/// <summary>
/// encrypt the request
/// </summary>
protected void ProcessRequest(ITransportHeaders headers, ref Stream stream)
{
if (FEncryptionKey == null)
{
// create a symmetric key
Rijndael alg = new RijndaelManaged();
alg.GenerateKey();
FEncryptionKey = alg.Key;
SendKeyAgain = true;
}
if (SendKeyAgain)
{
// tell the server the symmetric key,
// but encrypt with the public key of the server.
// this means that only the server can read the secret key.
RSACryptoServiceProvider serverRSA = new RSACryptoServiceProvider();
serverRSA.ImportParameters(FPublicKeyServer);
string encryptedSymmetricKey = Convert.ToBase64String(serverRSA.Encrypt(FEncryptionKey, false));
headers[EncryptionRijndael.GetEncryptionName() + "KEY"] = encryptedSymmetricKey;
SendKeyAgain = false;
}
headers["ClientGuid"] = CurrentClientGuid;
byte[] EncryptionIV;
stream = EncryptionRijndael.Encrypt(FEncryptionKey, stream, out EncryptionIV);
headers[EncryptionRijndael.GetEncryptionName()] = "Yes";
// the initialisation vector is no secret, but we need to generate it for each encryption, and it is needed for decryption
headers[EncryptionRijndael.GetEncryptionName() + "IV"] = Convert.ToBase64String(EncryptionIV);
}
/// <summary>
/// decrypt the response
/// </summary>
protected void ProcessResponse(ITransportHeaders headers, ref Stream stream)
{
if (headers[EncryptionRijndael.GetEncryptionName()] != null)
{
byte[] EncryptionIV = Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "IV"]);
stream = EncryptionRijndael.Decrypt(FEncryptionKey, stream, EncryptionIV);
}
}
/// <summary>
/// encrypt the response
/// </summary>
protected void ProcessResponse(ITransportHeaders headers, ref Stream stream, object state, string AClientGuid)
{
if (state != null)
{
byte[] EncryptionIV;
stream = EncryptionRijndael.Encrypt(FEncryptionKeys[AClientGuid], stream, out EncryptionIV);
headers[EncryptionRijndael.GetEncryptionName()] = "Yes";
// the initialisation vector is no secret, but we need to generate it for each encryption, and it is needed for decryption
headers[EncryptionRijndael.GetEncryptionName() + "IV"] = Convert.ToBase64String(EncryptionIV);
}
}
public void EncipherTest()
{
uint[] keys =
{
12, 23, 34, 45, 56, 67, 78, 89,
};
byte[] expected = new byte[] { 96, 97, 98, 99 };
var encrypter = new EncryptionRijndael();
byte[] ciphertext = encrypter.Encrypt(expected, keys);
byte[] actual = encrypter.Decrypt(ciphertext, keys);
CollectionAssert.AreEqual(expected, actual);
}
/// <summary>
/// decrypt the request
/// </summary>
protected string ProcessRequest(ITransportHeaders headers, ref Stream stream, ref object state)
{
if (headers[EncryptionRijndael.GetEncryptionName()] != null)
{
string ClientGuid = headers["ClientGuid"].ToString();
if (headers[EncryptionRijndael.GetEncryptionName() + "KEY"] != null)
{
// read the symmetric key, which has been encrypted with our public key
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSA.ImportParameters(FPrivateKey);
// this can overwrite the encryption key of another connection?
byte[] EncryptionKey = RSA.Decrypt(
Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "KEY"]), false);
if (!FEncryptionKeys.ContainsKey(ClientGuid))
{
FEncryptionKeys.Add(ClientGuid, EncryptionKey);
}
else
{
FEncryptionKeys[ClientGuid] = EncryptionKey;
}
}
byte[] EncryptionIV = Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "IV"]);
stream = EncryptionRijndael.Decrypt(FEncryptionKeys[ClientGuid], stream, EncryptionIV);
state = true;
return(ClientGuid);
}
else
{
throw new Exception("EncryptionServerSink: We cannot allow non encrypted traffic");
}
}
