private SenderCertificate CreateCertificateFor(ECKeyPair trustRoot, String sender, int deviceId, ECPublicKey identityKey, long expires)
{
ECKeyPair serverKey = Curve.generateKeyPair();
byte[] serverCertificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize())
}.ToByteArray();
byte[] serverCertificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), serverCertificateBytes);
ServerCertificate serverCertificate = new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(serverCertificateBytes),
Signature = ByteString.CopyFrom(serverCertificateSignature)
}.ToByteArray());
byte[] senderCertificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate
{
Sender = sender,
SenderDevice = (uint)deviceId,
IdentityKey = ByteString.CopyFrom(identityKey.serialize()),
Expires = (ulong)expires,
Signer = libsignalmetadata.protobuf.ServerCertificate.Parser.ParseFrom(serverCertificate.Serialized)
}.ToByteArray();
byte[] senderCertificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), senderCertificateBytes);
return(new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate()
{
Certificate = ByteString.CopyFrom(senderCertificateBytes),
Signature = ByteString.CopyFrom(senderCertificateSignature)
}.ToByteArray()));
}
private libsignalmetadata.protobuf.ServerCertificate GetServerCertificate(ECKeyPair serverKey)
{
byte[] certificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize())
}.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(TrustRoot.getPrivateKey(), certificateBytes);
return(new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(certificateSignature)
});
}
public void TestBadFields()
{
var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate();
try
{
new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate()
{
Signature = ByteString.CopyFrom(new byte[64])
}.ToByteArray());
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
try
{
new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = certificate.ToByteString(),
Signature = ByteString.CopyFrom(new byte[64])
}.ToByteArray());
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
try
{
certificate.Id = 1;
new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = certificate.ToByteString(),
Signature = ByteString.CopyFrom(new byte[64])
}.ToByteArray());
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
public void TestSignature()
{
ECKeyPair trustRoot = Curve.generateKeyPair();
ECKeyPair keyPair = Curve.generateKeyPair();
var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize())
};
byte[] certificateBytes = certificate.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes);
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray();
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
}
public void TestBadSignature()
{
ECKeyPair trustRoot = Curve.generateKeyPair();
ECKeyPair keyPair = Curve.generateKeyPair();
var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate()
{
Id = 1,
Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize())
};
byte[] certificateBytes = certificate.ToByteArray();
byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes);
for (int i = 0; i < certificateSignature.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badSignature = new byte[certificateSignature.Length];
Array.Copy(certificateSignature, 0, badSignature, 0, badSignature.Length);
badSignature[i] = (byte)(badSignature[i] ^ (1 << b));
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(certificateBytes),
Signature = ByteString.CopyFrom(badSignature)
}.ToByteArray();
try
{
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
for (int i = 0; i < certificateBytes.Length; i++)
{
for (int b = 0; b < 8; b++)
{
byte[] badCertificate = new byte[certificateBytes.Length];
Array.Copy(certificateBytes, 0, badCertificate, 0, badCertificate.Length);
badCertificate[i] = (byte)(badCertificate[i] ^ (1 << b));
byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate()
{
Certificate = ByteString.CopyFrom(badCertificate),
Signature = ByteString.CopyFrom(certificateSignature)
}.ToByteArray();
try
{
new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized));
throw new Exception();
}
catch (InvalidCertificateException)
{
// good
}
}
}
}
