public PreKeyRecord(uint id, ECKeyPair keyPair)
{
this.structure = PreKeyRecordStructure.CreateBuilder()
.SetId(id)
.SetPublicKey(ByteString.CopyFrom(keyPair.getPublicKey()
.serialize()))
.SetPrivateKey(ByteString.CopyFrom(keyPair.getPrivateKey()
.serialize()))
.Build();
}
public Pair<RootKey, ChainKey> createChain(ECPublicKey theirRatchetKey, ECKeyPair ourRatchetKey)
{
byte[] sharedSecret = Curve.calculateAgreement(theirRatchetKey, ourRatchetKey.getPrivateKey());
byte[] derivedSecretBytes = kdf.deriveSecrets(sharedSecret, key, Encoding.UTF8.GetBytes("WhisperRatchet"), DerivedRootSecrets.SIZE);
DerivedRootSecrets derivedSecrets = new DerivedRootSecrets(derivedSecretBytes);
RootKey newRootKey = new RootKey(kdf, derivedSecrets.getRootKey());
ChainKey newChainKey = new ChainKey(kdf, derivedSecrets.getChainKey(), 0);
return new Pair<RootKey, ChainKey>(newRootKey, newChainKey);
}
public SignedPreKeyRecord(uint id, ulong timestamp, ECKeyPair keyPair, byte[] signature)
{
this.structure = SignedPreKeyRecordStructure.CreateBuilder()
.SetId(id)
.SetPublicKey(ByteString.CopyFrom(keyPair.getPublicKey()
.serialize()))
.SetPrivateKey(ByteString.CopyFrom(keyPair.getPrivateKey()
.serialize()))
.SetSignature(ByteString.CopyFrom(signature))
.SetTimestamp(timestamp)
.Build();
}
SymmetricAxolotlParameters(ECKeyPair ourBaseKey, ECKeyPair ourRatchetKey,
IdentityKeyPair ourIdentityKey, ECPublicKey theirBaseKey,
ECPublicKey theirRatchetKey, IdentityKey theirIdentityKey)
{
this.ourBaseKey = ourBaseKey;
this.ourRatchetKey = ourRatchetKey;
this.ourIdentityKey = ourIdentityKey;
this.theirBaseKey = theirBaseKey;
this.theirRatchetKey = theirRatchetKey;
this.theirIdentityKey = theirIdentityKey;
if (ourBaseKey == null || ourRatchetKey == null || ourIdentityKey == null ||
theirBaseKey == null || theirRatchetKey == null || theirIdentityKey == null)
{
throw new Exception("Null values!");
}
}
BobAxolotlParameters(IdentityKeyPair ourIdentityKey, ECKeyPair ourSignedPreKey,
ECKeyPair ourRatchetKey, May<ECKeyPair> ourOneTimePreKey,
IdentityKey theirIdentityKey, ECPublicKey theirBaseKey)
{
this.ourIdentityKey = ourIdentityKey;
this.ourSignedPreKey = ourSignedPreKey;
this.ourRatchetKey = ourRatchetKey;
this.ourOneTimePreKey = ourOneTimePreKey;
this.theirIdentityKey = theirIdentityKey;
this.theirBaseKey = theirBaseKey;
if (ourIdentityKey == null || ourSignedPreKey == null || ourRatchetKey == null ||
ourOneTimePreKey == null || theirIdentityKey == null || theirBaseKey == null)
{
throw new Exception("Null value!");
}
}
public void setSenderKeyState(uint id, uint iteration, byte[] chainKey, ECKeyPair signatureKey)
{
senderKeyStates.Clear();
senderKeyStates.AddFirst(new SenderKeyState(id, iteration, chainKey, signatureKey));
}
public Builder setOurRatchetKey(ECKeyPair ourRatchetKey)
{
this.ourRatchetKey = ourRatchetKey;
return this;
}
public Builder setOurBaseKey(ECKeyPair ourBaseKey)
{
this.ourBaseKey = ourBaseKey;
return this;
}
public Builder setOurSignedPreKey(ECKeyPair ourSignedPreKey)
{
this.ourSignedPreKey = ourSignedPreKey;
return this;
}
public void testRootKeyDerivationV2()
{
byte[] rootKeySeed =
{
0x7b, 0xa6, 0xde, 0xbc, 0x2b,
0xc1, 0xbb, 0xf9, 0x1a, 0xbb,
0xc1, 0x36, 0x74, 0x04, 0x17,
0x6c, 0xa6, 0x23, 0x09, 0x5b,
0x7e, 0xc6, 0x6b, 0x45, 0xf6,
0x02, 0xd9, 0x35, 0x38, 0x94,
0x2d, 0xcc
};
byte[] alicePublic =
{
0x05, 0xee, 0x4f, 0xa6, 0xcd,
0xc0, 0x30, 0xdf, 0x49, 0xec,
0xd0, 0xba, 0x6c, 0xfc, 0xff,
0xb2, 0x33, 0xd3, 0x65, 0xa2,
0x7f, 0xad, 0xbe, 0xff, 0x77,
0xe9, 0x63, 0xfc, 0xb1, 0x62,
0x22, 0xe1, 0x3a
};
byte[] alicePrivate =
{
0x21, 0x68, 0x22, 0xec, 0x67,
0xeb, 0x38, 0x04, 0x9e, 0xba,
0xe7, 0xb9, 0x39, 0xba, 0xea,
0xeb, 0xb1, 0x51, 0xbb, 0xb3,
0x2d, 0xb8, 0x0f, 0xd3, 0x89,
0x24, 0x5a, 0xc3, 0x7a, 0x94,
0x8e, 0x50
};
byte[] bobPublic =
{
0x05, 0xab, 0xb8, 0xeb, 0x29,
0xcc, 0x80, 0xb4, 0x71, 0x09,
0xa2, 0x26, 0x5a, 0xbe, 0x97,
0x98, 0x48, 0x54, 0x06, 0xe3,
0x2d, 0xa2, 0x68, 0x93, 0x4a,
0x95, 0x55, 0xe8, 0x47, 0x57,
0x70, 0x8a, 0x30
};
byte[] nextRoot =
{
0xb1, 0x14, 0xf5, 0xde, 0x28,
0x01, 0x19, 0x85, 0xe6, 0xeb,
0xa2, 0x5d, 0x50, 0xe7, 0xec,
0x41, 0xa9, 0xb0, 0x2f, 0x56,
0x93, 0xc5, 0xc7, 0x88, 0xa6,
0x3a, 0x06, 0xd2, 0x12, 0xa2,
0xf7, 0x31
};
byte[] nextChain =
{
0x9d, 0x7d, 0x24, 0x69, 0xbc,
0x9a, 0xe5, 0x3e, 0xe9, 0x80,
0x5a, 0xa3, 0x26, 0x4d, 0x24,
0x99, 0xa3, 0xac, 0xe8, 0x0f,
0x4c, 0xca, 0xe2, 0xda, 0x13,
0x43, 0x0c, 0x5c, 0x55, 0xb5,
0xca, 0x5f
};
ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0);
ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate);
ECKeyPair aliceKeyPair = new ECKeyPair(alicePublicKey, alicePrivateKey);
ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0);
RootKey rootKey = new RootKey(HKDF.createFor(2), rootKeySeed);
Pair<RootKey, ChainKey> rootKeyChainKeyPair = rootKey.createChain(bobPublicKey, aliceKeyPair);
RootKey nextRootKey = rootKeyChainKeyPair.first();
ChainKey nextChainKey = rootKeyChainKeyPair.second();
CollectionAssert.AreEqual(rootKey.getKeyBytes(), rootKeySeed);
CollectionAssert.AreEqual(nextRootKey.getKeyBytes(), nextRoot);
CollectionAssert.AreEqual(nextChainKey.getKey(), nextChain);
}
public void setPendingKeyExchange(uint sequence,
ECKeyPair ourBaseKey,
ECKeyPair ourRatchetKey,
IdentityKeyPair ourIdentityKey)
{
PendingKeyExchange structure =
PendingKeyExchange.CreateBuilder()
.SetSequence(sequence)
.SetLocalBaseKey(ByteString.CopyFrom(ourBaseKey.getPublicKey().serialize()))
.SetLocalBaseKeyPrivate(ByteString.CopyFrom(ourBaseKey.getPrivateKey().serialize()))
.SetLocalRatchetKey(ByteString.CopyFrom(ourRatchetKey.getPublicKey().serialize()))
.SetLocalRatchetKeyPrivate(ByteString.CopyFrom(ourRatchetKey.getPrivateKey().serialize()))
.SetLocalIdentityKey(ByteString.CopyFrom(ourIdentityKey.getPublicKey().serialize()))
.SetLocalIdentityKeyPrivate(ByteString.CopyFrom(ourIdentityKey.getPrivateKey().serialize()))
.Build();
this.sessionStructure = this.sessionStructure.ToBuilder()
.SetPendingKeyExchange(structure)
.Build();
}
public void setSenderChain(ECKeyPair senderRatchetKeyPair, ChainKey chainKey)
{
Chain.Types.ChainKey chainKeyStructure = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.getKey()))
.SetIndex(chainKey.getIndex())
.Build();
Chain senderChain = Chain.CreateBuilder()
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKeyPair.getPublicKey().serialize()))
.SetSenderRatchetKeyPrivate(ByteString.CopyFrom(senderRatchetKeyPair.getPrivateKey().serialize()))
.SetChainKey(chainKeyStructure)
.Build();
this.sessionStructure = this.sessionStructure.ToBuilder().SetSenderChain(senderChain).Build();
}
public void testRatchetingSessionAsAlice()
{
byte[] bobPublic =
{
0x05, 0x2c, 0xb4, 0x97, 0x76,
0xb8, 0x77, 0x02, 0x05, 0x74,
0x5a, 0x3a, 0x6e, 0x24, 0xf5,
0x79, 0xcd, 0xb4, 0xba, 0x7a,
0x89, 0x04, 0x10, 0x05, 0x92,
0x8e, 0xbb, 0xad, 0xc9, 0xc0,
0x5a, 0xd4, 0x58
};
byte[] bobIdentityPublic =
{
0x05, 0xf1, 0xf4, 0x38, 0x74,
0xf6, 0x96, 0x69, 0x56, 0xc2,
0xdd, 0x47, 0x3f, 0x8f, 0xa1,
0x5a, 0xde, 0xb7, 0x1d, 0x1c,
0xb9, 0x91, 0xb2, 0x34, 0x16,
0x92, 0x32, 0x4c, 0xef, 0xb1,
0xc5, 0xe6, 0x26
};
byte[] aliceBasePublic =
{
0x05, 0x47, 0x2d, 0x1f, 0xb1,
0xa9, 0x86, 0x2c, 0x3a, 0xf6,
0xbe, 0xac, 0xa8, 0x92, 0x02,
0x77, 0xe2, 0xb2, 0x6f, 0x4a,
0x79, 0x21, 0x3e, 0xc7, 0xc9,
0x06, 0xae, 0xb3, 0x5e, 0x03,
0xcf, 0x89, 0x50
};
byte[] aliceBasePrivate =
{
0x11, 0xae, 0x7c, 0x64, 0xd1,
0xe6, 0x1c, 0xd5, 0x96, 0xb7,
0x6a, 0x0d, 0xb5, 0x01, 0x26,
0x73, 0x39, 0x1c, 0xae, 0x66,
0xed, 0xbf, 0xcf, 0x07, 0x3b,
0x4d, 0xa8, 0x05, 0x16, 0xa4,
0x74, 0x49
};
byte[] aliceEphemeralPublic =
{
0x05, 0x6c, 0x3e, 0x0d, 0x1f,
0x52, 0x02, 0x83, 0xef, 0xcc,
0x55, 0xfc, 0xa5, 0xe6, 0x70,
0x75, 0xb9, 0x04, 0x00, 0x7f,
0x18, 0x81, 0xd1, 0x51, 0xaf,
0x76, 0xdf, 0x18, 0xc5, 0x1d,
0x29, 0xd3, 0x4b
};
byte[] aliceEphemeralPrivate =
{
0xd1, 0xba, 0x38, 0xce, 0xa9,
0x17, 0x43, 0xd3, 0x39, 0x39,
0xc3, 0x3c, 0x84, 0x98, 0x65,
0x09, 0x28, 0x01, 0x61, 0xb8,
0xb6, 0x0f, 0xc7, 0x87, 0x0c,
0x59, 0x9c, 0x1d, 0x46, 0x20,
0x12, 0x48
};
byte[] aliceIdentityPublic =
{
0x05, 0xb4, 0xa8, 0x45, 0x56,
0x60, 0xad, 0xa6, 0x5b, 0x40,
0x10, 0x07, 0xf6, 0x15, 0xe6,
0x54, 0x04, 0x17, 0x46, 0x43,
0x2e, 0x33, 0x39, 0xc6, 0x87,
0x51, 0x49, 0xbc, 0xee, 0xfc,
0xb4, 0x2b, 0x4a
};
byte[] aliceIdentityPrivate =
{
0x90, 0x40, 0xf0, 0xd4, 0xe0,
0x9c, 0xf3, 0x8f, 0x6d, 0xc7,
0xc1, 0x37, 0x79, 0xc9, 0x08,
0xc0, 0x15, 0xa1, 0xda, 0x4f,
0xa7, 0x87, 0x37, 0xa0, 0x80,
0xeb, 0x0a, 0x6f, 0x4f, 0x5f,
0x8f, 0x58
};
byte[] receiverChain =
{
0xd2, 0x2f, 0xd5, 0x6d, 0x3f,
0xec, 0x81, 0x9c, 0xf4, 0xc3,
0xd5, 0x0c, 0x56, 0xed, 0xfb,
0x1c, 0x28, 0x0a, 0x1b, 0x31,
0x96, 0x45, 0x37, 0xf1, 0xd1,
0x61, 0xe1, 0xc9, 0x31, 0x48,
0xe3, 0x6b
};
IdentityKey bobIdentityKey = new IdentityKey(bobIdentityPublic, 0);
ECPublicKey bobEphemeralPublicKey = Curve.decodePoint(bobPublic, 0);
ECPublicKey bobBasePublicKey = bobEphemeralPublicKey;
ECPublicKey aliceBasePublicKey = Curve.decodePoint(aliceBasePublic, 0);
ECPrivateKey aliceBasePrivateKey = Curve.decodePrivatePoint(aliceBasePrivate);
ECKeyPair aliceBaseKey = new ECKeyPair(aliceBasePublicKey, aliceBasePrivateKey);
ECPublicKey aliceEphemeralPublicKey = Curve.decodePoint(aliceEphemeralPublic, 0);
ECPrivateKey aliceEphemeralPrivateKey = Curve.decodePrivatePoint(aliceEphemeralPrivate);
ECKeyPair aliceEphemeralKey = new ECKeyPair(aliceEphemeralPublicKey, aliceEphemeralPrivateKey);
IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0);
ECPrivateKey aliceIdentityPrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate);
IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(aliceIdentityPublicKey, aliceIdentityPrivateKey);
SessionState session = new SessionState();
AliceAxolotlParameters parameters = AliceAxolotlParameters.newBuilder()
.setOurBaseKey(aliceBaseKey)
.setOurIdentityKey(aliceIdentityKey)
.setTheirIdentityKey(bobIdentityKey)
.setTheirSignedPreKey(bobBasePublicKey)
.setTheirRatchetKey(bobEphemeralPublicKey)
.setTheirOneTimePreKey(May<ECPublicKey>.NoValue)
.create();
RatchetingSession.initializeSession(session, 2, parameters);
Assert.AreEqual(session.getLocalIdentityKey(), aliceIdentityKey.getPublicKey());
Assert.AreEqual(session.getRemoteIdentityKey(), bobIdentityKey);
CollectionAssert.AreEqual(session.getReceiverChainKey(bobEphemeralPublicKey).getKey(), receiverChain);
}
public SenderKeyState(uint id, uint iteration, byte[] chainKey, ECKeyPair signatureKey)
: this(id, iteration, chainKey, signatureKey.getPublicKey(), new May<ECPrivateKey>(signatureKey.getPrivateKey()))
{
}