private Message Challenge(Session session, Message msg)
{
var protocol = session.Protocol;
if (protocol.State != MessageProtocolState.WaitChallenge)
{
throw new DistortedHandshakeException();
}
var remoteChallenge = new byte[sizeof(ulong)].AsSpan();
msg.Read(remoteChallenge);
var expected = HandshakeHelpers.GetKey(this._localPublic, this._remotePublic).AsSpan();
HandshakeHelpers.KeyTransformValue(expected, this._commonSecret, (byte)(this._localPublic & 7));
protocol.Blowfish.Encrypt(expected);
if (!remoteChallenge.SequenceEqual(expected))
{
throw new InvalidHandshakeException();
}
HandshakeHelpers.KeyTransformValue(this._key.AsSpan(), this._commonSecret, 3);
protocol.Blowfish = new Blowfish(this._key.AsSpan());
protocol.State = MessageProtocolState.Completed;
return(new Message(MessageID.HANDSHAKE_ACCEPT));
}
public Task Handshake(Session session, Message msg)
{
var protocol = session.Protocol;
if (protocol.State != MessageProtocolState.WaitChallenge)
{
throw new DistortedHandshakeException();
}
var remotePublic = msg.Read <uint>();
var remoteChallenge = new byte[sizeof(ulong)].AsSpan();
msg.Read(remoteChallenge);
var commonSecret = HandshakeHelpers.PowMod(remotePublic, this._localPrivate, this._prime);
var key = HandshakeHelpers.GetKey(this._localPublic, remotePublic);
HandshakeHelpers.KeyTransformValue(key.AsSpan(), commonSecret, (byte)(commonSecret & 3));
protocol.Blowfish = new Blowfish(key.AsSpan());
protocol.Blowfish.Decrypt(remoteChallenge);
var expected = HandshakeHelpers.GetKey(remotePublic, this._localPublic).AsSpan();
HandshakeHelpers.KeyTransformValue(expected, commonSecret, (byte)(remotePublic & 7));
if (!remoteChallenge.SequenceEqual(expected))
{
throw new InvalidHandshakeException();
}
var challenge = HandshakeHelpers.GetKey(this._localPublic, remotePublic).AsSpan();
HandshakeHelpers.KeyTransformValue(challenge, commonSecret, (byte)(this._localPublic & 7));
protocol.Blowfish.Encrypt(challenge);
HandshakeHelpers.KeyTransformValue(this._key.AsSpan(), commonSecret, 3);
protocol.Blowfish = new Blowfish(this._key.AsSpan());
var res = new Message(MessageID.HANDSHAKE, 9);
res.Write(MessageProtocolOption.KeyChallenge);
res.Write <byte>(challenge);
protocol.State = MessageProtocolState.WaitAccept;
return(session.SendAsync(res));
}
private Message Setup(Session session, Message msg)
{
var protocol = session.Protocol;
if (protocol.State != MessageProtocolState.WaitSetup)
{
throw new DistortedHandshakeException();
}
msg.Read(this._key.AsSpan());
var generator = msg.Read <uint>();
var prime = msg.Read <uint>();
this._localPublic = msg.Read <uint>();
var localPrivate = (uint)RandomNumberGenerator.GetInt32(1, int.MaxValue) & int.MaxValue;
this._remotePublic = HandshakeHelpers.PowMod(generator, localPrivate, prime);
this._commonSecret = HandshakeHelpers.PowMod(this._localPublic, localPrivate, prime);
var key = HandshakeHelpers.GetKey(this._localPublic, this._remotePublic).AsSpan();
HandshakeHelpers.KeyTransformValue(key, this._commonSecret, (byte)(this._commonSecret & 3));
protocol.Blowfish = new Blowfish(key);
var localChallenge = HandshakeHelpers.GetKey(this._remotePublic, this._localPublic).AsSpan();
HandshakeHelpers.KeyTransformValue(localChallenge, this._commonSecret, (byte)(this._remotePublic & 7));
protocol.Blowfish.Encrypt(localChallenge);
var res = new Message(MessageID.HANDSHAKE, sizeof(uint) + sizeof(ulong));
res.Write(this._remotePublic);
res.Write <byte>(localChallenge);
protocol.State = MessageProtocolState.WaitChallenge;
return(res);
}
public async Task Begin(Session session)
{
var protocol = session.Protocol;
if (protocol.State != MessageProtocolState.None)
{
throw new DistortedHandshakeException();
}
var msg = new Message(MessageID.HANDSHAKE, 25);
msg.Write(protocol.Option);
if (protocol.Option.HasFlag(MessageProtocolOption.Encryption))
{
var key = new byte[sizeof(ulong)];
RandomNumberGenerator.Fill(key.AsSpan());
protocol.Blowfish = new Blowfish(key.AsSpan());
msg.Write <byte>(key.AsSpan());
}
if (protocol.Option.HasFlag(MessageProtocolOption.Checksum))
{
var seqSeed = (uint)RandomNumberGenerator.GetInt32(byte.MaxValue);
var crcSeed = (uint)RandomNumberGenerator.GetInt32(byte.MaxValue);
protocol.Sequence = new MessageSequence(seqSeed);
protocol.Crc = new MessageCRC(crcSeed);
msg.Write(seqSeed);
msg.Write(crcSeed);
}
if (protocol.Option.HasFlag(MessageProtocolOption.KeyExchange))
{
RandomNumberGenerator.Fill(this._key.AsSpan());
this._localPrivate = (uint)RandomNumberGenerator.GetInt32(int.MaxValue);
this._generator = (uint)RandomNumberGenerator.GetInt32(1, int.MaxValue);
this._prime = (uint)RandomNumberGenerator.GetInt32(1, int.MaxValue);
this._localPublic = HandshakeHelpers.PowMod(this._generator, this._localPrivate, this._prime);
msg.Write <byte>(this._key);
msg.Write(this._generator);
msg.Write(this._prime);
msg.Write(this._localPublic);
protocol.State = MessageProtocolState.WaitChallenge;
}
else
{
protocol.State = MessageProtocolState.WaitAccept;
}
if (protocol.Option.HasFlag(MessageProtocolOption.KeyChallenge))
{
protocol.State = MessageProtocolState.WaitChallenge;
}
await session.SendAsync(msg);
}
