/// <param name="receivedFromUser">comes from local contact book. is null if it is contact invitation</param>
internal static InviteSessionDescription Decrypt_Verify(ICryptoLibrary cryptoLibrary, byte[] encryptedSdData,
InviteRequestPacket req,
InviteAck1Packet ack1,
bool ack1SdIsReady,
InviteSession session,
UserId receivedFromUserNullable,
DateTime localTimeNowUtc
)
{
#region key, iv
BinaryProcedures.CreateBinaryWriter(out var ms2, out var w2);
req.GetSharedSignedFields(w2);
ack1.GetSharedSignedFields(w2, ack1SdIsReady);
var iv = cryptoLibrary.GetHashSHA256(ms2.ToArray()).Take(16).ToArray();
ms2.Write(session.SharedInviteAckDhSecret, 0, session.SharedInviteAckDhSecret.Length);
var aesKey = cryptoLibrary.GetHashSHA256(ms2.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
// decrypt
var plainTextSdData = new byte[encryptedSdData.Length];
cryptoLibrary.ProcessAesCbcBlocks(false, aesKey, iv, encryptedSdData, plainTextSdData);
var r = new InviteSessionDescription();
var reader = BinaryProcedures.CreateBinaryReader(plainTextSdData, 0);
r.Flags = reader.ReadByte();
if ((r.Flags & FlagsMask_MustBeZero) != 0)
{
throw new NotImplementedException();
}
r.UserCertificate = UserCertificate.Decode_AssertIsValidNow(reader, cryptoLibrary, receivedFromUserNullable, localTimeNowUtc);
r.DirectChannelEndPoint = BinaryProcedures.DecodeIPEndPoint(reader);
r.NatBehaviour = NatBehaviourModel.Decode(reader);
r.DirectChannelToken32 = DirectChannelToken32.Decode(reader);
r.SessionType = (SessionType)reader.ReadByte();
r.UserCertificateSignature = UserCertificateSignature.DecodeAndVerify(reader, cryptoLibrary,
w =>
{
req.GetSharedSignedFields(w);
ack1.GetSharedSignedFields(w, ack1SdIsReady);
r.WriteSignedFields(w);
},
r.UserCertificate);
return(r);
}
/// <param name="ack1SdIsReady">
/// =true for SD in ACK2
/// =false for SD in ACK1 (since the SessionDescription is not initialized yet)
/// </param>
internal byte[] Encrypt(ICryptoLibrary cryptoLibrary, InviteRequestPacket req, InviteAck1Packet ack1, InviteSession session,
bool ack1SdIsReady
)
{
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write(Flags);
UserCertificate.Encode(w, false);
BinaryProcedures.EncodeIPEndPoint(w, DirectChannelEndPoint);
NatBehaviour.Encode(w);
DirectChannelToken32.Encode(w);
w.Write((byte)SessionType);
UserCertificateSignature.Encode(w);
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
var plainTextSdData = ms.ToArray();
var encryptedSdData = new byte[plainTextSdData.Length];
#region key, iv
BinaryProcedures.CreateBinaryWriter(out var ms2, out var w2);
req.GetSharedSignedFields(w2);
ack1.GetSharedSignedFields(w2, ack1SdIsReady);
var iv = cryptoLibrary.GetHashSHA256(ms2.ToArray()).Take(16).ToArray();
ms2.Write(session.SharedInviteAckDhSecret, 0, session.SharedInviteAckDhSecret.Length);
var aesKey = cryptoLibrary.GetHashSHA256(ms2.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, plainTextSdData, encryptedSdData);
return(encryptedSdData);
}