public void TestScpConfigECDSAFromX509()
{
Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config));
Assert.IsTrue(config.certificate.TryGetECDsaKeys("SecretariumTestClient256", out byte[] publicKeyRaw, out byte[] privateKeyRaw));
SignAndVerify(publicKeyRaw, privateKeyRaw);
Assert.NotNull(config.certificate);
Assert.IsTrue(config.certificate.TryGetX509("SecretariumTestClient256", out X509Certificate2 x509));
Assert.NotNull(x509);
var publicKey = x509.GetECDsaPublicKey() as ECDsaCng;
Assert.NotNull(publicKey);
var publicKeyRawCert = publicKey.ExportPublicKeyRaw();
Assert.IsTrue(publicKeyRaw.SequenceEqual(publicKeyRawCert));
var privateKey = x509.GetECDsaPrivateKey() as ECDsaCng;
Assert.NotNull(privateKey);
var privateKeyRawCert = privateKey.ExportPrivateKeyRaw();
Assert.IsTrue(privateKeyRaw.SequenceEqual(privateKeyRawCert));
SignAndVerify(publicKeyRawCert, privateKeyRawCert);
}
public void TestFullProtocolFromSecKeyGcm()
{
Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey.json", out ScpConfig config));
Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng key, "SecretariumTestClient256"));
config.encryptionMode = ScpConfig.EncryptionMode.AESGCM;
using (var scp = new SecureConnectionProtocol())
{
scp.Init(config);
scp.Set(key);
var connected = scp.Connect(20000);
Assert.IsTrue(connected);
}
}
public void TestX509ToSecKey()
{
Assert.IsTrue(ScpConfigHelper.TryCreateSecretariumKey("SecretariumTestClient256.pfx", "SecretariumTestClient256", out ScpConfig.SecretariumKeyConfig config));
Assert.NotNull(config);
var iv = config.iv.FromBase64String();
var salt = config.salt.FromBase64String();
var encryptedKeys = config.keys.FromBase64String();
var strongPwd = ByteHelper.Combine(salt, "SecretariumTestClient256".ToBytes()).HashSha256();
var decryptedKeys = AESGCMHelper.AesGcmDecrypt(encryptedKeys, strongPwd, iv);
var pubKeyRaw = decryptedKeys.Extract(1, 64);
var priKeyRaw = decryptedKeys.Extract(65 + 36, 32);
var pubKeyRawFromPkcs8 = decryptedKeys.Extract(65 + 74, 64);
Assert.IsTrue(pubKeyRaw.SequenceEqual(pubKeyRawFromPkcs8));
Assert.IsTrue(EllipticCurveHelper.IsKeyOnP256(pubKeyRaw, true));
SignAndVerify(pubKeyRaw, priKeyRaw);
}
public void TestFullProtocolFromSecKeyCtr()
{
Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey.json", out ScpConfig config));
Assert.IsTrue(config.secretariumKey.TryGetECDsaKeys("SecretariumTestClient256", out byte[] publicKeyRaw, out byte[] privateKeyRaw));
var key = ECDsaHelper.ImportPrivateKey(publicKeyRaw, privateKeyRaw);
Assert.NotNull(key);
using (var scp = new SecureConnectionProtocol())
{
scp.Init(config);
scp.Set(key);
var connected = scp.Connect(20000);
Assert.IsTrue(connected);
}
}
private bool FullProtocolFromX509(ScpConfig.EncryptionMode encryptionMode, out byte[] symmetricKey, out MockedSecretarium secretarium)
{
// Client keys
Assert.IsTrue(ScpConfigHelper.TryLoad("test.x509.json", out ScpConfig config));
Assert.IsTrue(config.TryGetECDsaKey(out ECDsaCng clientECDsaKeyCng, "SecretariumTestClient256"));
var clientPub = clientECDsaKeyCng.ExportPublicKeyRaw();
// Client Hello
var clientEph = ECDHHelper.CreateCngKey();
var clientEphCng = ECDHHelper.CreateECDiffieHellmanCngSha256(clientEph);
var clientEphPub = clientEphCng.PublicKey();
var clientHello = clientEphPub;
Assert.IsTrue(ClientHello.Parse(clientHello, out ClientHello clientHelloObj));
// Server Hello
secretarium = new MockedSecretarium(encryptionMode);
secretarium.GetServerHello(clientHello, out byte[] serverHello);
Assert.IsTrue(ServerHello.Parse(serverHello, 18, out ServerHello serverHelloObj));
// Client ClientProofOfWork
Assert.IsTrue(DiffieHellmanHelper.ComputeProofOfWork(serverHelloObj.proofOfWorkDetails, out byte[] proofOfWork));
var clientProofOfWork = ByteHelper.Combine(proofOfWork.ExtendTo(32), MockedSecretarium.GenesisPubKey);
Assert.IsTrue(ClientProofOfWork.Parse(clientProofOfWork, out ClientProofOfWork clientProofOfWorkObj));
// Server Identity
secretarium.GetServerIdentity(clientProofOfWork, out byte[] serverIdentity);
Assert.IsTrue(ServerIdentity.Parse(serverIdentity, out ServerIdentity serverIdentityObj));
// Client computes symmetric key
symmetricKey = DiffieHellmanHelper.GetSymmetricKey(
clientEphCng, serverIdentityObj.ephDHKey, serverIdentityObj.preMasterSecret);
// Client Proof Of Identity
var nonce = ByteHelper.GetRandom(32);
var nonceSigned = clientECDsaKeyCng.SignData(nonce);
var clientProofOfIdentity = ByteHelper.Combine(nonce, clientEphPub, clientPub, nonceSigned);
Assert.IsTrue(ClientProofOfIdentity.Parse(clientProofOfIdentity, out ClientProofOfIdentity clientProofOfIdentityObj));
// Client Encrypts Client Proof Of Identity
var ivOffset = ByteHelper.GetRandom(16);
var encryptedClientProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR
? clientProofOfIdentity.AesCtrEncrypt(symmetricKey, ivOffset)
: clientProofOfIdentity.AesGcmEncryptWithOffset(symmetricKey, ivOffset);
var encryptedClientProofOfIdentityWithIvOffset = ByteHelper.Combine(ivOffset, encryptedClientProofOfIdentity);
// Server Checks And Sends Proof Of Identity
Assert.IsTrue(secretarium.GetServerProofOfIdentity(
encryptedClientProofOfIdentityWithIvOffset, out byte[] encryptedServerProofOfIdentity));
// Client Decrypts Server Proof Of Identity
ivOffset = encryptedServerProofOfIdentity.Extract(0, 16);
var serverProofOfIdentity = encryptionMode == ScpConfig.EncryptionMode.AESCTR
? encryptedServerProofOfIdentity.Extract(16).AesCtrDecrypt(symmetricKey, ivOffset)
: encryptedServerProofOfIdentity.Extract(16).AesGcmDecryptWithOffset(symmetricKey, ivOffset);
Assert.IsTrue(ServerProofOfIdentity.Parse(serverProofOfIdentity, out ServerProofOfIdentity serverProofOfIdentityObj));
// Client Checks Server Proof Of Idendity
var msg = "Hey you! Welcome to Secretarium!".ToBytes();
var secretariumECDsaCng = ECDsaHelper.ImportPublicKey(serverIdentityObj.publicKey);
Assert.IsTrue(secretariumECDsaCng.VerifyData(
ByteHelper.Combine(serverProofOfIdentityObj.nonce, msg), serverProofOfIdentityObj.welcomeSigned));
return(true);
}
public void TestScpConfigECDSAFromSecKey2()
{
Assert.IsTrue(ScpConfigHelper.TryLoad("test.secKey_2.json", out ScpConfig config));
Assert.IsTrue(config.secretariumKey.TryGetECDsaKeys("1234", out byte[] publicKey, out byte[] privateKey));
SignAndVerify(publicKey, privateKey);
}
