hanswolff / curve25519 Goto Github PK
View Code? Open in Web Editor NEWC# .NET Port of the Curve25519 Diffie-Hellman function
License: Apache License 2.0
C# .NET Port of the Curve25519 Diffie-Hellman function
License: Apache License 2.0
As the title says, I'm getting different results from before and after bf0aaa3 in GetPublicKey.
for example Alice has a public static and I want to set her public key in the Curve25519 object in the same way we use ClampPrivateKey, so that whenever I create alice's key pair it's with her private and public keys in conjunction with bob's public key.
GetNumSize method contains a bug (file https://github.com/hanswolff/curve25519/blob/master/Curve25519/Curve25519.cs)
Original Java method (http://code.google.com/p/curve25519-java/):
private static final int numsize(byte[] x,int n) {
while (n--!=0 && x[n]==0)
;
return n+1;
}
The current implementation (note the counter increment):
static int GetNumSize(byte[] num, int maxSize)
{
for (int i = maxSize; i >= 0; i++)
{
if (num[i] == 0) return i + 1;
}
return 0;
}
GetSharedSecret gives incorrect key when using the following inputs:
secret/private: 234, 183, 44, 116, 96, 33, 23, 106, 200, 150, 208, 81, 47, 232, 48, 189, 4, 208, 79, 178, 76, 201, 232, 191, 119, 98, 67, 173, 106, 40, 211, 44
public: 62, 65, 94, 218, 155, 246, 192, 248, 146, 116, 8, 29, 154, 121, 65, 5, 133, 16, 174, 216, 46, 250, 5, 58, 71, 201, 147, 27, 251, 37, 81, 52
expected key: 9, 232, 190, 195, 112, 129, 95, 8, 232, 160, 133, 229, 218, 41, 123, 7, 27, 66, 245, 22, 172, 45, 234, 65, 43, 203, 34, 93, 75, 114, 110, 215
actual key: 251, 51, 52, 154, 131, 190, 165, 36, 196, 45, 16, 138, 204, 92, 164, 162, 210, 9, 18, 19, 112, 239, 155, 109, 87, 105, 116, 109, 182, 228, 210, 57
using the pasted example code, my program crashes with the following.
Unhandled Exception: System.OverflowException: Arithmetic operation resulted in
an overflow.
at CryptoTests.Curve25519.Pack(Long10 x, Byte[] m) in c:\Projects\CryptoTests\Curve25519.cs:line 352
at CryptoTests.Curve25519.Core(Byte[] publicKey, Byte[] signingKey, Byte[] privateKey, Byte[] peerPublicKey) in
c:\Projects\CryptoTests\Curve25519.cs:line 855
at CryptoTests.Curve25519.GetPublicKey(Byte[] privateKey) in c:\Projects\CryptoTests\Curve25519.cs:line 117
at CryptoTests.Program.Main(String[] args) in c:\Projects\CryptoTests\Program.cs:line 44
using .NET 4.0 and SharpDevelop
Is it a security risk? Of course the shared secret will be different.
We found that we couldn't get this and another library that uses Curve25519 to work so we tested both libraries against the official test vectors. In particular, we tested the conversion from the secret key of party A (d_A
) to the public key (x_A
). These test vectors are found on the last page of the draft RFC:
https://tools.ietf.org/html/draft-josefsson-tls-curve25519-04
Here is the sample code using the WallF.BaseNEncodings
package to convert hex to byte arrays:
var d_A = "5ac99f33632e5a768de7e81bf854c27c46e3fbf2abbacd29ec4aff517369c660".ToUpper();
var d_A_bytes = BaseEncoding.Base16.FromBaseString(d_A);
var d_A_clamped = Curve25519.ClampPrivateKey(d_A_bytes);
// value should be 057e23ea9f1cbe8a27168f6e696a791de61dd3af7acd4eeacc6e7ba514fda863
var x_A_bytes = Curve25519.GetPublicKey(d_A_bytes); // gives a704c2f860fe0c74c457ed4d0f1b26e907491fa34c3b3af0c2f89bd391f68c01
var x_A_clamped = Curve25519.GetPublicKey(d_A_clamped); // gives 565689ffdf3c5be17b44ab2a5519e28a919b520c2fb9fde9414b46dcdbc99c3b
Hi,
Could you state the license of the source code (e.g. with a LICENSE file in the root directory)?
cloned the Curve25519 of CodesInChaos to avoid side channel attacks
need to remove unsafe code (looks like a big chunk of work)
https://github.com/langboost/curve25519-uwp
Please can you convert it into c#
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.