/// <summary> /// Performs the secure handshake so we can start sending messages. /// </summary> /// <returns></returns> private async Task HandshakeAsync() { // wait on semaphore await _handshakeSemaphore.WaitAsync(); // check if we got raced if (_serverEncryptionKey != null && !SecureUtils.HasTimeSlotExpired(_serverEncryptionKeyTimeSlot, false)) { return; } try { // create client key GenerateHandshakeKey(); // get certificate if we don't have it yet if (_serverCertificate == null) { // log #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake Requesting certificate..."); #endif // request certificate SecureHeader requestCertificate = new SecureHeader(SecureHeader.HeaderVersion, SecureMessageType.RequestCertificate); // send request Envelope respondCert = await _node.AskAsync(_address, new byte[0], _configuration.HandshakeTimeout, new Dictionary <string, object>() { { SecureHeader.HeaderName, requestCertificate.ToString() } }); // parse response header SecureHeader respondCertHeader = null; try { respondCertHeader = new SecureHeader(Encoding.UTF8.GetString(respondCert.Headers[SecureHeader.HeaderName] as byte[])); } catch (Exception ex) { throw new InvalidDataException("The certificate request response header was invalid", ex); } // check if the certificate response is an error or if it's an incorrect type if (respondCertHeader.Type == SecureMessageType.Error) { SecureErrorMsg errorMsg = respondCert.AsProtoBuf <SecureErrorMsg>(); throw new SecurityException($"{errorMsg.Message} ({errorMsg.Code})"); } else if (respondCertHeader.Type != SecureMessageType.RespondCertificate) { throw new InvalidDataException("The certificate request response header was invalid"); } // decode the certificate response and then check it has actual data SecureRespondCertificateMsg respondCertMsg = respondCert.AsProtoBuf <SecureRespondCertificateMsg>(); if (respondCertMsg.CertificateData == null) { throw new InvalidDataException("The certificate request response was invalid"); } // load certificate from response X509Certificate2 cert = new X509Certificate2(respondCertMsg.CertificateData); // validate it's allowed to act as this service if (_configuration.ValidateAddress) { // check extension is actually there if (cert.Extensions["HolonSecureServices"] == null) { throw new InvalidDataException("The service certificate has no claim for the invoked operation"); } // parse extension X509Extension servicesExt = cert.Extensions["HolonSecureServices"]; } else { #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake WARNING: Not validating services due to configuration!"); #endif } // validate that it's signed by ca authority if (_configuration.ValidateAuthority) { X509Chain chain = new X509Chain(); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.ExtraStore.Add(_configuration.RootAuthority); chain.Build(cert); // get status X509ChainStatus status = chain.ChainStatus.First(); if (status.Status != X509ChainStatusFlags.UntrustedRoot && status.Status != X509ChainStatusFlags.NoError) { throw new InvalidDataException("The service certificate is not signed by the root authority"); } } else { #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake WARNING: Not validating authority due to configuration!"); #endif } // log #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake Got certifcate {cert.Subject} ({cert.Thumbprint})"); #endif _serverCertificate = cert; } // log #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake Requesting key... FirstTime: {_serverEncryptionKey == null}"); #endif // key request SecureRequestKeyMsg requestKeyMsg = new SecureRequestKeyMsg() { HandshakeIV = _handshakeEncryptionIV, HandshakeKey = _handshakeEncryptionKey }; SecureHeader requestKey = new SecureHeader(SecureHeader.HeaderVersion, SecureMessageType.RequestKey); // send request Envelope respondKey = null; using (RSA rsa = _serverCertificate.GetRSAPublicKey()) { using (MemoryStream ms = new MemoryStream()) { // serialize to stream Serializer.Serialize(ms, requestKeyMsg); // encrypt with server certificate byte[] keyRequestBody = rsa.Encrypt(ms.ToArray(), RSAEncryptionPadding.Pkcs1); respondKey = await _node.AskAsync(_address, keyRequestBody, _configuration.HandshakeTimeout, new Dictionary <string, object>() { { SecureHeader.HeaderName, requestKey.ToString() } }); } } // parse response SecureHeader respondKeyHeader = null; try { respondKeyHeader = new SecureHeader(Encoding.UTF8.GetString(respondKey.Headers[SecureHeader.HeaderName] as byte[])); } catch (Exception ex) { throw new InvalidDataException("The key request response header was invalid", ex); } // check if the key response is an error or if it's an incorrect type if (respondKeyHeader.Type == SecureMessageType.Error) { SecureErrorMsg errorMsg = respondKey.AsProtoBuf <SecureErrorMsg>(); throw new SecurityException($"{errorMsg.Message} ({errorMsg.Code})"); } else if (respondKeyHeader.Type != SecureMessageType.RespondKey) { throw new InvalidDataException("The key request response header was invalid"); } // try and decrypt using (MemoryStream decryptedStream = new MemoryStream()) { using (Aes aes = Aes.Create()) { aes.Key = _handshakeEncryptionKey; aes.IV = _handshakeEncryptionIV; using (CryptoStream decryptStream = new CryptoStream(respondKey.AsStream(), aes.CreateDecryptor(), CryptoStreamMode.Read)) { decryptStream.CopyTo(decryptedStream); } } // seek to beginning decryptedStream.Seek(0, SeekOrigin.Begin); // deserialize SecureRespondKeyMsg respondKeyMsg = Serializer.Deserialize <SecureRespondKeyMsg>(decryptedStream); // validate key if (respondKeyMsg.ServerKey == null || respondKeyMsg.ServerNonce == null || respondKeyMsg.ServerKey.Length != 16) { throw new InvalidDataException("The secure key is invalid"); } // log #if DEBUG_SECURE Console.WriteLine($"[Secure] Handshake Got key Timeslot: {respondKeyMsg.KeyTimeSlot} Nonce: {BitConverter.ToString(respondKeyMsg.ServerNonce).Replace("-", "")}"); #endif // set server encryption key _serverEncryptionKey = respondKeyMsg.ServerKey; _serverNonce = respondKeyMsg.ServerNonce; _serverEncryptionKeyTimeSlot = respondKeyMsg.KeyTimeSlot; } } finally { // make sure to release semaphore no matter what _handshakeSemaphore.Release(); } }
/// <summary> /// Handles handshake and encrypted envelopes. /// </summary> /// <param name="envelope">The envelope.</param> /// <returns></returns> public async Task <bool> HandleAsync(Envelope envelope) { // check for secure header SecureHeader secureHeader = null; try { if (envelope.Headers.ContainsKey(SecureHeader.HEADER_NAME)) { secureHeader = new SecureHeader(Encoding.UTF8.GetString(envelope.Headers[SecureHeader.HEADER_NAME] as byte[])); } } catch (Exception) { if (envelope.ID != Guid.Empty) { await ReplyErrorAsync(envelope, new SecureErrorMsg() { Code = "ProtocolInvalid", Message = "The secure message header format is invalid" }); } return(false); } // check if it's a secure message or not if (secureHeader != null && envelope.ID != Guid.Empty) { if (secureHeader.Type == SecureMessageType.RequestCertificate) { #if DEBUG_SECURERPC Console.WriteLine($"[SecureFilter] {nameof(RpcSecureMessageType.RequestCertificate)}"); #endif // build response SecureRespondCertificateMsg respondCertificateMsg = new SecureRespondCertificateMsg(); respondCertificateMsg.CertificateData = _certificate.Export(X509ContentType.Cert); // build reply using (MemoryStream ms = new MemoryStream()) { Serializer.Serialize(ms, respondCertificateMsg); // reply await envelope.Node.ReplyAsync(envelope.ReplyTo, envelope.ID, ms.ToArray(), new Dictionary <string, object>() { { SecureHeader.HEADER_NAME, new SecureHeader(SecureHeader.HEADER_VERSION, SecureMessageType.RespondCertificate).ToString() } }); } return(false); } else if (secureHeader.Type == SecureMessageType.RequestKey) { // decrypt byte[] decryptedBody = null; using (RSA rsa = _certificate.GetRSAPrivateKey()) { decryptedBody = rsa.Decrypt(envelope.Body, RSAEncryptionPadding.Pkcs1); } // deserialize key request SecureRequestKeyMsg requestKeyMsg = null; using (MemoryStream ms = new MemoryStream(decryptedBody)) { requestKeyMsg = Serializer.Deserialize <SecureRequestKeyMsg>(ms); } // validate that the data is there and is the correct size, if not send an error back if (requestKeyMsg.HandshakeIV == null || requestKeyMsg.HandshakeKey == null || requestKeyMsg.HandshakeIV.Length != 16 || requestKeyMsg.HandshakeKey.Length != 16) { await ReplyErrorAsync(envelope, new SecureErrorMsg() { Code = "ProtocolInvalid", Message = "The request key data was invalid" }); return(false); } // generate random nonce byte[] nonceBytes = new byte[16]; using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) { rng.GetBytes(nonceBytes); } // process key request long timeSlot = SecureUtils.GetNextTimeSlot(); byte[] keyBytes = SecureUtils.GenerateKey(nonceBytes, timeSlot, _secret); // log #if DEBUG_SECURERPC Console.WriteLine($"[SecureFilter] {nameof(RpcSecureMessageType.RequestKey)} TimeSlot: {timeSlot} Nonce: {BitConverter.ToString(nonceBytes).Replace("-", "")}"); #endif // build response SecureRespondKeyMsg respondKeyMsg = new SecureRespondKeyMsg(); respondKeyMsg.ServerNonce = nonceBytes; respondKeyMsg.ServerKey = keyBytes; respondKeyMsg.KeyTimeSlot = timeSlot; // encode and encrypt byte[] respondKeyBody = null; using (Aes aes = Aes.Create()) { // setup aes aes.Key = requestKeyMsg.HandshakeKey; aes.IV = requestKeyMsg.HandshakeIV; // build body using (MemoryStream ms = new MemoryStream()) { // encrypt using client key using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write)) { Serializer.Serialize(cs, respondKeyMsg); } // get output respondKeyBody = ms.ToArray(); } } // reply await envelope.Node.ReplyAsync(envelope.ReplyTo, envelope.ID, respondKeyBody, new Dictionary <string, object>() { { SecureHeader.HEADER_NAME, new SecureHeader(SecureHeader.HEADER_VERSION, SecureMessageType.RespondKey).ToString() } }); return(false); } else if (secureHeader.Type == SecureMessageType.RequestMessage) { // deserialize key request SecureMessageMsg msg = null; using (MemoryStream ms = new MemoryStream(envelope.Body)) { msg = Serializer.Deserialize <SecureMessageMsg>(ms); } // validate the data is there and is correct length, if not send invalid data if (msg.Payload == null || msg.ServerNonce == null || msg.ServerNonce.Length != 16) { await ReplyErrorAsync(envelope, new SecureErrorMsg() { Code = "ProtocolInvalid", Message = "The request message data was invalid" }); return(false); } // log #if DEBUG_SECURERPC Console.WriteLine($"[SecureFilter] {nameof(RpcSecureMessageType.RequestMessage)} TimeSlot: {msg.KeyTimeSlot} Nonce: {BitConverter.ToString(msg.ServerNonce).Replace("-", "")}"); #endif // validate expiry of time slot if (SecureUtils.HasTimeSlotExpired(msg.KeyTimeSlot, true)) { await ReplyErrorAsync(envelope, new SecureErrorMsg() { Code = "KeyExpired", Message = "The secure message is encrypted with an outdated key" }); return(false); } // get key byte[] keyBytes = SecureUtils.GenerateKey(msg.ServerNonce, msg.KeyTimeSlot, _secret); using (MemoryStream decryptedPayloadStream = new MemoryStream()) { using (MemoryStream payloadStream = new MemoryStream(msg.Payload)) { using (Aes aes = Aes.Create()) { aes.Key = keyBytes; aes.IV = msg.ServerNonce; using (CryptoStream decryptStream = new CryptoStream(payloadStream, aes.CreateDecryptor(), CryptoStreamMode.Read)) { decryptStream.CopyTo(decryptedPayloadStream); } } } // modify body and set reply channel envelope.Body = decryptedPayloadStream.ToArray(); envelope.Channel = new SecureReplyChannel(envelope, keyBytes, msg.ServerNonce); return(true); } } else { // log #if DEBUG_SECURERPC Console.WriteLine($"[SecureFilter] Unimplemented message type!"); #endif await ReplyErrorAsync(envelope, new SecureErrorMsg() { Code = "ProtocolViolation", Message = "The message type is not relevant or is invalid" }); return(false); } } else { return(true); } }