(#195) Message Bus Encryption: RabbitMQ

src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs

@@ -82,8 +82,15 @@ public Task ReceiveAsync(Func<T, MetaData, Task> action, CancellationToken cance
 
                 if (_options.MessageEncryptionEnabled)
                 {
-                    bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String())
-                    .WithCipher(CipherMode.ECB)
+                    var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.');
+
+                    var iv = parts[0].FromBase64String();
+                    var encryptedBytes = parts[1].FromBase64String();
+
+                    bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                    .WithCipher(CipherMode.CBC)
+                    .WithIV(iv)
+                    .WithPadding(PaddingMode.PKCS7)
                     .Decrypt()
                     .GetString();
                 }

src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs

@@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok
 
             if (_options.MessageEncryptionEnabled)
             {
-                body = body.UseAES(_options.MessageEncryptionKey.FromBase64String())
-                .WithCipher(CipherMode.ECB)
-                .Encrypt();
+                var iv = SymmetricCrypto.GenerateKey(16);
+                body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                .WithCipher(CipherMode.CBC)
+                .WithIV(iv)
+                .WithPadding(PaddingMode.PKCS7)
+                .Encrypt().ToBase64String()).GetBytes();
             }
 
             var properties = channel.CreateBasicProperties();

src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs

@@ -82,8 +82,15 @@ public Task ReceiveAsync(Func<T, MetaData, Task> action, CancellationToken cance
 
                 if (_options.MessageEncryptionEnabled)
                 {
-                    bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String())
-                    .WithCipher(CipherMode.ECB)
+                    var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.');
+
+                    var iv = parts[0].FromBase64String();
+                    var encryptedBytes = parts[1].FromBase64String();
+
+                    bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                    .WithCipher(CipherMode.CBC)
+                    .WithIV(iv)
+                    .WithPadding(PaddingMode.PKCS7)
                     .Decrypt()
                     .GetString();
                 }

src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs

@@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok
 
             if (_options.MessageEncryptionEnabled)
             {
-                body = body.UseAES(_options.MessageEncryptionKey.FromBase64String())
-                .WithCipher(CipherMode.ECB)
-                .Encrypt();
+                var iv = SymmetricCrypto.GenerateKey(16);
+                body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                .WithCipher(CipherMode.CBC)
+                .WithIV(iv)
+                .WithPadding(PaddingMode.PKCS7)
+                .Encrypt().ToBase64String()).GetBytes();
             }
 
             var properties = channel.CreateBasicProperties();

src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs

@@ -82,8 +82,15 @@ public Task ReceiveAsync(Func<T, MetaData, Task> action, CancellationToken cance
 
                 if (_options.MessageEncryptionEnabled)
                 {
-                    bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String())
-                    .WithCipher(CipherMode.ECB)
+                    var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.');
+
+                    var iv = parts[0].FromBase64String();
+                    var encryptedBytes = parts[1].FromBase64String();
+
+                    bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                    .WithCipher(CipherMode.CBC)
+                    .WithIV(iv)
+                    .WithPadding(PaddingMode.PKCS7)
                     .Decrypt()
                     .GetString();
                 }

src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs

@@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok
 
             if (_options.MessageEncryptionEnabled)
             {
-                body = body.UseAES(_options.MessageEncryptionKey.FromBase64String())
-                .WithCipher(CipherMode.ECB)
-                .Encrypt();
+                var iv = SymmetricCrypto.GenerateKey(16);
+                body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String())
+                .WithCipher(CipherMode.CBC)
+                .WithIV(iv)
+                .WithPadding(PaddingMode.PKCS7)
+                .Encrypt().ToBase64String()).GetBytes();
             }
 
             var properties = channel.CreateBasicProperties();