public void Encrypt(byte[] plainText)
{
try
{
if (GetMessageType() == 20103)
{
var nonce =
GenericHash.Hash(
Client.CSNonce.Concat(Client.CPublicKey).Concat(Key.Crypto.PublicKey).ToArray(), null, 24);
plainText = Client.CRNonce.Concat(Client.CSharedKey).Concat(plainText).ToArray();
SetData(PublicKeyBox.Create(plainText, nonce, Key.Crypto.PrivateKey, Client.CPublicKey));
}
else if (GetMessageType() == 20104)
{
var nonce =
GenericHash.Hash(
Client.CSNonce.Concat(Client.CPublicKey).Concat(Key.Crypto.PublicKey).ToArray(), null, 24);
plainText = Client.CRNonce.Concat(Client.CSharedKey).Concat(plainText).ToArray();
SetData(PublicKeyBox.Create(plainText, nonce, Key.Crypto.PrivateKey, Client.CPublicKey));
Client.CState = 2;
}
else
{
Client.CRNonce = Utilities.Increment(Utilities.Increment(Client.CRNonce));
SetData(SecretBox.Create(plainText, Client.CRNonce, Client.CSharedKey).Skip(16).ToArray());
}
}
catch (Exception ex)
{
Client.CState = 0;
}
}
public void SavePrivateKey(SecureString password, string path = null)
{
Console.WriteLine("Set path if needed");
if (string.IsNullOrEmpty(path))
{
path = (Environment.OSVersion.Platform == PlatformID.Unix) ?
Environment.GetEnvironmentVariable("HOME") :
Environment.ExpandEnvironmentVariables("%HOMEDRIVE%%HOMEPATH%");
path += "/.cryptchat/" + Base32.ToBase32String(GenericHash.Hash(Encoding.ASCII.GetBytes(Username), null, 16));
}
Console.WriteLine("Create directory");
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
path += "/.pem";
Console.WriteLine("Lock PrivateKey with password");
var temp = SecretBox.Create(Convert.FromBase64String(PrivateKey),
GenericHash.Hash(Encoding.ASCII.GetBytes(Id), null, 24),
GenericHash.Hash(Encoding.ASCII.GetBytes(password), null, 32));
var temp_key = Convert.ToBase64String(temp);
Console.WriteLine("Save password-locked PrivateKey");
if (!string.IsNullOrEmpty(temp_key))
{
File.WriteAllBytes(path, Convert.FromBase64String(temp_key));
}
}
public static byte[] Decrypt(byte[] message, byte[] rxKey)
{
var nonce = message.Take(crypto_secretbox_NONCEBYTES).ToArray();
var cipher = message.Skip(crypto_secretbox_NONCEBYTES).ToArray();
return(SecretBox.Open(cipher, nonce, rxKey));
}
static string SecretboxEncryptionToBase64(string keyBase64, string plaintext)
{
byte[] nonce = GenerateRandomNonce();
byte[] data = System.Text.Encoding.UTF8.GetBytes(plaintext);
byte[] ciphertext = SecretBox.Create(plaintext, nonce, Base64Decoding(keyBase64));
return(Base64Encoding(nonce) + ":" + Base64Encoding(ciphertext));
}
public void TestDisposal()
{
// this test is still bad.
// "default" disposal
byte[] symkey = SecretBox.GenerateKey();
SymmetricEncrypter abc = new SymmetricEncrypter(symkey);
abc.Dispose();
SymmetricEncrypter def;
try
{
def = new SymmetricEncrypter("Not a valid base64 code triggering an exception!");
}
catch (FormatException)
{
// disposal is called although constructor failed.
}
bool exceptionThrown = false;
try
{
def = null;
}
catch (Exception)
{
exceptionThrown = true;
}
_ = new SymmetricEncrypter(symkey);
Assert.IsFalse(exceptionThrown);
}
/// <summary>
/// Validates server acceptance message
/// </summary>
/// <remark>
/// Here the client verifies that the received message length is 80
/// bytes, then opens the encrypted box and verifies that the sent
/// message is server's signature to the derived shared secrets. With
/// this the handshake concludes.
/// </remark>
/// <exception cref="ArgumentException">
/// Thrown if the server's Accept <paramref name="msg"/> is not the
/// correct size or the signature is not valid.
/// </exception>
/// <param name="msg">
/// The received message, encrypted server's signature.
/// </param>
public void VerifyAccept(byte[] msg)
{
if (msg.Length != 80)
{
throw new ArgumentException("Incorrect message size");
}
var nonce = new byte[NONCE_SIZE];
nonce.Initialize();
// Concatenate the network key and derived secrets to obtain
// the message key
var key = CryptoHash.Sha256(
Utils.Concat(_network_key, _shared_ab, _shared_aB, _shared_Ab)
);
var opened_msg = SecretBox.Open(msg, nonce, key);
// Compute the message that it is supposed to be signed with the
// server's long term key
var hashed = CryptoHash.Sha256(_shared_ab);
var msg_to_verify = Utils.Concat(
_network_key, detached_signature_A,
_longterm_client_keypair.PublicKey, hashed
);
if (!PublicKeyAuth.VerifyDetached(opened_msg, msg_to_verify, _longterm_server_pk))
{
throw new ArgumentException("Invalid signature");
}
}
/// <summary>
/// Computes the message that accepts the handshake.
/// </summary>
/// <remark>
/// Here the server computes a signature of the network key, the
/// signature of the long term client's public key and a sha 256 of
/// the shared ab secret. This is signed with the server's long term
/// private key.
///
/// This signature is encrypted using a sha 256 of the network key
/// and all of the derived secrets.
/// </remark>
/// <returns>
/// A byte array of length 80 consisting of the message.
/// </returns>
public byte[] Accept()
{
var detached_signature = PublicKeyAuth.SignDetached(
Utils.Concat(
_network_key,
detached_signature_A,
_longterm_client_pk,
CryptoHash.Sha256(_shared_ab)
),
_longterm_server_keypair.PrivateKey
);
// A nonce consisting of 24 zeros
var nonce = new byte[NONCE_SIZE];
nonce.Initialize();
var key = CryptoHash.Sha256(
Utils.Concat(_network_key, _shared_ab, _shared_aB, _shared_Ab)
);
var msg = SecretBox.Create(detached_signature, nonce, key);
return(msg);
}
public void OpenSecretBoxBadNonce()
{
SecretBox.Open(
Utilities.HexToBinary("00000000000000000000000000000000b58d3c3e5ae78770b7db54e29e3885138a2f1ddb738f2309d9b38164"),
Encoding.UTF8.GetBytes("ABCDEFGHIJKLMNOPQRSTUVW"),
Encoding.UTF8.GetBytes("12345678901234567890123456789012"));
}
/// <summary>
/// Crafts the client Authenticate message
/// </summary>
/// <remark>
/// Consists of a signature of the network identifier, the server's
/// long term public key and a sha 256 of the derived secret ab,
/// concatenated with the client's long term public key. All
/// encrypted using the network identifier and the derived secrets
/// ab and aB.
///
/// This sets the object's <see cref="detached_signature_A"/>
/// </remark>
/// <returns>
/// The client Authenticate message
/// </returns>
public byte[] Authenticate()
{
var hash_ab = CryptoHash.Sha256(this._shared_ab);
// Concatenate the network identifier, the server's public key and
// the hash of the derived secret.
var to_sign = Utils.Concat(
_network_key, _longterm_server_pk, hash_ab
);
// Sign the first portion of the message and save it in the object
// state for later use in the server accept verification.
detached_signature_A = PublicKeyAuth.SignDetached(
to_sign, _longterm_client_keypair.PrivateKey
);
// Create the plaintext message
var plaintext = Utils.Concat(
detached_signature_A, _longterm_client_keypair.PublicKey
);
// Create the key from the network key and the shared secrets
var box_key = Utils.Concat(
_network_key, _shared_ab, _shared_aB
);
// A nonce consisting of 24 zeros
var nonce = new byte[NONCE_SIZE];
nonce.Initialize();
var msg = SecretBox.Create(plaintext, nonce, CryptoHash.Sha256(box_key));
return(msg);
}
public void CreateDetachedSecretBoxBadNonce()
{
SecretBox.CreateDetached(
Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("ABCDEFGHIJKLMNOPQRSTUVW"),
Encoding.UTF8.GetBytes("12345678901234567890123456789012"));
}
public void CreateSecretBoxBadKey()
{
SecretBox.Create(
Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("ABCDEFGHIJKLMNOPQRSTUVWX"),
Encoding.UTF8.GetBytes("123456789012345678901234567890"));
}
public static void DecryptPacket(ServerState state, byte[] packet)
{
using (var reader = new Reader(packet))
{
var ID = reader.ReadUInt16();
reader.Seek(3, SeekOrigin.Current);
var Version = reader.ReadUInt16();
byte[] cipherText = reader.ReadAllBytes, plainText;
var Name = Packet_Names.GetName(ID);
switch (ID)
{
case 10100:
{
plainText = cipherText;
break;
}
case 10101:
{
state.ClientKey = cipherText.Take(32).ToArray();
var nonce = GenericHash.Hash(state.ClientKey.Concat(state.ServerKey.PublicKey).ToArray(), null,
24);
cipherText = cipherText.Skip(32).ToArray();
plainText = PublicKeyBox.Open(cipherText, nonce, state.ServerKey.PrivateKey, state.ClientKey);
state.SessionKey = plainText.Take(24).ToArray();
state.ClientState.Nonce = plainText.Skip(24).Take(24).ToArray();
plainText = plainText.Skip(24).Skip(24).ToArray();
break;
}
default:
{
state.ClientState.Nonce = Utilities.Increment(Utilities.Increment(state.ClientState.Nonce));
plainText = SecretBox.Open(new byte[16].Concat(cipherText).ToArray(), state.ClientState.Nonce,
state.SharedKey);
break;
}
}
ClientCrypto.EncryptPacket(state.ClientState, ID, Version, plainText);
Console.WriteLine(
$"[{DateTime.Now.ToLongTimeString()}, CLIENT, {ID}] {Resources.Definition.Decode(new Reader(plainText), ID)}");
Logger.Write(BitConverter.ToString(plainText).Replace("-", string.Empty), $"{ID}_{Name}",
LogType.PACKET);
}
}
public void Decrypt()
{
try
{
if (m_vType == 10101)
{
var cipherText = m_vData;
Client.CPublicKey = cipherText.Take(32).ToArray();
Client.CSharedKey = Client.CPublicKey;
Client.CRNonce = Client.GenerateSessionKey();
var nonce = GenericHash.Hash(Client.CPublicKey.Concat(Key.Crypto.PublicKey).ToArray(), null, 24);
cipherText = cipherText.Skip(32).ToArray();
var PlainText = PublicKeyBox.Open(cipherText, nonce, Key.Crypto.PrivateKey, Client.CPublicKey);
Client.CSessionKey = PlainText.Take(24).ToArray();
Client.CSNonce = PlainText.Skip(24).Take(24).ToArray();
SetData(PlainText.Skip(24).Skip(24).ToArray());
}
else if (m_vType != 10100)
{
Client.CSNonce = Utilities.Increment(Utilities.Increment(Client.CSNonce));
SetData(SecretBox.Open(new byte[16].Concat(m_vData).ToArray(), Client.CSNonce, Client.CSharedKey));
}
}
catch (Exception ex)
{
Client.CState = 0;
}
}
/// <summary>
/// Encrypts the file name.
/// </summary>
/// <param name="fileName">The file name.</param>
/// <param name="fileNameLength">The length it will be filled up.</param>
public void ProtectFileName(string fileName, int fileNameLength)
{
//fill up the filename to 256 bytes
byte[] paddedFileName = Helper.Utils.StringToPaddedByteArray(fileName, fileNameLength);
//encrypt the file name in the header
this.Filename = SecretBox.Create(paddedFileName, this.FilenameNonce, this.UnencryptedEphemeralKey);
}
public void Decrypt()
{
try
{
if (this.m_vType == 10101)
{
byte[] array = this.m_vData;
this.Client.CPublicKey = array.Take(32).ToArray <byte>();
this.Client.CSharedKey = this.Client.CPublicKey;
this.Client.CRNonce = Client.GenerateSessionKey();
byte[] nonce = GenericHash.Hash(this.Client.CPublicKey.Concat(Key.Crypto.PublicKey).ToArray <byte>(), null, 24);
array = array.Skip(32).ToArray <byte>();
byte[] source = PublicKeyBox.Open(array, nonce, Key.Crypto.PrivateKey, this.Client.CPublicKey);
this.Client.CSessionKey = source.Take(24).ToArray <byte>();
this.Client.CSNonce = source.Skip(24).Take(24).ToArray <byte>();
this.SetData(source.Skip(24).Skip(24).ToArray <byte>());
}
else
{
this.Client.CSNonce = Sodium.Utilities.Increment(Sodium.Utilities.Increment(this.Client.CSNonce));
this.SetData(SecretBox.Open(new byte[16].Concat(this.m_vData).ToArray <byte>(), this.Client.CSNonce, this.Client.CSharedKey));
}
}
catch (Exception)
{
this.Client.CState = 0;
}
}
/// <summary>
/// Takes a 'plaintext' Buffer of the message you want to encrypt,<para />
/// and an array of recipient public keys.<para />
/// Returns a message that is encrypted to all recipients<para />
/// and openable by them with 'PrivateBox.MultiboxOpen'.<para />
/// The 'recipients' must be between 1 and 7 items long.
/// </summary>
/// <param name="msg"></param>
/// <param name="recipients"></param>
/// <param name="maxRecipients"></param>
/// <returns></returns>
/// <exception cref="ArgumentOutOfRangeException"></exception>
public static byte[] Multibox(byte[] msg, byte[][] recipients, int maxRecipients = DEFAULT_MAX)
{
if (maxRecipients < 1 || maxRecipients > 255)
{
throw new ArgumentOutOfRangeException("max recipients must be between 1 and 255.");
}
if (recipients.Length > maxRecipients)
{
throw new ArgumentOutOfRangeException("max recipients is:" + maxRecipients + " found:" + recipients.Length);
}
var nonce = RandomBytes(24);
var key = RandomBytes(32);
var onetime = PublicKeyBox.GenerateKeyPair();
var length_and_key = new List <byte>();
length_and_key.Add((byte)recipients.Length);
length_and_key.AddRange(key);
var res = new List <byte>();
res.AddRange(nonce);
res.AddRange(onetime.PublicKey);
foreach (var rec in recipients)
{
res.AddRange(SecretBox.Create(length_and_key.ToArray(), nonce, ScalarMult.Mult(onetime.PrivateKey, rec)));
}
res.AddRange(SecretBox.Create(msg, nonce, key));
return(res.ToArray());
}
public void Encrypt(byte[] plainText)
{
try
{
if (this.GetMessageType() == 20103)
{
byte[] nonce = GenericHash.Hash(this.Client.CSNonce.Concat(this.Client.CPublicKey).Concat(Key.Crypto.PublicKey).ToArray <byte>(), null, 24);
plainText = this.Client.CRNonce.Concat(this.Client.CSharedKey).Concat(plainText).ToArray <byte>();
this.SetData(PublicKeyBox.Create(plainText, nonce, Key.Crypto.PrivateKey, this.Client.CPublicKey));
}
else if (this.GetMessageType() == 20104)
{
byte[] nonce2 = GenericHash.Hash(this.Client.CSNonce.Concat(this.Client.CPublicKey).Concat(Key.Crypto.PublicKey).ToArray <byte>(), null, 24);
plainText = this.Client.CRNonce.Concat(this.Client.CSharedKey).Concat(plainText).ToArray <byte>();
this.SetData(PublicKeyBox.Create(plainText, nonce2, Key.Crypto.PrivateKey, this.Client.CPublicKey));
this.Client.CState = 2;
}
else
{
this.Client.CRNonce = Sodium.Utilities.Increment(Sodium.Utilities.Increment(this.Client.CRNonce));
this.SetData(SecretBox.Create(plainText, this.Client.CRNonce, this.Client.CSharedKey).Skip(16).ToArray <byte>());
}
}
catch (Exception)
{
this.Client.CState = 0;
}
}
public static void EncryptPacket(Socket _Socket, ServerState _State, int _PacketID, int unknown, byte[] plainText)
{
byte[] cipherText;
if (_PacketID == 20100)
{
cipherText = plainText;
}
else if (_PacketID == 20103)
{
byte[] nonce = GenericHash.Hash(_State.clientState.nonce.Concat(_State.clientKey).Concat(_State.serverKey.PublicKey).ToArray(), null, 24);
plainText = _State.nonce.Concat(_State.sharedKey).Concat(plainText).ToArray();
cipherText = PublicKeyBox.Create(plainText, nonce, _State.serverKey.PrivateKey, _State.clientKey);
}
else if (_PacketID == 20104)
{
byte[] nonce = GenericHash.Hash(_State.clientState.nonce.Concat(_State.clientKey).Concat(_State.serverKey.PublicKey).ToArray(), null, 24);
plainText = _State.nonce.Concat(_State.sharedKey).Concat(plainText).ToArray();
cipherText = PublicKeyBox.Create(plainText, nonce, _State.serverKey.PrivateKey, _State.clientKey);
}
else
{
cipherText = SecretBox.Create(plainText, _State.nonce, _State.sharedKey).Skip(16).ToArray();
}
byte[] packet = BitConverter.GetBytes(_PacketID).Reverse().Skip(2).Concat(BitConverter.GetBytes(cipherText.Length).Reverse().Skip(1)).Concat(BitConverter.GetBytes(unknown).Reverse().Skip(2)).Concat(cipherText).ToArray();
_Socket.BeginSend(packet, 0, packet.Length, 0, SendCallback, _State);
}
public void SecretBox7()
{
byte[] k = new byte[SecretBox.KeySize];
byte[] n = new byte[SecretBox.NonceSize];
RandomNumberGenerator random = new RNGCryptoServiceProvider();
int mlen;
for (mlen = 0; mlen < 1000; ++mlen)
{
byte[] m = new byte[mlen + SecretBox.ZeroSize];
byte[] c = new byte[mlen + SecretBox.ZeroSize];
byte[] m2 = new byte[mlen + SecretBox.ZeroSize];
random.GetBytes(k);
random.GetBytes(n);
random.GetBytes(m);
Array.Clear(m, 0, SecretBox.ZeroSize);
SecretBox secretBox = new SecretBox(k);
secretBox.Box(c, m, n);
secretBox.Open(m2, c, n);
int i;
for (i = 0; i < mlen + SecretBox.ZeroSize; ++i)
{
Assert.AreEqual(m2[i], m[i]);
}
}
}
public static void DecryptPacket(Socket socket, ServerState state, byte[] packet)
{
var messageId = BitConverter.ToInt32(new byte[2].Concat(packet.Take(2)).Reverse().ToArray(), 0);
var payloadLength = BitConverter.ToInt32(new byte[1].Concat(packet.Skip(2).Take(3)).Reverse().ToArray(), 0);
var unknown = BitConverter.ToInt32(new byte[2].Concat(packet.Skip(2).Skip(3).Take(2)).Reverse().ToArray(), 0);
var cipherText = packet.Skip(2).Skip(3).Skip(2).ToArray();
byte[] plainText;
if (messageId == 10100)
{
plainText = cipherText;
}
else if (messageId == 10101)
{
state.clientKey = cipherText.Take(32).ToArray();
var nonce = GenericHash.Hash(state.clientKey.Concat(state.serverKey.PublicKey).ToArray(), null, 24);
cipherText = cipherText.Skip(32).ToArray();
plainText = PublicKeyBox.Open(cipherText, nonce, state.serverKey.PrivateKey, state.clientKey);
state.sessionKey = plainText.Take(24).ToArray();
state.clientState.nonce = plainText.Skip(24).Take(24).ToArray();
plainText = plainText.Skip(24).Skip(24).ToArray();
}
else
{
state.clientState.nonce = Utilities.Increment(Utilities.Increment(state.clientState.nonce));
plainText = SecretBox.Open(new byte[16].Concat(cipherText).ToArray(), state.clientState.nonce,
state.sharedKey);
}
Console.WriteLine("[UCR] {0}" + Environment.NewLine + "{1}", PacketInfos.GetPacketName(messageId),
Utilities.BinaryToHex(packet.Take(7).ToArray()) + Utilities.BinaryToHex(plainText));
ClientCrypto.EncryptPacket(state.clientState.socket, state.clientState, messageId, unknown, plainText);
}
public static void EncryptPacket(Socket socket, ServerState state, int messageId, int unknown, byte[] plainText)
{
byte[] cipherText;
if (messageId == 20100)
{
cipherText = plainText;
}
else if (messageId == 20104)
{
var nonce =
GenericHash.Hash(
state.clientState.nonce.Concat(state.clientKey).Concat(state.serverKey.PublicKey).ToArray(),
null, 24);
plainText = state.nonce.Concat(state.sharedKey).Concat(plainText).ToArray();
cipherText = PublicKeyBox.Create(plainText, nonce, state.serverKey.PrivateKey, state.clientKey);
}
else
{
cipherText = SecretBox.Create(plainText, state.nonce, state.sharedKey).Skip(16).ToArray();
}
var packet =
BitConverter.GetBytes(messageId)
.Reverse()
.Skip(2)
.Concat(BitConverter.GetBytes(cipherText.Length).Reverse().Skip(1))
.Concat(BitConverter.GetBytes(unknown).Reverse().Skip(2))
.Concat(cipherText)
.ToArray();
socket.BeginSend(packet, 0, packet.Length, 0, SendCallback, state);
}
public void VerifyLibhydrogenEncryptedMessageCanBeDecrypted()
{
var sb = new SecretBox();
// Generate a key
var key = new byte[SecretBox.KeyBytes];
sb.GenerateKey(key);
// Generate a message to encrypt
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
// Buffer to hold the ciphertext
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
// Encrypt using libhydrogen
var result = hydro_secretbox_encrypt(
ciphertext, message, message.Length, messageId, context, key);
// Verify that some ciphertext was generated
Assert.That(ciphertext, Is.Not.All.Zero);
Assert.That(result, Is.EqualTo(0));
// Decrypt using SecretBox
var decryptedMessage = new byte[message.Length];
sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypt was successful
Assert.That(decryptedMessage, Is.EqualTo(message));
}
public async static Task <byte[]> ReadSecretMessage(Stream s, byte[] key, CancellationToken token = default)
{
var read = 0;
byte[] header = new byte[4 + 24];
while (read < header.Length)
{
read += await s.ReadAsync(header, read, header.Length - read, token);
}
var length = BitConverter.ToUInt32(header, 0);
byte[] nonce = header.Skip(4).ToArray();
if (length > MaxMessageLen)
{
throw new ArgumentOutOfRangeException($"Encrypted message specified a size of {length}, which is greater than the limit of {MaxMessageLen}");
}
byte[] ciphertext = new byte[length];
read = 0;
while (read < ciphertext.Length)
{
read += await s.ReadAsync(ciphertext, read, ciphertext.Length - read, token);
}
return(SecretBox.Open(ciphertext, nonce, key));
}
public void CalculateCipherTextLength()
{
const int messageLength = 10;
const int expectedLength = messageLength + HeaderBytes;
var sb = new SecretBox();
Assert.That(sb.CalculateCiphertextLength(messageLength), Is.EqualTo(expectedLength));
}
public void CalculateMessageLength()
{
const int ciphertextLength = 80;
const int expectedLength = ciphertextLength - HeaderBytes;
var sb = new SecretBox();
Assert.That(sb.CalculateMessageLength(ciphertextLength), Is.EqualTo(expectedLength));
}
private static byte[] DecryptSecretSeed(byte[] seedBytes, byte[] keyHash)
{
byte[] nonceBytes = new byte[24];
byte[] cipherBytes = new byte[seedBytes.Length - nonceBytes.Length];
Array.Copy(seedBytes, 0, nonceBytes, 0, nonceBytes.Length);
Array.Copy(seedBytes, nonceBytes.Length, cipherBytes, 0, cipherBytes.Length);
return(SecretBox.Open(cipherBytes, nonceBytes, keyHash));
}
public void VerifyDecryptFailsWithInvalidParameters()
{
// Encrypt a message
var sb = new SecretBox();
var key = new byte[KeyBytes];
sb.GenerateKey(key);
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);
// Buffer to hold decrypted message
var decryptedMessage = new byte[message.Length];
// CiphertextLength is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Is.False);
// MessageId is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
// Verify the decrypted message is not equal to the message, as a failed MAC check should not
// leak the plaintext
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Is.False);
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
// Key is invalid
key[0]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
key[0]--;
// Ciphertext is invalid
ciphertext[12]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
}
public ConnectPacketData GetConnectPacket()
{
var connectPacketData = new ConnectPacketData
{
AddressType = _connection.AddressType,
DestPort = _connection.DestPort,
RouteCount = (uint)_connection.ReturnRoutes.Length,
ReturnRoutes = // TODO
};
if (_connection.AddressType == DestAddressType.DomainName)
{
connectPacketData.DestDomainName = _connection.DestDomainName;
}
else
{
connectPacketData.DestIpAddress = _connection.DestIpAddress;
}
var bytesToEncrypt = new byte[PacketContent.MaxSendDataLen + 27];
var buffer = new WriteBuffer(bytesToEncrypt, 0);
buffer.Write(_connection.UserId);
buffer.Write(_connection.ConnectionId);
buffer.Write(_connection.NextSequenceId);
buffer.Write((byte)PacketDataType.Connect);
buffer.Write(connectPacketData);
var paddingLength = bytesToEncrypt.Length - buffer.TotalWritten;
buffer.Write(new byte[paddingLength]);
var route = GenerateRoute(_possibleNodes);
var encrypted = SecretBox.Create(bytesToEncrypt, OneNonce, route.Nodes[2].SymmetricKey);
var destIdAndDataLen = new byte[10];
buffer.Buffer = destIdAndDataLen;
buffer.Write((ulong)0);
buffer.Write((ushort)(encrypted.Length - 16));
var innerPacketBytes = new byte[bytesToEncrypt.Length + 67];
buffer.Buffer = innerPacketBytes;
buffer.Write(route.Nodes[2].Node.Id);
buffer.Write(route.Nodes[2].EphemeralPublicKey);
buffer.Write((byte)(route.Nodes[2].SymmetricKey[31] & 1));
buffer.Write(StreamEncryption.EncryptChaCha20(destIdAndDataLen, ZeroNonce, route.Nodes[2].SymmetricKey));
buffer.Write(encrypted);
encrypted = SecretBox.Create(encrypted, OneNonce, route.Nodes[2].SymmetricKey);
var destId = new byte[8];
buffer.Buffer = destId;
buffer.Write(route.Nodes[1].Node.Id);
}
public void CalculateCipherTextLength_LessThanZero()
{
var sb = new SecretBox();
Assert.That(
() => sb.CalculateCiphertextLength(-3),
Throws.ArgumentException.With.Message.EqualTo(
"messageLength must be greater than 0"));
}
public void CalculateMessageLength_Invalid(int ciphertextLength)
{
var sb = new SecretBox();
Assert.That(
() => sb.CalculateMessageLength(ciphertextLength),
Throws.ArgumentException.With.Message.EqualTo(
$"ciphertextLength must be greater than {nameof(HeaderBytes)}"));
}
