const ushort Magic16_ipv4_requesterToResponder = 0xBFA4; // is used to validate decrypted data
// IAuthenticatedEncryptor Encryptor;
// IAuthenticatedDecryptor Decryptor;
/// <summary>
/// initializes SharedAuthKeyForHMAC
/// </summary>
public void InitializeP2pStream(RegisterRequestPacket req, RegisterAck1Packet ack1, RegisterAck2Packet ack2)
{
if (_disposed)
{
throw new ObjectDisposedException(ToString());
}
_req = req;
_ack1 = ack1;
_ack2 = ack2;
var ms = new MemoryStream();
using (var writer = new BinaryWriter(ms))
{
req.GetSharedSignedFields(writer, true);
ack1.GetSharedSignedFields(writer, true, true);
ack2.GetSharedSignedFields(writer, false, true);
// var iv = cryptoLibrary.GetHashSHA256(ms.ToArray()); // todo use for p2p encryption
ms.Write(SharedDhSecret, 0, SharedDhSecret.Length);
SharedAuthKeyForNeighborHMAC = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
if (_engine.WriteToLog_p2p_detail_enabled)
{
_engine.WriteToLog_p2p_detail2(this, $"initialized P2P stream: SharedAuthKeyForHMAC={MiscProcedures.ByteArrayToString(SharedAuthKeyForNeighborHMAC)}", req);
}
//Encryptor = cryptoLibrary.CreateAesEncyptor(iv, aesKey);
//Decryptor = cryptoLibrary.CreateAesDecyptor(iv, aesKey);
}
}
const ushort Magic16_responderToRequester = 0x60C1; // is used to validate decrypted data
/// <summary>
/// when sending ACK1
/// </summary>
public byte[] Encrypt_ack1_ToResponderTxParametersEncrypted_AtResponder_DeriveSharedDhSecret(Logger logger, RegisterRequestPacket req, RegisterAck1Packet ack1, ConnectionToNeighbor neighbor)
{
IPEndPoint localResponderEndpoint;
if (neighbor != null)
{
localResponderEndpoint = neighbor.LocalEndpoint;
}
else
{
localResponderEndpoint = req.EpEndpoint;
}
if (localResponderEndpoint.Address.AddressFamily != System.Net.Sockets.AddressFamily.InterNetwork)
{
throw new NotImplementedException();
}
SharedDhSecret = _engine.CryptoLibrary.DeriveEcdh25519SharedSecret(LocalEcdhe25519PrivateKey, req.RequesterEcdhePublicKey.Ecdh25519PublicKey);
#region key, iv
BinaryProcedures.CreateBinaryWriter(out var ms, out var writer);
req.GetSharedSignedFields(writer, true);
ack1.GetSharedSignedFields(writer, false, false);
var iv = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()).Take(16).ToArray();;
ms.Write(SharedDhSecret, 0, SharedDhSecret.Length);
var aesKey = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
// encode localRxParameters
BinaryProcedures.CreateBinaryWriter(out var msRxParameters, out var wRxParameters);
BinaryProcedures.EncodeIPEndPoint(wRxParameters, localResponderEndpoint); // max 19
LocalNeighborToken32.Encode(wRxParameters); // +4 max 23
_engine.LocalNatBehaviour.Encode(wRxParameters); // +2 max 25
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"encrypting local responder endpoint={localResponderEndpoint}, localNeighborToken={LocalNeighborToken32} into ACK1");
}
wRxParameters.Write(Magic16_responderToRequester); // +2 max 27
var bytesRemaining = RegisterAck1Packet.ToResponderTxParametersEncryptedLength - (int)msRxParameters.Length;
wRxParameters.Write(_engine.CryptoLibrary.GetRandomBytes(bytesRemaining));
var localRxParametersDecrypted = msRxParameters.ToArray(); // total 32 bytes = RegisterAck1Packet.ToResponderTxParametersEncryptedLength
var localRxParametersEncrypted = new byte[localRxParametersDecrypted.Length];
_engine.CryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, localRxParametersDecrypted, localRxParametersEncrypted);
if (localRxParametersEncrypted.Length != RegisterAck1Packet.ToResponderTxParametersEncryptedLength)
{
throw new Exception();
}
return(localRxParametersEncrypted);
}
/// <summary>
/// when sending ACK
/// </summary>
public byte[] Encrypt_ack2_ToRequesterTxParametersEncrypted_AtRequester(Logger logger, RegisterRequestPacket req, RegisterAck1Packet ack1, RegisterAck2Packet ack2)
{
if (SharedDhSecret == null)
{
throw new InvalidOperationException();
}
#region aes key, iv
PacketProcedures.CreateBinaryWriter(out var ms, out var writer);
req.GetSharedSignedFields(writer, true);
ack1.GetSharedSignedFields(writer, true, true);
ack2.GetSharedSignedFields(writer, false, false);
var iv = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()).Take(16).ToArray();
ms.Write(SharedDhSecret, 0, SharedDhSecret.Length);
var aesKey = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
// encode localRxParameters
PacketProcedures.CreateBinaryWriter(out var msRxParameters, out var wRxParameters);
PacketProcedures.EncodeIPEndPoint(wRxParameters, LocalEndpoint); // max 19
LocalNeighborToken32.Encode(wRxParameters); // +4 max 23
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"encrypting local requester endpoint={LocalEndpoint}, localNeighborToken={LocalNeighborToken32} into ACK2");
}
wRxParameters.Write(Magic16_ipv4_requesterToResponder); // +2 max 25
var bytesRemaining = RegisterAck2Packet.ToRequesterTxParametersEncryptedLength - (int)msRxParameters.Length;
wRxParameters.Write(_engine.CryptoLibrary.GetRandomBytes(bytesRemaining));
var localRxParametersDecrypted = msRxParameters.ToArray();
var localRxParametersEncrypted = new byte[localRxParametersDecrypted.Length];
_engine.CryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, localRxParametersDecrypted, localRxParametersEncrypted);
if (localRxParametersEncrypted.Length != RegisterAck2Packet.ToRequesterTxParametersEncryptedLength)
{
throw new Exception();
}
return(localRxParametersEncrypted);
}
/// <summary>
/// initializes parameters to transmit direct (p2p) packets form requester A to neighbor N
/// </summary>
public void Decrypt_ack1_ToResponderTxParametersEncrypted_AtRequester_DeriveSharedDhSecret(Logger logger, RegisterRequestPacket req, RegisterAck1Packet ack1)
{
SharedDhSecret = _engine.CryptoLibrary.DeriveEcdh25519SharedSecret(LocalEcdhe25519PrivateKey, ack1.ResponderEcdhePublicKey.Ecdh25519PublicKey);
#region iv, key
BinaryProcedures.CreateBinaryWriter(out var ms, out var writer);
req.GetSharedSignedFields(writer, true);
ack1.GetSharedSignedFields(writer, false, false);
var iv = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()).Take(16).ToArray();
ms.Write(SharedDhSecret, 0, SharedDhSecret.Length);
var aesKey = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
var toNeighborTxParametersDecrypted = new byte[ack1.ToResponderTxParametersEncrypted.Length];
_engine.CryptoLibrary.ProcessAesCbcBlocks(false, aesKey, iv, ack1.ToResponderTxParametersEncrypted, toNeighborTxParametersDecrypted);
// parse toNeighborTxParametersDecrypted
using (var reader = new BinaryReader(new MemoryStream(toNeighborTxParametersDecrypted)))
{
RemoteEndpoint = BinaryProcedures.DecodeIPEndPoint(reader);
RemoteNeighborToken32 = NeighborToken32.Decode(reader);
RemoteNatBehaviour = NatBehaviourModel.Decode(reader);
var magic16 = reader.ReadUInt16();
if (magic16 != Magic16_responderToRequester)
{
throw new BrokenCipherException();
}
}
if (logger.WriteToLog_detail_enabled)
{
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"decrypted remote responder endpoint={RemoteEndpoint}, remoteNeighborToken={RemoteNeighborToken32} from ACK1");
}
}
}
/// <summary>initializes parameters to transmit direct (p2p) packets form neighbor N to requester A</returns>
public void Decrypt_ack2_ToRequesterTxParametersEncrypted_AtResponder_InitializeP2pStream(Logger logger, RegisterRequestPacket req, RegisterAck1Packet ack1, RegisterAck2Packet ack2)
{
#region key, iv
PacketProcedures.CreateBinaryWriter(out var ms, out var writer);
req.GetSharedSignedFields(writer, true);
ack1.GetSharedSignedFields(writer, true, true);
ack2.GetSharedSignedFields(writer, false, false);
var iv = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()).Take(16).ToArray();
ms.Write(SharedDhSecret, 0, SharedDhSecret.Length);
var aesKey = _engine.CryptoLibrary.GetHashSHA256(ms.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
var toRequesterTxParametersDecrypted = new byte[ack2.ToRequesterTxParametersEncrypted.Length];
_engine.CryptoLibrary.ProcessAesCbcBlocks(false, aesKey, iv, ack2.ToRequesterTxParametersEncrypted, toRequesterTxParametersDecrypted);
// parse toRequesterTxParametersDecrypted
using (var reader = new BinaryReader(new MemoryStream(toRequesterTxParametersDecrypted)))
{
RemoteEndpoint = PacketProcedures.DecodeIPEndPoint(reader);
RemoteNeighborToken32 = NeighborToken32.Decode(reader);
var magic16 = reader.ReadUInt16();
if (magic16 != Magic16_ipv4_requesterToResponder)
{
throw new BrokenCipherException();
}
}
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"decrypted remote requester endpoint={RemoteEndpoint}, remoteNeighborToken={RemoteNeighborToken32} from ACK2");
}
InitializeP2pStream(req, ack1, ack2);
}
/// <summary>
/// main register responder proc for both A-EP and P2P modes
/// in P2P mode Timestamp32S, NeighborToken32 and NeighborHMAC are verified at this time
/// </summary>
/// <param name="receivedFromInP2pMode">
/// is null in A-EP mode
/// </param>
internal async Task AcceptRegisterRequestAsync(LocalDrpPeer acceptAt, RoutedRequest routedRequest) // engine thread
{
var logger = routedRequest.Logger;
logger.ModuleName = VisionChannelModuleName_reg_responderSide;
var req = routedRequest.RegisterReq;
if (req.RequesterRegistrationId.Equals(acceptAt.Configuration.LocalPeerRegistrationId))
{
throw new InvalidOperationException();
}
// check signature of requester (A)
if (!req.RequesterSignature.Verify(_cryptoLibrary,
w => req.GetSharedSignedFields(w, false),
req.RequesterRegistrationId
)
)
{
throw new BadSignatureException("invalid REGISTER REQ RequesterSignature 2396");
}
if (routedRequest.ReceivedFromNeighborNullable == null)
{ // A-EP mode
if (req.EpEndpoint.Address.Equals(acceptAt.PublicIpApiProviderResponse) == false)
{
throw new PossibleAttackException();
}
}
if (PendingRegisterRequestExists(req.RequesterRegistrationId))
{
// received duplicate REGISTER REQ packet
logger.WriteToLog_needsAttention($"ignoring duplicate registration request {req.RequesterRegistrationId} from {routedRequest.ReceivedFromEndpoint}");
return;
}
if (!RecentUniqueAcceptedRegistrationRequests.Filter(req.GetUniqueRequestIdFields))
{
logger.WriteToLog_needsAttention($"ignoring registration request {req.RequesterRegistrationId} ts={req.ReqTimestamp64} from {routedRequest.ReceivedFromEndpoint} with non-unique request ID fields");
return;
}
logger.WriteToLog_higherLevelDetail($"accepting registration from {routedRequest.ReceivedFromEndpoint}: ReqP2pSeq16={req.ReqP2pSeq16}, NumberOfHopsRemaining={req.NumberOfHopsRemaining}, epEndpoint={req.EpEndpoint}, sourcePeer={routedRequest.ReceivedFromNeighborNullable}, ts={req.ReqTimestamp64}");
if (!RecentUniquePublicEcdhKeys.Filter(req.RequesterEcdhePublicKey.Ecdh25519PublicKey))
{
logger.WriteToLog_needsAttention($"ignoring registration request {req.RequesterRegistrationId} from {routedRequest.ReceivedFromEndpoint} with non-unique RequesterEcdhePublicKey");
return;
}
_pendingRegisterRequests.Add(req.RequesterRegistrationId);
try
{
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"sending NPACK to REQ to {routedRequest.ReceivedFromEndpoint} (delay={routedRequest.ReqReceivedSw_ms}ms)");
}
routedRequest.SendNeighborPeerAck_accepted_IfNotAlreadyReplied();
var newConnectionToNeighbor = new ConnectionToNeighbor(this, acceptAt, ConnectedDrpPeerInitiatedBy.remotePeer, req.RequesterRegistrationId)
{
LocalEndpoint = routedRequest.ReceivedFromNeighborNullable?.LocalEndpoint ?? req.EpEndpoint,
};
byte[] ack1UdpData;
try
{
var ack1 = new RegisterAck1Packet
{
RequesterRegistrationId = req.RequesterRegistrationId,
ReqTimestamp64 = req.ReqTimestamp64,
ResponderEcdhePublicKey = new EcdhPublicKey(newConnectionToNeighbor.LocalEcdhe25519PublicKey),
ResponderRegistrationId = acceptAt.Configuration.LocalPeerRegistrationId,
ReqP2pSeq16 = GetNewNpaSeq16_AtoEP(),
};
RecentUniquePublicEcdhKeys.AssertIsUnique(ack1.ResponderEcdhePublicKey.Ecdh25519PublicKey, $"ack1.ResponderEcdhePublicKey");
ack1.ToResponderTxParametersEncrypted = newConnectionToNeighbor.Encrypt_ack1_ToResponderTxParametersEncrypted_AtResponder_DeriveSharedDhSecret(logger, req, ack1, routedRequest.ReceivedFromNeighborNullable);
ack1.ResponderSignature = RegistrationSignature.Sign(_cryptoLibrary,
(w2) =>
{
req.GetSharedSignedFields(w2, true);
ack1.GetSharedSignedFields(w2, false, true);
},
acceptAt.Configuration.LocalPeerRegistrationPrivateKey);
if (routedRequest.ReceivedFromNeighborNullable == null)
{
ack1.RequesterEndpoint = routedRequest.ReceivedFromEndpoint;
}
ack1UdpData = ack1.Encode_OpionallySignNeighborHMAC(routedRequest.ReceivedFromNeighborNullable);
var ack2Scanner = RegisterAck2Packet.GetScanner(logger, routedRequest.ReceivedFromNeighborNullable, req);
var requesterVisibleDescription = routedRequest.ReceivedFromNeighborNullable?.ToString() ?? routedRequest.ReceivedFromEndpoint.ToString();
byte[] ack2UdpData;
if (routedRequest.ReceivedFromNeighborNullable == null)
{ // wait for ACK2, retransmitting ACK1
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"sending ACK1, waiting for ACK2");
}
ack2UdpData = await OptionallySendUdpRequestAsync_Retransmit_WaitForResponse("ack2 33469", requesterVisibleDescription, ack1UdpData, routedRequest.ReceivedFromEndpoint, ack2Scanner);
}
else
{ // retransmit ACK1 until NPACK (via P2P); at same time wait for ACK
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"sending ACK1, awaiting for NPACK");
}
_ = OptionallySendUdpRequestAsync_Retransmit_WaitForNeighborPeerAck("ack1 423087", ack1UdpData, routedRequest.ReceivedFromEndpoint,
ack1.ReqP2pSeq16, routedRequest.ReceivedFromNeighborNullable, ack1.GetSignedFieldsForNeighborHMAC);
// not waiting for NPACK, wait for ACK
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"waiting for ACK2");
}
ack2UdpData = await OptionallySendUdpRequestAsync_Retransmit_WaitForResponse("ack2 46051", requesterVisibleDescription, null, routedRequest.ReceivedFromEndpoint, ack2Scanner);
}
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"received ACK2");
}
var ack2 = RegisterAck2Packet.Decode_OptionallyVerify_InitializeP2pStreamAtResponder(logger, ack2UdpData, req, ack1, newConnectionToNeighbor);
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"verified ACK2");
}
acceptAt.AddToConnectedNeighbors(newConnectionToNeighbor, req); // added to list here in order to respond to ping requests from A
SendNeighborPeerAckResponseToRegisterAck2(ack2, routedRequest.ReceivedFromEndpoint, routedRequest.ReceivedFromNeighborNullable); // send NPACK to ACK
_ = WaitForRegistrationConfirmationRequestAsync(requesterVisibleDescription, logger, routedRequest.ReceivedFromEndpoint, req, newConnectionToNeighbor, routedRequest.ReceivedFromNeighborNullable);
#region send ping, verify pong
var ping = newConnectionToNeighbor.CreatePing(true, false, acceptAt.ConnectedNeighborsBusySectorIds, acceptAt.AnotherNeighborToSameSectorExists(newConnectionToNeighbor));
var pendingPingRequest = new PendingLowLevelUdpRequest("pendingPingRequest 693", newConnectionToNeighbor.RemoteEndpoint,
PongPacket.GetScanner(newConnectionToNeighbor.LocalNeighborToken32, ping.PingRequestId32), DateTimeNowUtc,
Configuration.InitialPingRequests_ExpirationTimeoutS,
ping.Encode(),
Configuration.InitialPingRequests_InitialRetransmissionTimeoutS,
Configuration.InitialPingRequests_RetransmissionTimeoutIncrement
);
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"sent PING");
}
var pongPacketData = await SendUdpRequestAsync_Retransmit(pendingPingRequest); // wait for pong from A
if (pongPacketData == null)
{
throw new DrpTimeoutException($"reg. responder initial PING request to {newConnectionToNeighbor} (timeout={Configuration.InitialPingRequests_ExpirationTimeoutS}s)");
}
var pong = PongPacket.DecodeAndVerify(_cryptoLibrary,
pongPacketData, ping, newConnectionToNeighbor,
true);
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"verified PONG");
}
newConnectionToNeighbor.OnReceivedVerifiedPong(pong, pendingPingRequest.ResponseReceivedAtUtc.Value,
pendingPingRequest.ResponseReceivedAtUtc.Value - pendingPingRequest.InitialTxTimeUTC.Value);
#endregion
}
catch (Exception exc)
{
newConnectionToNeighbor.Dispose();
throw exc;
}
}
catch (DrpTimeoutException exc)
{
logger.WriteToLog_needsAttention($"could not accept REGISTER request: {exc}");
}
catch (Exception exc)
{
logger.WriteToLog_mediumPain($"could not accept REGISTER request: {exc}");
}
finally
{
_pendingRegisterRequests.Remove(req.RequesterRegistrationId);
}
}