public void TestExpiredSignature()
{
ECKeyPair serverKey = Curve.generateKeyPair();
ECKeyPair key = Curve.generateKeyPair();
byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate()
{
Sender = "+14152222222",
SenderDevice = 1,
Expires = 31337,
IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()),
Signer = GetServerCertificate(serverKey)
}.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes);
SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray());
try
{
new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31338);
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
private SenderCertificate CreateCertificateFor(ECKeyPair trustRoot, String sender, int deviceId, ECPublicKey identityKey, long expires)
{
ECKeyPair serverKey = Curve.generateKeyPair();
byte[] serverCertificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize())
}.ToByteArray();
byte[] serverCertificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), serverCertificateBytes);
ServerCertificate serverCertificate = new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(serverCertificateBytes),
Signature = ByteString.CopyFrom(serverCertificateSignature)
}.ToByteArray());
byte[] senderCertificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate
{
Sender = sender,
SenderDevice = (uint)deviceId,
IdentityKey = ByteString.CopyFrom(identityKey.serialize()),
Expires = (ulong)expires,
Signer = libsignalmetadata.protobuf.ServerCertificate.Parser.ParseFrom(serverCertificate.Serialized)
}.ToByteArray();
byte[] senderCertificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), senderCertificateBytes);
return(new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(senderCertificateBytes),
Signature = ByteString.CopyFrom(senderCertificateSignature)
}.ToByteArray()));
}
public void TestBadSignature()
{
ECKeyPair serverKey = Curve.generateKeyPair();
ECKeyPair key = Curve.generateKeyPair();
byte[] certificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate()
{
Sender = "+14152222222",
SenderDevice = 1,
Expires = 31337,
IdentityKey = ByteString.CopyFrom(key.getPublicKey().serialize()),
Signer = GetServerCertificate(serverKey)
}.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), certificateBytes);
for (int i = 0; i < certificateSignature.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badSignature = new byte[certificateSignature.Length];
Array.Copy(certificateSignature, 0, badSignature, 0, certificateSignature.Length);
badSignature[i] = (byte)(badSignature[i] ^ 1 << b);
SenderCertificate senderCertificate = new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(badSignature)
}.ToByteArray());
try
{
new CertificateValidator(TrustRoot.getPublicKey()).Validate(senderCertificate, 31336);
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
}
