Arctium - .NET Core Crypto Library
Download binaries archive: Release-Link
Nuget:
Install-Package Arctium.Shared
Install-Package Arctium.Cryptography
Install-Package Arctium.Standards
API Docs:
https://dndocs.com/?packageName=Arctium.Shared&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Standards&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Cryptography&packageVersion=1.0.0.1
Arctium is a simple crypto library, created and maintained for learning purpose.
It provides various cryptographic functions, ciphers, connection protocols etc. implemented for better or worse but probably they should works.
Solution is partitioned into a following projects, each of them is a set of related algorithms. If you wish to get more informations about specific project, algorithm and examples, see appropriate docs folder. Each folder contains more specific informations and examples.
In the future there may be some console interface utility tool
This is a short summary of what is on the development stage and direct links
for more interesting parts of the documentation.
TLS 1.3 - Supported Features
Name
Supported
Comment
Cipher suites (RFC 8446)
TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256
Supported Cipher suites
Named Groups (RFC 8446)
Secp256r1, Secp384r1, Secp521r1, X25519, X448, Ffdhe2048, Ffdhe3072, Ffdhe4096, Ffdhe6144, Ffdhe8192
Supported Groups - Configurable on Client/Server (e.g. can only use X25519 and not any other)
NewSessionTicket (RFC 8446)
Yes
Client & Server (Client accept ticket and can use it, server generates ticket and send to client, both configurable)
Signature Schemes (RFC 8446)
EcdsaSecp256r1Sha256, EcdsaSecp384r1Sha384, EcdsaSecp521r1Sha512, RsaPssRsaeSha256, RsaPssRsaeSha384, RsaPssRsaeSha512
Signature generation & validation
Key Update (RFC 8446)
Yes
On Client & Server. At any time server or client can send key update any number of time. Keys are updated
Handshake Client Authentication
Yes
Client & Server - client can authenticate and server can request (configurable)
Post handhsake client authentication
Yes
Client & Server configurable. Client can authenticate multiple times server can request authentication at any time after handshake
Multiple server certificates
Yes
Server can have multiple certificates and select them based on client hello supported features
Extension - Server Name (RFC 6066)
Yes
Extension - PskKeyExchangeMode (RFC 8446)
Yes
Must support because TLS 1.3 specs require it
Extension - Application Layer Protocol Negotiation (RFC-7301)
Yes
On client & server. Client can send any bytes (defined by IANA or arbitrary bytes) and server can accept/reject any ALPN or ignore this extension
Extension - Supported Version (RFC 8446)
Yes
Must be required by TLS 1.3 spec
Extension - Cookie (RFC 8446))
Yes
Required by TLS 1.3 spec
Extension - Signature Algorithms (RFC 8446)
Yes
Client & Server, configurable
Extension - KeyShare (RFC 8446)
Yes
Required by TLS 1.3 spec
Extension - SupportedGroups
Yes
Extension - MaxFragmentLength (RFC 6066)
Yes
Configurable on client & server
Extension - OidFilters
Yes
Can send this extension but only as raw bytes (so DER encoded from external source, Arctium lib can't encode to DER bytes for now)
Extension - Signature Algorithms Cert
Yes
Client & server can sent this extension
Extension - Certificate Authorities
Yes
Configurable
Extension - GREASE (RFC 9701)
Yes
Client & Server Configurable - can be enabled or disabled
To use Arctium TLS 1.3 examples below following file with sample resources must be included. Examples base on it. If not included code will not compite and will need to be changed.
Examples - Resources
Name
Link
Comment
Client - Basic connection
Example Code
Connect to www.github.com
Server - Basic server
Example Code
HTTP response for browser (e.g. Edge)
Client - ConnectionInfo
Example Code
Client - Show informations about established TLS 1.3 connection
Server - ConnectionInfo
Example Code
Server - Show informations about established TLS 1.3 connection
Client/Server - Close Connection
Example Code
Closing TLS 1.3 connection
Setup server and connect client
Example Code
Connect Arctium TLS 1.3 client to Arctium TLS 1.3 Server
Client/Server - Update Traffic Secret
Example Code
Update Traffic Secret
Key and Initialization Vector Update
Arctium TLS 1.3 - Expected Usage Example
Name
Link
Comment
Search Browser
Example Code
Very simple Console App for searching www.github.com and showing results
HTTP Server
Example Code
Very simple Console App HTTP server that handle multiple TLS 1.3 connections parallel
Tls 1.3 - Server Configuration
Name
Link
Comment
Cipher Suites
Example Code
How to use specific cipher suites
Extension - Supported Groups
Example Code
How to allow specific groups to be used in key exchange
Extension - Signature Schemes
Example Code
How to allow specific signature schemes to be used in signature generation
Extension - Record Size Limit
Example Code
How to configure Record size limit extension
Extension - ALPN
Example Code
How to configure ALPN extension
Extension - Server Name
Example Code
How to configure server name extension
Handshake Client Authentication
Example Code
How to request client authentication during TLS 1.3 handshake
Extension - Oid Filters
Example Code
How to configure Oid Filters extension
Extension - Post Handshake Client Authentication
Example Code
How to configure post handshake client authentication and request client to authenticated at any time after after handshake completed
Extension - Certificate Authorities
Example Code
How to configure certificate authorities extension
Extension - Pre Shared Key
Example Code
How to configure Pre shared key
Extension - GREASE
Example Code
How to enable/disable GREASE extension
Tls 1.3 - Client Configuration
Name
Link
Comment
Cipher Suites
Example Code
How to use specific cipher suites
Extension - Supported Groups
Example Code
How to allow specific groups to be used in key exchange
Extension - Key share
Example Code
How to precompute and sent specific groups in client hello in keyshare
Extension - Supported Signature Scheme
Example Code
How to allow specific signature schemes to be used in signing operation
Extension - Record Size Limit
Example Code
How to configure Record size limit
Extension - ALPN
Example Code
How to configure ALPN (Application layer protocol negotiation)
Extension - Server Name
Example Code
How to configure Server Name extension
Extension - Signature Algorithms Cert
Example Code
How to configure Signature Algorithms Cert extension
Handshake Client Authentication
Example Code
How to configure Handshake Client Authentication
Post Handshake Client Authentication
Example Code
How to configure Post Handshake Client Authentication (server can request at any time, multiple times supported even with different client x509 certificates for each auth request)
Extension - Certificate Authorities
Example Code
How to configure certificate authorities
Extension - Pre Shared Key
Example Code
How to configure Pre Shared Key
Extension - GREASE
Example Code
How to configure GREASE extension
Elliptic Curves - SEC 2 / Verify Signature
Name
Link
Comment
secp192k1 - Verify Signature
Example Code
Verify ECC signature
secp192r1 - Verify Signature
Example Code
Verify ECC signature
secp224k1 - Verify Signature
Example Code
Verify ECC signature
secp224r1 - Verify Signature
Example Code
Verify ECC signature
secp256k1 - Verify Signature
Example Code
Verify ECC signature
secp256r1 - Verify Signature
Example Code
Verify ECC signature
secp384r1 - Verify Signature
Example Code
Verify ECC signature
secp521r1 - Verify Signature
Example Code
Verify ECC signature
Elliptic Curves - SEC 2 / Generate Signature
Name
Link
Comment
secp192k1 - Signature
Example Code
Generate ECC signature
secp192r1 - Signature
Example Code
Generate ECC signature
secp224k1 - Signature
Example Code
Generate ECC signature
secp224r1 - Signature
Example Code
Generate ECC signature
secp256k1 - Signature
Example Code
Generate ECC signature
secp256r1 - Signature
Example Code
Generate ECC signature
secp384r1 - Signature
Example Code
Generate ECC signature
secp521r1 - Signature
Example Code
Generate ECC signature
Elliptic Curves - SEC 2 / Key Exchange
Arbitrary curve (not predefined, parameters must be provided):
Arbitrary curve code examples
AEAD Predefined (RFC-5116)
Name
Link
Comment
AEAD AES 128 CCM
Example Code
Dont Use - Not working TODO/ Create AEAD Algorithm AES 128 CCM
AEAD AES 256 GCM
Example Code
Create AEAD Algorithm AES 256 GCM
AEAD AES 256 CCM
Example Code
Dont Use - Not working TODO / Create AEAD Algorithm AES 256 CCM
AEAD AES 128 CCM 8
Example Code
Create AEAD Algorithm AES 128 CCM 8
Name
Link
Comment
X25519 Curve
Example Code
Key Exchange using X25519 Curve
X448 Curve
Example Code
Key Exchange using X448 Curve
Name
Link
Comment
PKCS#8 - Decode RSA private key from PKCS#8 file
Example Code
How to decode RSA Private key from PKCS#8 file
PKCS#8 - Decode ECC private key from PKCS#8 file
Example Code
How to decode ECC Private key from PKCS#8 file
Name
Link
Comment
PEM - from file
Example Code
Decode PEM file from file on file system
PEM - from string
Example Code
Decode PEM file from string
Name
Link
Comment
CryptoAlgoFactory
Example Code
Crypto algo factory utility
X509 Certificate - Deserialize
x509-deserialize
Deserialize X509 Certificate From Bytes or from PEM file
X509 Certificate - RSA Public Key
x509-geteccpubkey
X509 Certificate - Get RSA public key from certificate
X509 Certificate - ECC Public Key
x509-getrsapubkey
X509 Certificate - Get ECC public key from certificate
X509 - DER Encode 'EcdsaSigValue' structure
x509-encodeecdsasigvalue
How to DER-Encode ECC signature to EcdsaSigValue structure
PKCS#1
PKCS1v2_2
Using PKCS#1 v2.2 API (RSASSA PSS) generate signature / verify signature etc.
Name
Link
Camellia block cipher (128, 192, 256 key sizes)
-
Streebog-256
-
Streebog-512
-
CRC-8
-
CRC-16
-
CRC-32
-
RadioGatun-64
-
RadioGatun-32
-
Whirlpool
-
PKCS#1 v2.2 (RFC 8017)
PKCS1v2_2
SHA1 (Hash function)
SHA1
Skein (Hash function)
Skein
BLAKE2b (Hash function)
BLAKE2b
BLAKE3 (Hash function)
BLAKE3
Twofish (Block cipher)
Twofish
X509 V3 Certificate
X509Cert
Rabbit - stream cipher (ESTREAM)
Rabbit
HC-256 - stream cipher (ESTREAM)
HC256
Hash functions
HashFunctions
ASN.1 Standard
[ASN1 Standard]
ASN1. Simple Der decoder
Der decoder
TLS 1.2
TLS12 Info
TLS 1.2 Examples
TLS12 examples
Overview of root dirs of documentation