From 52558331e281ee02ca6e7a85c479aee0fdd7f172 Mon Sep 17 00:00:00 2001 From: Phong Nguyen Date: Thu, 14 Sep 2023 15:51:30 +0700 Subject: [PATCH] (#195) Message Bus Encryption: RabbitMQ --- .../MessageBrokers/RabbitMQ/RabbitMQReceiver.cs | 11 +++++++++-- .../MessageBrokers/RabbitMQ/RabbitMQSender.cs | 9 ++++++--- .../MessageBrokers/RabbitMQ/RabbitMQReceiver.cs | 11 +++++++++-- .../MessageBrokers/RabbitMQ/RabbitMQSender.cs | 9 ++++++--- .../MessageBrokers/RabbitMQ/RabbitMQReceiver.cs | 11 +++++++++-- .../MessageBrokers/RabbitMQ/RabbitMQSender.cs | 9 ++++++--- 6 files changed, 45 insertions(+), 15 deletions(-) diff --git a/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs b/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs index fa1b410b2..9506c922c 100644 --- a/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs +++ b/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs @@ -82,8 +82,15 @@ public Task ReceiveAsync(Func action, CancellationToken cance if (_options.MessageEncryptionEnabled) { - bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) + var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.'); + + var iv = parts[0].FromBase64String(); + var encryptedBytes = parts[1].FromBase64String(); + + bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) .Decrypt() .GetString(); } diff --git a/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs b/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs index ba234859c..8dafa4a86 100644 --- a/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs +++ b/src/Microservices/Common/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs @@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok if (_options.MessageEncryptionEnabled) { - body = body.UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) - .Encrypt(); + var iv = SymmetricCrypto.GenerateKey(16); + body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) + .Encrypt().ToBase64String()).GetBytes(); } var properties = channel.CreateBasicProperties(); diff --git a/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs b/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs index fa1b410b2..9506c922c 100644 --- a/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs +++ b/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs @@ -82,8 +82,15 @@ public Task ReceiveAsync(Func action, CancellationToken cance if (_options.MessageEncryptionEnabled) { - bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) + var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.'); + + var iv = parts[0].FromBase64String(); + var encryptedBytes = parts[1].FromBase64String(); + + bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) .Decrypt() .GetString(); } diff --git a/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs b/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs index ba234859c..8dafa4a86 100644 --- a/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs +++ b/src/ModularMonolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs @@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok if (_options.MessageEncryptionEnabled) { - body = body.UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) - .Encrypt(); + var iv = SymmetricCrypto.GenerateKey(16); + body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) + .Encrypt().ToBase64String()).GetBytes(); } var properties = channel.CreateBasicProperties(); diff --git a/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs b/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs index fa1b410b2..9506c922c 100644 --- a/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs +++ b/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQReceiver.cs @@ -82,8 +82,15 @@ public Task ReceiveAsync(Func action, CancellationToken cance if (_options.MessageEncryptionEnabled) { - bodyText = ea.Body.Span.ToArray().UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) + var parts = Encoding.UTF8.GetString(ea.Body.Span).Split('.'); + + var iv = parts[0].FromBase64String(); + var encryptedBytes = parts[1].FromBase64String(); + + bodyText = encryptedBytes.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) .Decrypt() .GetString(); } diff --git a/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs b/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs index ba234859c..8dafa4a86 100644 --- a/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs +++ b/src/Monolith/ClassifiedAds.Infrastructure/MessageBrokers/RabbitMQ/RabbitMQSender.cs @@ -44,9 +44,12 @@ public async Task SendAsync(T message, MetaData metaData = null, CancellationTok if (_options.MessageEncryptionEnabled) { - body = body.UseAES(_options.MessageEncryptionKey.FromBase64String()) - .WithCipher(CipherMode.ECB) - .Encrypt(); + var iv = SymmetricCrypto.GenerateKey(16); + body = (iv.ToBase64String() + "." + body.UseAES(_options.MessageEncryptionKey.FromBase64String()) + .WithCipher(CipherMode.CBC) + .WithIV(iv) + .WithPadding(PaddingMode.PKCS7) + .Encrypt().ToBase64String()).GetBytes(); } var properties = channel.CreateBasicProperties();