public void ShouldThrowArgumentExceptionOnInvalidMacType(KeyAgreementMacType keyAgreementMacType)
{
ModeValues mode = ModeValues.SHA1;
DigestSizes digestSize = DigestSizes.NONE;
Assert.Throws(typeof(ArgumentException), () => EnumMapping.GetHashFunctionOptions(keyAgreementMacType, ref mode, ref digestSize));
}
public void ShouldVerifyRandomlyGeneratedSignatures(ModeValues mode, DigestSizes digest, Curve curveEnum)
{
var nonces = new List <BigInteger>();
var hashFunction = new HashFunction(mode, digest);
var shaFactory = new NativeShaFactory();
var sha = shaFactory.GetShaInstance(hashFunction);
var hmacFactory = new HmacFactory(shaFactory);
var hmac = hmacFactory.GetHmacInstance(hashFunction);
var subject = new EccDsa(sha, new DeterministicNonceProvider(hmac), EntropyProviderTypes.Random);
var curveFactory = new EccCurveFactory();
var curve = curveFactory.GetCurve(curveEnum);
var domainParams = new EccDomainParameters(curve);
var key = subject.GenerateKeyPair(domainParams).KeyPair;
var rand = new Random800_90();
for (var i = 0; i < 100; i++)
{
var message = rand.GetRandomBitString(1024);
var signature = subject.Sign(domainParams, key, message).Signature;
var verify = subject.Verify(domainParams, key, message, signature);
nonces.Add(signature.R);
Assert.IsTrue(verify.Success, verify.ErrorMessage);
}
// Check nonces for uniqueness
Assert.AreEqual(nonces.Count, nonces.Distinct().Count(), "Repeated nonce detected");
}
public INoKeyConfirmation GetInstance(INoKeyConfirmationParameters parameters)
{
switch (parameters.KeyAgreementMacType)
{
case KeyAgreementMacType.AesCcm:
return(new NoKeyConfirmationAesCcm(_macDataCreator, parameters, new CcmBlockCipher(new AesEngine(), new ModeBlockCipherFactory(), new AES_CCMInternals())));
case KeyAgreementMacType.CmacAes:
return(new NoKeyConfirmationCmac(_macDataCreator, parameters, _cmacFactory.GetCmacInstance(CmacTypes.AES128))); // doesn't matter as long as aea
case KeyAgreementMacType.HmacSha1:
case KeyAgreementMacType.HmacSha2D224:
case KeyAgreementMacType.HmacSha2D256:
case KeyAgreementMacType.HmacSha2D384:
case KeyAgreementMacType.HmacSha2D512:
case KeyAgreementMacType.HmacSha2D512_T224:
case KeyAgreementMacType.HmacSha2D512_T256:
case KeyAgreementMacType.HmacSha3D224:
case KeyAgreementMacType.HmacSha3D256:
case KeyAgreementMacType.HmacSha3D384:
case KeyAgreementMacType.HmacSha3D512:
ModeValues modeValue = ModeValues.SHA2;
DigestSizes digestSize = DigestSizes.NONE;
EnumMapping.GetHashFunctionOptions(parameters.KeyAgreementMacType, ref modeValue, ref digestSize);
return(new NoKeyConfirmationHmac(_macDataCreator, parameters, _hmacFactory.GetHmacInstance(new HashFunction(modeValue, digestSize))));
default:
throw new ArgumentException($"{GetType().Name}, {nameof(parameters.KeyAgreementMacType)}");
}
}
public void ShouldIkeV2Correctly(ModeValues mode, DigestSizes digestSize, int dkmLength, string niHex, string nrHex, string girHex, string girNewHex, string spiiHex, string spirHex, string sKeySeedHex, string dkmHex, string dkmChildSAHex, string dkmChildSADhHex, string SKeySeedReKeyHex)
{
var ni = new BitString(niHex);
var nr = new BitString(nrHex);
var gir = new BitString(girHex);
var girNew = new BitString(girNewHex);
var spii = new BitString(spiiHex);
var spir = new BitString(spirHex);
var sKeySeed = new BitString(sKeySeedHex);
var dkm = new BitString(dkmHex);
var dkmChildSA = new BitString(dkmChildSAHex);
var dkmChildSADh = new BitString(dkmChildSADhHex);
var sKeySeedReKey = new BitString(SKeySeedReKeyHex);
var hmac = new HmacFactory(new NativeShaFactory()).GetHmacInstance(new HashFunction(mode, digestSize));
var subject = new IkeV2(hmac);
var result = subject.GenerateIke(ni, nr, gir, girNew, spii, spir, dkmLength);
Assert.IsTrue(result.Success);
Assert.AreEqual(sKeySeed, result.SKeySeed, "SKeySeed");
Assert.AreEqual(dkm, result.DKM, "DKM");
Assert.AreEqual(dkmChildSA, result.DKMChildSA, "DKMChildSA");
Assert.AreEqual(dkmChildSADh, result.DKMChildSADh, "DKMChildSADh");
Assert.AreEqual(sKeySeedReKey, result.SKeySeedReKey, "SKeySeedReKey");
}
public void ShouldReturnCorrectMac(ModeValues modeValue, DigestSizes digestSize,
int keySize, int tagLength,
BitString serverId, BitString iutId,
BitString serverPublicKey, BitString iutPublicKey,
BitString derivedKeyingMaterial,
BitString expectedMacData, BitString expectedTag)
{
var hmac = _hmacFactory.GetHmacInstance(new HashFunction(modeValue, digestSize));
var p = new KeyConfirmationParameters(
KeyAgreementRole.InitiatorPartyU,
KeyConfirmationRole.Provider,
KeyConfirmationDirection.Bilateral,
KeyAgreementMacType.CmacAes, // note this doesn't matter for the scope of this test
keySize,
tagLength,
iutId,
serverId,
iutPublicKey,
serverPublicKey,
derivedKeyingMaterial
);
_subject = new KeyConfirmationHmac(new KeyConfirmationMacDataCreator(), p, hmac);
var result = _subject.ComputeMac();
Assert.That(result.Success);
Assert.AreEqual(expectedMacData.ToHex(), result.MacData.ToHex(), nameof(expectedMacData));
Assert.AreEqual(expectedTag.ToHex(), result.Mac.ToHex(), nameof(expectedTag));
}
public void ShouldSetCorrectHashFunctionAttributesFromHmac(KeyAgreementMacType keyAgreementMacType, ModeValues expectedModeValue, DigestSizes expectedDigestSize)
{
ModeValues mode = ModeValues.SHA1;
DigestSizes digestSize = DigestSizes.NONE;
EnumMapping.GetHashFunctionOptions(keyAgreementMacType, ref mode, ref digestSize);
Assert.AreEqual(expectedModeValue, mode, nameof(expectedModeValue));
Assert.AreEqual(expectedDigestSize, digestSize, nameof(expectedDigestSize));
}
public void ShouldAnsiX963Correctly(ModeValues mode, DigestSizes digestSize, int keyLength, string zHex, string sharedInfoHex, string keyData)
{
var hash = new HashFunction(mode, digestSize);
var sha = new NativeShaFactory().GetShaInstance(hash);
var z = new BitString(zHex);
var sharedInfo = new BitString(sharedInfoHex);
var subject = new AnsiX963(sha);
var result = subject.DeriveKey(z, sharedInfo, keyLength);
Assert.IsTrue(result.Success, result.ErrorMessage);
Assert.AreEqual(keyData, result.DerivedKey.ToHex().ToLower());
}
public HashFunction(ModeValues mode, DigestSizes digestSize)
{
Mode = mode;
DigestSize = digestSize;
var attributes = ShaAttributes.GetShaAttributes(mode, digestSize);
OutputLen = attributes.outputLen;
BlockSize = attributes.blockSize;
MaxMessageLen = attributes.maxMessageSize;
ProcessingLen = attributes.processingLen;
Name = attributes.name;
}
//[TestCase(ModeValues.SHA3, DigestSizes.d224, "ABCD", "")]
//[TestCase(ModeValues.SHA3, DigestSizes.d256, "ABCD", "")]
//[TestCase(ModeValues.SHA3, DigestSizes.d384, "ABCD", "")]
//[TestCase(ModeValues.SHA3, DigestSizes.d512, "ABCD", "")]
public void ShouldComputeCorrectResult(ModeValues mode, DigestSizes digestSize, string inputHex, string outputHex)
{
var hashFunction = new HashFunction(mode, digestSize);
var input = new BitString(inputHex);
var expectedOutput = new BitString(outputHex);
var factory = new HashConditioningComponentFactory(new DrbgFactory(new NativeShaFactory(), new HmacFactory(new NativeShaFactory())));
var subject = factory.GetInstance(hashFunction);
var result = subject.DerivationFunction(input, hashFunction.OutputLen);
Assert.IsTrue(result.Success);
Assert.AreEqual(expectedOutput.ToHex(), result.Bits.ToHex());
}
public void ShouldHmacCorrectlySpotChecks(ModeValues mode, DigestSizes digestSize, int macLen, string msgHex, string keyHex, string expectedHex)
{
var hmacFactory = new HmacFactory(new NativeShaFactory());
var hmac = hmacFactory.GetHmacInstance(new HashFunction(mode, digestSize));
var msg = new BitString(msgHex);
var key = new BitString(keyHex);
var expected = new BitString(expectedHex);
var result = hmac.Generate(key, msg, macLen);
Assert.That(result.Success);
Assert.AreEqual(expected.ToHex(), result.Mac.ToHex());
}
public void ShouldHmacCorrectly(string label, ModeValues mode, DigestSizes digestSize, int keyByteSize, int additionToIndexInKey, BitString expectedHmac, int macLength)
{
var hashFunction = new HashFunction(mode, digestSize);
var factory = new HmacFactory(new NativeShaFactory());
_subject = factory.GetHmacInstance(hashFunction);
var key = GenKey(keyByteSize, additionToIndexInKey);
var message = GetBitStringFromString(label);
var result = _subject.Generate(key, message, macLength);
Assert.AreEqual(expectedHmac.ToHex(), result.Mac.ToHex());
}
public void HkdfShouldProduceCorrectResults(ModeValues mode, DigestSizes digest, string ikm, string salt, string info, int length, string okm)
{
var hmac = new HmacFactory(new NativeShaFactory()).GetHmacInstance(new HashFunction(mode, digest));
var hkdf = new Hkdf(hmac);
var ikmBs = new BitString(ikm);
var saltBs = new BitString(salt);
var infoBs = new BitString(info);
var okmBs = new BitString(okm);
var result = hkdf.DeriveKey(saltBs, ikmBs, infoBs, length);
Assert.IsTrue(result.Success);
Assert.AreEqual(okmBs, result.DerivedKey);
}
public IKeyConfirmation GetInstance(IKeyConfirmationParameters parameters)
{
switch (parameters.MacType)
{
case KeyAgreementMacType.AesCcm:
ConfirmKeyLengthAesCcm(parameters.KeyLength);
return(new KeyConfirmationAesCcm(
_macDataCreator,
parameters,
new CcmBlockCipher(new AesEngine(), new ModeBlockCipherFactory(), new AES_CCMInternals())));
case KeyAgreementMacType.CmacAes:
var cmacEnum = MapCmacEnum(parameters.KeyLength);
return(new KeyConfirmationCmac(
_macDataCreator, parameters, _cmacFactory.GetCmacInstance(cmacEnum)));
case KeyAgreementMacType.HmacSha1:
case KeyAgreementMacType.HmacSha2D224:
case KeyAgreementMacType.HmacSha2D256:
case KeyAgreementMacType.HmacSha2D384:
case KeyAgreementMacType.HmacSha2D512:
case KeyAgreementMacType.HmacSha2D512_T224:
case KeyAgreementMacType.HmacSha2D512_T256:
case KeyAgreementMacType.HmacSha3D224:
case KeyAgreementMacType.HmacSha3D256:
case KeyAgreementMacType.HmacSha3D384:
case KeyAgreementMacType.HmacSha3D512:
ModeValues modeValue = ModeValues.SHA2;
DigestSizes digestSize = DigestSizes.NONE;
EnumMapping.GetHashFunctionOptions(parameters.MacType, ref modeValue, ref digestSize);
return(new KeyConfirmationHmac(
_macDataCreator, parameters, _hmacFactory.GetHmacInstance(new HashFunction(modeValue, digestSize))));
case KeyAgreementMacType.Kmac_128:
return(new KeyConfirmationKmac(_macDataCreator, parameters, _kmacFactory, 256));
case KeyAgreementMacType.Kmac_256:
return(new KeyConfirmationKmac(_macDataCreator, parameters, _kmacFactory, 512));
default:
throw new ArgumentException($"{GetType().Name}, {nameof(parameters.MacType)}");
}
}
public void ShouldMacCorrectly(int keyLength, int macLength, KeyAgreementMacType keyAgreementMacType, BitString dkm, BitString nonce, BitString expectedMacData, BitString expectedMac)
{
ModeValues modeValue = ModeValues.SHA2;
DigestSizes digestSize = DigestSizes.NONE;
EnumMapping.GetHashFunctionOptions(keyAgreementMacType, ref modeValue, ref digestSize);
NoKeyConfirmationParameters p =
new NoKeyConfirmationParameters(keyAgreementMacType, macLength, dkm, nonce);
_subject = new NoKeyConfirmationHmac(new NoKeyConfirmationMacDataCreator(), p, _algoFactory.GetHmacInstance(new HashFunction(modeValue, digestSize)));
var result = _subject.ComputeMac();
Assert.That(result.Success, nameof(result.Success));
Assert.AreEqual(expectedMacData.ToHex(), result.MacData.ToHex(), nameof(result.MacData));
Assert.AreEqual(expectedMac.ToHex(), result.Mac.ToHex(), nameof(result.Mac));
}
public void TestCasesFromGhIssues(string label, ModeValues mode, DigestSizes digestSize, int keyLen, string zzHex, string otherInfoHex, string expectedHex)
{
var zz = new BitString(zzHex);
var otherInfo = new BitString(otherInfoHex);
var hashFunction = new HashFunction(mode, digestSize);
var sha = _factory.GetShaInstance(hashFunction);
var subject = new AnsiX942Concat(sha);
var param = new ConcatAns942Parameters
{
Zz = zz,
KeyLen = keyLen,
OtherInfo = otherInfo
};
var result = subject.DeriveKey(param);
Assert.True(result.Success);
Assert.AreEqual(new BitString(expectedHex).ToHex(), result.DerivedKey.ToHex());
}
public void IsoIec9797Tests(ModeValues mode, DigestSizes digestSize, int macLength, string ascii, int count, string keyHex, string expectedHex)
{
var sha = _shaFactory.GetShaInstance(new HashFunction(mode, digestSize));
_subject = new NativeHmac(sha);
var key = new BitString(keyHex);
BitString message;
if (count == 0)
{
message = new BitString(Encoding.ASCII.GetBytes(ascii));
}
else
{
message = new BitString(Encoding.ASCII.GetBytes(ascii), count * 8);
}
var result = _subject.Generate(key, message, macLength);
var expected = new BitString(expectedHex, macLength);
Assert.AreEqual(expected.ToHex(), result.Mac.ToHex());
}
public void ShouldIkeV1Correctly(ModeValues mode, DigestSizes digestSize, string niHex, string nrHex, string gxyHex, string ckyiHex, string ckyrHex, string sKeyIdHex, string sKeyIdDHex, string sKeyIdAHex, string sKeyIdEHex)
{
var ni = new BitString(niHex);
var nr = new BitString(nrHex);
var gxy = new BitString(gxyHex);
var ckyi = new BitString(ckyiHex);
var ckyr = new BitString(ckyrHex);
var sKeyId = new BitString(sKeyIdHex);
var sKeyIdD = new BitString(sKeyIdDHex);
var sKeyIdA = new BitString(sKeyIdAHex);
var sKeyIdE = new BitString(sKeyIdEHex);
var hash = new HashFunction(mode, digestSize);
var subject = _factory.GetIkeV1Instance(AuthenticationMethods.Dsa, hash);
var result = subject.GenerateIke(ni, nr, gxy, ckyi, ckyr);
Assert.IsTrue(result.Success);
Assert.AreEqual(sKeyId, result.SKeyId, "sKeyId");
Assert.AreEqual(sKeyIdD, result.SKeyIdD, "sKeyIdD");
Assert.AreEqual(sKeyIdA, result.SKeyIdA, "sKeyIdA");
Assert.AreEqual(sKeyIdE, result.SKeyIdE, "sKeyIdE");
}
public void ShouldKdfCorrectly(
string label,
ModeValues modeValue,
DigestSizes digestSize,
int kdfSize,
BigInteger z,
BitString otherInfo,
BitString expectedDerivedKeyingMaterial
)
{
var sha = _shaFactory.GetShaInstance(new HashFunction(modeValue, digestSize));
_subject = new KdfSha(sha, true);
var result = _subject.DeriveKey(
new BitString(z),
kdfSize,
otherInfo,
null
);
Assert.That(result.Success);
Assert.AreEqual(expectedDerivedKeyingMaterial.ToHex(), result.DerivedKey.ToHex());
}
public void ShaShouldReturnProperHashFunctionFromConstruction(KdaOneStepAuxFunction kdfOneStepAuxFunction, ModeValues mode, DigestSizes digestSize)
{
_subject.GetInstance(kdfOneStepAuxFunction, true);
_shaFactory.Verify(v => v.GetShaInstance(new HashFunction(mode, digestSize)));
}
/// <summary>
/// Determines the correct <see cref="ModeValues"/> and <see cref="DigestSizes"/> based on <see cref="KeyAgreementMacType"/>
/// </summary>
/// <param name="keyAgreementMacType">The key agreement mac type to check against</param>
/// <param name="modeValue">The equivalent mode</param>
/// <param name="digestSize">The equivalent digest size</param>
public static void GetHashFunctionOptions(KeyAgreementMacType keyAgreementMacType, ref ModeValues modeValue, ref DigestSizes digestSize)
{
switch (keyAgreementMacType)
{
case KeyAgreementMacType.HmacSha1:
modeValue = ModeValues.SHA1;
digestSize = DigestSizes.d160;
break;
case KeyAgreementMacType.HmacSha2D224:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d224;
break;
case KeyAgreementMacType.HmacSha2D256:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d256;
break;
case KeyAgreementMacType.HmacSha2D384:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d384;
break;
case KeyAgreementMacType.HmacSha2D512:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d512;
break;
case KeyAgreementMacType.HmacSha2D512_T224:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d512t224;
break;
case KeyAgreementMacType.HmacSha2D512_T256:
modeValue = ModeValues.SHA2;
digestSize = DigestSizes.d512t256;
break;
case KeyAgreementMacType.HmacSha3D224:
modeValue = ModeValues.SHA3;
digestSize = DigestSizes.d224;
break;
case KeyAgreementMacType.HmacSha3D256:
modeValue = ModeValues.SHA3;
digestSize = DigestSizes.d256;
break;
case KeyAgreementMacType.HmacSha3D384:
modeValue = ModeValues.SHA3;
digestSize = DigestSizes.d384;
break;
case KeyAgreementMacType.HmacSha3D512:
modeValue = ModeValues.SHA3;
digestSize = DigestSizes.d512;
break;
default:
throw new ArgumentException($"{typeof(EnumMapping)}, {nameof(keyAgreementMacType)}");
}
}
