public void EncryptWithADTestWithoutPlainTextMacTest() { String key = "e68f69b7f096d7917245f5e5cf8ae1595febe4d4644333c99f9c4a1282031c9f"; String additionalData = "9e0e7de8bb75554f21db034633de04be41a2b8a18da7a319a03c803bf02b396c"; String expectedCipherResult = "0df6086551151f58b8afe6c195782c6a"; Nonce nonce = new Nonce(); (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), new byte[0]); Assert.Equal(new byte[0], actualCipherText); Assert.Equal(expectedCipherResult, mac.ToHex()); }
public void EncryptWithADTestWithPlainText() { String key = "908b166535c01a935cf1e130a5fe895ab4e6f3ef8855d87e9b7581c4ab663ddc"; String additionalData = "90578e247e98674e661013da3c5c1ca6a8c8f48c90b485c0dfa1494e23d56d72"; String plaintext = "034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"; String expectedCipherResult = "b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c3822"; Nonce nonce = new Nonce(); nonce.Increment(); (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), plaintext.HexToByteArray()); Assert.Equal(expectedCipherResult, actualCipherText.ToHex() + mac.ToHex()); }
public byte[] ApplyActOne(ECKeyPair ephemeralKeyPair = null) { if (_state.HandshakeState != HandshakeState.Initialized) { throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized"); } _state.EphemeralKeyPair = ephemeralKeyPair ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(_state.RemoteAddress.PublicKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); _state.ChainingKey = chainingKey; (_, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK1, _state.SendNonce.GetBytes(), handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag)); _state.HandshakeHash = handshakeHash; _state.HandshakeState = HandshakeState.Act1; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag)); }
public byte[] ApplyActTwo(ECKeyPair initiatorEphemeralKey, ECKeyPair localEphemeralKey = null) { if (_state.HandshakeState != HandshakeState.Act1) { throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act1"); } _state.EphemeralKeyPair = localEphemeralKey ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(initiatorEphemeralKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK2) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); (_, byte[] tag1) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, new byte[12], handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag1)); _state.HandshakeHash = handshakeHash; _state.ChainingKey = chainingKey; _state.TempKey2 = tempK2; _state.HandshakeState = HandshakeState.Act2; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag1)); }
public byte[] Build(byte[] messageData) { if (messageData.Length > 65535) { throw new MessageException("Message size exceeds maximum size."); } (byte[] encryptedLength, byte[] lengthMac) = ChaCha20Poly1305.EncryptWithAdditionalData(_transportState.SendEncryptionKey, _transportState.SendNonce.GetBytes(), new byte[0], ((ushort)messageData.Length).GetBytesBigEndian()); _transportState.SendNonce.Increment(); (byte[] encryptedMessage, byte[] messageMac) = ChaCha20Poly1305.EncryptWithAdditionalData(_transportState.SendEncryptionKey, _transportState.SendNonce.GetBytes(), new byte[0], messageData); _transportState.SendNonce.Increment(); if (_transportState.SendNonce.Value == 1000) { _transportState.RotateSendKey(); } return(ByteExtensions.Combine(encryptedLength, lengthMac, encryptedMessage, messageMac)); }
public byte[] ApplyActThree(byte[] tempK2, ECKeyPair responderEphemeralKey) { if (_state.HandshakeState != HandshakeState.Act2) { throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act2"); } (byte[] cipherText, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, _state.SendNonce.GetBytes(), _state.HandshakeHash, _state.LocalKeyPair.PublicKeyCompressed); byte[] cipherAndMac = cipherText.ConcatToNewArray(tag); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(cipherAndMac)); byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK3) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); (_, byte[] tag2) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK3, new byte[12], handshakeHash, new byte[0]); (byte[] encryptKey, byte[] decryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]); _state.HandshakeHash = handshakeHash; _state.ChainingKey = chainingKey; _state.SendEncryptionKey = encryptKey; _state.ReceiveDecryptionKey = decryptKey; _state.SendNonce.Reset(); _state.ReceiveNonce.Reset(); _state.HandshakeState = HandshakeState.Finished; return(ByteExtensions.Combine(new byte[] { 0 }, cipherAndMac, tag2)); }