public bool TryLookupMulticastKey(IdentityHash identityHash, out byte[] symmetricKey)
{
return(multicastEncryptionKeysByIdentity.TryGetValue(identityHash, out symmetricKey));
}
public bool TryDecodePayload(BroadcastMessageDto broadcastMessage, out byte[] decryptedPayload)
{
var senderHash = broadcastMessage.SourceIdHash;
var receiverHash = broadcastMessage.DestinationIdHash;
var payload = broadcastMessage.Payload;
var signature = broadcastMessage.Signature;
byte[] totalMessage;
using (var ms = new MemoryStream())
using (var writer = new BinaryWriter(ms)) {
writer.Write(senderHash);
writer.Write(receiverHash);
writer.Write(payload);
totalMessage = ms.ToArray();
}
var senderNode = identityManager.LookupIdentity(senderHash);
if (senderNode == null)
{
// throw new InvalidStateException("Sender has not recognized");
decryptedPayload = null;
return(false);
}
if (!CryptoUtil.Verify(totalMessage, senderNode.ThisId, signature))
{
// throw new CryptographicException("Could not verify message");
decryptedPayload = null;
return(false);
}
// message is now verified
byte[] symmetricKey;
if (receiverHash.SequenceEqual(BROADCAST_ID))
{
// broadcast
decryptedPayload = payload;
return(true);
}
else if (receiverHash.SequenceEqual(identityHash))
{
// unicast to us
var decryptedSenderAndMessage = CryptoUtil.AsymmetricDecrypt(payload, privateKey);
if (!decryptedSenderAndMessage.Take(CryptoUtil.HASH_SIZE).SequenceEqual(senderHash))
{
// BREACH BREACH BREACH DEPLOY SECURITY COUNTER MEASURES
// throw new CryptographicException("DATA WAS BAD THERE ARE BAD PEOPLE HERE THEY MUST BE KEPT OUT");
decryptedPayload = null;
return(false);
}
decryptedPayload = decryptedSenderAndMessage.Skip(CryptoUtil.HASH_SIZE).ToArray();
return(true);
}
else if (identityManager.TryLookupMulticastKey(IdentityHash.GetFlyweight(receiverHash), out symmetricKey))
{
// multicast
var iv = payload.Take(CryptoUtil.IV_SIZE).ToArray();
var encryptedMessage = payload.Skip(CryptoUtil.IV_SIZE).ToArray();
var messageAndInnerSignature = CryptoUtil.SymmetricDecrypt(encryptedMessage, symmetricKey, iv);
var innerSignature = messageAndInnerSignature.Skip(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray();
var message = messageAndInnerSignature.Take(messageAndInnerSignature.Length - CryptoUtil.ASYM_KEY_SIZE_BYTES).ToArray();
if (!CryptoUtil.Verify(message, senderNode.ThisId, innerSignature))
{
// throw new CryptographicException("Could not verify inner signature");
decryptedPayload = null;
return(false);
}
decryptedPayload = message;
return(true);
}
else
{
// unknown multi/unicast
decryptedPayload = null;
return(false);
}
}
public void AddMulticastKey(IdentityHash identityHash, byte[] symmetricKey)
{
multicastEncryptionKeysByIdentity[identityHash] = symmetricKey;
}
