public TLSEnvelope TLSServerEncryptRequest(byte[] clearPacket, string recipientId) { byte[] authSecret = GetAuthSecret(recipientId); DynamicSecret dynamicSecret = GetDynamicSecretForEncryption(recipientId); Debug.WriteLine($"{this.ServerId}: TLSEncrypt: DynamicPublicKeyID: {dynamicSecret.DynamicPublicKeyId}, PrivateKeyHint: {dynamicSecret.PrivateKeyHint}."); // Concatenate = 'TLSAuthMode.Combined' byte[] symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSecret.DynamicSharedSecret, authSecret); var lro = new LongRunningOperation(progress => { }, () => { }); var clearBytes = new Clearbytes(clearPacket); var sha512PW64 = new KeyMaterial64(symmetricKeyMaterial64); var method = new RoundsExponent(0xff); var encryptResponse = this.ixdsCryptoService.BinaryEncrypt(clearBytes, sha512PW64, method, lro.Context); if (!encryptResponse.IsSuccess) { throw new Exception(encryptResponse.Error); } var encodeResponse = this.ixdsCryptoService.BinaryEncodeXDSSec(encryptResponse.Result, lro.Context); if (!encodeResponse.IsSuccess) { throw new Exception(encodeResponse.Error); } var tlsEnvelope = new TLSEnvelope(dynamicSecret.PrivateKeyHint, dynamicSecret.DynamicPublicKeyId, dynamicSecret.DynamicPublicKey, encodeResponse.Result); return(tlsEnvelope); }
public Compressed CompressBytes(Clearbytes clearbytes) { Guard.NotNull(clearbytes); byte[] compressed = Deflate.CompressBytes(clearbytes.GetBytes()); return(new Compressed(compressed)); }
public TLSEnvelope TLSServerEncryptRequestAnonymous(byte[] clearPacket, byte[] dynamicPublicKey, long dynamicPublicKeyID) { byte[] authSecret = new byte[32]; // we cannot create an authSecret based on the client's public key when we don't know who the client is. // we use the dynamicPublicKey and the server private key. var dynamicSharedSecret = this.ixdsCryptoService.CalculateAndHashSharedSecret(this._serverPrivateKey, dynamicPublicKey); // the hint to the clients privk for pubkey he sent long privateKeyHint = dynamicPublicKeyID; // and now we create a dynamic public key, just to fit the protocol, but not intended for use. var random = this.ixdsCryptoService.GetRandom(32).Result.X; var throwAwayPubKey = this.ixdsCryptoService.GenerateCurve25519KeyPairExact(random).Result.PublicKey; // and a fake id long fakeDynamicPublicKeyID = 9999; // use a realistic value, not 9999! Debug.WriteLine($"{this.ServerId}: TLSServerEncryptRequestAnonymous: FakeDynamicPublicKeyID: {fakeDynamicPublicKeyID}, PrivateKeyHint: {privateKeyHint}."); // Concatenate = 'TLSAuthMode.Dynamic' - THIS is anothe case! byte[] symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSharedSecret, authSecret); // same as normally var lro = new LongRunningOperation(progress => { }, () => { }); var clearBytes = new Clearbytes(clearPacket); var sha512PW64 = new KeyMaterial64(symmetricKeyMaterial64); var method = new RoundsExponent(0xff); var encryptResponse = this.ixdsCryptoService.BinaryEncrypt(clearBytes, sha512PW64, method, lro.Context); if (!encryptResponse.IsSuccess) { throw new Exception(encryptResponse.Error); } var encodeResponse = this.ixdsCryptoService.BinaryEncodeXDSSec(encryptResponse.Result, lro.Context); if (!encodeResponse.IsSuccess) { throw new Exception(encodeResponse.Error); } var tlsEnvelope = new TLSEnvelope(privateKeyHint, fakeDynamicPublicKeyID, throwAwayPubKey, encodeResponse.Result); return(tlsEnvelope); }
public Response <Clearbytes> BinaryDecrypt(CipherV2 cipherV2, KeyMaterial64 keyMaterial64, LongRunningOperationContext context) { var response = new Response <Clearbytes>(); try { Compressed compressed = DecryptCommon(cipherV2, keyMaterial64, context); Clearbytes cleartext = this._internal.DecompressBytes(compressed); response.Result = cleartext; response.SetSuccess(); } catch (Exception e) { response.SetError(e); } return(response); }
public Response <CipherV2> BinaryEncrypt(Clearbytes clearBytes, KeyMaterial64 keyMaterial64, RoundsExponent roundsExponent, LongRunningOperationContext context) { var response = new Response <CipherV2>(); try { Guard.NotNull(new object[] { clearBytes, keyMaterial64, roundsExponent }); EnsurePlatform(); Compressed compressed = this._internal.CompressBytes(clearBytes); var cipherV2 = EncryptCommon(keyMaterial64, roundsExponent, context, compressed); response.Result = cipherV2; response.SetSuccess(); } catch (Exception e) { response.SetError(e); } return(response); }
public async Task <TLSEnvelope> EncryptRequest(byte[] clearPacket) { await this._publicMemberLock.WaitAsync(); try { DynamicSecret dynamicSecret = GetDynamicSecretForEncryption(); Debug.WriteLine( $"{this.MyId}: TLSEncrypt: DynamicPublicKeyID: {dynamicSecret.DynamicPublicKeyId}, PrivateKeyHint: {dynamicSecret.PrivateKeyHint}."); byte[] authSecret = this._server.AuthSecret; var securable = ByteArrays.Concatenate(authSecret, this._myIdBytes, clearPacket); var symmetricKeyMaterial64 = ByteArrays.Concatenate(dynamicSecret.DynamicSharedSecret, new byte[32]); var lro = new LongRunningOperation(progress => { }, () => { }); var clearBytes = new Clearbytes(securable); var keyMaterial64 = new KeyMaterial64(symmetricKeyMaterial64); var method = new RoundsExponent(0xff); var encryptResponse = this._visualCrypt2Service.BinaryEncrypt(clearBytes, keyMaterial64, method, lro.Context); if (!encryptResponse.IsSuccess) { throw new Exception(encryptResponse.Error); } var encodeResponse = this._visualCrypt2Service.BinaryEncodeVisualCrypt(encryptResponse.Result, lro.Context); if (!encodeResponse.IsSuccess) { throw new Exception(encodeResponse.Error); } return(new TLSEnvelope(dynamicSecret.PrivateKeyHint, dynamicSecret.DynamicPublicKeyId, dynamicSecret.DynamicPublicKey, encodeResponse.Result)); } finally { this._publicMemberLock.Release(); } }