public async ValueTask <AuthenticatedResult> AuthenticateAsync(CancellationToken cancellationToken = default)
{
var myProfileMessage = new ProfileMessage(
GenSessionId(),
(_digitalSignature is null) ? AuthenticationType.None : AuthenticationType.Signature,
new[] { KeyExchangeAlgorithmType.EcDh_P521_Sha2_256 },
new[] { KeyDerivationAlgorithmType.Pbkdf2 },
new[] { CryptoAlgorithmType.Aes_Gcm_256 },
new[] { HashAlgorithmType.Sha2_256 });
var otherProfileMessage = await this.ExchangeProfileMessageAsync(myProfileMessage, cancellationToken);
ParseAlgorithmTypes(myProfileMessage, otherProfileMessage, out var keyExchangeAlgorithmType, out var keyDerivationAlgorithmType, out var cryptoAlgorithmType, out var hashAlgorithmType);
OmniSignature?signature;
byte[] secret;
if (keyExchangeAlgorithmType.HasFlag(KeyExchangeAlgorithmType.EcDh_P521_Sha2_256))
{
var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
var otherAgreementPublicKey = await this.ExchangeAgreementPublicKeyAsync(myAgreement.GetOmniAgreementPublicKey(), cancellationToken);
var myHash = this.ComputeHash(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithmType);
var otherHash = this.ComputeHash(otherProfileMessage, otherAgreementPublicKey, hashAlgorithmType);
var myAuthenticationMessage = AuthenticationMessage.Create(DateTime.UtcNow, myHash, _digitalSignature);
var otherAuthenticationMessage = await this.ExchangeAuthenticationMessageAsync(myAuthenticationMessage, cancellationToken);
if ((DateTime.UtcNow - otherAuthenticationMessage.CreationTime.ToDateTime()) > TimeSpan.FromMinutes(30))
{
throw new NotSupportedException();
}
if (!BytesOperations.Equals(otherAuthenticationMessage.Hash.Span, otherHash))
{
throw new NotSupportedException();
}
signature = otherAuthenticationMessage.Certificate?.GetOmniSignature();
secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreement.GetOmniAgreementPrivateKey());
}
else
{
throw new NotSupportedException();
}
byte[] encryptKey;
byte[] decryptKey;
byte[] encryptNonce;
byte[] decryptNonce;
if (keyDerivationAlgorithmType.HasFlag(KeyDerivationAlgorithmType.Pbkdf2))
{
byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);
int cryptoKeyLength = 0;
int nonceLength = 0;
if (cryptoAlgorithmType.HasFlag(CryptoAlgorithmType.Aes_Gcm_256))
{
cryptoKeyLength = 32;
nonceLength = 12;
}
encryptKey = new byte[cryptoKeyLength];
decryptKey = new byte[cryptoKeyLength];
encryptNonce = new byte[nonceLength];
decryptNonce = new byte[nonceLength];
var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];
if (hashAlgorithmType.HasFlag(HashAlgorithmType.Sha2_256))
{
Pbkdf2_Sha2_256.TryComputeHash(secret.AsSpan(), xorSessionId, 1024, kdfResult);
}
using (var stream = new MemoryStream(kdfResult))
{
if (_type == OmniSecureConnectionType.Connected)
{
stream.Read(encryptKey, 0, encryptKey.Length);
stream.Read(decryptKey, 0, decryptKey.Length);
stream.Read(encryptNonce, 0, encryptNonce.Length);
stream.Read(decryptNonce, 0, decryptNonce.Length);
}
else if (_type == OmniSecureConnectionType.Accepted)
{
stream.Read(decryptKey, 0, decryptKey.Length);
stream.Read(encryptKey, 0, encryptKey.Length);
stream.Read(decryptNonce, 0, decryptNonce.Length);
stream.Read(encryptNonce, 0, encryptNonce.Length);
}
}
return(new AuthenticatedResult()
{
Signature = signature,
CryptoAlgorithmType = cryptoAlgorithmType,
EncryptKey = encryptKey,
DecryptKey = decryptKey,
EncryptNonce = encryptNonce,
DecryptNonce = decryptNonce,
});
}
else
{
throw new NotSupportedException(nameof(keyDerivationAlgorithmType));
}
}
public async ValueTask Handshake(CancellationToken cancellationToken = default)
{
ProfileMessage myProfileMessage;
ProfileMessage?otherProfileMessage = null;
{
{
var sessionId = new byte[32];
using (var randomNumberGenerator = RandomNumberGenerator.Create())
{
randomNumberGenerator.GetBytes(sessionId);
}
myProfileMessage = new ProfileMessage(
sessionId,
(_passwords.Count == 0) ? AuthenticationType.None : AuthenticationType.Password,
new[] { KeyExchangeAlgorithm.EcDh_P521_Sha2_256 },
new[] { KeyDerivationAlgorithm.Pbkdf2 },
new[] { CryptoAlgorithm.Aes_Gcm_256 },
new[] { HashAlgorithm.Sha2_256 });
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myProfileMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherProfileMessage = ProfileMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherProfileMessage is null)
{
throw new NullReferenceException();
}
if (myProfileMessage.AuthenticationType != otherProfileMessage.AuthenticationType)
{
throw new OmniSecureConnectionException("AuthenticationType does not match.");
}
}
var keyExchangeAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyExchangeAlgorithms, otherProfileMessage.KeyExchangeAlgorithms);
var keyDerivationAlgorithm = GetOverlapMaxEnum(myProfileMessage.KeyDerivationAlgorithms, otherProfileMessage.KeyDerivationAlgorithms);
var cryptoAlgorithm = GetOverlapMaxEnum(myProfileMessage.CryptoAlgorithms, otherProfileMessage.CryptoAlgorithms);
var hashAlgorithm = GetOverlapMaxEnum(myProfileMessage.HashAlgorithms, otherProfileMessage.HashAlgorithms);
if (!EnumHelper.IsValid(keyExchangeAlgorithm))
{
throw new OmniSecureConnectionException("key exchange algorithm does not match.");
}
if (!EnumHelper.IsValid(keyDerivationAlgorithm))
{
throw new OmniSecureConnectionException("key derivation algorithm does not match.");
}
if (!EnumHelper.IsValid(cryptoAlgorithm))
{
throw new OmniSecureConnectionException("Crypto algorithm does not match.");
}
if (!EnumHelper.IsValid(hashAlgorithm))
{
throw new OmniSecureConnectionException("Hash algorithm does not match.");
}
ReadOnlyMemory <byte> secret = null;
if (keyExchangeAlgorithm.HasFlag(KeyExchangeAlgorithm.EcDh_P521_Sha2_256))
{
var myAgreement = OmniAgreement.Create(OmniAgreementAlgorithmType.EcDh_P521_Sha2_256);
OmniAgreementPrivateKey myAgreementPrivateKey;
OmniAgreementPublicKey? otherAgreementPublicKey = null;
{
{
myAgreementPrivateKey = myAgreement.GetOmniAgreementPrivateKey();
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAgreement.GetOmniAgreementPublicKey().Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAgreementPublicKey = OmniAgreementPublicKey.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAgreementPublicKey is null)
{
throw new NullReferenceException();
}
if ((DateTime.UtcNow - otherAgreementPublicKey.CreationTime.ToDateTime()).TotalMinutes > 30)
{
throw new OmniSecureConnectionException("Agreement public key has Expired.");
}
}
if (_passwords.Count > 0)
{
AuthenticationMessage myAuthenticationMessage;
AuthenticationMessage?otherAuthenticationMessage = null;
{
{
var myHashAndPasswordList = this.GetHashes(myProfileMessage, myAgreement.GetOmniAgreementPublicKey(), hashAlgorithm).ToList();
_random.Shuffle(myHashAndPasswordList);
myAuthenticationMessage = new AuthenticationMessage(myHashAndPasswordList.Select(n => n.Item1).ToArray());
}
var enqueueTask = _connection.EnqueueAsync((bufferWriter) => myAuthenticationMessage.Export(bufferWriter, _bytesPool), cancellationToken);
var dequeueTask = _connection.DequeueAsync((sequence) => otherAuthenticationMessage = AuthenticationMessage.Import(sequence, _bytesPool), cancellationToken);
await ValueTaskHelper.WhenAll(enqueueTask, dequeueTask);
if (otherAuthenticationMessage is null)
{
throw new NullReferenceException();
}
var matchedPasswords = new List <string>();
{
var equalityComparer = new CustomEqualityComparer <ReadOnlyMemory <byte> >((x, y) => BytesOperations.Equals(x.Span, y.Span), (x) => Fnv1_32.ComputeHash(x.Span));
var receiveHashes = new HashSet <ReadOnlyMemory <byte> >(otherAuthenticationMessage.Hashes, equalityComparer);
foreach (var(hash, password) in this.GetHashes(otherProfileMessage, otherAgreementPublicKey, hashAlgorithm))
{
if (receiveHashes.Contains(hash))
{
matchedPasswords.Add(password);
}
}
}
if (matchedPasswords.Count == 0)
{
throw new OmniSecureConnectionException("Password does not match.");
}
_matchedPasswords = matchedPasswords.ToArray();
}
}
}
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
secret = OmniAgreement.GetSecret(otherAgreementPublicKey, myAgreementPrivateKey);
}
}
byte[] myCryptoKey;
byte[] otherCryptoKey;
byte[] myNonce;
byte[] otherNonce;
if (keyDerivationAlgorithm.HasFlag(KeyDerivationAlgorithm.Pbkdf2))
{
byte[] xorSessionId = new byte[Math.Max(myProfileMessage.SessionId.Length, otherProfileMessage.SessionId.Length)];
BytesOperations.Xor(myProfileMessage.SessionId.Span, otherProfileMessage.SessionId.Span, xorSessionId);
int cryptoKeyLength = 0;
int nonceLength = 0;
if (cryptoAlgorithm.HasFlag(CryptoAlgorithm.Aes_Gcm_256))
{
cryptoKeyLength = 32;
nonceLength = 12;
}
myCryptoKey = new byte[cryptoKeyLength];
otherCryptoKey = new byte[cryptoKeyLength];
myNonce = new byte[nonceLength];
otherNonce = new byte[nonceLength];
var kdfResult = new byte[(cryptoKeyLength + nonceLength) * 2];
if (hashAlgorithm.HasFlag(HashAlgorithm.Sha2_256))
{
Pbkdf2_Sha2_256.TryComputeHash(secret.Span, xorSessionId, 1024, kdfResult);
}
using (var stream = new MemoryStream(kdfResult))
{
if (_type == OmniSecureConnectionType.Connected)
{
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myNonce, 0, myNonce.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
}
else if (_type == OmniSecureConnectionType.Accepted)
{
stream.Read(otherCryptoKey, 0, otherCryptoKey.Length);
stream.Read(myCryptoKey, 0, myCryptoKey.Length);
stream.Read(otherNonce, 0, otherNonce.Length);
stream.Read(myNonce, 0, myNonce.Length);
}
}
}
else
{
throw new NotSupportedException(nameof(keyDerivationAlgorithm));
}
_state = new State(cryptoAlgorithm, hashAlgorithm, myCryptoKey, otherCryptoKey, myNonce, otherNonce);
}
