public void TestScpConfigECDSAFromX509() { Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config)); Assert.IsTrue(config.certificate.TryGetECDsaKeys("SecretariumTestClient256", out byte[] publicKeyRaw, out byte[] privateKeyRaw)); SignAndVerify(publicKeyRaw, privateKeyRaw); Assert.NotNull(config.certificate); Assert.IsTrue(config.certificate.TryGetX509("SecretariumTestClient256", out X509Certificate2 x509)); Assert.NotNull(x509); var publicKey = x509.GetECDsaPublicKey() as ECDsaCng; Assert.NotNull(publicKey); var publicKeyRawCert = publicKey.ExportPublicKeyRaw(); Assert.IsTrue(publicKeyRaw.SequenceEqual(publicKeyRawCert)); var privateKey = x509.GetECDsaPrivateKey() as ECDsaCng; Assert.NotNull(privateKey); var privateKeyRawCert = privateKey.ExportPrivateKeyRaw(); Assert.IsTrue(privateKeyRaw.SequenceEqual(privateKeyRawCert)); SignAndVerify(publicKeyRawCert, privateKeyRawCert); }
public void TestFullProtocolFromSecKeyGcm() { Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey.json", out ScpConfig config)); Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng key, "SecretariumTestClient256")); config.encryptionMode = ScpConfig.EncryptionMode.AESGCM; using (var scp = new SecureConnectionProtocol()) { scp.Init(config); scp.Set(key); var connected = scp.Connect(20000); Assert.IsTrue(connected); } }
public void TestX509ToSecKey() { Assert.IsTrue(ScpConfigHelper.TryCreateSecretariumKey("SecretariumTestClient256.pfx", "SecretariumTestClient256", out ScpConfig.SecretariumKeyConfig config)); Assert.NotNull(config); var iv = config.iv.FromBase64String(); var salt = config.salt.FromBase64String(); var encryptedKeys = config.keys.FromBase64String(); var strongPwd = ByteHelper.Combine(salt, "SecretariumTestClient256".ToBytes()).HashSha256(); var decryptedKeys = AESGCMHelper.AesGcmDecrypt(encryptedKeys, strongPwd, iv); var pubKeyRaw = decryptedKeys.Extract(1, 64); var priKeyRaw = decryptedKeys.Extract(65 + 36, 32); var pubKeyRawFromPkcs8 = decryptedKeys.Extract(65 + 74, 64); Assert.IsTrue(pubKeyRaw.SequenceEqual(pubKeyRawFromPkcs8)); Assert.IsTrue(EllipticCurveHelper.IsKeyOnP256(pubKeyRaw, true)); SignAndVerify(pubKeyRaw, priKeyRaw); }
public void TestFullProtocolFromSecKeyCtr() { Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey.json", out ScpConfig config)); Assert.IsTrue(config.secretariumKey.TryGetECDsaKeys("SecretariumTestClient256", out byte[] publicKeyRaw, out byte[] privateKeyRaw)); var key = ECDsaHelper.ImportPrivateKey(publicKeyRaw, privateKeyRaw); Assert.NotNull(key); using (var scp = new SecureConnectionProtocol()) { scp.Init(config); scp.Set(key); var connected = scp.Connect(20000); Assert.IsTrue(connected); } }
private bool FullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium) { // Client keys Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config)); Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng clientECDsaKeyCng, "SecretariumTestClient256")); var clientPub = clientECDsaKeyCng.ExportPublicKeyRaw(); // Client Hello var clientEph = ECDHHelper.CreateCngKey(); var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph); var clientEphPub = clientEphCng.PublicKey(); var clientHello = clientEphPub; Assert.IsTrue(ClientHello.Parse(clientHello, out ClientHello clientHelloObj)); // Server Hello secretarium = new MockedSecretarium(encryptionMode); secretarium.GetServerHello(clientHello, out byte[] serverHello); Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj)); // Client ClientProofOfWork Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork)); var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey); Assert.IsTrue(ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork clientProofOfWorkObj)); // Server Identity secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity); Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj)); // Client computes symmetric key symmetricKey = DiffieHellmanHelper.GetSymmetricKey( clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret); // Client Proof Of Identity var nonce = ByteHelper.GetRandom(32); var nonceSigned = clientECDsaKeyCng.SignData(nonce); var clientProofOfIdentity = ByteHelper.Combine(nonce, clientEphPub, clientPub, nonceSigned); Assert.IsTrue(ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity clientProofOfIdentityObj)); // Client Encrypts Client Proof Of Identity var ivOffset = ByteHelper.GetRandom(16); var encryptedClientProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? clientProofOfIdentity.AesCtrEncrypt(symmetricKey, ivOffset) : clientProofOfIdentity.AesGcmEncryptWithOffset(symmetricKey, ivOffset); var encryptedClientProofOfIdentityWithIvOffset = ByteHelper.Combine(ivOffset, encryptedClientProofOfIdentity); // Server Checks And Sends Proof Of Identity Assert.IsTrue(secretarium.GetServerProofOfIdentity( encryptedClientProofOfIdentityWithIvOffset, out byte[] encryptedServerProofOfIdentity)); // Client Decrypts Server Proof Of Identity ivOffset = encryptedServerProofOfIdentity.Extract(0, 16); var serverProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR ? encryptedServerProofOfIdentity.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset) : encryptedServerProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset); Assert.IsTrue(ServerProofOfIdentity.Parse(serverProofOfIdentity, out ServerProofOfIdentity serverProofOfIdentityObj)); // Client Checks Server Proof Of Idendity var msg = "Hey you! Welcome to Secretarium!".ToBytes(); var secretariumECDsaCng = ECDsaHelper.ImportPublicKey(serverIdentityObj.publicKey); Assert.IsTrue(secretariumECDsaCng.VerifyData( ByteHelper.Combine(serverProofOfIdentityObj.nonce, msg), serverProofOfIdentityObj.welcomeSigned)); return(true); }
public void TestScpConfigECDSAFromSecKey2() { Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey_2.json", out ScpConfig config)); Assert.IsTrue(config.secretariumKey.TryGetECDsaKeys("1234", out byte[] publicKey, out byte[] privateKey)); SignAndVerify(publicKey, privateKey); }