public static bool verify(string message, string signature, string key) { var encodedSignature = Encoding.UTF8.GetBytes(signature); var encodedKey = Encoding.UTF8.GetBytes(key); return(SecretKeyAuth.VerifyHmacSha512(message, encodedSignature, encodedKey)); }
/// <summary> /// Validate client Hello /// </summary> /// <remark> /// Here the server verifies that the received message length is 64 /// bytes, then extracts the client's ephemeral key and also verifies /// that the hmac was signed with the network key. /// /// This sets the object's <see cref="_ephemeral_client_pk"/> /// </remark> /// <exception cref="ArgumentException"> /// Thrown if the client Hello <paramref name="msg"/> fails to pass the /// checks. /// </exception> /// <param name="msg"> /// The received message, the first 32 bytes correspond to the client /// ephemeral key and the last 32 bytes to the hmac. /// </param> public void AcceptHello(byte[] msg) { if (msg.Length != 64) { throw new ArgumentException("The received message is not 64 bytes"); } // Separate the message in ephemeral key and hmac var ephemeral_client_key = new byte[SECTION_LENGTH]; Buffer.BlockCopy(msg, SECTION_LENGTH, ephemeral_client_key, 0, SECTION_LENGTH); var hmac = new byte[SECTION_LENGTH]; Buffer.BlockCopy(msg, 0, hmac, 0, SECTION_LENGTH); // Check if the key used to sign the hmac of the ephemeral_client_key is // valid // // Aka, check if we are in the same network if (!SecretKeyAuth.Verify(ephemeral_client_key, hmac, _network_key)) { throw new ArgumentException("The hmac does not match"); } else { this._ephemeral_client_pk = ephemeral_client_key; } // Now that we have the client's ephemeral public key we can derive // the first 2 secrets this.DeriveSecrets(); }
public static string sign(string privateKey, string cipherText) { var encodedKey = Encoding.UTF8.GetBytes(privateKey); byte[] signature = SecretKeyAuth.SignHmacSha512(cipherText, encodedKey); return(Encoding.UTF8.GetString(signature)); }
public void SimpleAuthTest() { var expected = Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"); var actual = SecretKeyAuth.Sign(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); CollectionAssert.AreEqual(expected, actual); }
/// <summary> /// Given the keys obtained during the handshake generates a pair of /// Boxer/Unboxer. /// </summary> /// <remarks> /// <para> /// TODO: Write about the process detailed in the spec /// </para> /// </remarks> /// <param name="derived_secret"> /// The secret derived from the client long term key and the server's /// ephemeral key (Ab). /// </param> /// <param name="foreing_pubkey"> /// The public key that identifies the other peer, that is, the server /// public key if this is called from the client and vice versa. /// </param> /// <param name="self_pubkey"> /// The public key that identifies the entity calling this. /// </param> /// <param name="network_key"> /// The key that identifies the network, in the case of scuttlebutt is /// the one posted in the scuttlebutt protocol /// <see href="https://ssbc.github.io/scuttlebutt-protocol-guide/"> /// guide /// </see>. /// </param> /// <param name="a"> /// The client's ephemeral public key used during the handshake. /// </param> /// <param name="b"> /// The server's ephemeral public key used during the handshake. /// </param> /// <returns> /// The Boxer/Unboxer pair that a client or server can use to /// communicate with the other. /// </returns> public static (Boxer, Unboxer) Build( byte[] derived_secret, byte[] foreing_pubkey, byte[] self_pubkey, byte[] network_key, byte[] a, byte[] b ) { var common = CryptoHash.Sha256(CryptoHash.Sha256(derived_secret)); var send_key = CryptoHash.Sha256(Utils.Concat(common, foreing_pubkey)); var recv_key = CryptoHash.Sha256(Utils.Concat(common, self_pubkey)); var send_nonce = new byte[24]; var recv_nonce = new byte[24]; var bhmac = SecretKeyAuth.Sign(b, network_key); var ahmac = SecretKeyAuth.Sign(a, network_key); Buffer.BlockCopy(send_nonce, 0, bhmac, 0, 24); Buffer.BlockCopy(recv_nonce, 0, ahmac, 0, 24); var boxer = new Boxer(send_key, send_nonce); var unboxer = new Unboxer(recv_key, recv_nonce); return(boxer, unboxer); }
public void SecretKeyAuthVerify512WithBadSignature() { SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary( "9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); }
public void SecretKeyAuthSign512WithBadKey() { Assert.Throws <KeyOutOfRangeException>(() => { SecretKeyAuth.SignHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("012345678901234567890123456789")); }); }
public void SimpleVerifyHmacSha512Test() { var actual = SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235d2"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); Assert.AreEqual(true, actual); }
public void SimpleVerifyHmacSha256Test() { var actual = SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary("1cc0012cfd200becfce64bba779025d02cb349d203e15d44a308e4249e2b7245"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); Assert.AreEqual(true, actual); }
public void SimpleAuthHmacSha256Test() { var expected = Utilities.HexToBinary("1cc0012cfd200becfce64bba779025d02cb349d203e15d44a308e4249e2b7245"); var actual = SecretKeyAuth.SignHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); CollectionAssert.AreEqual(expected, actual); }
public void SimpleVerifyTest() { var actual = SecretKeyAuth.Verify(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); Assert.AreEqual(true, actual); }
public void SecretKeyAuthVerify256WithBadSignature() { Assert.Throws <SignatureOutOfRangeException>(() => { SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321"), Encoding.UTF8.GetBytes("01234567890123456789012345678901")); }); }
public void OpenTest() { var key = Convert.FromBase64String("wYSsnapy7G9F+NTo/bVvIpnRv/ULd97XSMPLoe4+abM="); byte[] signature = Convert.FromBase64String("hQ4vOFX+pPJNhXxnbMfzAtLjSVeRBBGCOIjlNoIWvzA="); byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!"); bool result = SecretKeyAuth.Verify(message, signature, key); Assert.IsTrue(result); }
public void SignAndVerifyTest() { byte[] key = SecretKeyAuth.GenerateKey(); byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!"); byte[] signature = SecretKeyAuth.Sign(message, key); bool verification = SecretKeyAuth.Verify(message, signature, key); Assert.IsTrue(verification); }
public void SecretKeyAuthVerify512WithBadKey() { Assert.Throws <KeyOutOfRangeException>(() => { SecretKeyAuth.VerifyHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary( "9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c06a99b828e2ff921b4d1304bbd9480adfacf8c4c2ffbcbb4e5663446fda1235d2"), Encoding.UTF8.GetBytes("012345678901234567890123456789")); }); }
public void SignTest() { // Test signing given a known key and signature generated from libsodium byte[] key = Convert.FromBase64String("wYSsnapy7G9F+NTo/bVvIpnRv/ULd97XSMPLoe4+abM="); String expectedSignature = "hQ4vOFX+pPJNhXxnbMfzAtLjSVeRBBGCOIjlNoIWvzA="; byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!"); byte[] signature = SecretKeyAuth.Sign(message, key); Assert.AreEqual(expectedSignature, Convert.ToBase64String(signature)); }
/// <summary> /// Crafts the client's hello message. /// </summary> /// <remark> /// Signs the ephemeral public key with the network key and appends /// that key. /// </remark> /// <returns> /// The message to be sent /// </returns> public byte[] Hello() { var signed_key = SecretKeyAuth.Sign( this._ephemeral_client_keypair.PublicKey, this._network_key ); var msg = Utils.Concat( signed_key, _ephemeral_client_keypair.PublicKey ); return(msg); }
/// <summary> /// Craft server response to client hello /// </summary> /// <returns> /// Returns the message ready to be sent, consisting of the server /// ephemeral key and an hmac of the server key signed with the /// network key. /// </returns> public byte[] Hello() { var hmac = SecretKeyAuth.Sign( _ephemeral_server_keypair.PublicKey, _network_key ); var msg = Utils.Concat( hmac, _ephemeral_server_keypair.PublicKey ); return(msg); }
public void SecretKeyAuthSignAndVerifyTest() { byte[] key = SecretKeyAuth.GenerateKey(); String message = "Hello, World!"; byte[] signature = SecretKeyAuth.Sign(System.Text.Encoding.UTF8.GetBytes(message), key); Assert.AreEqual(32, signature.Length); bool verification = SecretKeyAuth.Verify(System.Text.Encoding.UTF8.GetBytes(message), signature, key); Assert.IsTrue(verification); signature = SecretKeyAuth.Sign(message, key); Assert.AreEqual(32, signature.Length); verification = SecretKeyAuth.Verify(message, signature, key); Assert.IsTrue(verification); }
public void HmacSha512Test() { var key = SecretKeyAuth.GenerateKey(); string message = "Hello, World!"; byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message); var sig1 = SecretKeyAuth.SignHmacSha512(message, key); var sig2 = SecretKeyAuth.SignHmacSha512(byteMessage, key); // Verify the overload works Assert.AreEqual(Convert.ToBase64String(sig1), Convert.ToBase64String(sig2)); var result = SecretKeyAuth.VerifyHmacSha512(message, sig1, key); Assert.IsTrue(result); result = SecretKeyAuth.VerifyHmacSha512(message, sig2, key); Assert.IsTrue(result); result = SecretKeyAuth.VerifyHmacSha512(byteMessage, sig1, key); Assert.IsTrue(result); result = SecretKeyAuth.VerifyHmacSha512(byteMessage, sig2, key); Assert.IsTrue(result); }
public void TestGenerateKey() { Assert.AreEqual(32, SecretKeyAuth.GenerateKey().Length); }
public void SecretKeyAuthSignWithBadKey() { SecretKeyAuth.Sign(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("0123456789012345678901234567890")); }
public void SecretKeyAuthSign512WithBadKey() { SecretKeyAuth.SignHmacSha512(Encoding.UTF8.GetBytes("Adam Caudill"), Encoding.UTF8.GetBytes("012345678901234567890123456789")); }
public void SecretKeyAuthVerify256WithBadKey() { SecretKeyAuth.VerifyHmacSha256(Encoding.UTF8.GetBytes("Adam Caudill"), Utilities.HexToBinary("9f44681a662b7cde80c4eb34db5102b62a8b482272e3cceef73a334ec1d321c0"), Encoding.UTF8.GetBytes("012345678901234567890123456789")); }