/// <summary>
/// Notifies clients of the current authentication state.
/// </summary>
/// <param name="action">
/// The authentication command which reflects the current auth state.
/// </param>
public void NotifyAuthenticationStatus(AuthenticationAction action, string username = null, AuthenticationResultObject authenticationResult = null)
{
// KF - I edited this function to take two arguments instead of one and then refactored all the code that calls it to pass in an AuthenticationResultObject
switch (m_waitingForAuth)
{
case true:
{
m_waitingForAuth = action == AuthenticationAction.Authenticated ? false : true;
}
break;
case false:
{
m_waitingForAuth = action == AuthenticationAction.Required;
}
break;
}
var authResult = new AuthenticationResultObject();
if (authenticationResult != null)
{
authResult = authenticationResult;
}
var msg = new AuthenticationMessage(action, authResult, username); // KF - Also added a constructor to AuthenticationMessage);
PushMessage(msg);
}
public void TestPasswordMessageCreateMd5()
{
var salt = new byte[] { 0x77, 0x16, 0x3e, 0xe3 };
var authMessage = new AuthenticationMessage {
AuthenticationMessageType = AuthenticationMessageType.MD5Password,
DataBuffer = salt
};
var state = PostgresClientState.CreateDefault();
var connectionString = new PostgresConnectionString(
PostgresServerInformation.FakeConnectionString);
var passwordMessage = PasswordMessage
.CreateMd5(authMessage, state, connectionString);
const string expectedHash = "md583ce447ce89d7e4e943205ff8f82f76a";
try
{
var actualHash = Encoding.ASCII.GetString(
passwordMessage.Password, 0,
passwordMessage.PasswordLength);
Assert.AreEqual(0x23, passwordMessage.PasswordLength);
Assert.AreEqual(expectedHash, actualHash);
}
finally
{
authMessage.TryDispose();
passwordMessage.TryDispose();
}
}
//---msg readers
private void AuthenticationMsgReader(ReceivedMsg receivedMsg, AuthenticationMessage msg)
{
UserAuthenticationState autState;
if (_authenticationStates.TryGetValue((IScsServerClient)receivedMsg.Sender, out autState))
{
autState.Step1_MsgReader(receivedMsg, msg);
if (autState.State == UserAuthenticationState.AuthenticationState.Success)
{
// Удаляем аутентификатор
_authenticationStates.Remove(autState.ScsClient);
//Сначала добавляем потом удаляем, чтобы не бьыло ни наносекунды, когда никто не слушает клиента
//_msgQueue.AddMessenger(autState.ScsClient);
//_msgQueueForAutentification.RemoveMessenger(autState.ScsClient);
_authenticatedUsers.Add(autState.ScsClient, autState.User);
autState.ScsClient.SendMessage(new AuthenticationSuccesMessage());
OnUserLogin?.Invoke(this, new UserEventArgs(autState.User));
}
}
else
{
Console.WriteLine(GetType().Name + " :AuthenticationMsgReader error login=" + msg.login);
}
}
public Task <StatusMessage> Authenticate(AuthenticationMessage message)
{
message.Id = NextId();
message.Op = REQUEST_AUTHENTICATION;
return(SendMessage(new RequestResponse((int)message.Id, message,
success => Status = ConnectionStatus.AUTHENTICATED)));
}
public static void Test_Returns_False_For_Session_Who_Stole_Others_Token()
{
//arrange
Mock <ISigningService> signingService = new Mock <ISigningService>();
signingService.Setup(x => x.isSigned(It.IsAny <byte[]>(), It.IsAny <byte[]>()))
.Returns(true);
ElevationManager elevationManager = new ElevationManager(Mock.Of <ILog>(), signingService.Object);
IElevatableSession session = Mock.Of <IElevatableSession>();
AuthenticationMessage message = new AuthenticationMessage(new byte[0]);
session.UniqueAuthToken = elevationManager.RequestSingleUseToken(session);
//act:Preform a authentication
elevationManager.TryAuthenticate(session, message);
//assert
Assert.True(elevationManager.isElevated(session));
//Should fail because this session isn't authorized with this token
IElevatableSession criminalSession = Mock.Of <IElevatableSession>();
criminalSession.UniqueAuthToken = session.UniqueAuthToken;
Assert.False(elevationManager.isElevated(criminalSession));
}
public static void SendAuthenticationRequest(AuthenticationMessage authMessage, UserAuthenticatedCallback callback)
{
byte [] data = authMessage.GetMessageBytes();
authenticatedCallback = callback;
ChatService.SendData(data);
}
/// <summary>
/// Authenticate the client on the server.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
public void SendAuthentication(string username, string password)
{
var authMessage = new AuthenticationMessage()
{
Username = username, Password = password
};
Send(authMessage);
}
public bool Verify()
{
using var bytesPipe = new BytesPipe();
var target = new AuthenticationMessage(this.CreationTime, this.Hash, null);
target.Export(bytesPipe.Writer, BytesPool.Shared);
return(this.Certificate?.Verify(bytesPipe.Reader.GetSequence()) ?? false);
}
void SendAuthentication(NetworkConnection conn)
{
Debug.LogWarning("Dev: Started SendAuthentication");
AuthenticationMessage message = new AuthenticationMessage()
{
username = AuthenticationParameters.UserName,
password = AuthenticationParameters.Password
};
conn.Send(CustomMeesageTypes.AuthenticationMsgType, message);
Debug.LogWarning("Dev: Finished SendAuthentication");
}
public void Callback(AuthenticationMessage authenticationFailureResult)
{
this.logger.Info("Authentication result {0}, {1}", authenticationFailureResult.Action, authenticationFailureResult.AuthenticationResult.AuthenticationResult);
switch (authenticationFailureResult.Action)
{
case AuthenticationAction.Denied:
case AuthenticationAction.Required:
case AuthenticationAction.InvalidInput:
{
// User needs to log in.
//BringAppToFocus();
Device.BeginInvokeOnMainThread(async() =>
{
if (!(app.NavPage.CurrentPage is LoginPage))
{
await app.NavPage.PushAsync(new LoginPage());
}
});
/*m_mainWindow.Dispatcher.InvokeAsync(() =>
* {
* ((MainWindowViewModel)m_mainWindow.DataContext).IsUserLoggedIn = false;
* });*/
}
break;
case AuthenticationAction.Authenticated:
case AuthenticationAction.ErrorNoInternet:
case AuthenticationAction.ErrorUnknown:
{
Device.BeginInvokeOnMainThread(async() =>
{
if (app.NavPage.CurrentPage is LoginPage)
{
await app.NavPage.PopToRootAsync();
}
});
/*m_logger.Info($"The logged in user is {authenticationFailureResult.Username}");
*
* m_mainWindow.Dispatcher.InvokeAsync(() =>
* {
* ((MainWindowViewModel)m_mainWindow.DataContext).LoggedInUser = authenticationFailureResult.Username;
* ((MainWindowViewModel)m_mainWindow.DataContext).IsUserLoggedIn = true;
* });
*
* OnViewChangeRequest(typeof(DashboardView));*/
}
break;
}
}
private void Button_Click(object sender, RoutedEventArgs e)
{
AuthenticationMessage data = new AuthenticationMessage {
Username = UsernameTextbox.Text,
Password = PasswordTextbox.Password,
MessageType = MessageType.Authentication
};
if (!attemptingLogin)
{
CommunicationManager.SendAuthenticationRequest(data, (args) => NavigateToChat(args));
attemptingLogin = true;
}
}
/// <summary>
/// Sends credentials to the server to attempt authentication.
/// </summary>
/// <param name="username">
/// Username to authorize with.
/// </param>
/// <param name="password">
/// Password to authorize with.
/// </param>
public void AttemptAuthentication(string username, SecureString password)
{
var msg = new AuthenticationMessage(AuthenticationAction.Requested, username, password);
var logger = LoggerUtil.GetAppWideLogger();
try
{
PushMessage(msg);
}
catch (Exception e)
{
LoggerUtil.RecursivelyLogException(logger, e);
}
}
private void NavigateToChat(AuthenticationMessage authData)
{
attemptingLogin = false;
if (authData.Success)
{
Dispatcher.Invoke(DispatcherPriority.Normal,
new Action(async() => {
await AnimateOut();
(Application.Current.MainWindow as MainWindow).MainFrame.NavigationService.Navigate(new ChatPage(new Models.User()
{
Name = UsernameTextbox.Text
}));
}));
}
}
public static AuthenticationMessage Create(DateTime creationTime, ReadOnlyMemory <byte> hash, OmniDigitalSignature?digitalSignature)
{
if (digitalSignature is null)
{
return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null));
}
using var bytesPipe = new BytesPipe();
var target = new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null);
target.Export(bytesPipe.Writer, BytesPool.Shared);
var certificate = OmniDigitalSignature.CreateOmniCertificate(digitalSignature, bytesPipe.Reader.GetSequence());
return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, certificate));
}
public void Step1_MsgReader(ReceivedMsg receivedMsg, AuthenticationMessage authenticationMessage)
{
if (receivedMsg.Sender == ScsClient)
{
Console.WriteLine(GetType().Name + " :Get AuthenticationMessage " + authenticationMessage.login);
if (State == AuthenticationState.Processing)
{
User = new User(authenticationMessage.login, ScsClient);
State = AuthenticationState.Success;
//Console.WriteLine("Authentication Success login=" + authenticationMessage.login);
}
Stop();
}
}
/// <summary>
/// Constructs a new AuthenticationRequestArgs instance from the given client message.
/// </summary>
/// <param name="msg">
/// The client authentication message.
/// </param>
public AuthenticationRequestArgs(AuthenticationMessage msg)
{
Username = msg.Username;
Password = new SecureString();
try
{
foreach (var c in msg.Password)
{
Password.AppendChar((char)c);
}
}
finally
{
Array.Clear(msg.Password, 00, msg.Password.Length);
}
}
public static void ReceivedMessage(NetworkMessage networkMessage)
{
Debug.WriteLine("Message received");
// Read the message type
MessageType msgType = (MessageType)networkMessage.GetMessageType();
string json = networkMessage.GetJSONFromBuffer();
switch (msgType)
{
case MessageType.Authentication:
AuthenticationMessage auth = JsonConvert.DeserializeObject <AuthenticationMessage>(json);
if (authenticatedCallback != null)
{
authenticatedCallback?.Invoke(auth);
}
break;
case MessageType.ChatMessage:
ChatMessage chat = JsonConvert.DeserializeObject <ChatMessage>(json);
OnMessageReceived?.Invoke(null, chat);
break;
case MessageType.UserState:
UserStateMessage userState = JsonConvert.DeserializeObject <UserStateMessage>(json);
OnMessageReceived?.Invoke(null, new ChatMessage()
{
Sender = new User()
{
Name = "SYSTEM"
},
Content = userState.User.Name + " has " + (userState.IsOnline ? "come online" : "gone offline"),
Date = userState.Date
});
break;
default:
break;
}
}
public static void Test_Returns_True_After_Sucessful_Authentication()
{
//arrange
Mock <ISigningService> signingService = new Mock <ISigningService>();
signingService.Setup(x => x.isSigned(It.IsAny <byte[]>(), It.IsAny <byte[]>()))
.Returns(true);
ElevationManager elevationManager = new ElevationManager(Mock.Of <ILog>(), signingService.Object);
IElevatableSession session = Mock.Of <IElevatableSession>();
AuthenticationMessage message = new AuthenticationMessage(new byte[0]);
session.UniqueAuthToken = elevationManager.RequestSingleUseToken(session);
//act:Preform a authentication
elevationManager.TryAuthenticate(session, message);
//assrt
Assert.True(elevationManager.isElevated(session));
}
public static void HandleAuthentication(IMessage message, IConnection connection)
{
AuthenticationMessage authMessage = message as AuthenticationMessage;
string passHash = "";
try
{
passHash = Conn.GetPersonPassHash(authMessage.Login);
}
catch (Exception e)
{
connection.Send(MessageFactory.MakeAuthenticationResposeMessage("", Status.Error, e.Message));
return;
}
if (passHash == Hash(authMessage.Password))
{
SendToken(authMessage.Login, connection);
return;
}
connection.Send(MessageFactory.MakeAuthenticationResposeMessage("", Status.Error, "Пароли не совпадают."));
}
public async Task <AuthenticationMessage> SendAuthenticationMessageAsync(string deviceId, Guid customerId, string phoneNumber, string messageText, bool isSms)
{
if (isSms)
{
// TODO : this should not be here !!!!!
var config = new ConfigurationBuilder()
.AddJsonFile("appconfig.json")
.Build();
//TODO: refactor
var accountSid = config["accountId"];
var authToken = config["authToken"];
var sendFrom = config["phonenumber"];
TwilioClient.Init(accountSid, authToken);
var message = await MessageResource.CreateAsync(
body : messageText,
from : new Twilio.Types.PhoneNumber(sendFrom),
to : new Twilio.Types.PhoneNumber(phoneNumber));
var m = new AuthenticationMessage
{
Customer = await _dbContext.Customers.FirstOrDefaultAsync(x => x.Id == customerId),
Data = messageText,
Device = await _dbContext.Devices.FirstOrDefaultAsync(x => x.DeviceId == deviceId),
DateCreated = DateTime.Now,
IsUsed = false
};
_dbContext.AuthenticationMessages.Add(m);
await _dbContext.SaveChangesAsync();
return(m);
}
return(null);
}
private void Authenticate(AuthenticationMessage authenticationMessage)
{
PasswordMessage passwordMessage;
switch (authenticationMessage.AuthenticationMessageType)
{
case AuthenticationMessageType.MD5Password:
passwordMessage = PasswordMessage.CreateMd5(
authenticationMessage, ClientState,
PostgresConnectionString);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(authenticationMessage.AuthenticationMessageType),
authenticationMessage.AuthenticationMessageType,
"Authentication method not supported.");
}
using (passwordMessage)
{
WriteMessage(passwordMessage);
}
}
/// <summary>
/// This method is the implementation of IConferenceServer.
/// This methos is called from client side to connect to a particular meeting.
/// This methods do the following things:
/// -Search Conference from running conferences on this server--if found return conference room object
/// otherwise search db & make new object of conferenceroom and return that
/// -Create new AuthenticationMessage with profile.ClientId that is passed to JoinConference method.
/// -Check conf==null then throw exception that specified conference id not found.
/// -check conference capacity by executing query to mysql and throw exception in the case when capacity is full
/// -sleep thread 1 seconds.
/// -validate password of the meeting....its just empty function return true in all casees
/// -Always else condition of if(!ValidateAuthentication(Password,"" + conferenceID)) statement run
/// --check ctool_guest if IsGuest=true, if IsGuest=false then check ctool_company_member table
/// --Assign Msg object different values like ftp_ip,username & password etc
/// --check query result that is run again IsGuest true/false, assign different values to profile & msg object
/// -check duplicate profile name..if found throw exception of duplicate user
/// -this condition will not run because on previous statement we throw exception on same name
/// if(cp.ClientRegistrationId == profile.ClientRegistrationId) // client exist in this meeting
/// -conf.AttachClient(profile.Name,profile,Msg); will add the profile uri to dispatcher list so that
/// user can get the message when some message is broadcast.
/// -Add message join messages
/// -insert profile.cleintid in the ctool_billing with billing_mtype=1 with quest and billing_mtype=0 for non-guest.
/// -Select billing id against insertion and asssign it into the profile.billingid which further used in the billing consumer function named
/// public void UpdateBillingInformation()
/// -return conferenceroom object.
/// </summary>
/// <param name="conferenceID"></param>
/// <param name="profile"></param>
/// <param name="Msg"></param>
/// <param name="Password"></param>
/// <param name="IsGuest"></param>
/// <returns></returns>
public IConferenceRoom JoinConference(int conferenceID,ref WebMeeting.Common.ClientProfile profile,out AuthenticationMessage Msg, string Password,bool IsGuest)
{
Console.WriteLine(" On Join Called \n Going inside Search Conference");
ConferenceRoom conf;
//
// Find the conference
//
conf = SearchConference(conferenceID.ToString());
Msg = new AuthenticationMessage(profile.ClientId,true);
//try
//{
//
// If conf not found, raise an error
//
if(conf == null)
{
throw (new System.ArgumentException("No conference with specified Id found hosted on this server", conferenceID.ToString()));
}
string sql = "select meeting_capacity from ctool_meeting where meeting_id = " + conf.ConferenceId;
ArrayList Recordset = dbCon.Execute(sql);
//Console.WriteLine(sql + "\n Execute. Recordset Count = " + Recordset.Count.ToString());
if(Recordset.Count < 1)
{
throw (new System.ArgumentException("No conference with specified Id found hosted on this server", conferenceID.ToString() ));
}
ArrayList Record = (ArrayList)Recordset[0];
int nTotal = Convert.ToInt32(Record[0]);
if((conf.ClientList.Count + 1) > (nTotal+1))
{
throw (new System.ArgumentException("No More users can join this conference. Conference Capacity reached", "Max" + conferenceID.ToString()));
}
//this sleep code should be removed as it slow the connection speed of the application.
System.Threading.Thread.Sleep(1000);
//ValidateAuthentication(Password,"" + conferenceID)--this method does nothing,its always send
//true
/*
if(!ValidateAuthentication(Password,"" + conferenceID))
{
Console.WriteLine("\nUser not validated ");
throw (new System.ArgumentException("Invalid Meeting Password", Password));
}
else
*/
{
string sql2= "Select company_member_fname,company_member_email,company_acc_name From ctool_company_member,ctool_company_acc where company_acc_id = company_member_cid AND company_member_id = " + profile.ClientRegistrationId;
if(IsGuest)
{
sql2 = "Select * from ctool_guest where guest_id = " + profile.ClientRegistrationId;
}
profile.IsGuest = IsGuest;
ArrayList recordSet = dbCon.Execute(sql2);
if(recordSet.Count < 1)
{
throw (new System.ArgumentException("No user exists with specified username","ClientRegistrationId"));
}
else
{
Msg.ConferenceName = conf.conferenceName;
Msg.FTPPassoword = this.FTP_Password;
Msg.FTPUsername = this.FTP_Username;
Msg.FTPPort = this.FTP_PORT;
Msg.FTP_IP = this.FTP_IP;
Msg.ImageURL = GetImage("" + conferenceID);
Msg.SenderID=-1;
Msg.VoiceIP = voiceServerIP;
Msg.VoicePort = voiceServerPort;
Msg.voiceConferenceId = conf.conferenceVoiceSessionID;
if(recordSet.Count > 0)
{
if(IsGuest)
{
ArrayList record = (ArrayList)recordSet[0];
string strFName =record[3].ToString();
profile.Name = strFName;
profile.EMailAddress = record[4].ToString().ToLower();
Msg.companyName = "Guest Account";
Msg.ClientName = strFName;
Msg.ClientEmail = profile.EMailAddress;//record[1].ToString().ToLower();
Msg.SenderID=-1;
}
else
{
ArrayList record = (ArrayList)recordSet[0];
string strFName =record[0].ToString();
profile.Name = strFName;
profile.EMailAddress = record[1].ToString().ToLower();
profile.Name = strFName;
Msg.companyName =record[2].ToString();
Msg.ClientName = strFName;
Msg.ClientEmail = record[1].ToString().ToLower();
Msg.SenderID=-1;
}
}
}
}
Console.WriteLine("profile name :::"+profile.Name);
foreach(ClientProfile cp in conf.ClientList.Values)
{
Console.WriteLine("client List name :::"+cp.Name.Trim());
// To avoid the duplicate name
if(cp.Name.Trim()==profile.Name.Trim())
{
Console.WriteLine("Exception fired of login duplicate");
throw (new System.ArgumentException("A user is already login with name.", profile.Name.Trim()));
}
//
if(cp.ClientRegistrationId == profile.ClientRegistrationId) // client exist in this meeting
{
// zaeem Vierw thios condition doesnt seem to be working ok
// Wil see that later
conf.checkConnectionUrgent(cp.ClientId );
//break;
}
}
Console.WriteLine("Meeting Name " + Msg.ConferenceName);
Console.WriteLine("\n Calling AttachClient");
conf.AttachClient(profile.Name,profile,Msg);
Console.WriteLine("\n Attach Client Called");
GenuineUtility.CurrentSession["Profile"] = profile;
//******************** Logging
ST_flowMsg FlowMsgObj = new ST_flowMsg ();
FlowMsgObj.meetID = conf.ConferenceId ;
FlowMsgObj.curDate= DateTime.Now.Year + "-" + DateTime.Now.Month +"-" + DateTime.Now.Day + " " + DateTime.Now.Hour + ":" + DateTime.Now.Minute + ":" + DateTime.Now.Second;
FlowMsgObj.curMsg = profile.Name + " has joined the "+ conf.conferenceName +" conference ." ;
FlowMsgObj.MsgCategory = "Attendee Joins and Leaves";
//Zaeem Removed logging
//flowMsgs.Add(FlowMsgObj);
FlowMsgObj = null;
return conf;
/*
}
catch(Exception exp)
{
Console.WriteLine("******** Exception in Join conference **********");
Console.WriteLine(exp.Message.ToString());
Console.WriteLine(exp.StackTrace.ToString());
Console.WriteLine("********End Exception in Join conference **********");
return conf;
}
*/
}
public async ValueTask <AuthenticatedResult> AuthenticateAsync(CancellationToken cancellationToken = default)
{
var myProfileMessage = new ProfileMessage(
GenSessionId(),
(_digitalSignature is null) ? AuthenticationType.None : AuthenticationType.Signature,
new[] { KeyExchangeAlgorithmType.EcDh_P521_Sha2_256 },
new[] { KeyDerivationAlgorithmType.Pbkdf2 },
new[] { CryptoAlgorithmType.Aes_Gcm_256 },
new[] { HashAlgorithmType.Sha2_256 });
var otherProfileMessage = await this.ExchangeProfileMessageAsync(myProfileMessage, cancellationToken);
ParseAlgorithmTypes(myProfileMessage, otherProfileMessage, out var keyExchangeAlgorithmType, out var keyDerivationAlgorithmType, out var cryptoAlgorithmType, out var hashAlgorithmType);
OmniSignature?signature;
byte[] secret;
if (keyExchangeAlgorithmType.HasFlag(KeyExchangeAlgorithmType.EcDh_P521_Sha2_256))
{
var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
var otherAgreementPublicKey = await this.ExchangeAgreementPublicKeyAsync(myAgreement.GetOmniAgreementPublicKey(), cancellationToken);
var myHash = this.ComputeHash(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithmType);
var otherHash = this.ComputeHash(otherProfileMessage, otherAgreementPublicKey, hashAlgorithmType);
var myAuthenticationMessage = AuthenticationMessage.Create(DateTime.UtcNow, myHash, _digitalSignature);
var otherAuthenticationMessage = await this.ExchangeAuthenticationMessageAsync(myAuthenticationMessage, cancellationToken);
if ((DateTime.UtcNow - otherAuthenticationMessage.CreationTime.ToDateTime()) > TimeSpan.FromMinutes(30))
{
throw new NotSupportedException();
}
if (!BytesOperations.Equals(otherAuthenticationMessage.Hash.Span, otherHash))
{
throw new NotSupportedException();
}
signature = otherAuthenticationMessage.Certificate?.GetOmniSignature();
secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreement.GetOmniAgreementPrivateKey());
}
else
{
throw new NotSupportedException();
}
byte[] encryptKey;
byte[] decryptKey;
byte[] encryptNonce;
byte[] decryptNonce;
if (keyDerivationAlgorithmType.HasFlag(KeyDerivationAlgorithmType.Pbkdf2))
{
byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);
int cryptoKeyLength = 0;
int nonceLength = 0;
if (cryptoAlgorithmType.HasFlag(CryptoAlgorithmType.Aes_Gcm_256))
{
cryptoKeyLength = 32;
nonceLength = 12;
}
encryptKey = new byte[cryptoKeyLength];
decryptKey = new byte[cryptoKeyLength];
encryptNonce = new byte[nonceLength];
decryptNonce = new byte[nonceLength];
var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];
if (hashAlgorithmType.HasFlag(HashAlgorithmType.Sha2_256))
{
Pbkdf2_Sha2_256.TryComputeHash(secret.AsSpan(), xorSessionId, 1024, kdfResult);
}
using (var stream = new MemoryStream(kdfResult))
{
if (_type == OmniSecureConnectionType.Connected)
{
stream.Read(encryptKey, 0, encryptKey.Length);
stream.Read(decryptKey, 0, decryptKey.Length);
stream.Read(encryptNonce, 0, encryptNonce.Length);
stream.Read(decryptNonce, 0, decryptNonce.Length);
}
else if (_type == OmniSecureConnectionType.Accepted)
{
stream.Read(decryptKey, 0, decryptKey.Length);
stream.Read(encryptKey, 0, encryptKey.Length);
stream.Read(decryptNonce, 0, decryptNonce.Length);
stream.Read(encryptNonce, 0, encryptNonce.Length);
}
}
return(new AuthenticatedResult()
{
Signature = signature,
CryptoAlgorithmType = cryptoAlgorithmType,
EncryptKey = encryptKey,
DecryptKey = decryptKey,
EncryptNonce = encryptNonce,
DecryptNonce = decryptNonce,
});
}
else
{
throw new NotSupportedException(nameof(keyDerivationAlgorithmType));
}
}
private async ValueTask <AuthenticationMessage> ExchangeAuthenticationMessageAsync(AuthenticationMessage myAuthenticationMessage, CancellationToken cancellationToken = default)
{
var enqueueTask = _connection.Sender.SendAsync(myAuthenticationMessage, cancellationToken).AsTask();
var dequeueTask = _connection.Receiver.ReceiveAsync <AuthenticationMessage>(cancellationToken).AsTask();
await Task.WhenAll(enqueueTask, dequeueTask);
var otherAuthenticationMessage = dequeueTask.Result;
if (otherAuthenticationMessage is null)
{
throw new NullReferenceException();
}
return(otherAuthenticationMessage);
}
private void OnServerMessage(NamedPipeConnection <BaseMessage, BaseMessage> connection, BaseMessage message)
{
// This is so gross, but unfortuantely we can't just switch on a type.
// We can come up with a nice mapping system so we can do a switch,
// but this can wait.
if (Default.m_ipcQueue.HandleMessage(message))
{
return;
}
if (m_ipcQueue.HandleMessage(message))
{
return;
}
m_logger.Debug("Got IPC message from server.");
var msgRealType = message.GetType();
if (msgRealType == typeof(AuthenticationMessage))
{
AuthMessage = (AuthenticationMessage)message;
m_logger.Debug("Server message is {0}", nameof(AuthenticationMessage));
var cast = (AuthenticationMessage)message;
if (cast != null)
{
AuthenticationResultReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.DeactivationMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.DeactivationMessage));
var cast = (Messages.DeactivationMessage)message;
if (cast != null)
{
DeactivationResultReceived?.Invoke(cast.Command);
}
}
else if (msgRealType == typeof(Messages.FilterStatusMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.FilterStatusMessage));
var cast = (Messages.FilterStatusMessage)message;
if (cast != null)
{
StateChanged?.Invoke(new StateChangeEventArgs(cast));
}
}
else if (msgRealType == typeof(Messages.NotifyBlockActionMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.NotifyBlockActionMessage));
var cast = (Messages.NotifyBlockActionMessage)message;
if (cast != null)
{
BlockActionReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.RelaxedPolicyMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.RelaxedPolicyMessage));
var cast = (Messages.RelaxedPolicyMessage)message;
if (cast != null)
{
switch (cast.Command)
{
case RelaxedPolicyCommand.Info:
{
RelaxedPolicyInfoReceived?.Invoke(cast);
}
break;
case RelaxedPolicyCommand.Expired:
{
RelaxedPolicyExpired?.Invoke();
}
break;
}
}
}
else if (msgRealType == typeof(Messages.ClientToClientMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.ClientToClientMessage));
var cast = (Messages.ClientToClientMessage)message;
if (cast != null)
{
ClientToClientCommandReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.ServerUpdateQueryMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.ServerUpdateQueryMessage));
var cast = (Messages.ServerUpdateQueryMessage)message;
if (cast != null)
{
ServerAppUpdateRequestReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.ServerUpdateNotificationMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.ServerUpdateNotificationMessage));
var cast = (Messages.ServerUpdateNotificationMessage)message;
if (cast != null)
{
ServerUpdateStarting?.Invoke();
}
}
else if (msgRealType == typeof(Messages.CaptivePortalDetectionMessage))
{
m_logger.Debug("Server message is {0}", nameof(Messages.CaptivePortalDetectionMessage));
var cast = (Messages.CaptivePortalDetectionMessage)message;
if (cast != null)
{
CaptivePortalDetectionReceived?.Invoke(cast);
}
}
else
{
// Unknown type.
}
}
public async ValueTask Handshake(CancellationToken cancellationToken = default)
{
ProfileMessage myProfileMessage;
ProfileMessage?otherProfileMessage = null;
{
{
var sessionId = new byte[32];
using (var randomNumberGenerator = RandomNumberGenerator.Create())
{
randomNumberGenerator.GetBytes(sessionId);
}
myProfileMessage = new ProfileMessage(
sessionId,
(_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password,
new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 },
new[] { KeyDerivationAlgorithm.Pbkdf2 },
new[] { CryptoAlgorithm.Aes_Gcm_256 },
new[] { HashAlgorithm.Sha2_256 });
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherProfileMessage is null)
{
throw new NullReferenceException();
}
if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType)
{
throw new OmniSecureConnectionException("AuthenticationType does not match.");
}
}
var keyExchangeAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms);
var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms);
var cryptoAlgorithm = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms);
var hashAlgorithm = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms);
if (!EnumHelper.IsValid(keyExchangeAlgorithm))
{
throw new OmniSecureConnectionException("key exchange algorithm does not match.");
}
if (!EnumHelper.IsValid(keyDerivationAlgorithm))
{
throw new OmniSecureConnectionException("key derivation algorithm does not match.");
}
if (!EnumHelper.IsValid(cryptoAlgorithm))
{
throw new OmniSecureConnectionException("Crypto algorithm does not match.");
}
if (!EnumHelper.IsValid(hashAlgorithm))
{
throw new OmniSecureConnectionException("Hash algorithm does not match.");
}
ReadOnlyMemory <byte> secret = null;
if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256))
{
var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
OmniAgreementPrivateKey myAgreementPrivateKey;
OmniAgreementPublicKey? otherAgreementPublicKey = null;
{
{
myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey();
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAgreementPublicKey is null)
{
throw new NullReferenceException();
}
if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30)
{
throw new OmniSecureConnectionException("Agreement public key has Expired.");
}
}
if (_passwords.Count > 0)
{
AuthenticationMessage myAuthenticationMessage;
AuthenticationMessage?otherAuthenticationMessage = null;
{
{
var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList();
_random.Shuffle(myHashAndPasswordList);
myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray());
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAuthenticationMessage is null)
{
throw new NullReferenceException();
}
var matchedPasswords = new List <string>();
{
var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span));
var receiveHashes = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer);
foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm))
{
if (receiveHashes.Contains(hash))
{
matchedPasswords.Add(password);
}
}
}
if (matchedPasswords.Count == 0)
{
throw new OmniSecureConnectionException("Password does not match.");
}
_matchedPasswords = matchedPasswords.ToArray();
}
}
}
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey);
}
}
byte[] myCryptoKey;
byte[] otherCryptoKey;
byte[] myNonce;
byte[] otherNonce;
if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2))
{
byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);
int cryptoKeyLength = 0;
int nonceLength = 0;
if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256))
{
cryptoKeyLength = 32;
nonceLength = 12;
}
myCryptoKey = new byte[cryptoKeyLength];
otherCryptoKey = new byte[cryptoKeyLength];
myNonce = new byte[nonceLength];
otherNonce = new byte[nonceLength];
var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult);
}
using (var stream = new MemoryStream(kdfResult))
{
if (_type == OmniSecureConnectionType.Connected)
{
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myNonce, 0, myNonce.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
}
else if (_type == OmniSecureConnectionType.Accepted)
{
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
stream.Read(myNonce, 0, myNonce.Length);
}
}
}
else
{
throw new NotSupportedException(nameof(keyDerivationAlgorithm));
}
_state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce);
}
protected void OnServerMessage(BaseMessage message)
{
// This is so gross, but unfortuantely we can't just switch on a type.
// We can come up with a nice mapping system so we can do a switch,
// but this can wait.
if (Default.ipcQueue.HandleMessage(message))
{
return;
}
if (ipcQueue.HandleMessage(message))
{
return;
}
logger.Debug("Got IPC message from server.");
var msgRealType = message.GetType();
Action <BaseMessage> callback = null;
if (m_callbacks.TryGetValue(msgRealType, out callback))
{
logger.Debug("Server message is {0}", msgRealType.Name);
callback?.Invoke(message);
}
else if (msgRealType == typeof(AuthenticationMessage))
{
AuthMessage = (AuthenticationMessage)message;
logger.Debug("Server message is {0}", nameof(AuthenticationMessage));
var cast = (AuthenticationMessage)message;
if (cast != null)
{
AuthenticationResultReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.DeactivationMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.DeactivationMessage));
var cast = (Messages.DeactivationMessage)message;
if (cast != null)
{
DeactivationResultReceived?.Invoke(cast.Command);
}
}
else if (msgRealType == typeof(Messages.FilterStatusMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.FilterStatusMessage));
var cast = (Messages.FilterStatusMessage)message;
if (cast != null)
{
StateChanged?.Invoke(new StateChangeEventArgs(cast));
}
}
else if (msgRealType == typeof(Messages.NotifyBlockActionMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.NotifyBlockActionMessage));
var cast = (Messages.NotifyBlockActionMessage)message;
if (cast != null)
{
BlockActionReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.RelaxedPolicyMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.RelaxedPolicyMessage));
var cast = (Messages.RelaxedPolicyMessage)message;
if (cast != null)
{
switch (cast.Command)
{
case RelaxedPolicyCommand.Info:
{
RelaxedPolicyInfoReceived?.Invoke(cast);
}
break;
case RelaxedPolicyCommand.Expired:
{
RelaxedPolicyExpired?.Invoke();
}
break;
}
}
}
else if (msgRealType == typeof(Messages.ClientToClientMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.ClientToClientMessage));
var cast = (Messages.ClientToClientMessage)message;
if (cast != null)
{
ClientToClientCommandReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.ServerUpdateQueryMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.ServerUpdateQueryMessage));
var cast = (Messages.ServerUpdateQueryMessage)message;
if (cast != null)
{
ServerAppUpdateRequestReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.CaptivePortalDetectionMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.CaptivePortalDetectionMessage));
var cast = (Messages.CaptivePortalDetectionMessage)message;
if (cast != null)
{
CaptivePortalDetectionReceived?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.CertificateExemptionMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.CertificateExemptionMessage));
var cast = (Messages.CertificateExemptionMessage)message;
if (cast != null)
{
AddCertificateExemptionRequest?.Invoke(cast);
}
}
else if (msgRealType == typeof(Messages.DiagnosticsInfoMessage))
{
logger.Debug("Server message is {0}", nameof(Messages.DiagnosticsInfoMessage));
var cast = (Messages.DiagnosticsInfoMessage)message;
if (cast != null)
{
OnDiagnosticsInfo?.Invoke(cast);
}
}
else
{
// Unknown type.
logger.Info("Unknown type is {0}", msgRealType.Name);
}
}
