/// <summary>
/// Constructed to send one or more files to a remove server identified by serverKey. The transfer
/// is a blocking call and returns on success or raises an exception. If Abort() is called durring
/// the transfer, or if a ProgressChanged event handler raises the OperationCanceledException, the
/// transfer is silently terminated.
/// </summary>
/// <param name="privateKey">The private key for this client</param>
/// <param name="serverKey">The public key of the server</param>
/// <param name="sendMessage">A delegate to transfer data to the server and obtain a response</param>
public Client(RSAPrivateKey privateKey, RSAPublicKey serverKey, TransmitMessageAction sendMessage)
{
_privateKey = Check.NotNull(privateKey);
_publicKey = Check.NotNull(serverKey);
_sendMessage = Check.NotNull(sendMessage);
_abort = new ManualResetEvent(false);
LimitThreads = 10;
}
/// <summary>
/// Constructs/reconstructs the server-side receiver to process one or more messages. This class
/// maintains all state in the INameValueStore so it may be destroyed between requests, or there
/// may be multiple instances handling requests, provided that all instances have access to the
/// underlying storage provided by the INameValueStore instance.
/// </summary>
/// <param name="privateKey">The private key used for this server</param>
/// <param name="clientKey">The public key of the client to allow</param>
/// <param name="storage">The state storage used between requests</param>
public Server(RSAPrivateKey privateKey, RSAPublicKey clientKey, INameValueStore storage)
{
_privateKey = privateKey;
_clientKey = clientKey;
_storage = storage;
NonceSize = 32;
KeyBytes = 32;
MaxInboundFileChunk = ushort.MaxValue;
MaxOutboundFileChunk = 1000 * 1024;
}
public void VerifySignature(RSAPublicKey signingKey)
{
// Next version's data-length
int szBytes = ReadInt32();
if (Check.InRange(szBytes, 0, short.MaxValue) > 0)
{
IOStream.Read(_hash, szBytes);
}
Hash hash = _hash.FinalizeHash();
byte[] signature = LimitedSerializer.Bytes2048.ReadFrom(_payload);
Check.Assert <InvalidDataException>(signingKey.VerifyHash(signature, hash));
//_verified = true;
}
//private bool _verified; /* this is a debugging aid used to ensure all messages are signed or verified */
public Message(TransferState state, Guid transferId, RSAPublicKey key, Converter<Guid, Salt> sessionSecret)
{
_version = VersionHeader;
_state = state;
_transferId = transferId;
_salt = new Salt(Salt.Size.b256);
_protected = new MemoryStream();
_payload = new NonClosingStream(_protected);
_hash = new HashStream(new SHA256Managed());
WriteHeader(_hash);
Salt secret;
if (!UsesSessionKey)
{
// Outer encryption is straight PKI based on the remote public key
_payload = key.Encrypt(_payload);
_hash.ChangeStream(_payload);
// Preceed the message with a new, AES key
secret = new Salt(Salt.Size.b256);
_hash.Write(secret.ToArray(), 0, 32);
}
else
{
secret = sessionSecret(_transferId);
Check.IsEqual(32, Check.NotNull(secret).Length);
}
AESCryptoKey sessionKey = new AESCryptoKey(
// Prefix the key with the message's salt and compute a SHA256 hash to be used as the key
Hash.SHA256(_salt.GetData(secret.ToArray()).ToStream()).ToArray(),
// Compute an IV for this aes key and salt combination
IV(secret, _salt)
);
_payload = sessionKey.Encrypt(_payload);
_hash.ChangeStream(_payload);
}
//private bool _verified; /* this is a debugging aid used to ensure all messages are signed or verified */
public Message(TransferState state, Guid transferId, RSAPublicKey key, Converter <Guid, Salt> sessionSecret)
{
_version = VersionHeader;
_state = state;
_transferId = transferId;
_salt = new Salt(Salt.Size.b256);
_protected = new MemoryStream();
_payload = new NonClosingStream(_protected);
_hash = new HashStream(new SHA256Managed());
WriteHeader(_hash);
Salt secret;
if (!UsesSessionKey)
{
// Outer encryption is straight PKI based on the remote public key
_payload = key.Encrypt(_payload);
_hash.ChangeStream(_payload);
// Preceed the message with a new, AES key
secret = new Salt(Salt.Size.b256);
_hash.Write(secret.ToArray(), 0, 32);
}
else
{
secret = sessionSecret(_transferId);
Check.IsEqual(32, Check.NotNull(secret).Length);
}
AESCryptoKey sessionKey = new AESCryptoKey(
// Prefix the key with the message's salt and compute a SHA256 hash to be used as the key
Hash.SHA256(_salt.GetData(secret.ToArray()).ToStream()).ToArray(),
// Compute an IV for this aes key and salt combination
IV(secret, _salt)
);
_payload = sessionKey.Encrypt(_payload);
_hash.ChangeStream(_payload);
}
public void VerifySignature(RSAPublicKey signingKey)
{
// Next version's data-length
int szBytes = ReadInt32();
if(Check.InRange(szBytes, 0, short.MaxValue) > 0)
IOStream.Read(_hash, szBytes);
Hash hash = _hash.FinalizeHash();
byte[] signature = LimitedSerializer.Bytes2048.ReadFrom(_payload);
Check.Assert<InvalidDataException>(signingKey.VerifyHash(signature, hash));
//_verified = true;
}
public void TestPublicKeyDecrypt()
{
using (RSAPublicKey publicKey = new RSAPublicKey(TestCertPublicKey()))
{
byte[] data = publicKey.Encrypt(new byte[100]);
publicKey.Decrypt(data);
}
}
public void TestPKICertificate()
{
byte[] rawdata = new byte[8001];
new Random().NextBytes(rawdata);
byte[] cypher;
using (RSAPublicKey publicKey = new RSAPublicKey(TestCertPublicKey()))
cypher = publicKey.Encrypt(rawdata);
using (RSAPrivateKey privateKey = new RSAPrivateKey(TestCertPrivateKey()))
Assert.AreEqual(rawdata, privateKey.Decrypt(cypher));
}
/// <summary>
/// Constructs/reconstructs the server-side receiver to process one or more messages. This class
/// maintains all state in the INameValueStore so it may be destroyed between requests, or there
/// may be multiple instances handling requests, provided that all instances have access to the
/// underlying storage provided by the INameValueStore instance.
/// </summary>
/// <param name="privateKey">The private key used for this server</param>
/// <param name="clientKey">The public key of the client to allow</param>
/// <param name="storage">The state storage used between requests</param>
public Server(RSAPrivateKey privateKey, RSAPublicKey clientKey, INameValueStore storage)
{
_privateKey = privateKey;
_clientKey = clientKey;
_storage = storage;
NonceSize = 32;
KeyBytes = 32;
MaxInboundFileChunk = ushort.MaxValue;
MaxOutboundFileChunk = 1000*1024;
}
/// <summary> Creates the key from the information provided </summary>
public static RSAPublicKey FromXml(string xml)
{
return(RSAPublicKey.FromXml(new XmlTextReader(new StringReader(xml))));
}
/// <summary> Creates the key from the information provided </summary>
public new static RSAPrivateKey FromStore(CspParameters parameters)
{
return((RSAPrivateKey)RSAPublicKey.FromStore(parameters));
}
/// <summary> Creates the key from the information provided </summary>
public new static RSAPrivateKey FromStore(string name)
{
return((RSAPrivateKey)RSAPublicKey.FromStore(name));
}
/// <summary> Creates the key from the information provided </summary>
public new static RSAPrivateKey FromBytes(byte[] bytes)
{
return((RSAPrivateKey)RSAPublicKey.FromBytes(bytes));
}
/// <summary> Creates the key from the information provided </summary>
public new static RSAPrivateKey FromParameters(RSAParameters parameters)
{
return((RSAPrivateKey)RSAPublicKey.FromParameters(parameters));
}
