/// <summary>
/// Gets decrypted data from a wire message.
/// </summary>
/// <param name="message">Wire message</param>
/// <param name="serializer">Serializer used to deserialized the signed content</param>
/// <param name="sharedSecret">Shared secret (null, if the wire message is not encrypted)</param>
/// <param name="sendersPublicKeyBlob">Public key of the sender used for RSA signature verification</param>
/// <param name="sendersPublicKeySize">Sender's public key size</param>
/// <returns>Decrypted raw data</returns>
public byte[] GetDecryptedMessageData(
WireMessage message,
ISerializerAdapter serializer,
byte[] sharedSecret = null,
byte[] sendersPublicKeyBlob = null,
int sendersPublicKeySize = 0)
{
if (message.Iv.Length > 0 && sharedSecret != null)
{
var decryptedRawData =
AesEncryption.Decrypt(
encryptedData: message.Data,
sharedSecret: sharedSecret,
iv: message.Iv);
var signedMessageData = serializer.Deserialize <SignedMessageData>(decryptedRawData);
if (sendersPublicKeyBlob != null && signedMessageData.Signature != null)
{
if (RsaSignature.VerifySignature(
keySize: sendersPublicKeySize,
sendersPublicKeyBlob: sendersPublicKeyBlob,
rawData: signedMessageData.MessageRawData,
signature: signedMessageData.Signature))
{
return(signedMessageData.MessageRawData);
}
else
{
throw new SecurityException("Verification of message signature failed.");
}
}
else
{
return(decryptedRawData);
}
}
else
{
return(message.Data);
}
}
public void VerifySignature_should_return_true_if_signature_is_valid()
{
int keySize = 4096;
var keyPair = new RsaKeyPair(keySize);
var data = Encoding.UTF8.GetBytes("Test");
var signature =
RsaSignature.CreateSignature(
keySize: keySize,
sendersPrivateKeyBlob: keyPair.PrivateKey,
rawData: data);
var result =
RsaSignature.VerifySignature(
keySize: keySize,
sendersPublicKeyBlob: keyPair.PublicKey,
rawData: data,
signature: signature);
Assert.Equal(512, signature.Length);
Assert.True(result);
}
/// <summary>
/// Processes a complete handshake message from server.
/// </summary>
/// <param name="message">Deserialized WireMessage that contains a plain or encrypted Session ID</param>
private void ProcessCompleteHandshakeMessage(WireMessage message)
{
if (MessageEncryption)
{
var signedMessageData =
Serializer.Deserialize <SignedMessageData>(message.Data);
var encryptedSecret =
Serializer.Deserialize <EncryptedSecret>(signedMessageData.MessageRawData);
_serverPublicKeyBlob = encryptedSecret.SendersPublicKeyBlob;
if (!RsaSignature.VerifySignature(
keySize: _keyPair?.KeySize ?? 0,
sendersPublicKeyBlob: _serverPublicKeyBlob,
rawData: signedMessageData.MessageRawData,
signature: signedMessageData.Signature))
{
throw new SecurityException("Verification of message signature failed.");
}
_sessionId =
new Guid(
RsaKeyExchange.DecrpytSecret(
keySize: _config.KeySize,
// ReSharper disable once PossibleNullReferenceException
receiversPrivateKeyBlob: _keyPair.PrivateKey,
encryptedSecret: encryptedSecret));
}
else
{
_sessionId = new Guid(message.Data);
}
_handshakeCompletedWaitHandle.Set();
}