private static RequestSetClientDHParams SerializeRequest(TClientDHInnerData clientDhInnerData, AesKeyData aesKeyData)
{
var dhInnerDataBuffer = Serializer.Serialize(clientDhInnerData);
byte[] innerData;
try
{
Serializer.Serialize(clientDhInnerData);
innerData = dhInnerDataBuffer.ToArray();
}
finally
{
dhInnerDataBuffer.SafeRelease();
}
var hashsum = Sha1Helper.ComputeHashsum(innerData);
var answerWithHash = hashsum.Concat(innerData).ToArray();
var encryptedAnswer = AES.EncryptAes(aesKeyData, answerWithHash);
return(new RequestSetClientDHParams
{
EncryptedDataAsBinary = encryptedAnswer,
Nonce = clientDhInnerData.Nonce,
ServerNonce = clientDhInnerData.ServerNonce
});
}
private static TServerDHParamsOk SerializeResponse(TPQInnerData pqInnerData, TServerDHInnerData dhInnerData)
{
var dhInnerDataBuffer = Serializer.Serialize(dhInnerData);
byte[] answer;
try
{
answer = dhInnerDataBuffer.ToArray();
}
finally
{
dhInnerDataBuffer.SafeRelease();
}
var hashsum = Sha1Helper.ComputeHashsum(answer);
var answerWithHash = hashsum.Concat(answer).ToArray();
AesHelper.ComputeAesParameters(pqInnerData.NewNonce, pqInnerData.ServerNonce, out var aesKeyData);
var encryptedAnswer = AES.EncryptAes(aesKeyData, answerWithHash);
return(new TServerDHParamsOk
{
EncryptedAnswerAsBinary = encryptedAnswer,
Nonce = pqInnerData.Nonce,
ServerNonce = pqInnerData.ServerNonce
});
}
public AuthKey(byte[] data)
{
Guard.That(data.Length, nameof(data)).IsEqual(256);
Data = data;
var hashsum = Sha1Helper.ComputeHashsum(data);
_auxHash = BitConverter.ToUInt64(hashsum, 0);
Id = BitConverter.ToInt64(hashsum, 8 + 4);
}
private static TDhGenOk SerializeResponse(RequestSetClientDHParams setClientDhParams, byte[] newNonce, BigInteger agreement)
{
var newNonceHash = Sha1Helper.ComputeHashsum(newNonce).Skip(4).ToArray();
var authKeyAuxHash = Sha1Helper.ComputeHashsum(agreement.ToByteArrayUnsigned()).Take(8).ToArray();
return(new TDhGenOk
{
Nonce = setClientDhParams.Nonce,
ServerNonce = setClientDhParams.ServerNonce,
NewNonceHash1 = newNonceHash.Concat((byte)1).Concat(authKeyAuxHash).ToArray()
});
}
private static TPQInnerData DeserializeRequest(RequestReqDHParams reqDhParams, string privateKey)
{
var encryptedData = reqDhParams.EncryptedDataAsBinary;
var innerDataWithHash = RSAHelper.RsaDecryptWithPrivate(encryptedData, privateKey);
var shaHashsum = innerDataWithHash.Take(20).ToArray();
var innerData = innerDataWithHash.Skip(20).ToArray();
var hashsum = Sha1Helper.ComputeHashsum(innerData);
Guard.That(shaHashsum).IsItemsEquals(hashsum);
var innerDataBuffer = PooledByteBufferAllocator.Default.Buffer(innerData.Length);
innerDataBuffer.WriteBytes(innerData);
return(Serializer.Deserialize(innerDataBuffer).Is <TPQInnerData>());
}
public static RequestReqDHParams GetRequest(TResPQ resPq, string publicKey, out byte[] newNonce)
{
var pq = new BigInteger(resPq.PqAsBinary);
var f1 = PollardRho.Factor(pq);
var f2 = pq.Divide(f1);
var p = f1.Min(f2);
var q = f1.Max(f2);
newNonce = new byte[32];
Random.NextBytes(newNonce);
var pqInnerData = new TPQInnerData
{
PqAsBinary = pq.ToByteArrayUnsigned(),
PAsBinary = p.ToByteArrayUnsigned(),
QAsBinary = q.ToByteArrayUnsigned(),
ServerNonce = resPq.ServerNonce,
Nonce = resPq.Nonce,
NewNonce = newNonce
};
var serializedData = Serializer.Serialize(pqInnerData);
byte[] innerData;
try
{
innerData = serializedData.ToArray();
}
finally
{
serializedData.SafeRelease();
}
var fingerprint = RSAHelper.GetFingerprint(publicKey);
if (!resPq.ServerPublicKeyFingerprints.Contains(fingerprint))
{
throw new InvalidOperationException("The fingerprint is not found");
}
var hashsum = Sha1Helper.ComputeHashsum(innerData);
var dataWithHash = PooledByteBufferAllocator.Default.Buffer();
byte[] innerDataWithHash;
try
{
dataWithHash.WriteBytes(hashsum);
dataWithHash.WriteBytes(innerData);
var paddingBytes = new byte[255 - dataWithHash.ReadableBytes];
Random.NextBytes(paddingBytes);
dataWithHash.WriteBytes(paddingBytes);
innerDataWithHash = dataWithHash.ToArray();
}
finally
{
dataWithHash.SafeRelease();
}
var ciphertext = RSAHelper.RsaEncryptWithPublic(innerDataWithHash, publicKey);
return(new RequestReqDHParams
{
Nonce = resPq.Nonce,
PAsBinary = p.ToByteArrayUnsigned(),
QAsBinary = q.ToByteArrayUnsigned(),
ServerNonce = resPq.ServerNonce,
PublicKeyFingerprint = fingerprint,
EncryptedDataAsBinary = ciphertext
});
}