public static Func <Arguments <T>, int, int, Arguments <T> > Create <T>(Expression <Func <int, int, int, bool> > checkExpr, string errorMessage) where T : class
{
return(VerifierFactory.Create <T, object, int, int>(
TypeUtil.HasLengthProperty,
CreateCheckExprFunc(checkExpr),
(n, _, p1, p2) => new ArgumentException(string.Format(errorMessage, p1, p2), n)));
}
private (ArraySegment <byte> initializationNonce, ArraySegment <byte> remoteEcdhForInit) ReceiveInitializationRequest(State state, byte[] data)
{
if (!(state is ServerState serverState))
{
throw new InvalidOperationException("Only the server can receive an init request.");
}
// nonce(16), pubkey(32), ecdh(32), pading(...), signature(64), mac(12)
var messageSize = data.Length;
var macOffset = messageSize - MacSize;
var initializationNonce = new ArraySegment <byte>(data, 0, InitializationNonceSize);
CheckNonce(initializationNonce);
// decrypt the message
var cipher = new AesCtrMode(AesFactory.GetAes(true, Configuration.ApplicationKey), initializationNonce);
var decryptedPayload = cipher.Process(data, InitializationNonceSize, macOffset - InitializationNonceSize);
Array.Copy(decryptedPayload, 0, data, InitializationNonceSize, decryptedPayload.Length);
var clientPublicKeyOffset = InitializationNonceSize;
var remoteEcdhOffset = InitializationNonceSize + EcNumSize;
var clientPublicKey = new ArraySegment <byte>(data, clientPublicKeyOffset, EcNumSize);
var remoteEcdhForInit = new ArraySegment <byte>(data, remoteEcdhOffset, EcNumSize);
var signedMessage = new ArraySegment <byte>(data, 0, macOffset);
if (serverState.ClientPublicKey != null)
{
if (!serverState.ClientPublicKey.Matches(clientPublicKey))
{
throw new InvalidOperationException("The server was initialized before with a different public key");
}
else if (serverState.ClientInitializationNonce != null && initializationNonce.Matches(serverState.ClientInitializationNonce))
{
throw new InvalidOperationException("The server was initialized before with the same nonce");
}
else
{
// the client wants to reinitialize. Reset state.
serverState.RootKey = null;
serverState.FirstSendHeaderKey = null;
serverState.FirstReceiveHeaderKey = null;
serverState.LocalEcdhRatchetStep0 = null;
serverState.LocalEcdhRatchetStep1 = null;
serverState.Ratchets.Clear();
}
}
serverState.ClientInitializationNonce = initializationNonce.ToArray();
IVerifier verifier = VerifierFactory.Create(clientPublicKey);
if (!verifier.VerifySignedMessage(Digest, signedMessage))
{
throw new InvalidOperationException("The signature was invalid");
}
serverState.ClientPublicKey = clientPublicKey.ToArray();
return(initializationNonce, remoteEcdhForInit);
}
public void UpdateButtonEnablement(List <LicenseDataGridViewRow> lRows)
{
//All buttons disabled?
if (lRows.Count < 1 || ReadOnlyView)
{
DisableAllButtons();
View.DrawViewAsReadOnly(ReadOnlyView);
return;
}
View.DrawViewAsReadOnly(ReadOnlyView);
LicenseSelectionVerifier verifier;
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.NotLive, lRows);
if (verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error)
{
DisableAllButtons();
SetRowInformation(lRows, verifier.VerificationDetails());
return;
}
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.HaOn, lRows);
if (verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error)
{
DisableAllButtons();
SetRowInformation(lRows, verifier.VerificationDetails());
return;
}
//Assign Button
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.OldServer, lRows);
View.DrawAssignButtonAsDisabled(verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error);
//Release Button
View.DrawReleaseButtonAsDisabled(!lRows.Any(r => r.IsUsingLicenseServer || r.CurrentLicenseState == LicenseStatus.HostState.PartiallyLicensed));
List <Host> representedHosts = new List <Host>();
lRows.ForEach(r => representedHosts.AddRange(r.RepresentedHosts));
ActivationRequest.Hosts = representedHosts;
//Apply Button
if (ActivationRequest.HostsThatCanBeActivated.Count > 1)
{
View.DrawApplyButtonAsDisabled(true, Messages.LICENSE_TOO_MANY_SERVERS_SELECTED_CAPTION);
}
else
{
View.DrawApplyButtonAsDisabled(!ActivationRequest.AllHostsCanBeActivated, null);
}
//Request Button
View.DrawRequestButtonAsDisabled(!ActivationRequest.AllHostsCanBeActivated);
//Activate Button
View.DrawActivateButtonAsDisabled(!ActivationRequest.AllHostsCanBeActivated);
View.DrawActivateButtonAsHidden(representedHosts.Any(Helpers.ClearwaterOrGreater));
}
public static Func <Arguments <T>, decimal, decimal, Arguments <T> > Create <T>(Expression <Func <decimal, decimal, decimal, bool> > checkExpr, string errorMessage) where T : class
{
return(VerifierFactory.Create <T, decimal, decimal, decimal>(
TypeUtil.IsNumeric,
checkExpr,
(n, x, p1, p2) =>
#if NETFW
new ArgumentOutOfRangeException(n, x, string.Format(errorMessage, p1, p2))
#else
new ArgumentOutOfRangeException(n, string.Format(errorMessage, p1, p2))
#endif
));
}
public static Func <Arguments <T>, Arguments <T> > Create <T>(Func <Expr, Expr, BinaryExpression> compareWithZeroExprFunc, string errorMessage) where T : class
{
return(VerifierFactory.Create <T, decimal>(
TypeUtil.IsNumeric,
(valueVar, _) => compareWithZeroExprFunc(valueVar, Expr.Constant(Convert.ChangeType(0, valueVar.Type, null))),
(n, x) =>
#if NETFW
new ArgumentOutOfRangeException(n, x, errorMessage)
#else
new ArgumentOutOfRangeException(n, errorMessage)
#endif
));
}
public void UpdateButtonEnablement(List <LicenseDataGridViewRow> lRows)
{
//All buttons disabled?
if (lRows.Count < 1 || ReadOnlyView)
{
DisableAllButtons();
View.DrawViewAsReadOnly(ReadOnlyView);
return;
}
View.DrawViewAsReadOnly(ReadOnlyView);
LicenseSelectionVerifier verifier;
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.NotLive, lRows);
if (verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error)
{
DisableAllButtons();
SetRowInformation(lRows, verifier.VerificationDetails());
return;
}
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.HaOn, lRows);
if (verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error)
{
DisableAllButtons();
SetRowInformation(lRows, verifier.VerificationDetails());
return;
}
//Assign Button
verifier = VerifierFactory.Verifier(SelectionVerifierFactory.Option.OldServer, lRows);
View.DrawAssignButtonAsDisabled(verifier.Status == LicenseSelectionVerifier.VerificationStatus.Error);
//Release Button
View.DrawReleaseButtonAsDisabled(!lRows.Any(r => r.IsUsingLicenseServer || r.CurrentLicenseState == LicenseStatus.HostState.PartiallyLicensed));
}
private void ReceiveInitializationResponse(State state, byte[] data)
{
if (!(state is ClientState clientState))
{
throw new InvalidOperationException("Only the client can receive an init response.");
}
var messageSize = data.Length;
var macOffset = messageSize - MacSize;
var headerIvOffset = macOffset - HeaderIVSize;
var headerSize = InitializationNonceSize + EcNumSize;
var payloadSize = messageSize - headerSize - MacSize;
// decrypt header
var cipher = new AesCtrMode(AesFactory.GetAes(true, Configuration.ApplicationKey), data, headerIvOffset, HeaderIVSize);
var decryptedHeader = cipher.Process(data, 0, headerSize);
Array.Copy(decryptedHeader, 0, data, 0, headerSize);
// new nonce(16), ecdh pubkey(32), <nonce(16), server pubkey(32),
// new ecdh pubkey(32) x2, signature(64)>, mac(12)
var nonce = new ArraySegment <byte>(data, 0, InitializationNonceSize);
var rootEcdhKey = new ArraySegment <byte>(data, InitializationNonceSize, EcNumSize);
var encryptedPayload = new ArraySegment <byte>(data, headerSize, payloadSize);
CheckNonce(nonce);
// decrypt payload
IKeyAgreement rootEcdh = clientState.LocalEcdhForInit;
var rootPreKey = rootEcdh.DeriveKey(rootEcdhKey);
rootPreKey = Digest.ComputeDigest(rootPreKey);
cipher = new AesCtrMode(AesFactory.GetAes(true, rootPreKey), nonce);
var decryptedPayload = cipher.Process(encryptedPayload);
Array.Copy(decryptedPayload, 0, data, headerSize, payloadSize);
// extract some goodies
var oldNonce = new ArraySegment <byte>(data, headerSize, InitializationNonceSize);
var serverPubKey = new ArraySegment <byte>(data, headerSize + InitializationNonceSize, EcNumSize);
var remoteRatchetEcdh0 = new ArraySegment <byte>(data, headerSize + InitializationNonceSize + EcNumSize, EcNumSize);
var remoteRatchetEcdh1 = new ArraySegment <byte>(data, headerSize + InitializationNonceSize + EcNumSize * 2, EcNumSize);
// make sure the nonce sent back by the server (which is encrypted and signed)
// matches the nonce we sent previously
if (!oldNonce.Matches(clientState.InitializationNonce))
{
throw new InvalidOperationException("Nonce did not match");
}
// verify that the signature matches
IVerifier verifier = VerifierFactory.Create(serverPubKey);
if (!verifier.VerifySignedMessage(Digest, new ArraySegment <byte>(data, 0, payloadSize + headerSize)))
{
throw new InvalidOperationException("The signature was invalid");
}
// keep the server public key around
clientState.ServerPublicKey = serverPubKey.ToArray();
// store the new nonce we got from the server
clientState.InitializationNonce = nonce.ToArray();
Log.Verbose($"storing iniitlizaionta nonce: {Log.ShowBytes(nonce)}");
// we now have enough information to construct our double ratchet
IKeyAgreement localStep0EcdhRatchet = KeyAgreementFactory.GenerateNew();
IKeyAgreement localStep1EcdhRatchet = KeyAgreementFactory.GenerateNew();
// initialize client root key and ecdh ratchet
var genKeys = KeyDerivation.GenerateKeys(rootPreKey, clientState.InitializationNonce, 3, 32);
var rootKey = genKeys[0];
var receiveHeaderKey = genKeys[1];
var sendHeaderKey = genKeys[2];
clientState.Ratchets.Add(EcdhRatchetStep.InitializeClient(KeyDerivation, Digest, rootKey,
remoteRatchetEcdh0, remoteRatchetEcdh1, localStep0EcdhRatchet,
receiveHeaderKey, sendHeaderKey,
localStep1EcdhRatchet));
clientState.LocalEcdhForInit = null;
}
