private SenderCertificate CreateCertificateFor(ECKeyPair trustRoot, String sender, int deviceId, ECPublicKey identityKey, long expires) { ECKeyPair serverKey = Curve.generateKeyPair(); byte[] serverCertificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate() { Id = 1, Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize()) }.ToByteArray(); byte[] serverCertificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), serverCertificateBytes); ServerCertificate serverCertificate = new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(serverCertificateBytes), Signature = ByteString.CopyFrom(serverCertificateSignature) }.ToByteArray()); byte[] senderCertificateBytes = new libsignalmetadata.protobuf.SenderCertificate.Types.Certificate { Sender = sender, SenderDevice = (uint)deviceId, IdentityKey = ByteString.CopyFrom(identityKey.serialize()), Expires = (ulong)expires, Signer = libsignalmetadata.protobuf.ServerCertificate.Parser.ParseFrom(serverCertificate.Serialized) }.ToByteArray(); byte[] senderCertificateSignature = Curve.calculateSignature(serverKey.getPrivateKey(), senderCertificateBytes); return(new SenderCertificate(new libsignalmetadata.protobuf.SenderCertificate() { Certificate = ByteString.CopyFrom(senderCertificateBytes), Signature = ByteString.CopyFrom(senderCertificateSignature) }.ToByteArray())); }
private libsignalmetadata.protobuf.ServerCertificate GetServerCertificate(ECKeyPair serverKey) { byte[] certificateBytes = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate() { Id = 1, Key = ByteString.CopyFrom(serverKey.getPublicKey().serialize()) }.ToByteArray(); byte[] certificateSignature = Curve.calculateSignature(TrustRoot.getPrivateKey(), certificateBytes); return(new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(certificateBytes), Signature = ByteString.CopyFrom(certificateSignature) }); }
public void TestBadFields() { var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate(); try { new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate() { Signature = ByteString.CopyFrom(new byte[64]) }.ToByteArray()); throw new Exception(); } catch (InvalidCertificateException) { // good } try { new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate() { Certificate = certificate.ToByteString(), Signature = ByteString.CopyFrom(new byte[64]) }.ToByteArray()); throw new Exception(); } catch (InvalidCertificateException) { // good } try { certificate.Id = 1; new ServerCertificate(new libsignalmetadata.protobuf.ServerCertificate() { Certificate = certificate.ToByteString(), Signature = ByteString.CopyFrom(new byte[64]) }.ToByteArray()); throw new Exception(); } catch (InvalidCertificateException) { // good } }
public void TestSignature() { ECKeyPair trustRoot = Curve.generateKeyPair(); ECKeyPair keyPair = Curve.generateKeyPair(); var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate() { Id = 1, Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize()) }; byte[] certificateBytes = certificate.ToByteArray(); byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes); byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(certificateBytes), Signature = ByteString.CopyFrom(certificateSignature) }.ToByteArray(); new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized)); }
public void TestBadSignature() { ECKeyPair trustRoot = Curve.generateKeyPair(); ECKeyPair keyPair = Curve.generateKeyPair(); var certificate = new libsignalmetadata.protobuf.ServerCertificate.Types.Certificate() { Id = 1, Key = ByteString.CopyFrom(keyPair.getPublicKey().serialize()) }; byte[] certificateBytes = certificate.ToByteArray(); byte[] certificateSignature = Curve.calculateSignature(trustRoot.getPrivateKey(), certificateBytes); for (int i = 0; i < certificateSignature.Length; i++) { for (int b = 0; b < 8; b++) { byte[] badSignature = new byte[certificateSignature.Length]; Array.Copy(certificateSignature, 0, badSignature, 0, badSignature.Length); badSignature[i] = (byte)(badSignature[i] ^ (1 << b)); byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(certificateBytes), Signature = ByteString.CopyFrom(badSignature) }.ToByteArray(); try { new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized)); throw new Exception(); } catch (InvalidCertificateException) { // good } } } for (int i = 0; i < certificateBytes.Length; i++) { for (int b = 0; b < 8; b++) { byte[] badCertificate = new byte[certificateBytes.Length]; Array.Copy(certificateBytes, 0, badCertificate, 0, badCertificate.Length); badCertificate[i] = (byte)(badCertificate[i] ^ (1 << b)); byte[] serialized = new libsignalmetadata.protobuf.ServerCertificate() { Certificate = ByteString.CopyFrom(badCertificate), Signature = ByteString.CopyFrom(certificateSignature) }.ToByteArray(); try { new CertificateValidator(trustRoot.getPublicKey()).Validate(new ServerCertificate(serialized)); throw new Exception(); } catch (InvalidCertificateException) { // good } } } }