public void TestKeyExchange(ScpConfig.EncryptionMode encryptionMode) { // Client side var clientEph = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph); var clientEphPubKey = clientEphCng.PublicKey(); // Server side var secretarium = new MockedSecretarium(encryptionMode); Assert.IsTrue(secretarium.GetServerHello(clientEphPubKey, out byte[] serverHello)); Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj)); // Client side Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork)); var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey); // Server side Assert.IsTrue(secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity)); Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj)); // Client side var symmetricKey = DiffieHellmanHelper.GetSymmetricKey( clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret); // Check keys are the same both sides Assert.IsTrue(symmetricKey.SequenceEqual(secretarium.Session.SymmetricKey)); }
public void TestAvgCommand(ScpConfig.EncryptionMode encryptionMode) { var session = FullProtocolFromX509(encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium); var command = new Request <double[]>("Secretarium.Test.DCAppForTesting", "Avg", new double[] { 1, 2, 3, 4, 5 }); var data = secretarium.RunCommand(command.Encrypt(symmetricKey, encryptionMode)); var avg = data.ParseMessage <double>(symmetricKey, encryptionMode); Assert.AreEqual(3d, avg.result); }
public void TestTextReplaceCommand(ScpConfig.EncryptionMode encryptionMode) { var session = FullProtocolFromX509(encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium); var args = new DCAppForTesting.TextReplaceArgs { FindValue = "def", ReplaceWith = "xyz", Value = "abcdefghi" }; var command = new Request <DCAppForTesting.TextReplaceArgs>("Secretarium.Test.DCAppForTesting", "TextReplace", args); var data = secretarium.RunCommand(command.Encrypt(symmetricKey, encryptionMode)); var avg = data.ParseMessage <string>(symmetricKey, encryptionMode); Assert.AreEqual("abcxyzghi", avg.result); }
public static bool Parse(byte[] data, ScpConfig.EncryptionMode encryption, out ServerProofOfIdentityEncrypted p) { if (encryption == ScpConfig.EncryptionMode.AESCTR && data.Length != 112 || encryption == ScpConfig.EncryptionMode.AESGCM && data.Length != 128) { p = null; return(false); } p = new ServerProofOfIdentityEncrypted { ivOffset = data.Extract(0, 16), encryptedPayload = data.Extract(16) }; return(true); }
public static Result <T> ParseMessage <T>(this byte[] data, byte[] symmetricKey, ScpConfig.EncryptionMode encryptionMode, Func <byte[], T> convertor = null) { var ivOffset = data.Extract(0, 16); var decrypted = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? data.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset) : data.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset); return(ParseMessage <T>(decrypted)); }
private bool FullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium) { // Client keys Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config)); Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng clientECDsaKeyCng, "SecretariumTestClient256")); var clientPub = clientECDsaKeyCng.ExportPublicKeyRaw(); // Client Hello var clientEph = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph); var clientEphPub = clientEphCng.PublicKey(); var clientHello = clientEphPub; Assert.IsTrue(ClientHello.Parse(clientHello, out ClientHello clientHelloObj)); // Server Hello secretarium = new MockedSecretarium(encryptionMode); secretarium.GetServerHello(clientHello, out byte[] serverHello); Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj)); // Client ClientProofOfWork Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork)); var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey); Assert.IsTrue(ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork clientProofOfWorkObj)); // Server Identity secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity); Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj)); // Client computes symmetric key symmetricKey = DiffieHellmanHelper.GetSymmetricKey( clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret); // Client Proof Of Identity var nonce = ByteHelper.GetRandom(32); var nonceSigned = clientECDsaKeyCng.SignData(nonce); var clientProofOfIdentity = ByteHelper.Combine(nonce, clientEphPub, clientPub, nonceSigned); Assert.IsTrue(ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity clientProofOfIdentityObj)); // Client Encrypts Client Proof Of Identity var ivOffset = ByteHelper.GetRandom(16); var encryptedClientProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? clientProofOfIdentity.AesCtrEncrypt(symmetricKey, ivOffset) : clientProofOfIdentity.AesGcmEncryptWithOffset(symmetricKey, ivOffset); var encryptedClientProofOfIdentityWithIvOffset = ByteHelper.Combine(ivOffset, encryptedClientProofOfIdentity); // Server Checks And Sends Proof Of Identity Assert.IsTrue(secretarium.GetServerProofOfIdentity( encryptedClientProofOfIdentityWithIvOffset, out byte[] encryptedServerProofOfIdentity)); // Client Decrypts Server Proof Of Identity ivOffset = encryptedServerProofOfIdentity.Extract(0, 16); var serverProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? encryptedServerProofOfIdentity.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset) : encryptedServerProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset); Assert.IsTrue(ServerProofOfIdentity.Parse(serverProofOfIdentity, out ServerProofOfIdentity serverProofOfIdentityObj)); // Client Checks Server Proof Of Idendity var msg = "Hey you! Welcome to Secretarium!".ToBytes(); var secretariumECDsaCng = ECDsaHelper.ImportPublicKey(serverIdentityObj.publicKey); Assert.IsTrue(secretariumECDsaCng.VerifyData( ByteHelper.Combine(serverProofOfIdentityObj.nonce, msg), serverProofOfIdentityObj.welcomeSigned)); return(true); }
public void TestFullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode) { var session = FullProtocolFromX509(encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium); Assert.IsNotNull(session); }
public static byte[] Encrypt <T>(this Request <T> command, byte[] symmetricKey, ScpConfig.EncryptionMode encryptionMode) where T : class { var ivOffset = ByteHelper.GetRandom(16); var encryptedCmd = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? command.ToBytes().AesCtrEncrypt(symmetricKey, ivOffset) : command.ToBytes().AesGcmEncryptWithOffset(symmetricKey, ivOffset); return(ByteHelper.Combine(ivOffset, encryptedCmd)); }
public MockedSecretarium(ScpConfig.EncryptionMode encryptionMode) { Session = new Session(); EncryptionMode = encryptionMode; }