Skip to content

Latest commit

 

History

History
460 lines (395 loc) · 25.7 KB

README.md

File metadata and controls

460 lines (395 loc) · 25.7 KB

Arctium - .NET Core Crypto Library


Download binaries archive: Release-Link

Nuget:

Install-Package Arctium.Shared
Install-Package Arctium.Cryptography
Install-Package Arctium.Standards

API Docs:
https://dndocs.com/?packageName=Arctium.Shared&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Standards&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Cryptography&packageVersion=1.0.0.1

Arctium is a simple crypto library, created and maintained for learning purpose. It provides various cryptographic functions, ciphers, connection protocols etc. implemented for better or worse but probably they should works.

Projects

Solution is partitioned into a following projects, each of them is a set of related algorithms. If you wish to get more informations about specific project, algorithm and examples, see appropriate docs folder. Each folder contains more specific informations and examples.

ArctiumCLI

In the future there may be some console interface utility tool

Look up documents

This is a short summary of what is on the development stage and direct links for more interesting parts of the documentation.

TLS 1.3

TLS 1.3 - Supported Features

Name Supported Comment
Cipher suites (RFC 8446) TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 Supported Cipher suites
Named Groups (RFC 8446) Secp256r1, Secp384r1, Secp521r1, X25519, X448, Ffdhe2048, Ffdhe3072, Ffdhe4096, Ffdhe6144, Ffdhe8192 Supported Groups - Configurable on Client/Server (e.g. can only use X25519 and not any other)
NewSessionTicket (RFC 8446) Yes Client & Server (Client accept ticket and can use it, server generates ticket and send to client, both configurable)
Signature Schemes (RFC 8446) EcdsaSecp256r1Sha256, EcdsaSecp384r1Sha384, EcdsaSecp521r1Sha512, RsaPssRsaeSha256, RsaPssRsaeSha384, RsaPssRsaeSha512 Signature generation & validation
Key Update (RFC 8446) Yes On Client & Server. At any time server or client can send key update any number of time. Keys are updated
Handshake Client Authentication Yes Client & Server - client can authenticate and server can request (configurable)
Post handhsake client authentication Yes Client & Server configurable. Client can authenticate multiple times server can request authentication at any time after handshake
Multiple server certificates Yes Server can have multiple certificates and select them based on client hello supported features
Extension - Server Name (RFC 6066) Yes
Extension - PskKeyExchangeMode (RFC 8446) Yes Must support because TLS 1.3 specs require it
Extension - Application Layer Protocol Negotiation (RFC-7301) Yes On client & server. Client can send any bytes (defined by IANA or arbitrary bytes) and server can accept/reject any ALPN or ignore this extension
Extension - Supported Version (RFC 8446) Yes Must be required by TLS 1.3 spec
Extension - Cookie (RFC 8446)) Yes Required by TLS 1.3 spec
Extension - Signature Algorithms (RFC 8446) Yes Client & Server, configurable
Extension - KeyShare (RFC 8446) Yes Required by TLS 1.3 spec
Extension - SupportedGroups Yes
Extension - MaxFragmentLength (RFC 6066) Yes Configurable on client & server
Extension - OidFilters Yes Can send this extension but only as raw bytes (so DER encoded from external source, Arctium lib can't encode to DER bytes for now)
Extension - Signature Algorithms Cert Yes Client & server can sent this extension
Extension - Certificate Authorities Yes Configurable
Extension - GREASE (RFC 9701) Yes Client & Server Configurable - can be enabled or disabled

To use Arctium TLS 1.3 examples below following file with sample resources must be included. Examples base on it. If not included code will not compite and will need to be changed.

Examples - Resources

TLS 1.3 - Basic Example

Name Link Comment
Client - Basic connection Example Code Connect to www.github.com
Server - Basic server Example Code HTTP response for browser (e.g. Edge)
Client - ConnectionInfo Example Code Client - Show informations about established TLS 1.3 connection
Server - ConnectionInfo Example Code Server - Show informations about established TLS 1.3 connection
Client/Server - Close Connection Example Code Closing TLS 1.3 connection
Setup server and connect client Example Code Connect Arctium TLS 1.3 client to Arctium TLS 1.3 Server
Client/Server - Update Traffic Secret Example Code Update Traffic Secret
Key and Initialization Vector Update

Arctium TLS 1.3 - Expected Usage Example

Name Link Comment
Search Browser Example Code Very simple Console App for searching www.github.com and showing results
HTTP Server Example Code Very simple Console App HTTP server that handle multiple TLS 1.3 connections parallel

Tls 1.3 - Server Configuration

Name Link Comment
Cipher Suites Example Code How to use specific cipher suites
Extension - Supported Groups Example Code How to allow specific groups to be used in key exchange
Extension - Signature Schemes Example Code How to allow specific signature schemes to be used in signature generation
Extension - Record Size Limit Example Code How to configure Record size limit extension
Extension - ALPN Example Code How to configure ALPN extension
Extension - Server Name Example Code How to configure server name extension
Handshake Client Authentication Example Code How to request client authentication during TLS 1.3 handshake
Extension - Oid Filters Example Code How to configure Oid Filters extension
Extension - Post Handshake Client Authentication Example Code How to configure post handshake client authentication and request client to authenticated at any time after after handshake completed
Extension - Certificate Authorities Example Code How to configure certificate authorities extension
Extension - Pre Shared Key Example Code How to configure Pre shared key
Extension - GREASE Example Code How to enable/disable GREASE extension

Tls 1.3 - Client Configuration

Name Link Comment
Cipher Suites Example Code How to use specific cipher suites
Extension - Supported Groups Example Code How to allow specific groups to be used in key exchange
Extension - Key share Example Code How to precompute and sent specific groups in client hello in keyshare
Extension - Supported Signature Scheme Example Code How to allow specific signature schemes to be used in signing operation
Extension - Record Size Limit Example Code How to configure Record size limit
Extension - ALPN Example Code How to configure ALPN (Application layer protocol negotiation)
Extension - Server Name Example Code How to configure Server Name extension
Extension - Signature Algorithms Cert Example Code How to configure Signature Algorithms Cert extension
Handshake Client Authentication Example Code How to configure Handshake Client Authentication
Post Handshake Client Authentication Example Code How to configure Post Handshake Client Authentication (server can request at any time, multiple times supported even with different client x509 certificates for each auth request)
Extension - Certificate Authorities Example Code How to configure certificate authorities
Extension - Pre Shared Key Example Code How to configure Pre Shared Key
Extension - GREASE Example Code How to configure GREASE extension

Elliptic Curves - SEC 2 / Verify Signature

Name Link Comment
secp192k1 - Verify Signature Example Code Verify ECC signature
secp192r1 - Verify Signature Example Code Verify ECC signature
secp224k1 - Verify Signature Example Code Verify ECC signature
secp224r1 - Verify Signature Example Code Verify ECC signature
secp256k1 - Verify Signature Example Code Verify ECC signature
secp256r1 - Verify Signature Example Code Verify ECC signature
secp384r1 - Verify Signature Example Code Verify ECC signature
secp521r1 - Verify Signature Example Code Verify ECC signature

Elliptic Curves - SEC 2 / Generate Signature

Name Link Comment
secp192k1 - Signature Example Code Generate ECC signature
secp192r1 - Signature Example Code Generate ECC signature
secp224k1 - Signature Example Code Generate ECC signature
secp224r1 - Signature Example Code Generate ECC signature
secp256k1 - Signature Example Code Generate ECC signature
secp256r1 - Signature Example Code Generate ECC signature
secp384r1 - Signature Example Code Generate ECC signature
secp521r1 - Signature Example Code Generate ECC signature

Elliptic Curves - SEC 2 / Key Exchange

Name Link Comment
secp192k1 Example Code Key Exchange example
secp192r1 Example Code Key Exchange example
secp224k1 Example Code Key Exchange example
secp224r1 Example Code Key Exchange example
secp256k1 Example Code Key Exchange example
secp256r1 Example Code Key Exchange example
secp384r1 Example Code Key Exchange example
secp521r1 Example Code Key Exchange example

Arbitrary curve (not predefined, parameters must be provided): Arbitrary curve code examples

Stream Ciphers

Name Link Comment
CHACHA-20 Code Example ChaCha-20 Stream Cipher
Rabbit Code Example Rabbit Stream Cipher
HC-256 Code Example HC-256 Stream Cipher

Block Ciphers

Name Link Comment
AES-128 Code Example AES 128 Block Cipher
AES-192 Code Example AES 192 Block Cipher
AES-512 Code Example AES 256 Block Cipher
Camellia Code Example Camellia Block cipher
Threefish-256 Code Example Threefish 256 Block cipher
Threefish-512 Code Example Threefish 512 Block cipher
Threefish-1024 Code Example Threefish 1024 Block cipher
Twofish Code Example Twofish Block cipher

AEAD

Name Link Comment
Poly1305-Chacha20 Example Code
Galois Counter Mode Example Code GCM mode with custom tag length
CCM Mode Example Code Dont use not work / TODO

AEAD Predefined (RFC-5116)

Name Link Comment
AEAD AES 128 CCM Example Code Dont Use - Not working TODO/ Create AEAD Algorithm AES 128 CCM
AEAD AES 256 GCM Example Code Create AEAD Algorithm AES 256 GCM
AEAD AES 256 CCM Example Code Dont Use - Not working TODO / Create AEAD Algorithm AES 256 CCM
AEAD AES 128 CCM 8 Example Code Create AEAD Algorithm AES 128 CCM 8

X25519 & X448 (RFC 7748)

Name Link Comment
X25519 Curve Example Code Key Exchange using X25519 Curve
X448 Curve Example Code Key Exchange using X448 Curve

PKCS#8

Name Link Comment
PKCS#8 - Decode RSA private key from PKCS#8 file Example Code How to decode RSA Private key from PKCS#8 file
PKCS#8 - Decode ECC private key from PKCS#8 file Example Code How to decode ECC Private key from PKCS#8 file

FFDHE - RFC-7919

Name Link Comment
FFDHE2048 Example Code Key Exchange using FFDHE2048
FFDHE3072 Example Code Key Exchange using FFDHE3072
FFDHE4096 Example Code Key Exchange using FFDHE4096
FFDHE6144 Example Code Key Exchange using FFDHE6144
FFDHE8192 Example Code Key Exchange using FFDHE8192

PEM file decoding

Name Link Comment
PEM - from file Example Code Decode PEM file from file on file system
PEM - from string Example Code Decode PEM file from string

Hash Functions

Name Link Comment
BLAKE2b Example Code Example of BLAKE2b
BLAKE2B_512 Example Code Example of BLAKE2B_512
Blake3 Example Code Example of Blake3
JH_224 Example Code Example of JH_224
JH_256 Example Code Example of JH_256
JH_384 Example Code Example of JH_384
JH_512 Example Code Example of JH_512
RadioGatun32 Example Code Example of RadioGatun32
RadioGatun64 Example Code Example of RadioGatun64
RIPEMD_160 Example Code Example of RIPEMD_160
SHA1 Example Code Example of SHA1
SHA2_224 Example Code Example of SHA2_224
SHA2_256 Example Code Example of SHA2_256
SHA2_384 Example Code Example of SHA2_384
SHA2_512 Example Code Example of SHA2_512
SHA3_224 Example Code Example of SHA3_224
SHA3_256 Example Code Example of SHA3_256
SHA3_384 Example Code Example of SHA3_384
SHA3_512 Example Code Example of SHA3_512
Skein_1024 Example Code Example of Skein_1024
Skein_256 Example Code Example of Skein_256
Skein_512 Example Code Example of Skein_512
Skein_VAR Example Code Example of Skein_VAR
Streebog Example Code Example of Streebog
Whirlpool Example Code Example of Whirlpool

Hash - Related functions

Name Link Comment
HKDF Example Code HKDF Examples
HMAC Example Code HMAC Examples
Poly1305 Example Code Poly1305 Examples

CRC

Name Link Comment
CRC8_DVB_S2 Example Code Example of CRC8_DVB_S2
CRC8_AUTOSAR Example Code Example of CRC8_AUTOSAR
CRC8_Bluetooth Example Code Example of CRC8_Bluetooth
CRC8_CDMA2000 Example Code Example of CRC8_CDMA2000
CRC8_DARD Example Code Example of CRC8_DARD
CRC8_GSMA Example Code Example of CRC8_GSMA
CRC8_GSMB Example Code Example of CRC8_GSMB
CRC8_HITAG Example Code Example of CRC8_HITAG
CRC8_I_432_1 Example Code Example of CRC8_I_432_1
CRC8_I_CODE Example Code Example of CRC8_I_CODE
CRC8_I_LTE Example Code Example of CRC8_I_LTE
CRC8_MAXIM_DOW Example Code Example of CRC8_MAXIM_DOW
CRC8_MIFARE_MAD Example Code Example of CRC8_MIFARE_MAD
CRC8_NRSC_5 Example Code Example of CRC8_NRSC_5
CRC8_OPENSAFETY Example Code Example of CRC8_OPENSAFETY
CRC8_ROHC Example Code Example of CRC8_ROHC
CRC8SAE_J1850 Example Code Example of CRC8SAE_J1850
CRC8SAE_SMBUS Example Code Example of CRC8SAE_SMBUS
CRC8SAE_TECH_3250 Example Code Example of CRC8SAE_TECH_3250
CRC8SAE_WCDMA Example Code Example of CRC8SAE_WCDMA
CRC32_AIXM Example Code Example of CRC32_AIXM
CRC32_AUTOSAR Example Code Example of CRC32_AUTOSAR
CRC32_BASE91_D Example Code Example of CRC32_BASE91_D
CRC32_BZIP2 Example Code Example of CRC32_BZIP2
CRC32_CD_ROM_EDC Example Code Example of CRC32_CD_ROM_EDC
CRC32_CKSUM Example Code Example of CRC32_CKSUM
CRC32_ISCSI Example Code Example of CRC32_ISCSI
CRC32_ISO_HDLC Example Code Example of CRC32_ISO_HDLC
CRC32_JAMCRC Example Code Example of CRC32_JAMCRC
CRC32_MEF Example Code Example of CRC32_MEF
CRC32_MPEG_2 Example Code Example of CRC32_MPEG_2
CRC32_XFER Example Code Example of CRC32_XFER
CRC64_GO_ISO Example Code Example of CRC64_GO_ISO
CRC64_MS Example Code Example of CRC64_MS
CRC64_WE Example Code Example of CRC64_WE
CRC64_XZ Example Code Example of CRC64_XZ
CRC64_ECMA182 Example Code Example of CRC64_ECMA182

Other

Name Link Comment
CryptoAlgoFactory Example Code Crypto algo factory utility
X509 Certificate - Deserialize x509-deserialize Deserialize X509 Certificate From Bytes or from PEM file
X509 Certificate - RSA Public Key x509-geteccpubkey X509 Certificate - Get RSA public key from certificate
X509 Certificate - ECC Public Key x509-getrsapubkey X509 Certificate - Get ECC public key from certificate
X509 - DER Encode 'EcdsaSigValue' structure x509-encodeecdsasigvalue How to DER-Encode ECC signature to EcdsaSigValue structure
PKCS#1 PKCS1v2_2 Using PKCS#1 v2.2 API (RSASSA PSS) generate signature / verify signature etc.
Name Link
Camellia block cipher (128, 192, 256 key sizes) -
Streebog-256 -
Streebog-512 -
CRC-8 -
CRC-16 -
CRC-32 -
RadioGatun-64 -
RadioGatun-32 -
Whirlpool -
PKCS#1 v2.2 (RFC 8017) PKCS1v2_2
SHA1 (Hash function) SHA1
Skein (Hash function) Skein
BLAKE2b (Hash function) BLAKE2b
BLAKE3 (Hash function) BLAKE3
Twofish (Block cipher) Twofish
X509 V3 Certificate X509Cert
Rabbit - stream cipher (ESTREAM) Rabbit
HC-256 - stream cipher (ESTREAM) HC256
Hash functions HashFunctions
ASN.1 Standard [ASN1 Standard]
ASN1. Simple Der decoder Der decoder
TLS 1.2 TLS12 Info
TLS 1.2 Examples TLS12 examples

Overview of root dirs of documentation

Project Documentation
Connection Connection docs
Cryptography Cryptography docs
Encoding Encoding docs