Download binaries archive: Release-Link
Nuget:
Install-Package Arctium.Shared
Install-Package Arctium.Cryptography
Install-Package Arctium.Standards
API Docs:
https://dndocs.com/?packageName=Arctium.Shared&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Standards&packageVersion=1.0.0.1
https://dndocs.com/?packageName=Arctium.Cryptography&packageVersion=1.0.0.1
Arctium is a simple crypto library, created and maintained for learning purpose. It provides various cryptographic functions, ciphers, connection protocols etc. implemented for better or worse but probably they should works.
Solution is partitioned into a following projects, each of them is a set of related algorithms. If you wish to get more informations about specific project, algorithm and examples, see appropriate docs folder. Each folder contains more specific informations and examples.
In the future there may be some console interface utility tool
This is a short summary of what is on the development stage and direct links for more interesting parts of the documentation.
| Name | Supported | Comment |
|---|---|---|
| Cipher suites (RFC 8446) | TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 | Supported Cipher suites |
| Named Groups (RFC 8446) | Secp256r1, Secp384r1, Secp521r1, X25519, X448, Ffdhe2048, Ffdhe3072, Ffdhe4096, Ffdhe6144, Ffdhe8192 | Supported Groups - Configurable on Client/Server (e.g. can only use X25519 and not any other) |
| NewSessionTicket (RFC 8446) | Yes | Client & Server (Client accept ticket and can use it, server generates ticket and send to client, both configurable) |
| Signature Schemes (RFC 8446) | EcdsaSecp256r1Sha256, EcdsaSecp384r1Sha384, EcdsaSecp521r1Sha512, RsaPssRsaeSha256, RsaPssRsaeSha384, RsaPssRsaeSha512 | Signature generation & validation |
| Key Update (RFC 8446) | Yes | On Client & Server. At any time server or client can send key update any number of time. Keys are updated |
| Handshake Client Authentication | Yes | Client & Server - client can authenticate and server can request (configurable) |
| Post handhsake client authentication | Yes | Client & Server configurable. Client can authenticate multiple times server can request authentication at any time after handshake |
| Multiple server certificates | Yes | Server can have multiple certificates and select them based on client hello supported features |
| Extension - Server Name (RFC 6066) | Yes | |
| Extension - PskKeyExchangeMode (RFC 8446) | Yes | Must support because TLS 1.3 specs require it |
| Extension - Application Layer Protocol Negotiation (RFC-7301) | Yes | On client & server. Client can send any bytes (defined by IANA or arbitrary bytes) and server can accept/reject any ALPN or ignore this extension |
| Extension - Supported Version (RFC 8446) | Yes | Must be required by TLS 1.3 spec |
| Extension - Cookie (RFC 8446)) | Yes | Required by TLS 1.3 spec |
| Extension - Signature Algorithms (RFC 8446) | Yes | Client & Server, configurable |
| Extension - KeyShare (RFC 8446) | Yes | Required by TLS 1.3 spec |
| Extension - SupportedGroups | Yes | |
| Extension - MaxFragmentLength (RFC 6066) | Yes | Configurable on client & server |
| Extension - OidFilters | Yes | Can send this extension but only as raw bytes (so DER encoded from external source, Arctium lib can't encode to DER bytes for now) |
| Extension - Signature Algorithms Cert | Yes | Client & server can sent this extension |
| Extension - Certificate Authorities | Yes | Configurable |
| Extension - GREASE (RFC 9701) | Yes | Client & Server Configurable - can be enabled or disabled |
To use Arctium TLS 1.3 examples below following file with sample resources must be included. Examples base on it. If not included code will not compite and will need to be changed.
| Name | Link | Comment |
|---|---|---|
| Client - Basic connection | Example Code | Connect to www.github.com |
| Server - Basic server | Example Code | HTTP response for browser (e.g. Edge) |
| Client - ConnectionInfo | Example Code | Client - Show informations about established TLS 1.3 connection |
| Server - ConnectionInfo | Example Code | Server - Show informations about established TLS 1.3 connection |
| Client/Server - Close Connection | Example Code | Closing TLS 1.3 connection |
| Setup server and connect client | Example Code | Connect Arctium TLS 1.3 client to Arctium TLS 1.3 Server |
| Client/Server - Update Traffic Secret | Example Code | Update Traffic Secret |
| Key and Initialization Vector Update |
| Name | Link | Comment |
|---|---|---|
| Search Browser | Example Code | Very simple Console App for searching www.github.com and showing results |
| HTTP Server | Example Code | Very simple Console App HTTP server that handle multiple TLS 1.3 connections parallel |
| Name | Link | Comment |
|---|---|---|
| Cipher Suites | Example Code | How to use specific cipher suites |
| Extension - Supported Groups | Example Code | How to allow specific groups to be used in key exchange |
| Extension - Signature Schemes | Example Code | How to allow specific signature schemes to be used in signature generation |
| Extension - Record Size Limit | Example Code | How to configure Record size limit extension |
| Extension - ALPN | Example Code | How to configure ALPN extension |
| Extension - Server Name | Example Code | How to configure server name extension |
| Handshake Client Authentication | Example Code | How to request client authentication during TLS 1.3 handshake |
| Extension - Oid Filters | Example Code | How to configure Oid Filters extension |
| Extension - Post Handshake Client Authentication | Example Code | How to configure post handshake client authentication and request client to authenticated at any time after after handshake completed |
| Extension - Certificate Authorities | Example Code | How to configure certificate authorities extension |
| Extension - Pre Shared Key | Example Code | How to configure Pre shared key |
| Extension - GREASE | Example Code | How to enable/disable GREASE extension |
| Name | Link | Comment |
|---|---|---|
| Cipher Suites | Example Code | How to use specific cipher suites |
| Extension - Supported Groups | Example Code | How to allow specific groups to be used in key exchange |
| Extension - Key share | Example Code | How to precompute and sent specific groups in client hello in keyshare |
| Extension - Supported Signature Scheme | Example Code | How to allow specific signature schemes to be used in signing operation |
| Extension - Record Size Limit | Example Code | How to configure Record size limit |
| Extension - ALPN | Example Code | How to configure ALPN (Application layer protocol negotiation) |
| Extension - Server Name | Example Code | How to configure Server Name extension |
| Extension - Signature Algorithms Cert | Example Code | How to configure Signature Algorithms Cert extension |
| Handshake Client Authentication | Example Code | How to configure Handshake Client Authentication |
| Post Handshake Client Authentication | Example Code | How to configure Post Handshake Client Authentication (server can request at any time, multiple times supported even with different client x509 certificates for each auth request) |
| Extension - Certificate Authorities | Example Code | How to configure certificate authorities |
| Extension - Pre Shared Key | Example Code | How to configure Pre Shared Key |
| Extension - GREASE | Example Code | How to configure GREASE extension |
| Name | Link | Comment |
|---|---|---|
| secp192k1 - Verify Signature | Example Code | Verify ECC signature |
| secp192r1 - Verify Signature | Example Code | Verify ECC signature |
| secp224k1 - Verify Signature | Example Code | Verify ECC signature |
| secp224r1 - Verify Signature | Example Code | Verify ECC signature |
| secp256k1 - Verify Signature | Example Code | Verify ECC signature |
| secp256r1 - Verify Signature | Example Code | Verify ECC signature |
| secp384r1 - Verify Signature | Example Code | Verify ECC signature |
| secp521r1 - Verify Signature | Example Code | Verify ECC signature |
| Name | Link | Comment |
|---|---|---|
| secp192k1 - Signature | Example Code | Generate ECC signature |
| secp192r1 - Signature | Example Code | Generate ECC signature |
| secp224k1 - Signature | Example Code | Generate ECC signature |
| secp224r1 - Signature | Example Code | Generate ECC signature |
| secp256k1 - Signature | Example Code | Generate ECC signature |
| secp256r1 - Signature | Example Code | Generate ECC signature |
| secp384r1 - Signature | Example Code | Generate ECC signature |
| secp521r1 - Signature | Example Code | Generate ECC signature |
| Name | Link | Comment |
|---|---|---|
| secp192k1 | Example Code | Key Exchange example |
| secp192r1 | Example Code | Key Exchange example |
| secp224k1 | Example Code | Key Exchange example |
| secp224r1 | Example Code | Key Exchange example |
| secp256k1 | Example Code | Key Exchange example |
| secp256r1 | Example Code | Key Exchange example |
| secp384r1 | Example Code | Key Exchange example |
| secp521r1 | Example Code | Key Exchange example |
Arbitrary curve (not predefined, parameters must be provided): Arbitrary curve code examples
| Name | Link | Comment |
|---|---|---|
| CHACHA-20 | Code Example | ChaCha-20 Stream Cipher |
| Rabbit | Code Example | Rabbit Stream Cipher |
| HC-256 | Code Example | HC-256 Stream Cipher |
| Name | Link | Comment |
|---|---|---|
| AES-128 | Code Example | AES 128 Block Cipher |
| AES-192 | Code Example | AES 192 Block Cipher |
| AES-512 | Code Example | AES 256 Block Cipher |
| Camellia | Code Example | Camellia Block cipher |
| Threefish-256 | Code Example | Threefish 256 Block cipher |
| Threefish-512 | Code Example | Threefish 512 Block cipher |
| Threefish-1024 | Code Example | Threefish 1024 Block cipher |
| Twofish | Code Example | Twofish Block cipher |
| Name | Link | Comment |
|---|---|---|
| Poly1305-Chacha20 | Example Code | |
| Galois Counter Mode | Example Code | GCM mode with custom tag length |
| CCM Mode | Example Code | Dont use not work / TODO |
| Name | Link | Comment |
|---|---|---|
| AEAD AES 128 CCM | Example Code | Dont Use - Not working TODO/ Create AEAD Algorithm AES 128 CCM |
| AEAD AES 256 GCM | Example Code | Create AEAD Algorithm AES 256 GCM |
| AEAD AES 256 CCM | Example Code | Dont Use - Not working TODO / Create AEAD Algorithm AES 256 CCM |
| AEAD AES 128 CCM 8 | Example Code | Create AEAD Algorithm AES 128 CCM 8 |
| Name | Link | Comment |
|---|---|---|
| X25519 Curve | Example Code | Key Exchange using X25519 Curve |
| X448 Curve | Example Code | Key Exchange using X448 Curve |
| Name | Link | Comment |
|---|---|---|
| PKCS#8 - Decode RSA private key from PKCS#8 file | Example Code | How to decode RSA Private key from PKCS#8 file |
| PKCS#8 - Decode ECC private key from PKCS#8 file | Example Code | How to decode ECC Private key from PKCS#8 file |
| Name | Link | Comment |
|---|---|---|
| FFDHE2048 | Example Code | Key Exchange using FFDHE2048 |
| FFDHE3072 | Example Code | Key Exchange using FFDHE3072 |
| FFDHE4096 | Example Code | Key Exchange using FFDHE4096 |
| FFDHE6144 | Example Code | Key Exchange using FFDHE6144 |
| FFDHE8192 | Example Code | Key Exchange using FFDHE8192 |
| Name | Link | Comment |
|---|---|---|
| PEM - from file | Example Code | Decode PEM file from file on file system |
| PEM - from string | Example Code | Decode PEM file from string |
| Name | Link | Comment |
|---|---|---|
| BLAKE2b | Example Code | Example of BLAKE2b |
| BLAKE2B_512 | Example Code | Example of BLAKE2B_512 |
| Blake3 | Example Code | Example of Blake3 |
| JH_224 | Example Code | Example of JH_224 |
| JH_256 | Example Code | Example of JH_256 |
| JH_384 | Example Code | Example of JH_384 |
| JH_512 | Example Code | Example of JH_512 |
| RadioGatun32 | Example Code | Example of RadioGatun32 |
| RadioGatun64 | Example Code | Example of RadioGatun64 |
| RIPEMD_160 | Example Code | Example of RIPEMD_160 |
| SHA1 | Example Code | Example of SHA1 |
| SHA2_224 | Example Code | Example of SHA2_224 |
| SHA2_256 | Example Code | Example of SHA2_256 |
| SHA2_384 | Example Code | Example of SHA2_384 |
| SHA2_512 | Example Code | Example of SHA2_512 |
| SHA3_224 | Example Code | Example of SHA3_224 |
| SHA3_256 | Example Code | Example of SHA3_256 |
| SHA3_384 | Example Code | Example of SHA3_384 |
| SHA3_512 | Example Code | Example of SHA3_512 |
| Skein_1024 | Example Code | Example of Skein_1024 |
| Skein_256 | Example Code | Example of Skein_256 |
| Skein_512 | Example Code | Example of Skein_512 |
| Skein_VAR | Example Code | Example of Skein_VAR |
| Streebog | Example Code | Example of Streebog |
| Whirlpool | Example Code | Example of Whirlpool |
| Name | Link | Comment |
|---|---|---|
| HKDF | Example Code | HKDF Examples |
| HMAC | Example Code | HMAC Examples |
| Poly1305 | Example Code | Poly1305 Examples |
| Name | Link | Comment |
|---|---|---|
| CRC8_DVB_S2 | Example Code | Example of CRC8_DVB_S2 |
| CRC8_AUTOSAR | Example Code | Example of CRC8_AUTOSAR |
| CRC8_Bluetooth | Example Code | Example of CRC8_Bluetooth |
| CRC8_CDMA2000 | Example Code | Example of CRC8_CDMA2000 |
| CRC8_DARD | Example Code | Example of CRC8_DARD |
| CRC8_GSMA | Example Code | Example of CRC8_GSMA |
| CRC8_GSMB | Example Code | Example of CRC8_GSMB |
| CRC8_HITAG | Example Code | Example of CRC8_HITAG |
| CRC8_I_432_1 | Example Code | Example of CRC8_I_432_1 |
| CRC8_I_CODE | Example Code | Example of CRC8_I_CODE |
| CRC8_I_LTE | Example Code | Example of CRC8_I_LTE |
| CRC8_MAXIM_DOW | Example Code | Example of CRC8_MAXIM_DOW |
| CRC8_MIFARE_MAD | Example Code | Example of CRC8_MIFARE_MAD |
| CRC8_NRSC_5 | Example Code | Example of CRC8_NRSC_5 |
| CRC8_OPENSAFETY | Example Code | Example of CRC8_OPENSAFETY |
| CRC8_ROHC | Example Code | Example of CRC8_ROHC |
| CRC8SAE_J1850 | Example Code | Example of CRC8SAE_J1850 |
| CRC8SAE_SMBUS | Example Code | Example of CRC8SAE_SMBUS |
| CRC8SAE_TECH_3250 | Example Code | Example of CRC8SAE_TECH_3250 |
| CRC8SAE_WCDMA | Example Code | Example of CRC8SAE_WCDMA |
| CRC32_AIXM | Example Code | Example of CRC32_AIXM |
| CRC32_AUTOSAR | Example Code | Example of CRC32_AUTOSAR |
| CRC32_BASE91_D | Example Code | Example of CRC32_BASE91_D |
| CRC32_BZIP2 | Example Code | Example of CRC32_BZIP2 |
| CRC32_CD_ROM_EDC | Example Code | Example of CRC32_CD_ROM_EDC |
| CRC32_CKSUM | Example Code | Example of CRC32_CKSUM |
| CRC32_ISCSI | Example Code | Example of CRC32_ISCSI |
| CRC32_ISO_HDLC | Example Code | Example of CRC32_ISO_HDLC |
| CRC32_JAMCRC | Example Code | Example of CRC32_JAMCRC |
| CRC32_MEF | Example Code | Example of CRC32_MEF |
| CRC32_MPEG_2 | Example Code | Example of CRC32_MPEG_2 |
| CRC32_XFER | Example Code | Example of CRC32_XFER |
| CRC64_GO_ISO | Example Code | Example of CRC64_GO_ISO |
| CRC64_MS | Example Code | Example of CRC64_MS |
| CRC64_WE | Example Code | Example of CRC64_WE |
| CRC64_XZ | Example Code | Example of CRC64_XZ |
| CRC64_ECMA182 | Example Code | Example of CRC64_ECMA182 |
| Name | Link | Comment |
|---|---|---|
| CryptoAlgoFactory | Example Code | Crypto algo factory utility |
| X509 Certificate - Deserialize | x509-deserialize | Deserialize X509 Certificate From Bytes or from PEM file |
| X509 Certificate - RSA Public Key | x509-geteccpubkey | X509 Certificate - Get RSA public key from certificate |
| X509 Certificate - ECC Public Key | x509-getrsapubkey | X509 Certificate - Get ECC public key from certificate |
| X509 - DER Encode 'EcdsaSigValue' structure | x509-encodeecdsasigvalue | How to DER-Encode ECC signature to EcdsaSigValue structure |
| PKCS#1 | PKCS1v2_2 | Using PKCS#1 v2.2 API (RSASSA PSS) generate signature / verify signature etc. |
| Name | Link |
|---|---|
| Camellia block cipher (128, 192, 256 key sizes) | - |
| Streebog-256 | - |
| Streebog-512 | - |
| CRC-8 | - |
| CRC-16 | - |
| CRC-32 | - |
| RadioGatun-64 | - |
| RadioGatun-32 | - |
| Whirlpool | - |
| PKCS#1 v2.2 (RFC 8017) | PKCS1v2_2 |
| SHA1 (Hash function) | SHA1 |
| Skein (Hash function) | Skein |
| BLAKE2b (Hash function) | BLAKE2b |
| BLAKE3 (Hash function) | BLAKE3 |
| Twofish (Block cipher) | Twofish |
| X509 V3 Certificate | X509Cert |
| Rabbit - stream cipher (ESTREAM) | Rabbit |
| HC-256 - stream cipher (ESTREAM) | HC256 |
| Hash functions | HashFunctions |
| ASN.1 Standard | [ASN1 Standard] |
| ASN1. Simple Der decoder | Der decoder |
| TLS 1.2 | TLS12 Info |
| TLS 1.2 Examples | TLS12 examples |
| Project | Documentation |
|---|---|
| Connection | Connection docs |
| Cryptography | Cryptography docs |
| Encoding | Encoding docs |