Frame encryption, decryption and privacy

jdomnitz · jdomnitz · commit 25d174985d1d · 2024-11-25T22:53:33.000-05:00
diff --git a/MatterDotNet/Protocol/Frame.cs b/MatterDotNet/Protocol/Frame.cs
@@ -10,51 +10,141 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+using MatterDotNet.Security;
+using System.Buffers;
 using System.Buffers.Binary;
+using System.Text;
 
 namespace MatterDotNet.Protocol
 {
-    internal class Frame
+    internal class Frame : IPayload
     {
         internal const int MAX_SIZE = 1280;
+        internal static readonly byte[] PRIVACY_INFO = Encoding.UTF8.GetBytes("PrivacyKey");
 
-        public MessageFlags Flags { get; init; }
-        public ushort SessionID { get; init; }
-        public SecurityFlags Security { get; init; }
-        public uint Counter { get; init; }
-        public ulong SourceNodeID { get; init; }
-        public ulong DestinationNodeID { get; init; }
-        public Version1Payload Message { get; init; }
-        public bool Valid { get; init; }
+        public MessageFlags Flags { get; set; }
+        public ushort SessionID { get; set; }
+        public SecurityFlags Security { get; set; }
+        public uint Counter { get; set; }
+        public ulong SourceNodeID { get; set; }
+        public ulong DestinationNodeID { get; set; }
+        public Version1Payload Message { get; set; }
+        public bool Valid { get; set; }
 
-        public Frame(ReadOnlySpan<byte> payload)
+        public bool Serialize(PayloadWriter stream)
+        {
+            stream.Write((byte)Flags);
+            stream.Write(SessionID);
+            stream.Write((byte)Security);
+            stream.Write(Counter);
+            if ((Flags & MessageFlags.SourceNodeID) == MessageFlags.SourceNodeID)
+                stream.Write(SourceNodeID);
+            if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationNodeID)
+                stream.Write(DestinationNodeID);
+            else if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationGroupID)
+                stream.Write(DestinationNodeID);
+
+            //Extensions not supported
+            byte[] temp = ArrayPool<byte>.Shared.Rent(MAX_SIZE);
+            try
+            {
+                PayloadWriter secureStream = new PayloadWriter(temp);
+                if (!Message.Serialize(secureStream))
+                    return false;
+                //TODO - Fetch Encryption key
+                byte[] key = new byte[1];
+                Span<byte> nonce = new byte[Crypto.NONCE_LENGTH_BYTES];
+                stream.GetPayload().Slice(3, 5).CopyTo(nonce);
+                if ((Security & SecurityFlags.GroupSession) == SecurityFlags.GroupSession)
+                    BinaryPrimitives.WriteUInt64LittleEndian(nonce.Slice(5, 8), SourceNodeID);
+                //TODO: For a CASE session, the Nonce Source Node ID SHALL be determined via the Secure Session Context associated with the Session Identifier.
+                
+                ReadOnlySpan<byte> mic = Crypto.AEAD_GenerateEncrypt(key, secureStream.GetPayload(), stream.GetPayload(), nonce);
+                stream.Write(secureStream);
+                stream.Write(mic);
+                if ((Security & SecurityFlags.Privacy) == SecurityFlags.Privacy)
+                {
+                    byte[] privacyKey = Crypto.KDF(key, [], PRIVACY_INFO, Crypto.SYMMETRIC_KEY_LENGTH_BITS);
+                    Span<byte> ptr = stream.GetPayload();
+                    byte[] privacyNonce = new byte[Crypto.NONCE_LENGTH_BYTES];
+                    BinaryPrimitives.WriteUInt16BigEndian(privacyNonce, SessionID);
+                    mic.Slice(5, Crypto.AEAD_MIC_LENGTH_BYTES - 5).CopyTo(privacyNonce.AsSpan().Slice(2));
+                    Crypto.Privacy_Encrypt(privacyKey, ptr.Slice(4, PrivacyBlockSize()), privacyNonce);
+                }
+                return true;
+            }
+            finally
+            {
+                ArrayPool<byte>.Shared.Return(temp);
+            }
+        }
+
+        public Frame(Span<byte> payload)
         {
             Flags = (MessageFlags)payload[0];
             SessionID = BinaryPrimitives.ReadUInt16LittleEndian(payload.Slice(1, 2));
             Security = (SecurityFlags)payload[3];
+            
+            //TODO - Get Encryption Key
+            byte[] key = new byte[1];
+
+            if ((Security & SecurityFlags.Privacy) == SecurityFlags.Privacy)
+            {
+                // Remove Privacy Encryption
+                byte[] privacyKey = Crypto.KDF(key, [], PRIVACY_INFO, Crypto.SYMMETRIC_KEY_LENGTH_BITS);
+                byte[] privacyNonce = new byte[Crypto.NONCE_LENGTH_BYTES];
+                BinaryPrimitives.WriteUInt16BigEndian(privacyNonce, SessionID);
+                payload.Slice(payload.Length - Crypto.AEAD_MIC_LENGTH_BYTES + 5).CopyTo(privacyNonce.AsSpan().Slice(2));
+                Crypto.Privacy_Decrypt(privacyKey, payload.Slice(4, PrivacyBlockSize()), privacyNonce).CopyTo(payload.Slice(4, PrivacyBlockSize()));
+            }
             Counter = BinaryPrimitives.ReadUInt32LittleEndian(payload.Slice(4, 4));
+            Span<byte> slice = payload.Slice(0);
             if ((Flags & MessageFlags.SourceNodeID) == MessageFlags.SourceNodeID)
             {
-                SourceNodeID = BinaryPrimitives.ReadUInt64LittleEndian(payload.Slice(8, 8));
-                payload = payload.Slice(8);
+                SourceNodeID = BinaryPrimitives.ReadUInt64LittleEndian(slice.Slice(8, 8));
+                slice = slice.Slice(8);
             }
             if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationNodeID)
             {
-                DestinationNodeID = BinaryPrimitives.ReadUInt64LittleEndian(payload.Slice(8, 8));
-                payload = payload.Slice(8);
+                DestinationNodeID = BinaryPrimitives.ReadUInt64LittleEndian(slice.Slice(8, 8));
+                slice = slice.Slice(8);
             }
             else if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationGroupID)
             {
-                DestinationNodeID = BinaryPrimitives.ReadUInt16LittleEndian(payload.Slice(8, 2));
-                payload = payload.Slice(2);
+                DestinationNodeID = BinaryPrimitives.ReadUInt16LittleEndian(slice.Slice(8, 2));
+                slice = slice.Slice(2);
             }
             if ((Security & SecurityFlags.MessageExtensions) == SecurityFlags.MessageExtensions)
             {
-                ushort len = BinaryPrimitives.ReadUInt16LittleEndian(payload.Slice(8, 2));
-                payload = payload.Slice(2 + len);
+                ushort len = BinaryPrimitives.ReadUInt16LittleEndian(slice.Slice(8, 2));
+                slice = slice.Slice(2 + len);
             }
 
-            //TODO - Decryption
+            Span<byte> nonce = new byte[Crypto.NONCE_LENGTH_BYTES];
+            nonce[0] = (byte)Security;
+            BinaryPrimitives.WriteUInt32LittleEndian(nonce.Slice(1, 4), Counter);
+            if ((Security & SecurityFlags.GroupSession) == SecurityFlags.GroupSession)
+                BinaryPrimitives.WriteUInt64LittleEndian(nonce.Slice(5, 8), SourceNodeID);
+            //TODO: For a CASE session, the Nonce Source Node ID SHALL be determined via the Secure Session Context associated with the Session Identifier.
+
+            Crypto.AEAD_DecryptVerify(key, 
+                                      slice.Slice(0, slice.Length - Crypto.AEAD_MIC_LENGTH_BYTES), 
+                                      slice.Slice(slice.Length - Crypto.AEAD_MIC_LENGTH_BYTES, Crypto.AEAD_MIC_LENGTH_BYTES), 
+                                      payload.Slice(0, payload.Length - slice.Length), 
+                                      nonce);
+            Message = new Version1Payload(payload.Slice(0, slice.Length - Crypto.AEAD_MIC_LENGTH_BYTES));
+        }
+
+        private int PrivacyBlockSize()
+        {
+            int ret = 4;
+            if ((Flags & MessageFlags.SourceNodeID) == MessageFlags.SourceNodeID)
+                ret += 8;
+            if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationNodeID)
+                ret += 8;
+            else if ((Flags & MessageFlags.DestinationGroupID) == MessageFlags.DestinationGroupID)
+                ret += 2;
+            return ret;
         }
     }
 }
diff --git a/MatterDotNet/Protocol/IPayload.cs b/MatterDotNet/Protocol/IPayload.cs
@@ -0,0 +1,19 @@
+﻿// MatterDotNet Copyright (C) 2024 
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or any later version.
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY, without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Affero General Public License for more details.
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace MatterDotNet.Protocol
+{
+    internal interface IPayload
+    {
+        public bool Serialize(PayloadWriter stream);
+    }
+}
diff --git a/MatterDotNet/Protocol/PayloadWriter.cs b/MatterDotNet/Protocol/PayloadWriter.cs
@@ -0,0 +1,104 @@
+﻿// MatterDotNet Copyright (C) 2024 
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or any later version.
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY, without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Affero General Public License for more details.
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+using System.Buffers.Binary;
+
+namespace MatterDotNet.Protocol
+{
+    internal class PayloadWriter
+    {
+        private readonly Memory<byte> data;
+        private int pos;
+
+        public PayloadWriter(Memory<byte> data, int pos = 0)
+        {
+            this.data = data;
+            this.pos = pos;
+        }
+
+        public PayloadWriter(int capacity)
+        {
+            this.data = new byte[capacity];
+            pos = 0;
+        }
+
+        public void Write(byte value)
+        {
+            data.Span[pos++] = value;
+        }
+
+        public void Write(ReadOnlySpan<byte> bytes)
+        {
+            bytes.CopyTo(data.Slice(pos).Span);
+            pos += bytes.Length;
+        }
+
+        public void Write(PayloadWriter payload)
+        {
+            payload.CopyTo(data.Slice(pos));
+            pos += payload.Length;
+        }
+
+        public void Write(Memory<byte> bytes)
+        {
+            bytes.CopyTo(data.Slice(pos));
+            pos += bytes.Length;
+        }
+
+        public void Write(int value)
+        {
+            BinaryPrimitives.WriteInt32LittleEndian(data.Span.Slice(pos, 4), value);
+            pos += 4;
+        }
+
+        public void Write(uint value)
+        {
+            BinaryPrimitives.WriteUInt32LittleEndian(data.Span.Slice(pos, 4), value);
+            pos += 4;
+        }
+
+        public void Write(ulong value)
+        {
+            BinaryPrimitives.WriteUInt64LittleEndian(data.Span.Slice(pos, 8), value);
+            pos += 8;
+        }
+
+        public void Write(short value)
+        {
+            BinaryPrimitives.WriteInt16LittleEndian(data.Span.Slice(pos, 2), value);
+            pos += 2;
+        }
+
+        public void Write(ushort value)
+        {
+            BinaryPrimitives.WriteUInt16LittleEndian(data.Span.Slice(pos, 2), value);
+            pos += 2;
+        }
+
+        public void Seek(int offset)
+        {
+            pos += offset;
+        }
+
+        public int Length { get { return pos; } }
+
+        public Span<byte> GetPayload()
+        {
+            return data.Slice(0, pos).Span;
+        }
+
+        private void CopyTo(Memory<byte> slice)
+        {
+            data.CopyTo(slice);
+        }
+    }
+}
diff --git a/MatterDotNet/Protocol/Version1Payload.cs b/MatterDotNet/Protocol/Version1Payload.cs
@@ -14,10 +14,10 @@
 
 namespace MatterDotNet.Protocol
 {
-    internal class Version1Payload
+    internal class Version1Payload : IPayload
     {
         public ExchangeFlags Flags { get; init; }
-        public byte OpCode { get; init; }
+        public byte OpCode { get; init; } //Depends on Protocol
         public ushort ExchangeID { get; init; }
         public ushort VendorID { get; init; }
         public ProtocolType Protocol { get; init; }
@@ -47,5 +47,10 @@ public Version1Payload(ReadOnlySpan<byte> payload)
             }
             Payload = payload.Slice(6).ToArray();
         }
+
+        public bool Serialize(PayloadWriter stream)
+        {
+            throw new NotImplementedException();
+        }
     }
 }
diff --git a/MatterDotNet/Security/Crypto.cs b/MatterDotNet/Security/Crypto.cs

Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,10 @@`
`14`	`14`
`15`	`15`	`namespace MatterDotNet.Protocol`
`16`	`16`	`{`
`17`		`- internal class Version1Payload`
	`17`	`+ internal class Version1Payload : IPayload`
`18`	`18`	`{`
`19`	`19`	`public ExchangeFlags Flags { get; init; }`
`20`		`- public byte OpCode { get; init; }`
	`20`	`+ public byte OpCode { get; init; } //Depends on Protocol`
`21`	`21`	`public ushort ExchangeID { get; init; }`
`22`	`22`	`public ushort VendorID { get; init; }`
`23`	`23`	`public ProtocolType Protocol { get; init; }`
`@@ -47,5 +47,10 @@ public Version1Payload(ReadOnlySpan<byte> payload)`
`47`	`47`	`}`
`48`	`48`	`Payload = payload.Slice(6).ToArray();`
`49`	`49`	`}`
	`50`	`+`
	`51`	`+ public bool Serialize(PayloadWriter stream)`
	`52`	`+ {`
	`53`	`+ throw new NotImplementedException();`
	`54`	`+ }`
`50`	`55`	`}`
`51`	`56`	`}`