[pgsqlclient-checkins] pgsqlclient_10/PgSqlClient.Security.Tls/source TlsCipherSuite.cs,1.2,1.3 TlsR
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/PgSqlClient.Security.Tls/source TlsCipherSuite.cs,1.2,1.3 TlsReader.cs,1.2,1.3 TlsSession.cs,1.2,1.3 TlsWriter.cs,1.3,1.4
|
From: <car...@us...> - 2003-08-23 19:25:34
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source In directory sc8-pr-cvs1:/tmp/cvs-serv5194 Modified Files: TlsCipherSuite.cs TlsReader.cs TlsSession.cs TlsWriter.cs Log Message: Added changes for correct encryption/decryption of TLS records Index: TlsCipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsCipherSuite.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** TlsCipherSuite.cs 20 Aug 2003 15:44:47 -0000 1.2 --- TlsCipherSuite.cs 23 Aug 2003 19:25:31 -0000 1.3 *************** *** 18,21 **** --- 18,22 ---- using System; + using System.IO; using System.Text; using System.Security.Cryptography; *************** *** 42,46 **** private byte blockSize; private TlsSessionState sessionState; ! #endregion --- 43,51 ---- private byte blockSize; private TlsSessionState sessionState; ! private SymmetricAlgorithm encryptionAlgorithm; ! private ICryptoTransform encryptionCipher; ! private SymmetricAlgorithm decryptionAlgorithm; ! private ICryptoTransform decryptionCipher; ! #endregion *************** *** 172,202 **** } ! public SymmetricAlgorithm CreateCipherAlgorithm() { ! SymmetricAlgorithm cipher; ! // Create and configure the symmetric algorithm ! switch (this.algName) { ! case "RC4": ! cipher = new ARC4Managed(); ! break; ! default: ! cipher = SymmetricAlgorithm.Create(algName); ! break; } ! // If it's a block cipher if (cipherMode == CipherMode.CBC) { ! // Configure encrypt algorithm ! cipher.Mode = this.cipherMode; ! cipher.Padding = PaddingMode.PKCS7; ! cipher.KeySize = this.keyMaterialSize * 8; ! cipher.BlockSize = this.blockSize * 8; } ! return cipher; } --- 177,232 ---- } ! public void InitializeCipher() { ! createEncryptionCipher(); ! createDecryptionCipher(); ! } ! public byte[] EncryptRecord(byte[] fragment, byte[] mac) ! { ! // Encryption ( fragment + mac [+ padding + padding_length] ) ! MemoryStream ms = new MemoryStream(); ! CryptoStream cs = new CryptoStream(ms, encryptionCipher, CryptoStreamMode.Write); ! ! cs.Write(fragment, 0, fragment.Length); ! cs.Write(mac, 0, mac.Length); ! if (cipherMode == CipherMode.CBC) { ! // Calculate padding_length ! int fragmentLength = fragment.Length + mac.Length + 1; ! int paddingLength = (((fragmentLength/blockSize)*8) + blockSize) - fragmentLength; ! // Write padding length byte ! cs.WriteByte((byte)paddingLength); } + // cs.FlushFinalBlock(); + cs.Close(); ! return ms.ToArray(); ! } ! ! public void DecryptRecord(byte[] fragment, ref byte[] dcrFragment, ref byte[] dcrMAC) ! { ! int fragmentSize = 0; ! ! // Decrypt message fragment ( fragment + mac [+ padding + padding_length] ) ! byte[] buffer = new byte[fragment.Length]; ! decryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0); ! ! // Calculate fragment size if (cipherMode == CipherMode.CBC) + { + fragmentSize = (buffer.Length - 1) - HashSize; + } + else { ! fragmentSize = buffer.Length - HashSize; } ! dcrFragment = new byte[fragmentSize]; ! dcrMAC = new byte[HashSize]; ! ! System.Array.Copy(buffer, 0, dcrFragment, 0, dcrFragment.Length); ! System.Array.Copy(buffer, dcrFragment.Length, dcrMAC, 0, dcrMAC.Length); } *************** *** 227,230 **** --- 257,319 ---- return integer; } + } + + + private void createEncryptionCipher() + { + // Create and configure the symmetric algorithm + switch (this.algName) + { + case "RC4": + encryptionAlgorithm = new ARC4Managed(); + break; + + default: + encryptionAlgorithm = SymmetricAlgorithm.Create(algName); + break; + } + + // If it's a block cipher + if (cipherMode == CipherMode.CBC) + { + // Configure encrypt algorithm + encryptionAlgorithm.Mode = this.cipherMode; + encryptionAlgorithm.Padding = PaddingMode.PKCS7; + encryptionAlgorithm.KeySize = this.keyMaterialSize * 8; + encryptionAlgorithm.BlockSize = this.blockSize * 8; + } + + encryptionCipher = encryptionAlgorithm.CreateEncryptor( + sessionState.ClientWriteKey, + sessionState.ClientWriteIV); + } + + private void createDecryptionCipher() + { + // Create and configure the symmetric algorithm + switch (this.algName) + { + case "RC4": + decryptionAlgorithm = new ARC4Managed(); + break; + + default: + decryptionAlgorithm = SymmetricAlgorithm.Create(algName); + break; + } + + // If it's a block cipher + if (cipherMode == CipherMode.CBC) + { + // Configure encrypt algorithm + decryptionAlgorithm.Mode = this.cipherMode; + decryptionAlgorithm.Padding = PaddingMode.PKCS7; + decryptionAlgorithm.KeySize = this.keyMaterialSize * 8; + decryptionAlgorithm.BlockSize = this.blockSize * 8; + } + + decryptionCipher = decryptionAlgorithm.CreateDecryptor( + sessionState.ServerWriteKey, + sessionState.ServerWriteIV); } Index: TlsReader.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsReader.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** TlsReader.cs 20 Aug 2003 15:15:50 -0000 1.2 --- TlsReader.cs 23 Aug 2003 19:25:31 -0000 1.3 *************** *** 302,333 **** byte[] fragment) { - TlsSessionState state = session.State; - int fragmentSize = 0; byte[] dcrFragment = null; byte[] dcrMAC = null; ! SymmetricAlgorithm cipher = session.State.Cipher.CreateCipherAlgorithm(); ! ICryptoTransform decryptor = cipher.CreateDecryptor( ! state.ServerWriteKey, ! state.ServerWriteIV); ! ! // Decrypt message fragment ( fragment + mac [+ padding + padding_length] ) ! byte[] buffer = decryptor.TransformFinalBlock(fragment, 0, fragment.Length); ! ! if (session.State.Cipher.CipherMode == CipherMode.CBC) ! { ! fragmentSize = (buffer.Length - 1) - session.State.Cipher.HashSize; ! } ! else ! { ! fragmentSize = buffer.Length - session.State.Cipher.HashSize; ! } ! ! dcrFragment = new byte[fragmentSize]; ! dcrMAC = new byte[session.State.Cipher.HashSize]; ! ! System.Array.Copy(buffer, 0, dcrFragment, 0, dcrFragment.Length); ! System.Array.Copy(buffer, dcrFragment.Length, dcrMAC, 0, dcrMAC.Length); ! // Check MAC code byte[] mac = encodeRecordMAC(contentType, dcrFragment); --- 302,311 ---- byte[] fragment) { byte[] dcrFragment = null; byte[] dcrMAC = null; ! // Decrypt message ! session.State.Cipher.DecryptRecord(fragment, ref dcrFragment, ref dcrMAC); ! // Check MAC code byte[] mac = encodeRecordMAC(contentType, dcrFragment); *************** *** 348,354 **** // Update sequence number session.State.ReadSequenceNumber++; - - // Clear resources - cipher.Clear(); return dcrFragment; --- 326,329 ---- Index: TlsSession.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsSession.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** TlsSession.cs 20 Aug 2003 15:44:47 -0000 1.2 --- TlsSession.cs 23 Aug 2003 19:25:31 -0000 1.3 *************** *** 168,171 **** --- 168,176 ---- writer.WriteRecord(TlsHandshakeType.ClientKeyExchange); + // Now initialize session cipher with the generated keys + state.Cipher.InitializeCipher(); + + #warning "Clear key info that is no more needed" + // Send certificate verify if requested if (state.ServerSettings.CertificateRequest) *************** *** 350,353 **** --- 355,359 ---- } + // Clear no more needed data seed.Reset(); keyBlock.Reset(); *************** *** 430,434 **** */ #warning "Think on implement this as a class derived from KeyedHashAlgorithm" ! internal byte[] hmac(string hashName, byte[] key, byte[] text) { HashAlgorithm hash = HashAlgorithm.Create(hashName); --- 436,440 ---- */ #warning "Think on implement this as a class derived from KeyedHashAlgorithm" ! public byte[] hmac(string hashName, byte[] key, byte[] text) { HashAlgorithm hash = HashAlgorithm.Create(hashName); *************** *** 499,502 **** --- 505,560 ---- #endregion + + /* + public void PrintArray(string text, byte[] array) + { + Console.WriteLine(text); + int count = 0; + for (int i = 0; i < array.Length; i++) + { + Console.Write("{0} ", array[i].ToString("x2").ToUpper()); + if (count == 15) + { + count = 0; + Console.WriteLine(""); + } + else + { + count++; + } + } + Console.WriteLine(""); + } + + public static void SaveToFile(string file, byte[] data) + { + string fileName = "d:\\test\\" + file; + + FileStream stream = new FileStream( + fileName, FileMode.Create, FileAccess.Write); + if (data != null) + { + stream.Write(data, 0, data.Length); + } + else + { + stream.Write(new byte[0], 0, 0); + } + stream.Close(); + } + + public static byte[] ReadFromFile(string file) + { + string fileName = "d:\\test\\" + file; + + FileStream stream = new FileStream( + fileName, FileMode.Open, FileAccess.Read); + byte[] data = new byte[stream.Length]; + stream.Read(data, 0, data.Length); + stream.Close(); + + return data; + } + */ } } Index: TlsWriter.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsWriter.cs,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** TlsWriter.cs 20 Aug 2003 20:29:35 -0000 1.3 --- TlsWriter.cs 23 Aug 2003 19:25:31 -0000 1.4 *************** *** 178,216 **** private byte[] encodeCipherTextRecord(TlsContentType contentType, byte[] fragment) { ! TlsSessionState state = session.State; ! ! byte[] mac = encodeRecordMAC(contentType, fragment); ! ! SymmetricAlgorithm cipher = session.State.Cipher.CreateCipherAlgorithm(); ! ICryptoTransform encryptor = cipher.CreateEncryptor( ! state.ClientWriteKey, ! state.ClientWriteIV); ! ! // Encryption ( fragment + mac [+ padding + padding_length] ) ! MemoryStream ms = new MemoryStream(); ! CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write); ! ! cs.Write(fragment, 0, fragment.Length); ! cs.Write(mac, 0, mac.Length); ! if (session.State.Cipher.CipherMode == CipherMode.CBC) ! { ! // Calculate padding_length ! int fragmentLength = fragment.Length + mac.Length + 1; ! int blockSize = session.State.Cipher.BlockSize; ! int paddingLength = (((fragmentLength/blockSize)*8) + blockSize) - fragmentLength; ! // Write padding length byte ! cs.WriteByte((byte)paddingLength); ! } ! cs.FlushFinalBlock(); ! cs.Close(); // Update sequence number session.State.WriteSequenceNumber++; ! // Clear resources ! cipher.Clear(); ! ! return ms.ToArray(); } --- 178,191 ---- private byte[] encodeCipherTextRecord(TlsContentType contentType, byte[] fragment) { ! // Calculate message MAC ! byte[] mac = encodeRecordMAC(contentType, fragment); ! // Encrypt the message ! byte[] ecr = session.State.Cipher.EncryptRecord(fragment, mac); // Update sequence number session.State.WriteSequenceNumber++; ! return ecr; } *************** *** 224,229 **** data.WriteShort((short)TlsProtocol.Tls1); data.WriteShort((short)fragment.Length); ! data.Write(fragment); ! result = session.hmac(session.State.Cipher.HashName, session.State.ClientWriteMAC, --- 199,204 ---- data.WriteShort((short)TlsProtocol.Tls1); data.WriteShort((short)fragment.Length); ! data.Write(fragment); ! result = session.hmac(session.State.Cipher.HashName, session.State.ClientWriteMAC, |
