public bool Verify() { using var bytesPipe = new BytesPipe(); var target = new AuthenticationMessage(this.CreationTime, this.Hash, null); target.Export(bytesPipe.Writer, BytesPool.Shared); return(this.Certificate?.Verify(bytesPipe.Reader.GetSequence()) ?? false); }
public static AuthenticationMessage Create(DateTime creationTime, ReadOnlyMemory <byte> hash, OmniDigitalSignature?digitalSignature) { if (digitalSignature is null) { return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null)); } using var bytesPipe = new BytesPipe(); var target = new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null); target.Export(bytesPipe.Writer, BytesPool.Shared); var certificate = OmniDigitalSignature.CreateOmniCertificate(digitalSignature, bytesPipe.Reader.GetSequence()); return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, certificate)); }
public async ValueTask Handshake(CancellationToken cancellationToken = default) { ProfileMessage myProfileMessage; ProfileMessage?otherProfileMessage = null; { { var sessionId = new byte[32]; using (var randomNumberGenerator = RandomNumberGenerator.Create()) { randomNumberGenerator.GetBytes(sessionId); } myProfileMessage = new ProfileMessage( sessionId, (_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password, new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 }, new[] { KeyDerivationAlgorithm.Pbkdf2 }, new[] { CryptoAlgorithm.Aes_Gcm_256 }, new[] { HashAlgorithm.Sha2_256 }); } var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherProfileMessage is null) { throw new NullReferenceException(); } if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType) { throw new OmniSecureConnectionException("AuthenticationType does not match."); } } var keyExchangeAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms); var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms); var cryptoAlgorithm = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms); var hashAlgorithm = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms); if (!EnumHelper.IsValid(keyExchangeAlgorithm)) { throw new OmniSecureConnectionException("key exchange algorithm does not match."); } if (!EnumHelper.IsValid(keyDerivationAlgorithm)) { throw new OmniSecureConnectionException("key derivation algorithm does not match."); } if (!EnumHelper.IsValid(cryptoAlgorithm)) { throw new OmniSecureConnectionException("Crypto algorithm does not match."); } if (!EnumHelper.IsValid(hashAlgorithm)) { throw new OmniSecureConnectionException("Hash algorithm does not match."); } ReadOnlyMemory <byte> secret = null; if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256)) { var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256); OmniAgreementPrivateKey myAgreementPrivateKey; OmniAgreementPublicKey? otherAgreementPublicKey = null; { { myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey(); var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherAgreementPublicKey is null) { throw new NullReferenceException(); } if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30) { throw new OmniSecureConnectionException("Agreement public key has Expired."); } } if (_passwords.Count > 0) { AuthenticationMessage myAuthenticationMessage; AuthenticationMessage?otherAuthenticationMessage = null; { { var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList(); _random.Shuffle(myHashAndPasswordList); myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray()); } var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken); var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken); await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask); if (otherAuthenticationMessage is null) { throw new NullReferenceException(); } var matchedPasswords = new List <string>(); { var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span)); var receiveHashes = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer); foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm)) { if (receiveHashes.Contains(hash)) { matchedPasswords.Add(password); } } } if (matchedPasswords.Count == 0) { throw new OmniSecureConnectionException("Password does not match."); } _matchedPasswords = matchedPasswords.ToArray(); } } } if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256)) { secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey); } } byte[] myCryptoKey; byte[] otherCryptoKey; byte[] myNonce; byte[] otherNonce; if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2)) { byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)]; BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId); int cryptoKeyLength = 0; int nonceLength = 0; if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256)) { cryptoKeyLength = 32; nonceLength = 12; } myCryptoKey = new byte[cryptoKeyLength]; otherCryptoKey = new byte[cryptoKeyLength]; myNonce = new byte[nonceLength]; otherNonce = new byte[nonceLength]; var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2]; if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256)) { Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult); } using (var stream = new MemoryStream(kdfResult)) { if (_type == OmniSecureConnectionType.Connected) { stream.Read(myCryptoKey, 0, myCryptoKey.Length); stream.Read(otherCryptoKey, 0, otherCryptoKey.Length); stream.Read(myNonce, 0, myNonce.Length); stream.Read(otherNonce, 0, otherNonce.Length); } else if (_type == OmniSecureConnectionType.Accepted) { stream.Read(otherCryptoKey, 0, otherCryptoKey.Length); stream.Read(myCryptoKey, 0, myCryptoKey.Length); stream.Read(otherNonce, 0, otherNonce.Length); stream.Read(myNonce, 0, myNonce.Length); } } } else { throw new NotSupportedException(nameof(keyDerivationAlgorithm)); } _state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce); }