Beispiel #1
0
 public bool TryLookupMulticastKey(IdentityHash identityHash, out byte[] symmetricKey)
 {
     return(multicastEncryptionKeysByIdentity.TryGetValue(identityHash, out symmetricKey));
 }
Beispiel #2
0
        public bool TryDecodePayload(BroadcastMessageDto broadcastMessage, out byte[] decryptedPayload)
        {
            var senderHash   = broadcastMessage.SourceIdHash;
            var receiverHash = broadcastMessage.DestinationIdHash;
            var payload      = broadcastMessage.Payload;
            var signature    = broadcastMessage.Signature;

            byte[] totalMessage;
            using (var ms = new MemoryStream())
                using (var writer = new BinaryWriter(ms)) {
                    writer.Write(senderHash);
                    writer.Write(receiverHash);
                    writer.Write(payload);
                    totalMessage = ms.ToArray();
                }

            var senderNode = identityManager.LookupIdentity(senderHash);

            if (senderNode == null)
            {
                //            throw new InvalidStateException("Sender has not recognized");
                decryptedPayload = null;
                return(false);
            }

            if (!CryptoUtil.Verify(totalMessage, senderNode.ThisId, signature))
            {
                //            throw new CryptographicException("Could not verify message");
                decryptedPayload = null;
                return(false);
            }

            // message is now verified

            byte[] symmetricKey;
            if (receiverHash.SequenceEqual(BROADCAST_ID))
            {
                // broadcast
                decryptedPayload = payload;
                return(true);
            }
            else if (receiverHash.SequenceEqual(identityHash))
            {
                // unicast to us
                var decryptedSenderAndMessage = CryptoUtil.AsymmetricDecrypt(payload, privateKey);
                if (!decryptedSenderAndMessage.Take(CryptoUtil.HASH_SIZE).SequenceEqual(senderHash))
                {
                    // BREACH BREACH BREACH DEPLOY SECURITY COUNTER MEASURES
                    //               throw new CryptographicException("DATA WAS BAD THERE ARE BAD PEOPLE HERE THEY MUST BE KEPT OUT");
                    decryptedPayload = null;
                    return(false);
                }
                decryptedPayload = decryptedSenderAndMessage.Skip(CryptoUtil.HASH_SIZE).ToArray();
                return(true);
            }
            else if (identityManager.TryLookupMulticastKey(IdentityHash.GetFlyweight(receiverHash), out symmetricKey))
            {
                // multicast
                var iv = payload.Take(CryptoUtil.IV_SIZE).ToArray();
                var encryptedMessage         = payload.Skip(CryptoUtil.IV_SIZE).ToArray();
                var messageAndInnerSignature = CryptoUtil.SymmetricDecrypt(encryptedMessage, symmetricKey, iv);
                var innerSignature           = messageAndInnerSignature.Skip(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray();
                var message = messageAndInnerSignature.Take(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray();

                if (!CryptoUtil.Verify(message, senderNode.ThisId, innerSignature))
                {
                    //               throw new CryptographicException("Could not verify inner signature");
                    decryptedPayload = null;
                    return(false);
                }

                decryptedPayload = message;
                return(true);
            }
            else
            {
                // unknown multi/unicast
                decryptedPayload = null;
                return(false);
            }
        }
Beispiel #3
0
 public void AddMulticastKey(IdentityHash identityHash, byte[] symmetricKey)
 {
     multicastEncryptionKeysByIdentity[identityHash] = symmetricKey;
 }