public virtual void Sign(EthereumEcdsa localPrivateKey, EthereumEcdsa ephemeralPrivateKey, EthereumEcdsa receiverPublicKey, uint?chainID = null)
{
// Generate the shared secret using ECDH between our local private key and this remote public key
byte[] ecdhKey = localPrivateKey.ComputeECDHKey(receiverPublicKey);
// If our nonce is null, generate a new one
Nonce = Nonce ?? RLPxSession.GenerateNonce();
// Verify the nonce is the correct length.
if (Nonce.Length != RLPxSession.NONCE_SIZE)
{
// Throw an exception if an invalid nonce was provided.
throw new ArgumentException($"Invalid size nonce provided for RLPx session when signing auth message. Should be {RLPxSession.NONCE_SIZE} bytes but was {Nonce?.Length}.");
}
// Obtain our transformed nonce data.
byte[] transformedNonceData = GetTransformedNonce(ecdhKey);
// Sign the transformed data.
var signature = ephemeralPrivateKey.SignData(transformedNonceData);
// We want our signature in r,s,v format.
R = BigIntegerConverter.GetBytes(signature.r, 32);
S = BigIntegerConverter.GetBytes(signature.s, 32);
V = EthereumEcdsa.GetVFromRecoveryID(chainID, signature.RecoveryID);
// Set our local public key and the public key hash.
PublicKey = localPrivateKey.ToPublicKeyArray(false, true);
}
public static byte[] Encrypt(EthereumEcdsa remotePublicKey, byte[] data, byte[] sharedMacData = null)
{
// If we have no shared mac data, we set it as a blank array
sharedMacData = sharedMacData ?? Array.Empty <byte>();
// Generate a random private key
EthereumEcdsa senderPrivateKey = EthereumEcdsa.Generate(new SystemRandomAccountDerivation());
// Generate the elliptic curve diffie hellman ("ECDH") shared key
byte[] ecdhKey = senderPrivateKey.ComputeECDHKey(remotePublicKey);
// Perform NIST SP 800-56 Concatenation Key Derivation Function ("KDF")
Memory <byte> keyData = DeriveKeyKDF(ecdhKey, 32);
// Split the AES encryption key and MAC from the derived key data.
var aesKey = keyData.Slice(0, 16).ToArray();
byte[] hmacSha256Key = keyData.Slice(16, 16).ToArray();
hmacSha256Key = _sha256.ComputeHash(hmacSha256Key);
// We generate a counter for our aes-128-ctr operation.
byte[] counter = new byte[AesCtr.BLOCK_SIZE];
_randomNumberGenerator.GetBytes(counter);
// Encrypt the data accordingly.
byte[] encryptedData = AesCtr.Encrypt(aesKey, data, counter);
// Obtain the sender's public key to compile our message.
byte[] localPublicKey = senderPrivateKey.ToPublicKeyArray(false, true);
// We'll want to put this data into the message in the following order (where || is concatenation):
// ECIES_HEADER_BYTE (1 byte) || sender's public key (64 bytes) || counter (16 bytes) || encrypted data (arbitrary length) || tag (32 bytes)
// This gives us a total size of 113 + data.Length
byte[] result = new byte[ECIES_ADDITIONAL_OVERHEAD + encryptedData.Length];
// Define a pointer and copy in our data as suggested.
int offset = 0;
result[offset++] = ECIES_HEADER_BYTE;
Array.Copy(localPublicKey, 0, result, offset, localPublicKey.Length);
offset += localPublicKey.Length;
Array.Copy(counter, 0, result, offset, counter.Length);
offset += counter.Length;
Array.Copy(encryptedData, 0, result, offset, encryptedData.Length);
offset += encryptedData.Length;
// We still have to copy the tag, which is a HMACSHA256 of our counter + encrypted data + shared mac.
// We copy the data into a buffer for this hash computation since counter + encrypted data are already aligned.
byte[] tagPreimage = new byte[counter.Length + encryptedData.Length + sharedMacData.Length];
Array.Copy(result, 65, tagPreimage, 0, counter.Length + encryptedData.Length);
Array.Copy(sharedMacData, 0, tagPreimage, counter.Length + encryptedData.Length, sharedMacData.Length);
// Obtain a HMACSHA256 provider
HMACSHA256 hmacSha256 = new HMACSHA256(hmacSha256Key);
// Compute a hash of our counter + encrypted data + shared mac data.
byte[] tag = hmacSha256.ComputeHash(tagPreimage);
// Copy the tag into our result buffer.
Array.Copy(tag, 0, result, offset, tag.Length);
offset += tag.Length;
// Return the resulting data.
return(result);
}
