Exemple #1
0
        public async ValueTask <AuthenticatedResult> AuthenticateAsync(CancellationToken cancellationToken = default)
        {
            var myProfileMessage = new ProfileMessage(
                GenSessionId(),
                (_digitalSignature is null) ? AuthenticationType.None : AuthenticationType.Signature,
                new[] { KeyExchangeAlgorithmType.EcDh_P521_Sha2_256 },
                new[] { KeyDerivationAlgorithmType.Pbkdf2 },
                new[] { CryptoAlgorithmType.Aes_Gcm_256 },
                new[] { HashAlgorithmType.Sha2_256 });
            var otherProfileMessage = await this.ExchangeProfileMessageAsync(myProfileMessage, cancellationToken);

            ParseAlgorithmTypes(myProfileMessage, otherProfileMessage, out var keyExchangeAlgorithmType, out var keyDerivationAlgorithmType, out var cryptoAlgorithmType, out var hashAlgorithmType);

            OmniSignature?signature;

            byte[] secret;

            if (keyExchangeAlgorithmType.HasFlag(KeyExchangeAlgorithmType.EcDh_P521_Sha2_256))
            {
                var myAgreement             = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
                var otherAgreementPublicKey = await this.ExchangeAgreementPublicKeyAsync(myAgreement.GetOmniAgreementPublicKey(), cancellationToken);

                var myHash    = this.ComputeHash(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithmType);
                var otherHash = this.ComputeHash(otherProfileMessage, otherAgreementPublicKey, hashAlgorithmType);

                var myAuthenticationMessage    = AuthenticationMessage.Create(DateTime.UtcNow, myHash, _digitalSignature);
                var otherAuthenticationMessage = await this.ExchangeAuthenticationMessageAsync(myAuthenticationMessage, cancellationToken);

                if ((DateTime.UtcNow - otherAuthenticationMessage.CreationTime.ToDateTime()) > TimeSpan.FromMinutes(30))
                {
                    throw new NotSupportedException();
                }
                if (!BytesOperations.Equals(otherAuthenticationMessage.Hash.Span, otherHash))
                {
                    throw new NotSupportedException();
                }

                signature = otherAuthenticationMessage.Certificate?.GetOmniSignature();
                secret    = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreement.GetOmniAgreementPrivateKey());
            }
            else
            {
                throw new NotSupportedException();
            }

            byte[] encryptKey;
            byte[] decryptKey;
            byte[] encryptNonce;
            byte[] decryptNonce;

            if (keyDerivationAlgorithmType.HasFlag(KeyDerivationAlgorithmType.Pbkdf2))
            {
                byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
                BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);

                int cryptoKeyLength = 0;
                int nonceLength     = 0;

                if (cryptoAlgorithmType.HasFlag(CryptoAlgorithmType.Aes_Gcm_256))
                {
                    cryptoKeyLength = 32;
                    nonceLength     = 12;
                }

                encryptKey   = new byte[cryptoKeyLength];
                decryptKey   = new byte[cryptoKeyLength];
                encryptNonce = new byte[nonceLength];
                decryptNonce = new byte[nonceLength];

                var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];

                if (hashAlgorithmType.HasFlag(HashAlgorithmType.Sha2_256))
                {
                    Pbkdf2_Sha2_256.TryComputeHash(secret.AsSpan(), xorSessionId, 1024, kdfResult);
                }

                using (var stream = new MemoryStream(kdfResult))
                {
                    if (_type == OmniSecureConnectionType.Connected)
                    {
                        stream.Read(encryptKey, 0, encryptKey.Length);
                        stream.Read(decryptKey, 0, decryptKey.Length);
                        stream.Read(encryptNonce, 0, encryptNonce.Length);
                        stream.Read(decryptNonce, 0, decryptNonce.Length);
                    }
                    else if (_type == OmniSecureConnectionType.Accepted)
                    {
                        stream.Read(decryptKey, 0, decryptKey.Length);
                        stream.Read(encryptKey, 0, encryptKey.Length);
                        stream.Read(decryptNonce, 0, decryptNonce.Length);
                        stream.Read(encryptNonce, 0, encryptNonce.Length);
                    }
                }

                return(new AuthenticatedResult()
                {
                    Signature = signature,
                    CryptoAlgorithmType = cryptoAlgorithmType,
                    EncryptKey = encryptKey,
                    DecryptKey = decryptKey,
                    EncryptNonce = encryptNonce,
                    DecryptNonce = decryptNonce,
                });
            }
            else
            {
                throw new NotSupportedException(nameof(keyDerivationAlgorithmType));
            }
        }
Exemple #2
0
        public async ValueTask Handshake(CancellationToken cancellationToken = default)
        {
            ProfileMessage myProfileMessage;
            ProfileMessage?otherProfileMessage = null;
            {
                {
                    var sessionId = new byte[32];
                    using (var randomNumberGenerator = RandomNumberGenerator.Create())
                    {
                        randomNumberGenerator.GetBytes(sessionId);
                    }

                    myProfileMessage = new ProfileMessage(
                        sessionId,
                        (_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password,
                        new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 },
                        new[] { KeyDerivationAlgorithm.Pbkdf2 },
                        new[] { CryptoAlgorithm.Aes_Gcm_256 },
                        new[] { HashAlgorithm.Sha2_256 });
                }

                var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken);
                var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken);

                await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);

                if (otherProfileMessage is null)
                {
                    throw new NullReferenceException();
                }
                if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType)
                {
                    throw new OmniSecureConnectionException("AuthenticationType does not match.");
                }
            }

            var keyExchangeAlgorithm   = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms);
            var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms);
            var cryptoAlgorithm        = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms);
            var hashAlgorithm          = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms);

            if (!EnumHelper.IsValid(keyExchangeAlgorithm))
            {
                throw new OmniSecureConnectionException("key exchange algorithm does not match.");
            }
            if (!EnumHelper.IsValid(keyDerivationAlgorithm))
            {
                throw new OmniSecureConnectionException("key derivation algorithm does not match.");
            }
            if (!EnumHelper.IsValid(cryptoAlgorithm))
            {
                throw new OmniSecureConnectionException("Crypto algorithm does not match.");
            }
            if (!EnumHelper.IsValid(hashAlgorithm))
            {
                throw new OmniSecureConnectionException("Hash algorithm does not match.");
            }

            ReadOnlyMemory <byte> secret = null;

            if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256))
            {
                var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);

                OmniAgreementPrivateKey myAgreementPrivateKey;
                OmniAgreementPublicKey? otherAgreementPublicKey = null;
                {
                    {
                        myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey();

                        var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken);
                        var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken);

                        await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);

                        if (otherAgreementPublicKey is null)
                        {
                            throw new NullReferenceException();
                        }
                        if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30)
                        {
                            throw new OmniSecureConnectionException("Agreement public key has Expired.");
                        }
                    }

                    if (_passwords.Count > 0)
                    {
                        AuthenticationMessage myAuthenticationMessage;
                        AuthenticationMessage?otherAuthenticationMessage = null;
                        {
                            {
                                var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList();

                                _random.Shuffle(myHashAndPasswordList);
                                myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray());
                            }

                            var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken);
                            var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken);

                            await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);

                            if (otherAuthenticationMessage is null)
                            {
                                throw new NullReferenceException();
                            }

                            var matchedPasswords = new List <string>();
                            {
                                var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span));
                                var receiveHashes    = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer);

                                foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm))
                                {
                                    if (receiveHashes.Contains(hash))
                                    {
                                        matchedPasswords.Add(password);
                                    }
                                }
                            }

                            if (matchedPasswords.Count == 0)
                            {
                                throw new OmniSecureConnectionException("Password does not match.");
                            }

                            _matchedPasswords = matchedPasswords.ToArray();
                        }
                    }
                }

                if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
                {
                    secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey);
                }
            }

            byte[] myCryptoKey;
            byte[] otherCryptoKey;
            byte[] myNonce;
            byte[] otherNonce;

            if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2))
            {
                byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
                BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);

                int cryptoKeyLength = 0;
                int nonceLength     = 0;

                if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256))
                {
                    cryptoKeyLength = 32;
                    nonceLength     = 12;
                }

                myCryptoKey    = new byte[cryptoKeyLength];
                otherCryptoKey = new byte[cryptoKeyLength];
                myNonce        = new byte[nonceLength];
                otherNonce     = new byte[nonceLength];

                var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];

                if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
                {
                    Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult);
                }

                using (var stream = new MemoryStream(kdfResult))
                {
                    if (_type == OmniSecureConnectionType.Connected)
                    {
                        stream.Read(myCryptoKey, 0, myCryptoKey.Length);
                        stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
                        stream.Read(myNonce, 0, myNonce.Length);
                        stream.Read(otherNonce, 0, otherNonce.Length);
                    }
                    else if (_type == OmniSecureConnectionType.Accepted)
                    {
                        stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
                        stream.Read(myCryptoKey, 0, myCryptoKey.Length);
                        stream.Read(otherNonce, 0, otherNonce.Length);
                        stream.Read(myNonce, 0, myNonce.Length);
                    }
                }
            }
            else
            {
                throw new NotSupportedException(nameof(keyDerivationAlgorithm));
            }

            _state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce);
        }