public static EncryptionResult Encrypt(byte[] userKey, byte[] userSecret, byte[] payload)
{
byte[] salt = GenerateSalt(16);
AsymmetricCipherKeyPair serverKeyPair = ECKeyHelper.GenerateKeys();
IBasicAgreement ecdhAgreement = AgreementUtilities.GetBasicAgreement("ECDH");
ecdhAgreement.Init(serverKeyPair.Private);
ECPublicKeyParameters userPublicKey = ECKeyHelper.GetPublicKey(userKey);
byte[] key = ecdhAgreement.CalculateAgreement(userPublicKey).ToByteArrayUnsigned();
byte[] serverPublicKey = ((ECPublicKeyParameters)serverKeyPair.Public).Q.GetEncoded(false);
byte[] prk = HKDF(userSecret, key, Encoding.UTF8.GetBytes("Content-Encoding: auth\0"), 32);
byte[] cek = HKDF(salt, prk, CreateInfoChunk("aesgcm", userKey, serverPublicKey), 16);
byte[] nonce = HKDF(salt, prk, CreateInfoChunk("nonce", userKey, serverPublicKey), 12);
byte[] input = AddPaddingToInput(payload);
byte[] encryptedMessage = EncryptAes(nonce, cek, input);
return(new EncryptionResult
{
Salt = salt,
Payload = encryptedMessage,
PublicKey = serverPublicKey
});
}
/// <summary>
/// Generate vapid keys
/// </summary>
public static VapidDetails GenerateVapidKeys()
{
var results = new VapidDetails();
var keys = ECKeyHelper.GenerateKeys();
var publicKey = ((ECPublicKeyParameters)keys.Public).Q.GetEncoded(false);
var privateKey = ((ECPrivateKeyParameters)keys.Private).D.ToByteArrayUnsigned();
results.PublicKey = UrlBase64.Encode(publicKey);
results.PrivateKey = UrlBase64.Encode(ByteArrayPadLeft(privateKey, 32));
return(results);
}
public void TestGenerateKeys()
{
var keys = ECKeyHelper.GenerateKeys();
var publicKey = ((ECPublicKeyParameters)keys.Public).Q.GetEncoded(false);
var privateKey = ((ECPrivateKeyParameters)keys.Private).D.ToByteArrayUnsigned();
var publicKeyLength = publicKey.Length;
var privateKeyLength = privateKey.Length;
Assert.Equal(65, publicKeyLength);
Assert.Equal(32, privateKeyLength);
}
/// <summary>
/// Generate vapid keys
/// </summary>
/// <returns></returns>
public static VapidDetails GenerateVapidKeys()
{
VapidDetails results = new VapidDetails();
AsymmetricCipherKeyPair keys = ECKeyHelper.GenerateKeys();
byte[] publicKey = ((ECPublicKeyParameters)keys.Public).Q.GetEncoded(false);
byte[] privateKey = ((ECPrivateKeyParameters)keys.Private).D.ToByteArrayUnsigned();
results.PublicKey = UrlBase64.Encode(publicKey);
results.PrivateKey = UrlBase64.Encode(privateKey);
return(results);
}
public void TestGenerateKeysNoCache()
{
var keys1 = ECKeyHelper.GenerateKeys();
var keys2 = ECKeyHelper.GenerateKeys();
var publicKey1 = ((ECPublicKeyParameters)keys1.Public).Q.GetEncoded(false);
var privateKey1 = ((ECPrivateKeyParameters)keys1.Private).D.ToByteArrayUnsigned();
var publicKey2 = ((ECPublicKeyParameters)keys2.Public).Q.GetEncoded(false);
var privateKey2 = ((ECPrivateKeyParameters)keys2.Private).D.ToByteArrayUnsigned();
Assert.False(publicKey1.SequenceEqual(publicKey2));
Assert.False(privateKey1.SequenceEqual(privateKey2));
}
public void TestGenerateKeys()
{
AsymmetricCipherKeyPair keys = ECKeyHelper.GenerateKeys();
byte[] publicKey = ((ECPublicKeyParameters)keys.Public).Q.GetEncoded(false);
byte[] privateKey = ((ECPrivateKeyParameters)keys.Private).D.ToByteArrayUnsigned();
int publicKeyLength = publicKey.Length;
int privateKeyLength = privateKey.Length;
Assert.AreEqual(65, publicKeyLength);
Assert.AreEqual(32, privateKeyLength);
;
}
