public void Test()
{
byte[] key1 = "2121212121212121212121212121212121212121212121212121212121212121".HexToByteArray();
ECKeyPair privateKey = new ECKeyPair(key1, true);
byte[] key2 = "0242a4ae0c5bef18048fbecf995094b74bfb0f7391418d71ed394784373f41e4f3".HexToByteArray();
ECKeyPair publicKey = new ECKeyPair(key2, false);
byte[] result = ECDH.ComputeHashedPoint(publicKey.PublicKeyParameters, privateKey.PrivateKey);
Assert.Equal("bd8d1d89b9ff4086baf9065df2562ccdd67399a5e9b2c0d427a92d83c1edd8fb", result.ToHex());
}
public byte[] ApplyActOne(ECKeyPair ephemeralKeyPair = null)
{
if (_state.HandshakeState != HandshakeState.Initialized)
{
throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized");
}
_state.EphemeralKeyPair = ephemeralKeyPair ?? Secp256K1.GenerateKeyPair();
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed));
byte[] ss = ECDH.ComputeHashedPoint(_state.RemoteAddress.PublicKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
_state.ChainingKey = chainingKey;
(_, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK1, _state.SendNonce.GetBytes(), handshakeHash, new byte[0]);
handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag));
_state.HandshakeHash = handshakeHash;
_state.HandshakeState = HandshakeState.Act1;
return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag));
}
public byte[] ApplyActTwo(ECKeyPair initiatorEphemeralKey, ECKeyPair localEphemeralKey = null)
{
if (_state.HandshakeState != HandshakeState.Act1)
{
throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act1");
}
_state.EphemeralKeyPair = localEphemeralKey ?? Secp256K1.GenerateKeyPair();
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed));
byte[] ss = ECDH.ComputeHashedPoint(initiatorEphemeralKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK2) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
(_, byte[] tag1) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, new byte[12], handshakeHash, new byte[0]);
handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag1));
_state.HandshakeHash = handshakeHash;
_state.ChainingKey = chainingKey;
_state.TempKey2 = tempK2;
_state.HandshakeState = HandshakeState.Act2;
return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag1));
}
private void BtnCreateKey_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(TbAlicePrivate.Text) || string.IsNullOrEmpty(TbAlicePublic.Text))
{
BtnAliceGenParams_Click(null, null);
}
if (string.IsNullOrEmpty(TbBobPrivate.Text) || string.IsNullOrEmpty(TbBobPublic.Text))
{
BtnBobGenParams_Click(null, null);
}
byte[] alicePrivate = Util.GetBytes(TbAlicePrivate.Text);
byte[] alicePublic = Util.GetBytes(TbAlicePublic.Text);
byte[] bobPrivate = Util.GetBytes(TbBobPrivate.Text);
byte[] bobPublic = Util.GetBytes(TbBobPublic.Text);
TbAliceKey.Text = Util.ToHexString(ECDH.DeriveKey(alicePrivate, bobPublic));
TbBobKey.Text = Util.ToHexString(ECDH.DeriveKey(bobPrivate, alicePublic));
}
public (byte[] tempK1, ECKeyPair ephemeralKey) ReadActOneRequest(Span <byte> message, int length)
{
if (_state.HandshakeState != HandshakeState.Initialized)
{
throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized");
}
if (length != 50)
{
throw new ArgumentException("ACT1_READ_FAILED");
}
byte version = message.Slice(0, 1)[0];
ECKeyPair responderEphemeralKey = new ECKeyPair(message.Slice(1, 33), false);
Span <byte> c = message.Slice(34, 16);
if (version != 0)
{
throw new NotSupportedException("ACT1_BAD_VERSION");
}
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(responderEphemeralKey.PublicKeyCompressed));
byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
_state.ChainingKey = chainingKey;
(_, byte[] mac) = ChaCha20Poly1305.DecryptWithAdditionalData(tempK1, _state.ReceiveNonce.GetBytes(), handshakeHash, new byte[0]);
if (!c.SequenceEqual(mac))
{
throw new ArgumentException("ACT1_BAD_TAG");
}
_state.ReceiveNonce.Increment();
_state.HandshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(c.ToArray()));
_state.HandshakeState = HandshakeState.Act1;
return(tempK1, responderEphemeralKey);
}
public void ReadActThreeRequest(Span <byte> message, int length)
{
if (length != 66)
{
throw new ArgumentException("ACT3_READ_FAILED");
}
byte version = message.Slice(0, 1)[0];
Span <byte> c = message.Slice(1, 49);
//byte[] t = message.SubArray(50, 16);
if (version != 0)
{
throw new NotSupportedException("ACT3_BAD_VERSION");
}
(byte[] rs, _) = ChaCha20Poly1305.DecryptWithAdditionalData(_state.TempKey2, _state.ReceiveNonce.GetBytes(), _state.HandshakeHash, c.ToArray());
ECKeyPair rsKey = new ECKeyPair(((Span <byte>)rs).Slice(0, 33), false);
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(c.ToArray()));
byte[] ss = ECDH.ComputeHashedPoint(rsKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey);
(byte[] chainingKey, _) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
//byte[] p, byte[] mac2) = ChaCha20Poly1305.decryptWithAD(tempK3, new byte[12], handshakeHash, t);
// TODO: do mac check
(byte[] decryptKey, byte[] encryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]);
_state.ChainingKey = chainingKey;
_state.HandshakeHash = handshakeHash;
_state.SendEncryptionKey = encryptKey;
_state.ReceiveDecryptionKey = decryptKey;
_state.SendNonce.Reset();
_state.ReceiveNonce.Reset();
_state.HandshakeState = HandshakeState.Finished;
}
public byte[] ApplyActThree(byte[] tempK2, ECKeyPair responderEphemeralKey)
{
if (_state.HandshakeState != HandshakeState.Act2)
{
throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act2");
}
(byte[] cipherText, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, _state.SendNonce.GetBytes(), _state.HandshakeHash, _state.LocalKeyPair.PublicKeyCompressed);
byte[] cipherAndMac = cipherText.ConcatToNewArray(tag);
byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(cipherAndMac));
byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey);
(byte[] chainingKey, byte[] tempK3) = HmacSha256.ComputeHashes(_state.ChainingKey, ss);
(_, byte[] tag2) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK3, new byte[12], handshakeHash, new byte[0]);
(byte[] encryptKey, byte[] decryptKey) = HmacSha256.ComputeHashes(chainingKey, new byte[0]);
_state.HandshakeHash = handshakeHash;
_state.ChainingKey = chainingKey;
_state.SendEncryptionKey = encryptKey;
_state.ReceiveDecryptionKey = decryptKey;
_state.SendNonce.Reset();
_state.ReceiveNonce.Reset();
_state.HandshakeState = HandshakeState.Finished;
return(ByteExtensions.Combine(new byte[] { 0 }, cipherAndMac, tag2));
}
public static void Main(string[] args)
{
int i, j = 0, res;
int result;
string pp = "M0ng00se";
int EGS = ECDH.EGS;
int EFS = ECDH.EFS;
int EAS = AES.KS;
sbyte[] S1 = new sbyte[EGS];
sbyte[] W0 = new sbyte[2 * EFS + 1];
sbyte[] W1 = new sbyte[2 * EFS + 1];
sbyte[] Z0 = new sbyte[EFS];
sbyte[] Z1 = new sbyte[EFS];
sbyte[] RAW = new sbyte[100];
sbyte[] SALT = new sbyte[8];
RAND rng = new RAND();
rng.clean();
for (i = 0; i < 100; i++)
{
RAW[i] = (sbyte)(i);
}
rng.seed(100, RAW);
//for (j=0;j<100;j++)
//{
for (i = 0; i < 8; i++)
{
SALT[i] = (sbyte)(i + 1); // set Salt
}
Console.WriteLine("Alice's Passphrase= " + pp);
sbyte[] PW = pp.GetBytes();
/* private key S0 of size EGS bytes derived from Password and Salt */
sbyte[] S0 = ECDH.PBKDF2(PW, SALT, 1000, EGS);
Console.Write("Alice's private key= 0x");
printBinary(S0);
/* Generate Key pair S/W */
ECDH.KEY_PAIR_GENERATE(null, S0, W0);
Console.Write("Alice's public key= 0x");
printBinary(W0);
res = ECDH.PUBLIC_KEY_VALIDATE(true, W0);
if (res != 0)
{
Console.WriteLine("Alice's public Key is invalid!\n");
return;
}
/* Random private key for other party */
ECDH.KEY_PAIR_GENERATE(rng, S1, W1);
Console.Write("Servers private key= 0x");
printBinary(S1);
Console.Write("Servers public key= 0x");
printBinary(W1);
res = ECDH.PUBLIC_KEY_VALIDATE(true, W1);
if (res != 0)
{
Console.Write("Server's public Key is invalid!\n");
return;
}
/* Calculate common key using DH - IEEE 1363 method */
ECDH.ECPSVDP_DH(S0, W1, Z0);
ECDH.ECPSVDP_DH(S1, W0, Z1);
bool same = true;
for (i = 0; i < EFS; i++)
{
if (Z0[i] != Z1[i])
{
same = false;
}
}
if (!same)
{
Console.WriteLine("*** ECPSVDP-DH Failed");
return;
}
sbyte[] KEY = ECDH.KDF1(Z0, EAS);
Console.Write("Alice's DH Key= 0x");
printBinary(KEY);
Console.Write("Servers DH Key= 0x");
printBinary(KEY);
//}
//System.out.println("Test Completed Successfully");
}
public static void Main(string[] args)
{
int i, j = 0, res;
int result;
string pp = "M0ng00se";
int EGS = ECDH.EGS;
int EFS = ECDH.EFS;
int EAS = AES.KS;
sbyte[] S1 = new sbyte[EGS];
sbyte[] W0 = new sbyte[2 * EFS + 1];
sbyte[] W1 = new sbyte[2 * EFS + 1];
sbyte[] Z0 = new sbyte[EFS];
sbyte[] Z1 = new sbyte[EFS];
sbyte[] RAW = new sbyte[100];
sbyte[] SALT = new sbyte[8];
sbyte[] P1 = new sbyte[3];
sbyte[] P2 = new sbyte[4];
sbyte[] V = new sbyte[2 * EFS + 1];
sbyte[] M = new sbyte[17];
sbyte[] T = new sbyte[12];
sbyte[] CS = new sbyte[EGS];
sbyte[] DS = new sbyte[EGS];
RAND rng = new RAND();
rng.clean();
for (i = 0; i < 100; i++)
{
RAW[i] = (sbyte)(i);
}
rng.seed(100, RAW);
//for (j=0;j<100;j++)
//{
for (i = 0; i < 8; i++)
{
SALT[i] = (sbyte)(i + 1); // set Salt
}
Console.WriteLine("Alice's Passphrase= " + pp);
sbyte[] PW = pp.GetBytes();
/* private key S0 of size EGS bytes derived from Password and Salt */
sbyte[] S0 = ECDH.PBKDF2(PW, SALT, 1000, EGS);
Console.Write("Alice's private key= 0x");
printBinary(S0);
/* Generate Key pair S/W */
ECDH.KEY_PAIR_GENERATE(null, S0, W0);
Console.Write("Alice's public key= 0x");
printBinary(W0);
res = ECDH.PUBLIC_KEY_VALIDATE(true, W0);
if (res != 0)
{
Console.WriteLine("ECP Public Key is invalid!\n");
return;
}
/* Random private key for other party */
ECDH.KEY_PAIR_GENERATE(rng, S1, W1);
Console.Write("Servers private key= 0x");
printBinary(S1);
Console.Write("Servers public key= 0x");
printBinary(W1);
res = ECDH.PUBLIC_KEY_VALIDATE(true, W1);
if (res != 0)
{
Console.Write("ECP Public Key is invalid!\n");
return;
}
/* Calculate common key using DH - IEEE 1363 method */
ECDH.ECPSVDP_DH(S0, W1, Z0);
ECDH.ECPSVDP_DH(S1, W0, Z1);
bool same = true;
for (i = 0; i < EFS; i++)
{
if (Z0[i] != Z1[i])
{
same = false;
}
}
if (!same)
{
Console.WriteLine("*** ECPSVDP-DH Failed");
return;
}
sbyte[] KEY = ECDH.KDF1(Z0, EAS);
Console.Write("Alice's DH Key= 0x");
printBinary(KEY);
Console.Write("Servers DH Key= 0x");
printBinary(KEY);
Console.WriteLine("Testing ECIES");
P1[0] = 0x0;
P1[1] = 0x1;
P1[2] = 0x2;
P2[0] = 0x0;
P2[1] = 0x1;
P2[2] = 0x2;
P2[3] = 0x3;
for (i = 0; i <= 16; i++)
{
M[i] = (sbyte)i;
}
sbyte[] C = ECDH.ECIES_ENCRYPT(P1, P2, rng, W1, M, V, T);
Console.WriteLine("Ciphertext= ");
Console.Write("V= 0x");
printBinary(V);
Console.Write("C= 0x");
printBinary(C);
Console.Write("T= 0x");
printBinary(T);
M = ECDH.ECIES_DECRYPT(P1, P2, V, C, T, S1);
if (M.Length == 0)
{
Console.WriteLine("*** ECIES Decryption Failed\n");
return;
}
else
{
Console.WriteLine("Decryption succeeded");
}
Console.Write("Message is 0x");
printBinary(M);
Console.WriteLine("Testing ECDSA");
if (ECDH.ECPSP_DSA(rng, S0, M, CS, DS) != 0)
{
Console.WriteLine("***ECDSA Signature Failed");
return;
}
Console.WriteLine("Signature= ");
Console.Write("C= 0x");
printBinary(CS);
Console.Write("D= 0x");
printBinary(DS);
if (ECDH.ECPVP_DSA(W0, M, CS, DS) != 0)
{
Console.WriteLine("***ECDSA Verification Failed");
return;
}
else
{
Console.WriteLine("ECDSA Signature/Verification succeeded " + j);
}
//}
//System.out.println("Test Completed Successfully");
}
