public void RefreshTLSUser(string userId, byte[] staticPublicKey)
{
Guard.NotNull(userId, staticPublicKey);
var user = new TLSUser(userId, staticPublicKey);
this._usersById[userId] = user;
}
void NewDynamicEncryptionSecret(TLSUser user)
{
var newKeyPair = this._visualCrypt2Service.GenerateECKeyPair().Result;
var newDynamicKeyId = this._ratchetTimer.GetNextTicks(user.DynamicPrivateDecryptionKeys.Count > 0
? user.DynamicPrivateDecryptionKeys.Keys.Max()
: 0);
Debug.Assert(user.LatestDynamicPublicKey != null && user.LatestDynamicPublicKeyId != 0,
"The client always sends a dynamic public key, so we must have it.");
var newDynamicSecret = this._visualCrypt2Service.CalculateAndHashSharedSecret(newKeyPair.PrivateKey, user.LatestDynamicPublicKey);
user.DynamicSecret = new DynamicSecret(recipientId: null,
dynamicSharedSecret: newDynamicSecret,
dynamicPublicKey: newKeyPair.PublicKey,
dynamicPublicKeyId: newDynamicKeyId,
privateKeyHint: user.LatestDynamicPublicKeyId)
{
UseCount = 0
};
user.DynamicPrivateDecryptionKeys[newDynamicKeyId] = newKeyPair.PrivateKey;
this._idsByPrivateKeyHint[newDynamicKeyId] = user.UserId;
RemoveExcessKeys(user);
}
public TLSClientRatchet(string myId, byte[] myPrivateKey, TLSUser server, IVisualCrypt2Service visualCrypt2Service)
{
Guard.NotNull(myId, myPrivateKey, server, visualCrypt2Service);
Guard.NotNull(server.StaticPublicKey);
this.MyId = myId;
this._myIdBytes = Encoding.UTF8.GetBytes(this.MyId);
this._server = server;
this._visualCrypt2Service = visualCrypt2Service;
this._server.AuthSecret = this._visualCrypt2Service.CalculateAndHashSharedSecret(myPrivateKey, this._server.StaticPublicKey);
}
// TODO: Review this, compare it with TLSCLient.RemovePreviousKeys and when key cleanup is done
// This may not work correctly.
void RemoveExcessKeys(TLSUser user)
{
var excess = user.DynamicPrivateDecryptionKeys.Keys.OrderByDescending(k => k).Skip(KeepLatestDynamicPrivateKeys);
foreach (var keyId in excess)
{
user.DynamicPrivateDecryptionKeys.Remove(keyId);
this._idsByPrivateKeyHint.Remove(keyId);
}
}
