public bool TryLookupMulticastKey(IdentityHash identityHash, out byte[] symmetricKey) { return(multicastEncryptionKeysByIdentity.TryGetValue(identityHash, out symmetricKey)); }
public bool TryDecodePayload(BroadcastMessageDto broadcastMessage, out byte[] decryptedPayload) { var senderHash = broadcastMessage.SourceIdHash; var receiverHash = broadcastMessage.DestinationIdHash; var payload = broadcastMessage.Payload; var signature = broadcastMessage.Signature; byte[] totalMessage; using (var ms = new MemoryStream()) using (var writer = new BinaryWriter(ms)) { writer.Write(senderHash); writer.Write(receiverHash); writer.Write(payload); totalMessage = ms.ToArray(); } var senderNode = identityManager.LookupIdentity(senderHash); if (senderNode == null) { // throw new InvalidStateException("Sender has not recognized"); decryptedPayload = null; return(false); } if (!CryptoUtil.Verify(totalMessage, senderNode.ThisId, signature)) { // throw new CryptographicException("Could not verify message"); decryptedPayload = null; return(false); } // message is now verified byte[] symmetricKey; if (receiverHash.SequenceEqual(BROADCAST_ID)) { // broadcast decryptedPayload = payload; return(true); } else if (receiverHash.SequenceEqual(identityHash)) { // unicast to us var decryptedSenderAndMessage = CryptoUtil.AsymmetricDecrypt(payload, privateKey); if (!decryptedSenderAndMessage.Take(CryptoUtil.HASH_SIZE).SequenceEqual(senderHash)) { // BREACH BREACH BREACH DEPLOY SECURITY COUNTER MEASURES // throw new CryptographicException("DATA WAS BAD THERE ARE BAD PEOPLE HERE THEY MUST BE KEPT OUT"); decryptedPayload = null; return(false); } decryptedPayload = decryptedSenderAndMessage.Skip(CryptoUtil.HASH_SIZE).ToArray(); return(true); } else if (identityManager.TryLookupMulticastKey(IdentityHash.GetFlyweight(receiverHash), out symmetricKey)) { // multicast var iv = payload.Take(CryptoUtil.IV_SIZE).ToArray(); var encryptedMessage = payload.Skip(CryptoUtil.IV_SIZE).ToArray(); var messageAndInnerSignature = CryptoUtil.SymmetricDecrypt(encryptedMessage, symmetricKey, iv); var innerSignature = messageAndInnerSignature.Skip(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray(); var message = messageAndInnerSignature.Take(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray(); if (!CryptoUtil.Verify(message, senderNode.ThisId, innerSignature)) { // throw new CryptographicException("Could not verify inner signature"); decryptedPayload = null; return(false); } decryptedPayload = message; return(true); } else { // unknown multi/unicast decryptedPayload = null; return(false); } }
public void AddMulticastKey(IdentityHash identityHash, byte[] symmetricKey) { multicastEncryptionKeysByIdentity[identityHash] = symmetricKey; }