public bool Verify()
{
using var bytesPipe = new BytesPipe();
var target = new AuthenticationMessage(this.CreationTime, this.Hash, null);
target.Export(bytesPipe.Writer, BytesPool.Shared);
return(this.Certificate?.Verify(bytesPipe.Reader.GetSequence()) ?? false);
}
public static AuthenticationMessage Create(DateTime creationTime, ReadOnlyMemory <byte> hash, OmniDigitalSignature?digitalSignature)
{
if (digitalSignature is null)
{
return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null));
}
using var bytesPipe = new BytesPipe();
var target = new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, null);
target.Export(bytesPipe.Writer, BytesPool.Shared);
var certificate = OmniDigitalSignature.CreateOmniCertificate(digitalSignature, bytesPipe.Reader.GetSequence());
return(new AuthenticationMessage(Timestamp.FromDateTime(creationTime), hash, certificate));
}
public async ValueTask Handshake(CancellationToken cancellationToken = default)
{
ProfileMessage myProfileMessage;
ProfileMessage?otherProfileMessage = null;
{
{
var sessionId = new byte[32];
using (var randomNumberGenerator = RandomNumberGenerator.Create())
{
randomNumberGenerator.GetBytes(sessionId);
}
myProfileMessage = new ProfileMessage(
sessionId,
(_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password,
new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 },
new[] { KeyDerivationAlgorithm.Pbkdf2 },
new[] { CryptoAlgorithm.Aes_Gcm_256 },
new[] { HashAlgorithm.Sha2_256 });
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherProfileMessage is null)
{
throw new NullReferenceException();
}
if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType)
{
throw new OmniSecureConnectionException("AuthenticationType does not match.");
}
}
var keyExchangeAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms);
var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms);
var cryptoAlgorithm = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms);
var hashAlgorithm = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms);
if (!EnumHelper.IsValid(keyExchangeAlgorithm))
{
throw new OmniSecureConnectionException("key exchange algorithm does not match.");
}
if (!EnumHelper.IsValid(keyDerivationAlgorithm))
{
throw new OmniSecureConnectionException("key derivation algorithm does not match.");
}
if (!EnumHelper.IsValid(cryptoAlgorithm))
{
throw new OmniSecureConnectionException("Crypto algorithm does not match.");
}
if (!EnumHelper.IsValid(hashAlgorithm))
{
throw new OmniSecureConnectionException("Hash algorithm does not match.");
}
ReadOnlyMemory <byte> secret = null;
if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256))
{
var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
OmniAgreementPrivateKey myAgreementPrivateKey;
OmniAgreementPublicKey? otherAgreementPublicKey = null;
{
{
myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey();
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAgreementPublicKey is null)
{
throw new NullReferenceException();
}
if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30)
{
throw new OmniSecureConnectionException("Agreement public key has Expired.");
}
}
if (_passwords.Count > 0)
{
AuthenticationMessage myAuthenticationMessage;
AuthenticationMessage?otherAuthenticationMessage = null;
{
{
var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList();
_random.Shuffle(myHashAndPasswordList);
myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray());
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAuthenticationMessage is null)
{
throw new NullReferenceException();
}
var matchedPasswords = new List <string>();
{
var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span));
var receiveHashes = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer);
foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm))
{
if (receiveHashes.Contains(hash))
{
matchedPasswords.Add(password);
}
}
}
if (matchedPasswords.Count == 0)
{
throw new OmniSecureConnectionException("Password does not match.");
}
_matchedPasswords = matchedPasswords.ToArray();
}
}
}
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey);
}
}
byte[] myCryptoKey;
byte[] otherCryptoKey;
byte[] myNonce;
byte[] otherNonce;
if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2))
{
byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);
int cryptoKeyLength = 0;
int nonceLength = 0;
if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256))
{
cryptoKeyLength = 32;
nonceLength = 12;
}
myCryptoKey = new byte[cryptoKeyLength];
otherCryptoKey = new byte[cryptoKeyLength];
myNonce = new byte[nonceLength];
otherNonce = new byte[nonceLength];
var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult);
}
using (var stream = new MemoryStream(kdfResult))
{
if (_type == OmniSecureConnectionType.Connected)
{
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myNonce, 0, myNonce.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
}
else if (_type == OmniSecureConnectionType.Accepted)
{
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
stream.Read(myNonce, 0, myNonce.Length);
}
}
}
else
{
throw new NotSupportedException(nameof(keyDerivationAlgorithm));
}
_state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce);
}