| | | 1 | | namespace NLightning.Infrastructure.Transport.Encryption; |
| | | 2 | | |
| | | 3 | | using Domain.Crypto.Constants; |
| | | 4 | | using Domain.Exceptions; |
| | | 5 | | using Domain.Transport; |
| | | 6 | | using Domain.Utils; |
| | | 7 | | using Handshake.States; |
| | | 8 | | using Protocol.Constants; |
| | | 9 | | |
| | | 10 | | /// <inheritdoc/> |
| | | 11 | | internal sealed class Transport : ITransport |
| | | 12 | | { |
| | | 13 | | private readonly bool _initiator; |
| | | 14 | | private readonly CipherState _sendingKey; |
| | | 15 | | private readonly CipherState _receivingKey; |
| | | 16 | | |
| | | 17 | | private bool _disposed; |
| | | 18 | | |
| | 32 | 19 | | public Transport(bool initiator, CipherState c1, CipherState c2) |
| | | 20 | | { |
| | 32 | 21 | | ArgumentNullException.ThrowIfNull(c1, nameof(c1)); |
| | 32 | 22 | | ArgumentNullException.ThrowIfNull(c2, nameof(c2)); |
| | | 23 | | |
| | 32 | 24 | | _initiator = initiator; |
| | 32 | 25 | | _sendingKey = c1; |
| | 32 | 26 | | _receivingKey = c2; |
| | 32 | 27 | | } |
| | | 28 | | |
| | | 29 | | /// <inheritdoc/> |
| | | 30 | | /// <exception cref="ObjectDisposedException">Thrown if the current instance has already been disposed.</exception> |
| | | 31 | | /// <exception cref="InvalidOperationException">Thrown if the responder has attempted to write a message to a one-wa |
| | | 32 | | /// <exception cref="ArgumentException">Thrown if the encrypted payload was greater than <see cref="ProtocolConstant |
| | | 33 | | public int WriteMessage(ReadOnlySpan<byte> payload, Span<byte> messageBuffer) |
| | | 34 | | { |
| | 4008 | 35 | | ExceptionUtils.ThrowIfDisposed(_disposed, nameof(Transport)); |
| | | 36 | | |
| | | 37 | | // Serialize length into 2 bytes encoded as a big-endian integer |
| | 4008 | 38 | | var l = BitConverter.GetBytes((ushort)payload.Length); |
| | 4008 | 39 | | if (BitConverter.IsLittleEndian) |
| | | 40 | | { |
| | 4008 | 41 | | Array.Reverse(l); |
| | | 42 | | } |
| | | 43 | | |
| | | 44 | | // Encrypt the payload length into the message buffer |
| | 4008 | 45 | | var lcLen = WriteMessagePart(l, messageBuffer); |
| | | 46 | | |
| | | 47 | | // Encrypt the payload into the message buffer |
| | 4008 | 48 | | var mLen = WriteMessagePart(payload, messageBuffer[lcLen..]); |
| | | 49 | | |
| | 4008 | 50 | | return lcLen + mLen; |
| | | 51 | | } |
| | | 52 | | |
| | | 53 | | /// <inheritdoc/> |
| | | 54 | | public int ReadMessageLength(ReadOnlySpan<byte> lc) |
| | | 55 | | { |
| | 4008 | 56 | | ExceptionUtils.ThrowIfDisposed(_disposed, nameof(Transport)); |
| | | 57 | | |
| | 4008 | 58 | | if (lc.Length != ProtocolConstants.MessageHeaderSize) |
| | | 59 | | { |
| | 0 | 60 | | throw new ArgumentException($"Lightning Message Header must be {ProtocolConstants.MessageHeaderSize} bytes i |
| | | 61 | | } |
| | | 62 | | |
| | | 63 | | // Decrypt the payload length from the message buffer |
| | 4008 | 64 | | var l = new byte[2]; |
| | | 65 | | // Bytes read should always be 2 |
| | 4008 | 66 | | if (ReadMessagePart(lc, l) != 2) |
| | | 67 | | { |
| | 0 | 68 | | throw new ConnectionException("Message Length was invalid."); |
| | | 69 | | } |
| | | 70 | | |
| | 4008 | 71 | | if (BitConverter.IsLittleEndian) |
| | | 72 | | { |
| | 4008 | 73 | | Array.Reverse(l); |
| | | 74 | | } |
| | 4008 | 75 | | return BitConverter.ToUInt16(l, 0) + CryptoConstants.Chacha20Poly1305TagLen; |
| | | 76 | | } |
| | | 77 | | |
| | | 78 | | /// <inheritdoc/> |
| | | 79 | | public int ReadMessagePayload(ReadOnlySpan<byte> message, Span<byte> payloadBuffer) |
| | | 80 | | { |
| | 4008 | 81 | | ExceptionUtils.ThrowIfDisposed(_disposed, nameof(Transport)); |
| | | 82 | | |
| | | 83 | | // Decrypt the payload from the message buffer |
| | 4008 | 84 | | return ReadMessagePart(message, payloadBuffer); |
| | | 85 | | } |
| | | 86 | | |
| | | 87 | | /// <summary> |
| | | 88 | | /// Encrypts the <paramref name="payload"/> and writes the result into <paramref name="messageBuffer"/>. |
| | | 89 | | /// </summary> |
| | | 90 | | /// <param name="payload">The payload to encrypt.</param> |
| | | 91 | | /// <param name="messageBuffer">The buffer for the encrypted message.</param> |
| | | 92 | | /// <returns>The ciphertext size in bytes.</returns> |
| | | 93 | | /// <exception cref="ObjectDisposedException"> |
| | | 94 | | /// Thrown if the current instance has already been disposed. |
| | | 95 | | /// </exception> |
| | | 96 | | /// <exception cref="InvalidOperationException"> |
| | | 97 | | /// Thrown if the responder has attempted to write a message to a one-way stream. |
| | | 98 | | /// </exception> |
| | | 99 | | /// <exception cref="ArgumentException"> |
| | | 100 | | /// Thrown if the encrypted payload was greater than <see cref="ProtocolConstants.MaxMessageLength"/> |
| | | 101 | | /// bytes in length, or if the output buffer did not have enough space to hold the ciphertext. |
| | | 102 | | /// </exception> |
| | | 103 | | private int WriteMessagePart(ReadOnlySpan<byte> payload, Span<byte> messageBuffer) |
| | | 104 | | { |
| | 8016 | 105 | | if (payload.Length + CryptoConstants.Chacha20Poly1305TagLen > ProtocolConstants.MaxMessageLength) |
| | 0 | 106 | | throw new ArgumentException( |
| | 0 | 107 | | $"Noise message must be less than or equal to {ProtocolConstants.MaxMessageLength} bytes in length."); |
| | | 108 | | |
| | 8016 | 109 | | if (payload.Length + CryptoConstants.Chacha20Poly1305TagLen > messageBuffer.Length) |
| | 0 | 110 | | throw new ArgumentException("Message buffer does not have enough space to hold the ciphertext."); |
| | | 111 | | |
| | 8016 | 112 | | var cipher = _initiator ? _sendingKey : _receivingKey; |
| | 8016 | 113 | | if (!cipher.HasKeys()) |
| | 0 | 114 | | throw new InvalidOperationException("Cipher is missing keys."); |
| | | 115 | | |
| | 8016 | 116 | | return cipher.Encrypt(payload, messageBuffer); |
| | | 117 | | } |
| | | 118 | | |
| | | 119 | | /// <summary> |
| | | 120 | | /// Decrypts the <paramref name="message"/> and writes the result into <paramref name="payloadBuffer"/>. |
| | | 121 | | /// </summary> |
| | | 122 | | /// <param name="message">The message to decrypt.</param> |
| | | 123 | | /// <param name="payloadBuffer">The buffer for the decrypted payload.</param> |
| | | 124 | | /// <returns>The plaintext size in bytes.</returns> |
| | | 125 | | /// <exception cref="ObjectDisposedException"> |
| | | 126 | | /// Thrown if the current instance has already been disposed. |
| | | 127 | | /// </exception> |
| | | 128 | | /// <exception cref="InvalidOperationException"> |
| | | 129 | | /// Thrown if the initiator has attempted to read a message from a one-way stream. |
| | | 130 | | /// </exception> |
| | | 131 | | /// <exception cref="ArgumentException"> |
| | | 132 | | /// Thrown if the message was greater than <see cref="ProtocolConstants.MaxMessageLength"/> |
| | | 133 | | /// bytes in length, or if the output buffer did not have enough space to hold the plaintext. |
| | | 134 | | /// </exception> |
| | | 135 | | /// <exception cref="System.Security.Cryptography.CryptographicException"> |
| | | 136 | | /// Thrown if the decryption of the message has failed. |
| | | 137 | | /// </exception> |
| | | 138 | | private int ReadMessagePart(ReadOnlySpan<byte> message, Span<byte> payloadBuffer) |
| | | 139 | | { |
| | 8016 | 140 | | switch (message.Length) |
| | | 141 | | { |
| | | 142 | | case > ProtocolConstants.MaxMessageLength: |
| | 0 | 143 | | throw new ArgumentException($"Noise message must be less than or equal to {ProtocolConstants.MaxMessageL |
| | | 144 | | case < CryptoConstants.Chacha20Poly1305TagLen: |
| | 0 | 145 | | throw new ArgumentException($"Noise message must be greater than or equal to {CryptoConstants.Chacha20Po |
| | | 146 | | } |
| | | 147 | | |
| | 8016 | 148 | | if (message.Length - CryptoConstants.Chacha20Poly1305TagLen > payloadBuffer.Length) |
| | 0 | 149 | | throw new ArgumentException("Payload buffer does not have enough space to hold the plaintext."); |
| | | 150 | | |
| | 8016 | 151 | | var cipher = _initiator ? _receivingKey : _sendingKey; |
| | 8016 | 152 | | if (!cipher.HasKeys()) |
| | 0 | 153 | | throw new InvalidOperationException("Cipher is missing keys."); |
| | | 154 | | |
| | 8016 | 155 | | return cipher.Decrypt(message, payloadBuffer); |
| | | 156 | | } |
| | | 157 | | |
| | | 158 | | public void Dispose() |
| | | 159 | | { |
| | 8 | 160 | | if (_disposed) |
| | 0 | 161 | | return; |
| | | 162 | | |
| | 8 | 163 | | _sendingKey.Dispose(); |
| | 8 | 164 | | _receivingKey.Dispose(); |
| | | 165 | | |
| | 8 | 166 | | _disposed = true; |
| | 8 | 167 | | } |
| | | 168 | | } |