public void TestExpiredSignature() { ECKeyPair serverKey = Curve.generateKeyPair(); ECKeyPair key = Curve.generateKeyPair(); byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate() { Sender = "+14152222222", SenderDevice = 1, Expires = 31337, IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()), Signer = GetServerCertificate(serverKey) }.ToByteArray(); byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes); SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate() { Certificate = ByteString.CopyFrom(certificateBytes), Signature = ByteString.CopyFrom(certificateSignature) }.ToByteArray()); try { new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31338); throw new Exception(); } catch (InvalidCertificateException) { // good } }
private SenderCertificate CreateCertificateFor(ECKeyPair trustRoot, String sender, int deviceId, ECPublicKey identityKey, long expires) { ECKeyPair serverKey = Curve.generateKeyPair(); byte[] serverCertificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate() { Id = 1, Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize()) }.ToByteArray(); byte[] serverCertificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), serverCertificateBytes); ServerCertificate serverCertificate = new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(serverCertificateBytes), Signature = ByteString.CopyFrom(serverCertificateSignature) }.ToByteArray()); byte[] senderCertificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate { Sender = sender, SenderDevice = (uint)deviceId, IdentityKey = ByteString.CopyFrom(identityKey.serialize()), Expires = (ulong)expires, Signer = libsignalmetadata.protobuf.ServerCertificate.Parser.ParseFrom(serverCertificate.Serialized) }.ToByteArray(); byte[] senderCertificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), senderCertificateBytes); return(new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate() { Certificate = ByteString.CopyFrom(senderCertificateBytes), Signature = ByteString.CopyFrom(senderCertificateSignature) }.ToByteArray())); }
public void TestBadSignature() { ECKeyPair serverKey = Curve.generateKeyPair(); ECKeyPair key = Curve.generateKeyPair(); byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate() { Sender = "+14152222222", SenderDevice = 1, Expires = 31337, IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()), Signer = GetServerCertificate(serverKey) }.ToByteArray(); byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes); for (int i = 0; i < certificateSignature.Length; i++) { for (int b = 0; b < 8; b++) { byte[] badSignature = new byte[certificateSignature.Length]; Array.Copy(certificateSignature, 0, badSignature, 0, certificateSignature.Length); badSignature[i] = (byte)(badSignature[i] ^ 1 << b); SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate() { Certificate = ByteString.CopyFrom(certificateBytes), Signature = ByteString.CopyFrom(badSignature) }.ToByteArray()); try { new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31336); throw new Exception(); } catch (InvalidCertificateException) { // good } } } }