internal void EncryptAndSign(byte[] inputNullable, int id, EncryptedFieldIds fieldId, out byte[] encrypted, out byte[] hmac)
{
if (inputNullable == null)
{
encrypted = null;
hmac = null;
return;
}
if (inputNullable.Length > 65535)
{
throw new ArgumentException(nameof(inputNullable));
}
GetIVandKeys(id, fieldId, out var iv, out var aesKey, out var hmacKey);
// encode length of input and add padding, to make it good for AES
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write((ushort)inputNullable.Length);
w.Write(inputNullable);
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(_cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
var inputWithPadding = ms.ToArray();
encrypted = new byte[inputWithPadding.Length];
_cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, inputWithPadding, encrypted);
hmac = _cryptoLibrary.GetSha256HMAC(hmacKey, encrypted);
}
/// <param name="ack1SdIsReady">
/// =true for SD in ACK2
/// =false for SD in ACK1 (since the SessionDescription is not initialized yet)
/// </param>
internal byte[] Encrypt(ICryptoLibrary cryptoLibrary, InviteRequestPacket req, InviteAck1Packet ack1, InviteSession session,
bool ack1SdIsReady
)
{
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write(Flags);
UserCertificate.Encode(w, false);
BinaryProcedures.EncodeIPEndPoint(w, DirectChannelEndPoint);
NatBehaviour.Encode(w);
DirectChannelToken32.Encode(w);
w.Write((byte)SessionType);
UserCertificateSignature.Encode(w);
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
var plainTextSdData = ms.ToArray();
var encryptedSdData = new byte[plainTextSdData.Length];
#region key, iv
BinaryProcedures.CreateBinaryWriter(out var ms2, out var w2);
req.GetSharedSignedFields(w2);
ack1.GetSharedSignedFields(w2, ack1SdIsReady);
var iv = cryptoLibrary.GetHashSHA256(ms2.ToArray()).Take(16).ToArray();
ms2.Write(session.SharedInviteAckDhSecret, 0, session.SharedInviteAckDhSecret.Length);
var aesKey = cryptoLibrary.GetHashSHA256(ms2.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, plainTextSdData, encryptedSdData);
return(encryptedSdData);
}
public static Ike1Invitation CreateNew(ICryptoLibrary cryptoLibrary, RegistrationId registrationId)
{
return(new Ike1Invitation
{
ContactInvitationToken = cryptoLibrary.GetRandomBytes(InviteRequestPacket.ContactInvitationTokenSize),
InvitationInitiatorRegistrationId = registrationId
});
}
internal static byte[] EncodePlainTextMessageWithPadding_plainTextUtf8_256(ICryptoLibrary cryptoLibrary, string messageText)
{
var messageTextData = Encoding.UTF8.GetBytes(messageText);
if (messageTextData.Length > 255)
{
throw new ArgumentException();
}
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write((byte)EncodedDataType.plainTextUtf8_256);
w.Write((byte)messageTextData.Length);
w.Write(messageTextData);
// add padding with random data
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
return(ms.ToArray());
}
internal static byte[] EncodeIke1DataWithPadding(ICryptoLibrary cryptoLibrary, Ike1Data ike1Data)
{
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
byte flags = 0;
w.Write(flags);
ike1Data.UserId.Encode(w);
w.Write((byte)ike1Data.RegistrationIds.Length);
foreach (var localRegistrationId in ike1Data.RegistrationIds)
{
localRegistrationId.Encode(w);
}
// add padding with random data
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
return(ms.ToArray());
}