public async ValueTask <AuthenticatedResult> AuthenticateAsync(CancellationToken cancellationToken = default) { var myProfileMessage = new ProfileMessage( GenSessionId(), (_digitalSignature is null) ? AuthenticationType.None : AuthenticationType.Signature, new[] { KeyExchangeAlgorithmType.EcDh_P521_Sha2_256 }, new[] { KeyDerivationAlgorithmType.Pbkdf2 }, new[] { CryptoAlgorithmType.Aes_Gcm_256 }, new[] { HashAlgorithmType.Sha2_256 }); var otherProfileMessage = await this.ExchangeProfileMessageAsync(myProfileMessage, cancellationToken); ParseAlgorithmTypes(myProfileMessage, otherProfileMessage, out var keyExchangeAlgorithmType, out var keyDerivationAlgorithmType, out var cryptoAlgorithmType, out var hashAlgorithmType); OmniSignature?signature; byte[] secret; if (keyExchangeAlgorithmType.HasFlag(KeyExchangeAlgorithmType.EcDh_P521_Sha2_256)) { var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256); var otherAgreementPublicKey = await this.ExchangeAgreementPublicKeyAsync(myAgreement.GetOmniAgreementPublicKey(), cancellationToken); var myHash = this.ComputeHash(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithmType); var otherHash = this.ComputeHash(otherProfileMessage, otherAgreementPublicKey, hashAlgorithmType); var myAuthenticationMessage = AuthenticationMessage.Create(DateTime.UtcNow, myHash, _digitalSignature); var otherAuthenticationMessage = await this.ExchangeAuthenticationMessageAsync(myAuthenticationMessage, cancellationToken); if ((DateTime.UtcNow - otherAuthenticationMessage.CreationTime.ToDateTime()) > TimeSpan.FromMinutes(30)) { throw new NotSupportedException(); } if (!BytesOperations.Equals(otherAuthenticationMessage.Hash.Span, otherHash)) { throw new NotSupportedException(); } signature = otherAuthenticationMessage.Certificate?.GetOmniSignature(); secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreement.GetOmniAgreementPrivateKey()); } else { throw new NotSupportedException(); } byte[] encryptKey; byte[] decryptKey; byte[] encryptNonce; byte[] decryptNonce; if (keyDerivationAlgorithmType.HasFlag(KeyDerivationAlgorithmType.Pbkdf2)) { byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)]; BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId); int cryptoKeyLength = 0; int nonceLength = 0; if (cryptoAlgorithmType.HasFlag(CryptoAlgorithmType.Aes_Gcm_256)) { cryptoKeyLength = 32; nonceLength = 12; } encryptKey = new byte[cryptoKeyLength]; decryptKey = new byte[cryptoKeyLength]; encryptNonce = new byte[nonceLength]; decryptNonce = new byte[nonceLength]; var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2]; if (hashAlgorithmType.HasFlag(HashAlgorithmType.Sha2_256)) { Pbkdf2_Sha2_256.TryComputeHash(secret.AsSpan(), xorSessionId, 1024, kdfResult); } using (var stream = new MemoryStream(kdfResult)) { if (_type == OmniSecureConnectionType.Connected) { stream.Read(encryptKey, 0, encryptKey.Length); stream.Read(decryptKey, 0, decryptKey.Length); stream.Read(encryptNonce, 0, encryptNonce.Length); stream.Read(decryptNonce, 0, decryptNonce.Length); } else if (_type == OmniSecureConnectionType.Accepted) { stream.Read(decryptKey, 0, decryptKey.Length); stream.Read(encryptKey, 0, encryptKey.Length); stream.Read(decryptNonce, 0, decryptNonce.Length); stream.Read(encryptNonce, 0, encryptNonce.Length); } } return(new AuthenticatedResult() { Signature = signature, CryptoAlgorithmType = cryptoAlgorithmType, EncryptKey = encryptKey, DecryptKey = decryptKey, EncryptNonce = encryptNonce, DecryptNonce = decryptNonce, }); } else { throw new NotSupportedException(nameof(keyDerivationAlgorithmType)); } }
public async ValueTask Handshake(CancellationToken cancellationToken = default) { ProfileMessage myProfileMessage; ProfileMessage?otherProfileMessage = null; { { var sessionId = new byte[32]; using (var randomNumberGenerator = RandomNumberGenerator.Create()) { randomNumberGenerator.GetBytes(sessionId); } myProfileMessage = new ProfileMessage( sessionId, (_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password, new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 }, new[] { KeyDerivationAlgorithm.Pbkdf2 }, new[] { CryptoAlgorithm.Aes_Gcm_256 }, new[] { HashAlgorithm.Sha2_256 }); } var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherProfileMessage is null) { throw new NullReferenceException(); } if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType) { throw new OmniSecureConnectionException("AuthenticationType does not match."); } } var keyExchangeAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms); var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms); var cryptoAlgorithm = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms); var hashAlgorithm = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms); if (!EnumHelper.IsValid(keyExchangeAlgorithm)) { throw new OmniSecureConnectionException("key exchange algorithm does not match."); } if (!EnumHelper.IsValid(keyDerivationAlgorithm)) { throw new OmniSecureConnectionException("key derivation algorithm does not match."); } if (!EnumHelper.IsValid(cryptoAlgorithm)) { throw new OmniSecureConnectionException("Crypto algorithm does not match."); } if (!EnumHelper.IsValid(hashAlgorithm)) { throw new OmniSecureConnectionException("Hash algorithm does not match."); } ReadOnlyMemory <byte> secret = null; if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256)) { var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256); OmniAgreementPrivateKey myAgreementPrivateKey; OmniAgreementPublicKey? otherAgreementPublicKey = null; { { myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey(); var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherAgreementPublicKey is null) { throw new NullReferenceException(); } if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30) { throw new OmniSecureConnectionException("Agreement public key has Expired."); } } if (_passwords.Count > 0) { AuthenticationMessage myAuthenticationMessage; AuthenticationMessage?otherAuthenticationMessage = null; { { var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList(); _random.Shuffle(myHashAndPasswordList); myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray()); } var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherAuthenticationMessage is null) { throw new NullReferenceException(); } var matchedPasswords = new List <string>(); { var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span)); var receiveHashes = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer); foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm)) { if (receiveHashes.Contains(hash)) { matchedPasswords.Add(password); } } } if (matchedPasswords.Count == 0) { throw new OmniSecureConnectionException("Password does not match."); } _matchedPasswords = matchedPasswords.ToArray(); } } } if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256)) { secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey); } } byte[] myCryptoKey; byte[] otherCryptoKey; byte[] myNonce; byte[] otherNonce; if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2)) { byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)]; BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId); int cryptoKeyLength = 0; int nonceLength = 0; if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256)) { cryptoKeyLength = 32; nonceLength = 12; } myCryptoKey = new byte[cryptoKeyLength]; otherCryptoKey = new byte[cryptoKeyLength]; myNonce = new byte[nonceLength]; otherNonce = new byte[nonceLength]; var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2]; if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256)) { Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult); } using (var stream = new MemoryStream(kdfResult)) { if (_type == OmniSecureConnectionType.Connected) { stream.Read(myCryptoKey, 0, myCryptoKey.Length); stream.Read(otherCryptoKey, 0, otherCryptoKey.Length); stream.Read(myNonce, 0, myNonce.Length); stream.Read(otherNonce, 0, otherNonce.Length); } else if (_type == OmniSecureConnectionType.Accepted) { stream.Read(otherCryptoKey, 0, otherCryptoKey.Length); stream.Read(myCryptoKey, 0, myCryptoKey.Length); stream.Read(otherNonce, 0, otherNonce.Length); stream.Read(myNonce, 0, myNonce.Length); } } } else { throw new NotSupportedException(nameof(keyDerivationAlgorithm)); } _state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce); }