public void RefreshTLSUser(string userId, byte[] staticPublicKey) { Guard.NotNull(userId, staticPublicKey); var user = new TLSUser(userId, staticPublicKey); this._usersById[userId] = user; }
void NewDynamicEncryptionSecret(TLSUser user) { var newKeyPair = this._visualCrypt2Service.GenerateECKeyPair().Result; var newDynamicKeyId = this._ratchetTimer.GetNextTicks(user.DynamicPrivateDecryptionKeys.Count > 0 ? user.DynamicPrivateDecryptionKeys.Keys.Max() : 0); Debug.Assert(user.LatestDynamicPublicKey != null && user.LatestDynamicPublicKeyId != 0, "The client always sends a dynamic public key, so we must have it."); var newDynamicSecret = this._visualCrypt2Service.CalculateAndHashSharedSecret(newKeyPair.PrivateKey, user.LatestDynamicPublicKey); user.DynamicSecret = new DynamicSecret(recipientId: null, dynamicSharedSecret: newDynamicSecret, dynamicPublicKey: newKeyPair.PublicKey, dynamicPublicKeyId: newDynamicKeyId, privateKeyHint: user.LatestDynamicPublicKeyId) { UseCount = 0 }; user.DynamicPrivateDecryptionKeys[newDynamicKeyId] = newKeyPair.PrivateKey; this._idsByPrivateKeyHint[newDynamicKeyId] = user.UserId; RemoveExcessKeys(user); }
public TLSClientRatchet(string myId, byte[] myPrivateKey, TLSUser server, IVisualCrypt2Service visualCrypt2Service) { Guard.NotNull(myId, myPrivateKey, server, visualCrypt2Service); Guard.NotNull(server.StaticPublicKey); this.MyId = myId; this._myIdBytes = Encoding.UTF8.GetBytes(this.MyId); this._server = server; this._visualCrypt2Service = visualCrypt2Service; this._server.AuthSecret = this._visualCrypt2Service.CalculateAndHashSharedSecret(myPrivateKey, this._server.StaticPublicKey); }
// TODO: Review this, compare it with TLSCLient.RemovePreviousKeys and when key cleanup is done // This may not work correctly. void RemoveExcessKeys(TLSUser user) { var excess = user.DynamicPrivateDecryptionKeys.Keys.OrderByDescending(k => k).Skip(KeepLatestDynamicPrivateKeys); foreach (var keyId in excess) { user.DynamicPrivateDecryptionKeys.Remove(keyId); this._idsByPrivateKeyHint.Remove(keyId); } }