public void testChainKeyDerivationV2() { byte[] seed = { 0x8a, 0xb7, 0x2d, 0x6f, 0x4c, 0xc5, 0xac, 0x0d, 0x38, 0x7e, 0xaf, 0x46, 0x33, 0x78, 0xdd, 0xb2, 0x8e, 0xdd, 0x07, 0x38, 0x5b, 0x1c, 0xb0, 0x12, 0x50, 0xc7, 0x15, 0x98, 0x2e, 0x7a, 0xd4, 0x8f }; byte[] messageKey = { 0x02, 0xa9, 0xaa, 0x6c, 0x7d, 0xbd, 0x64, 0xf9, 0xd3, 0xaa, 0x92, 0xf9, 0x2a, 0x27, 0x7b, 0xf5, 0x46, 0x09, 0xda, 0xdf, 0x0b, 0x00, 0x82, 0x8a, 0xcf, 0xc6, 0x1e, 0x3c, 0x72, 0x4b, 0x84, 0xa7 }; byte[] macKey = { 0xbf, 0xbe, 0x5e, 0xfb, 0x60, 0x30, 0x30, 0x52, 0x67, 0x42, 0xe3, 0xee, 0x89, 0xc7, 0x02, 0x4e, 0x88, 0x4e, 0x44, 0x0f, 0x1f, 0xf3, 0x76, 0xbb, 0x23, 0x17, 0xb2, 0xd6, 0x4d, 0xeb, 0x7c, 0x83 }; byte[] nextChainKey = { 0x28, 0xe8, 0xf8, 0xfe, 0xe5, 0x4b, 0x80, 0x1e, 0xef, 0x7c, 0x5c, 0xfb, 0x2f, 0x17, 0xf3, 0x2c, 0x7b, 0x33, 0x44, 0x85, 0xbb, 0xb7, 0x0f, 0xac, 0x6e, 0xc1, 0x03, 0x42, 0xa2, 0x46, 0xd1, 0x5d }; ChainKey chainKey = new ChainKey(HKDF.createFor(2), seed, 0); Assert.AreEqual(seed, chainKey.getKey()); CollectionAssert.AreEqual(messageKey, chainKey.getMessageKeys().getCipherKey()); CollectionAssert.AreEqual(macKey, chainKey.getMessageKeys().getMacKey()); CollectionAssert.AreEqual(nextChainKey, chainKey.getNextChainKey().getKey()); Assert.AreEqual((uint)0, chainKey.getIndex()); Assert.AreEqual((uint)0, chainKey.getMessageKeys().getCounter()); Assert.AreEqual((uint)1, chainKey.getNextChainKey().getIndex()); Assert.AreEqual((uint)1, chainKey.getNextChainKey().getMessageKeys().getCounter()); }
public void testChainKeyDerivationV3() { byte[] seed = { (byte) 0x8a, (byte) 0xb7, (byte) 0x2d, (byte) 0x6f, (byte) 0x4c, (byte) 0xc5, (byte) 0xac, (byte) 0x0d, (byte) 0x38, (byte) 0x7e, (byte) 0xaf, (byte) 0x46, (byte) 0x33, (byte) 0x78, (byte) 0xdd, (byte) 0xb2, (byte) 0x8e, (byte) 0xdd, (byte) 0x07, (byte) 0x38, (byte) 0x5b, (byte) 0x1c, (byte) 0xb0, (byte) 0x12, (byte) 0x50, (byte) 0xc7, (byte) 0x15, (byte) 0x98, (byte) 0x2e, (byte) 0x7a, (byte) 0xd4, (byte) 0x8f}; byte[] messageKey = { /* (byte) 0x02*/ (byte) 0xbf, (byte) 0x51, (byte) 0xe9, (byte) 0xd7, (byte) 0x5e, (byte) 0x0e, (byte) 0x31, (byte) 0x03, (byte) 0x10, (byte) 0x51, (byte) 0xf8, (byte) 0x2a, (byte) 0x24, (byte) 0x91, (byte) 0xff, (byte) 0xc0, (byte) 0x84, (byte) 0xfa, (byte) 0x29, (byte) 0x8b, (byte) 0x77, (byte) 0x93, (byte) 0xbd, (byte) 0x9d, (byte) 0xb6, (byte) 0x20, (byte) 0x05, (byte) 0x6f, (byte) 0xeb, (byte) 0xf4, (byte) 0x52, (byte) 0x17}; byte[] macKey = { (byte)0xc6, (byte)0xc7, (byte)0x7d, (byte)0x6a, (byte)0x73, (byte)0xa3, (byte)0x54, (byte)0x33, (byte)0x7a, (byte)0x56, (byte)0x43, (byte)0x5e, (byte)0x34, (byte)0x60, (byte)0x7d, (byte)0xfe, (byte)0x48, (byte)0xe3, (byte)0xac, (byte)0xe1, (byte)0x4e, (byte)0x77, (byte)0x31, (byte)0x4d, (byte)0xc6, (byte)0xab, (byte)0xc1, (byte)0x72, (byte)0xe7, (byte)0xa7, (byte)0x03, (byte)0x0b}; byte[] nextChainKey = { (byte) 0x28, (byte) 0xe8, (byte) 0xf8, (byte) 0xfe, (byte) 0xe5, (byte) 0x4b, (byte) 0x80, (byte) 0x1e, (byte) 0xef, (byte) 0x7c, (byte) 0x5c, (byte) 0xfb, (byte) 0x2f, (byte) 0x17, (byte) 0xf3, (byte) 0x2c, (byte) 0x7b, (byte) 0x33, (byte) 0x44, (byte) 0x85, (byte) 0xbb, (byte) 0xb7, (byte) 0x0f, (byte) 0xac, (byte) 0x6e, (byte) 0xc1, (byte) 0x03, (byte) 0x42, (byte) 0xa2, (byte) 0x46, (byte) 0xd1, (byte) 0x5d}; ChainKey chainKey = new ChainKey(HKDF.createFor(3), seed, 0); Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getKey(), seed)); Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getMessageKeys().getCipherKey(), messageKey)); Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getMessageKeys().getMacKey(), macKey)); Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getNextChainKey().getKey(), nextChainKey)); Assert.IsTrue(chainKey.getIndex() == 0); Assert.IsTrue(chainKey.getMessageKeys().getCounter() == 0); Assert.IsTrue(chainKey.getNextChainKey().getIndex() == 1); Assert.IsTrue(chainKey.getNextChainKey().getMessageKeys().getCounter() == 1); }
private MessageKeys getOrCreateMessageKeys(SessionState sessionState, ECPublicKey theirEphemeral, ChainKey chainKey, uint counter) { if (chainKey.getIndex() > counter) { if (sessionState.hasMessageKeys(theirEphemeral, counter)) { return sessionState.removeMessageKeys(theirEphemeral, counter); } else { throw new DuplicateMessageException($"Received message with old counter: {chainKey.getIndex()} , {counter}"); } } //Avoiding a uint overflow uint chainKeyIndex = chainKey.getIndex(); if ((counter > chainKeyIndex) && (counter - chainKeyIndex > 2000)) { throw new InvalidMessageException("Over 2000 messages into the future!"); } while (chainKey.getIndex() < counter) { MessageKeys messageKeys = chainKey.getMessageKeys(); sessionState.setMessageKeys(theirEphemeral, messageKeys); chainKey = chainKey.getNextChainKey(); } sessionState.setReceiverChainKey(theirEphemeral, chainKey.getNextChainKey()); return chainKey.getMessageKeys(); }
public void testChainKeyDerivationV3() { byte[] seed = { 0x8a, 0xb7, 0x2d, 0x6f, 0x4c, 0xc5, 0xac, 0x0d, 0x38, 0x7e, 0xaf, 0x46, 0x33, 0x78, 0xdd, 0xb2, 0x8e, 0xdd, 0x07, 0x38, 0x5b, 0x1c, 0xb0, 0x12, 0x50, 0xc7, 0x15, 0x98, 0x2e, 0x7a, 0xd4, 0x8f }; byte[] messageKey = { /* 0x02*/ 0xbf, 0x51, 0xe9, 0xd7, 0x5e, 0x0e, 0x31, 0x03, 0x10, 0x51, 0xf8, 0x2a, 0x24, 0x91, 0xff, 0xc0, 0x84, 0xfa, 0x29, 0x8b, 0x77, 0x93, 0xbd, 0x9d, 0xb6, 0x20, 0x05, 0x6f, 0xeb, 0xf4, 0x52, 0x17 }; byte[] macKey = { 0xc6, 0xc7, 0x7d, 0x6a, 0x73, 0xa3, 0x54, 0x33, 0x7a, 0x56, 0x43, 0x5e, 0x34, 0x60, 0x7d, 0xfe, 0x48, 0xe3, 0xac, 0xe1, 0x4e, 0x77, 0x31, 0x4d, 0xc6, 0xab, 0xc1, 0x72, 0xe7, 0xa7, 0x03, 0x0b }; byte[] nextChainKey = { 0x28, 0xe8, 0xf8, 0xfe, 0xe5, 0x4b, 0x80, 0x1e, 0xef, 0x7c, 0x5c, 0xfb, 0x2f, 0x17, 0xf3, 0x2c, 0x7b, 0x33, 0x44, 0x85, 0xbb, 0xb7, 0x0f, 0xac, 0x6e, 0xc1, 0x03, 0x42, 0xa2, 0x46, 0xd1, 0x5d }; ChainKey chainKey = new ChainKey(HKDF.createFor(3), seed, 0); Assert.AreEqual(seed, chainKey.getKey()); CollectionAssert.AreEqual(messageKey, chainKey.getMessageKeys().getCipherKey()); CollectionAssert.AreEqual(macKey, chainKey.getMessageKeys().getMacKey()); CollectionAssert.AreEqual(nextChainKey, chainKey.getNextChainKey().getKey()); Assert.AreEqual((uint)0, chainKey.getIndex()); Assert.AreEqual((uint)0, chainKey.getMessageKeys().getCounter()); Assert.AreEqual((uint)1, chainKey.getNextChainKey().getIndex()); Assert.AreEqual((uint)1, chainKey.getNextChainKey().getMessageKeys().getCounter()); }