) : clientProofOfIdentity.AesGcmEncryptWithOffset(symmetricKey, ivOffset); var encryptedClientProofOfIdentityWithIvOffset = ByteHelper.Combine(ivOffset, encryptedClientProofOfIdentity); // Server Checks And Sends Proof Of Identity Assert.IsTrue(secretarium.GetServerProofOfIdentity( encryptedClientProofOfIdentityWithIvOffset, out byte[] encryptedServerProofOfIdentity)); // Client Decrypts Server Proof Of Identity ivOffset = encryptedServerProofOfIdentity.Extract(0, 16); var serverProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? encryptedServerProofOfIdentity.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset) : encryptedServerProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset); Assert.IsTrue(ServerProofOfIdentity.Parse(serverProofOfIdentity, out ServerProofOfIdentity serverProofOfIdentityObj)); // Client Checks Server Proof Of Idendity var msg = "Hey you! Welcome to Secretarium!".ToBytes(); var secretariumECDsaCng = ECDsaHelper.ImportPublicKey(serverIdentityObj.publicKey); Assert.IsTrue(secretariumECDsaCng.VerifyData( ByteHelper.Combine(serverProofOfIdentityObj.nonce, msg), serverProofOfIdentityObj.welcomeSigned)); return(true); }
public void TestCngKeyOnP256() { CngKey key = ECDHHelper.CreateCngKey(); EllipticCurveHelper.TestKeyBelongsToP256(key); }
public bool Connect(int timeout = 3000) { if (_webSocket != null) { _webSocket.Close(); } // -1- Open Websocket UpdateState(ConnectionState.Connecting); var signal = new AutoResetEvent(false); var canContinue = true; void onOpenHandler(object sender, EventArgs e) { UpdateState(ConnectionState.Open); signal.Set(); } void onCloseHandler(object sender, CloseEventArgs e) { UpdateState(ConnectionState.Closed); canContinue = false; //signal.Set(); Force wait until timeout to avoid quick reconnection loops } void onErrorHandler(object sender, ErrorEventArgs e) { UpdateState(ConnectionState.Closed); canContinue = false; //signal.Set(); Force wait until timeout to avoid quick reconnection loops } EventHandler <MessageEventArgs> onMessageHandler; _webSocket = new WebSocket(_config.secretarium.endPoint, "pair1.sp.nanomsg.org"); _webSocket.SslConfiguration.EnabledSslProtocols = SslProtocols.Tls12; _webSocket.Compression = CompressionMethod.None; _webSocket.OnOpen += onOpenHandler; _webSocket.OnClose += onCloseHandler; _webSocket.OnError += onErrorHandler; _webSocket.Connect(); if (!signal.WaitOne(timeout) || !canContinue) { _webSocket.Close(); return(false); } _webSocket.OnOpen -= onOpenHandler; // -2- Send Client Hello UpdateState(ConnectionState.SecureConnectionInProgress); var clientEphCngKey = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEphCngKey); var clientEphPub = clientEphCngKey.ExportPublicKeyRaw(); var clientHello = ByteHelper.Combine(_hop, clientEphPub); ServerHello serverHello = null; onMessageHandler = (sender, e) => { if (!ServerHello.Parse(e.RawData.Extract(4), MaxAllowedPoWDifficilty, out serverHello)) { canContinue = false; } signal.Set(); }; _webSocket.OnMessage += onMessageHandler; _webSocket.Send(clientHello); if (!signal.WaitOne(timeout) || !canContinue) { _webSocket.Close(); return(false); } _webSocket.OnMessage -= onMessageHandler; // -3- Send Client Proof Of Work if (!DiffieHellmanHelper.ComputeProofOfWork(serverHello.proofOfWorkDetails, out byte[] proofOfWork))