public TLSEnvelope TLSServerEncryptRequest(byte[] clearPacket, string recipientId)
{
byte[] authSecret = GetAuthSecret(recipientId);
DynamicSecret dynamicSecret = GetDynamicSecretForEncryption(recipientId);
Debug.WriteLine($"{this.ServerId}: TLSEncrypt: DynamicPublicKeyID: {dynamicSecret.DynamicPublicKeyId}, PrivateKeyHint: {dynamicSecret.PrivateKeyHint}.");
// Concatenate = 'TLSAuthMode.Combined'
byte[] symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSecret.DynamicSharedSecret, authSecret);
var lro = new LongRunningOperation(progress => { }, () => { });
var clearBytes = new Clearbytes(clearPacket);
var sha512PW64 = new KeyMaterial64(symmetricKeyMaterial64);
var method = new RoundsExponent(0xff);
var encryptResponse = this.ixdsCryptoService.BinaryEncrypt(clearBytes, sha512PW64, method, lro.Context);
if (!encryptResponse.IsSuccess)
{
throw new Exception(encryptResponse.Error);
}
var encodeResponse = this.ixdsCryptoService.BinaryEncodeXDSSec(encryptResponse.Result, lro.Context);
if (!encodeResponse.IsSuccess)
{
throw new Exception(encodeResponse.Error);
}
var tlsEnvelope = new TLSEnvelope(dynamicSecret.PrivateKeyHint, dynamicSecret.DynamicPublicKeyId, dynamicSecret.DynamicPublicKey, encodeResponse.Result);
return(tlsEnvelope);
}
public Compressed CompressBytes(Clearbytes clearbytes)
{
Guard.NotNull(clearbytes);
byte[] compressed = Deflate.CompressBytes(clearbytes.GetBytes());
return(new Compressed(compressed));
}
public TLSEnvelope TLSServerEncryptRequestAnonymous(byte[] clearPacket, byte[] dynamicPublicKey, long dynamicPublicKeyID)
{
byte[] authSecret = new byte[32]; // we cannot create an authSecret based on the client's public key when we don't know who the client is.
// we use the dynamicPublicKey and the server private key.
var dynamicSharedSecret = this.ixdsCryptoService.CalculateAndHashSharedSecret(this._serverPrivateKey, dynamicPublicKey);
// the hint to the clients privk for pubkey he sent
long privateKeyHint = dynamicPublicKeyID;
// and now we create a dynamic public key, just to fit the protocol, but not intended for use.
var random = this.ixdsCryptoService.GetRandom(32).Result.X;
var throwAwayPubKey = this.ixdsCryptoService.GenerateCurve25519KeyPairExact(random).Result.PublicKey;
// and a fake id
long fakeDynamicPublicKeyID = 9999; // use a realistic value, not 9999!
Debug.WriteLine($"{this.ServerId}: TLSServerEncryptRequestAnonymous: FakeDynamicPublicKeyID: {fakeDynamicPublicKeyID}, PrivateKeyHint: {privateKeyHint}.");
// Concatenate = 'TLSAuthMode.Dynamic' - THIS is anothe case!
byte[] symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSharedSecret, authSecret);
// same as normally
var lro = new LongRunningOperation(progress => { }, () => { });
var clearBytes = new Clearbytes(clearPacket);
var sha512PW64 = new KeyMaterial64(symmetricKeyMaterial64);
var method = new RoundsExponent(0xff);
var encryptResponse = this.ixdsCryptoService.BinaryEncrypt(clearBytes, sha512PW64, method, lro.Context);
if (!encryptResponse.IsSuccess)
{
throw new Exception(encryptResponse.Error);
}
var encodeResponse = this.ixdsCryptoService.BinaryEncodeXDSSec(encryptResponse.Result, lro.Context);
if (!encodeResponse.IsSuccess)
{
throw new Exception(encodeResponse.Error);
}
var tlsEnvelope = new TLSEnvelope(privateKeyHint, fakeDynamicPublicKeyID, throwAwayPubKey, encodeResponse.Result);
return(tlsEnvelope);
}
public Response <Clearbytes> BinaryDecrypt(CipherV2 cipherV2, KeyMaterial64 keyMaterial64, LongRunningOperationContext context)
{
var response = new Response <Clearbytes>();
try
{
Compressed compressed = DecryptCommon(cipherV2, keyMaterial64, context);
Clearbytes cleartext = this._internal.DecompressBytes(compressed);
response.Result = cleartext;
response.SetSuccess();
}
catch (Exception e)
{
response.SetError(e);
}
return(response);
}
public Response <CipherV2> BinaryEncrypt(Clearbytes clearBytes, KeyMaterial64 keyMaterial64, RoundsExponent roundsExponent, LongRunningOperationContext context)
{
var response = new Response <CipherV2>();
try
{
Guard.NotNull(new object[] { clearBytes, keyMaterial64, roundsExponent });
EnsurePlatform();
Compressed compressed = this._internal.CompressBytes(clearBytes);
var cipherV2 = EncryptCommon(keyMaterial64, roundsExponent, context, compressed);
response.Result = cipherV2;
response.SetSuccess();
}
catch (Exception e)
{
response.SetError(e);
}
return(response);
}
public async Task <TLSEnvelope> EncryptRequest(byte[] clearPacket)
{
await this._publicMemberLock.WaitAsync();
try
{
DynamicSecret dynamicSecret = GetDynamicSecretForEncryption();
Debug.WriteLine(
$"{this.MyId}: TLSEncrypt: DynamicPublicKeyID: {dynamicSecret.DynamicPublicKeyId}, PrivateKeyHint: {dynamicSecret.PrivateKeyHint}.");
byte[] authSecret = this._server.AuthSecret;
var securable = ByteArrays.Concatenate(authSecret, this._myIdBytes, clearPacket);
var symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSecret.DynamicSharedSecret, new byte[32]);
var lro = new LongRunningOperation(progress => { }, () => { });
var clearBytes = new Clearbytes(securable);
var keyMaterial64 = new KeyMaterial64(symmetricKeyMaterial64);
var method = new RoundsExponent(0xff);
var encryptResponse = this._visualCrypt2Service.BinaryEncrypt(clearBytes, keyMaterial64, method, lro.Context);
if (!encryptResponse.IsSuccess)
{
throw new Exception(encryptResponse.Error);
}
var encodeResponse = this._visualCrypt2Service.BinaryEncodeVisualCrypt(encryptResponse.Result, lro.Context);
if (!encodeResponse.IsSuccess)
{
throw new Exception(encodeResponse.Error);
}
return(new TLSEnvelope(dynamicSecret.PrivateKeyHint, dynamicSecret.DynamicPublicKeyId,
dynamicSecret.DynamicPublicKey, encodeResponse.Result));
}
finally
{
this._publicMemberLock.Release();
}
}
