/// <summary>
/// Tries to get the verified message.
/// </summary>
/// <param name="signedMessage">The signed message.</param>
/// <param name="verifiedMessage">The verified message.</param>
/// <param name="hidden">The hidden.</param>
/// <returns>false if signature is not correct</returns>
public bool TryGetVerifiedMessage(WebBase64 signedMessage, out string verifiedMessage, byte[] hidden = null)
{
byte[] output;
var verified = TryGetVerifiedMessage(signedMessage.ToBytes(), out output, hidden);
verifiedMessage = Config.RawStringEncoding.GetString(output);
return(verified);
}
/// <summary>
/// Initializes a new instance of the <see cref="NonceSessionMaterial" /> class.
/// </summary>
/// <param name="key">The key.</param>
public NonceSessionMaterial(AesKey key)
{
Key = key;
var nonce = new byte[SessionNonceSize];
Secure.Random.NextBytes(nonce);
Nonce = WebBase64.FromBytes(nonce);
}
protected virtual void Dispose(bool disposing)
{
_keyset = _keyset.SafeDispose();
_crypter = _crypter.SafeDispose();
_signer = _signer.SafeDispose();
_verifier = _verifier.SafeDispose();
_nonce = _nonce.Clear();
_sessionMaterial = _sessionMaterial.Clear();
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionCrypter" /> class.
/// </summary>
/// <param name="keyEncrypter">The key encrypter.</param>
/// <param name="signer">The signer, optionally used to certify sender. (Equivialent to SignedSessionEncrypter)</param>
/// <param name="keySize">Size of the key.</param>
/// <param name="symmetricKeyType">Type of the symmetric key. (requires unofficial keypacker)</param>
/// <param name="keyPacker">The key packer.</param>
/// <exception cref="System.ArgumentException">Without a supplying a keypacker you may only use KeyType.AES;symmetricKeyType</exception>
public SessionCrypter(Encrypter keyEncrypter, AttachedSigner signer = null, int?keySize = null,
KeyType symmetricKeyType = null, ISessionKeyPacker keyPacker = null)
{
Workings initLazy()
{
var workings = new Workings();
symmetricKeyType = symmetricKeyType ?? KeyType.Aes;
if (keyPacker == null && symmetricKeyType != KeyType.Aes)
{
throw new ArgumentException("Without a supplying a keypacker you may only use KeyType.AES",
nameof(symmetricKeyType));
}
if (signer != null)
{
keyPacker = keyPacker ?? new NonceSignedSessionPacker();
}
keyPacker = keyPacker ?? new SimpleAesHmacSha1KeyPacker();
var key = Key.Generate(symmetricKeyType, keySize ?? symmetricKeyType.DefaultSize);
workings._keyset = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt);
workings._crypter = new Crypter(workings._keyset);
workings._signer = signer;
byte[] packedKey;
var sessionPacker = keyPacker as IInteroperableSessionMaterialPacker;
if (sessionPacker == null)
{
packedKey = keyPacker.Pack(key, Config);
}
else
{
var nonceSession = new NonceSessionMaterial((AesKey)key);
packedKey = sessionPacker.PackMaterial(nonceSession, Config);
workings._nonce = nonceSession.Nonce.ToBytes();
}
workings._sessionMaterial = WebBase64.FromBytes(keyEncrypter.Encrypt(packedKey));
if (sessionPacker == null && workings._signer != null)
{
workings._sessionMaterial = WebBase64.FromBytes(workings._signer.Sign(workings._sessionMaterial.ToBytes()));
}
return(workings);
}
_working = new Lazy <Workings>(initLazy);
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionCrypter" /> class.
/// </summary>
/// <param name="keyDecrypter">The key decrypter.</param>
/// <param name="sessionMaterial">The session material.</param>
/// <param name="verifier">The verifier, optionally used to certify sender. (Equivialent to SignedSessionDecrypter)</param>
/// <param name="keyPacker">The key packer.</param>
public SessionCrypter(Crypter keyDecrypter, WebBase64 sessionMaterial, AttachedVerifier verifier = null,
ISessionKeyPacker keyPacker = null)
{
Workings initLazy()
{
var workings = new Workings();
if (verifier != null)
{
keyPacker = keyPacker ?? new NonceSignedSessionPacker();
}
keyPacker = keyPacker ?? new SimpleAesHmacSha1KeyPacker();
var sessionMaterialBytes = sessionMaterial.ToBytes();
var sessionPacker = keyPacker as IInteroperableSessionMaterialPacker;
workings._verifier = verifier;
if (sessionPacker == null && workings._verifier != null)
{
sessionMaterialBytes = workings._verifier.VerifiedMessage(sessionMaterialBytes);
}
var packedBytes = keyDecrypter.Decrypt(sessionMaterialBytes);
Key key;
if (sessionPacker == null)
{
key = keyPacker.Unpack(packedBytes, Config);
}
else
{
var nonceSession = sessionPacker.UnpackMaterial(packedBytes, Config);
key = nonceSession.Key;
workings._nonce = nonceSession.Nonce.ToBytes();
}
workings._keyset = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt);
workings._crypter = new Crypter(workings._keyset);
workings._sessionMaterial = sessionMaterial;
return(workings);
}
_working = new Lazy <Workings>(initLazy);
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionCrypter" /> class.
/// </summary>
/// <param name="keyEncrypter">The key encrypter.</param>
/// <param name="signer">The signer, optionally used to certify sender. (Equivialent to SignedSessionEncrypter)</param>
/// <param name="keySize">Size of the key.</param>
/// <param name="symmetricKeyType">Type of the symmetric key. (requires unofficial keypacker)</param>
/// <param name="keyPacker">The key packer.</param>
/// <exception cref="System.ArgumentException">Without a supplying a keypacker you may only use KeyType.AES;symmetricKeyType</exception>
public SessionCrypter(Encrypter keyEncrypter, AttachedSigner signer = null, int?keySize = null,
KeyType symmetricKeyType = null, ISessionKeyPacker keyPacker = null)
{
symmetricKeyType = symmetricKeyType ?? KeyType.Aes;
if (keyPacker == null && symmetricKeyType != KeyType.Aes)
{
throw new ArgumentException("Without a supplying a keypacker you may only use KeyType.AES",
"symmetricKeyType");
}
if (signer != null)
{
keyPacker = keyPacker ?? new NonceSignedSessionPacker();
}
keyPacker = keyPacker ?? new SimpleAesHmacSha1KeyPacker();
var key = Key.Generate(symmetricKeyType, keySize ?? symmetricKeyType.DefaultSize);
_keyset = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt);
_crypter = new Crypter(_keyset);
_signer = signer;
byte[] packedKey;
var sessionPacker = keyPacker as IInteroperableSessionMaterialPacker;
if (sessionPacker == null)
{
packedKey = keyPacker.Pack(key);
}
else
{
var nonceSession = new NonceSessionMaterial((AesKey)key);
packedKey = sessionPacker.PackMaterial(nonceSession);
_nonce = nonceSession.Nonce.ToBytes();
}
_sessionMaterial = WebBase64.FromBytes(keyEncrypter.Encrypt(packedKey));
if (sessionPacker == null && _signer != null)
{
_sessionMaterial = WebBase64.FromBytes(_signer.Sign(_sessionMaterial.ToBytes()));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionCrypter" /> class.
/// </summary>
/// <param name="keyDecrypter">The key decrypter.</param>
/// <param name="sessionMaterial">The session material.</param>
/// <param name="verifier">The verifier, optionally used to certify sender. (Equivialent to SignedSessionDecrypter)</param>
/// <param name="keyPacker">The key packer.</param>
public SessionCrypter(Crypter keyDecrypter, WebBase64 sessionMaterial, AttachedVerifier verifier = null,
ISessionKeyPacker keyPacker = null)
{
if (verifier != null)
{
keyPacker = keyPacker ?? new NonceSignedSessionPacker();
}
keyPacker = keyPacker ?? new SimpleAesHmacSha1KeyPacker();
var sessionMaterialBytes = sessionMaterial.ToBytes();
var sessionPacker = keyPacker as IInteroperableSessionMaterialPacker;
_verifier = verifier;
if (sessionPacker == null && _verifier != null)
{
sessionMaterialBytes = _verifier.VerifiedMessage(sessionMaterialBytes);
}
var packedBytes = keyDecrypter.Decrypt(sessionMaterialBytes);
Key key;
if (sessionPacker == null)
{
key = keyPacker.Unpack(packedBytes);
}
else
{
var nonceSession = sessionPacker.UnpackMaterial(packedBytes);
key = nonceSession.Key;
_nonce = nonceSession.Nonce.ToBytes();
}
_keyset = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt);
_crypter = new Crypter(_keyset);
_sessionMaterial = sessionMaterial;
}
/// <summary> /// Encrypts the specified raw string data. /// </summary> /// <param name="rawData">The raw string data.</param> /// <returns></returns> public WebBase64 Encrypt(string rawData) => WebBase64.FromBytes(Encrypt(Config.RawStringEncoding.GetBytes(rawData)));
/// <summary> /// Signs the specified raw data. /// </summary> /// <param name="rawData">The raw data.</param> /// <returns></returns> public WebBase64 Sign(String rawData) => WebBase64.FromBytes(Sign(Config.RawStringEncoding.GetBytes(rawData)));
/// <summary>
/// Encrypts the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <returns></returns>
public WebBase64 Encrypt(string rawData)
{
return(WebBase64.FromBytes(Encrypt(Keyczar.RawStringEncoding.GetBytes(rawData))));
}
/// <summary>
/// Decrypts the specified data.
/// </summary>
/// <param name="data">The data.</param>
/// <returns></returns>
public string Decrypt(WebBase64 data)
{
return(Keyczar.RawStringEncoding.GetString(Decrypt(data.ToBytes())));
}
/// <summary> /// Signs the specified raw data. /// </summary> /// <param name="rawData">The raw data.</param> /// <param name="expiration">The expiration.</param> /// <returns></returns> public WebBase64 Sign(String rawData, DateTime expiration) => WebBase64.FromBytes(Sign(Config.RawStringEncoding.GetBytes(rawData), expiration));
/// <summary>
/// Verifies the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <param name="signature">The signature.</param>
/// <returns></returns>
public bool Verify(string rawData, WebBase64 signature)
{
return(Verify(RawStringEncoding.GetBytes(rawData), signature.ToBytes()));
}
/// <summary>
/// Signs the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <returns></returns>
public WebBase64 Sign(String rawData)
{
return(WebBase64.FromBytes(Sign(RawStringEncoding.GetBytes(rawData))));
}
/// <summary>
/// Signs the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <param name="hidden">The hidden data used to generate the digest signature.</param>
/// <returns></returns>
public WebBase64 Sign(String rawData, Byte[] hidden = null)
{
return(WebBase64.FromBytes(Sign(RawStringEncoding.GetBytes(rawData), hidden)));
}
/// <summary> /// Verifies the specified raw data. /// </summary> /// <param name="rawData">The raw data.</param> /// <param name="signature">The signature.</param> /// <returns></returns> public bool Verify(string rawData, WebBase64 signature) => Verify(Config.RawStringEncoding.GetBytes(rawData), signature.ToBytes());
/// <summary> /// Gets Verified message from signed message /// </summary> /// <param name="rawData">The raw data.</param> /// <param name="hidden">Optional hidden data used to generate the digest signature.</param> /// <returns></returns> /// <exception cref="InvalidCryptoDataException">Data Doesn't Match Signature!</exception> public string VerifiedMessage(WebBase64 rawData, byte[] hidden = null) => Config.RawStringEncoding.GetString(VerifiedMessage(rawData.ToBytes(), hidden));
/// <summary> /// Verifies the specified message. /// </summary> /// <param name="signedMessage">The signed message.</param> /// <param name="hidden">Optional hidden data used to generate the digest signature.</param> /// <returns></returns> public bool Verify(WebBase64 signedMessage, byte[] hidden = null) => Verify(signedMessage.ToBytes(), hidden);
/// <summary>
/// Verifies the specified message.
/// </summary>
/// <param name="signedMessage">The signed message.</param>
/// <param name="hidden">Optional hidden data used to generate the digest signature.</param>
/// <returns></returns>
public bool Verify(WebBase64 signedMessage, byte[] hidden = null)
{
return(Verify(signedMessage.ToBytes(), hidden));
}
/// <summary>
/// Signs the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <param name="expiration">The expiration.</param>
/// <returns></returns>
public WebBase64 Sign(String rawData, DateTime expiration)
{
return(WebBase64.FromBytes(Sign(RawStringEncoding.GetBytes(rawData), expiration)));
}
