[pgsqlclient-checkins] pgsqlclient_10/PgSqlClient.Security.Tls/source TlsCipherSuite.cs,1.9,1.10 Tls
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/PgSqlClient.Security.Tls/source TlsCipherSuite.cs,1.9,1.10 TlsNetworkStream.cs,1.1,1.2 TlsSocket.cs,1.2,1.3
|
From: <car...@us...> - 2003-09-16 22:29:31
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source
In directory sc8-pr-cvs1:/tmp/cvs-serv12631
Modified Files:
TlsCipherSuite.cs TlsNetworkStream.cs TlsSocket.cs
Log Message:
Added padding check on record decryption.
Added some improvements on HMAC calculation
Index: TlsCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsCipherSuite.cs,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** TlsCipherSuite.cs 16 Sep 2003 12:28:28 -0000 1.9
--- TlsCipherSuite.cs 16 Sep 2003 22:29:26 -0000 1.10
***************
*** 44,48 ****
private byte ivSize;
private byte blockSize;
! private TlsSessionContext sessionState;
private SymmetricAlgorithm encryptionAlgorithm;
private ICryptoTransform encryptionCipher;
--- 44,48 ----
private byte ivSize;
private byte blockSize;
! private TlsSessionContext sessionContext;
private SymmetricAlgorithm encryptionAlgorithm;
private ICryptoTransform encryptionCipher;
***************
*** 113,118 ****
public TlsSessionContext SessionState
{
! get { return sessionState; }
! set { sessionState = value; }
}
--- 113,128 ----
public TlsSessionContext SessionState
{
! get { return sessionContext; }
! set { sessionContext = value; }
! }
!
! public KeyedHashAlgorithm ClientHMAC
! {
! get { return clientHMAC; }
! }
!
! public KeyedHashAlgorithm ServerHMAC
! {
! get { return serverHMAC; }
}
***************
*** 237,246 ****
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! decryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
if (cipherMode == CipherMode.CBC)
! {
! fragmentSize = (buffer.Length - (buffer[buffer.Length - 1] + 1)) - HashSize;
}
else
--- 247,267 ----
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! int wb = decryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
if (cipherMode == CipherMode.CBC)
! {
! // Calculate padding_length
! int paddingLength = buffer[buffer.Length - 1];
! for (int i = (buffer.Length - 1); i > (buffer.Length - (paddingLength + 1)); i--)
! {
! if (buffer[i] != paddingLength)
! {
! paddingLength = 0;
! break;
! }
! }
!
! fragmentSize = (buffer.Length - (paddingLength + 1)) - HashSize;
}
else
***************
*** 256,273 ****
}
- public byte[] ComputeClientMAC(byte[] data)
- {
- clientHMAC.TransformFinalBlock(data, 0, data.Length);
-
- return clientHMAC.Hash;
- }
-
- public byte[] ComputeServerMAC(byte[] data)
- {
- serverHMAC.TransformFinalBlock(data, 0, data.Length);
-
- return serverHMAC.Hash;
- }
-
public int GetKeyBlockSize()
{
--- 277,280 ----
***************
*** 323,328 ****
// Set the key and IV for the algorithm
! encryptionAlgorithm.Key = sessionState.ClientWriteKey;
! encryptionAlgorithm.IV = sessionState.ClientWriteIV;
// Create encryption cipher
--- 330,335 ----
// Set the key and IV for the algorithm
! encryptionAlgorithm.Key = sessionContext.ClientWriteKey;
! encryptionAlgorithm.IV = sessionContext.ClientWriteIV;
// Create encryption cipher
***************
*** 330,334 ****
// Create the HMAC algorithm for the client
! clientHMAC = new HMAC(hashName, sessionState.ClientWriteMAC);
}
--- 337,341 ----
// Create the HMAC algorithm for the client
! clientHMAC = new HMAC(hashName, sessionContext.ClientWriteMAC);
}
***************
*** 358,363 ****
// Set the key and IV for the algorithm
! decryptionAlgorithm.Key = sessionState.ServerWriteKey;
! decryptionAlgorithm.IV = sessionState.ServerWriteIV;
// Create decryption cipher
--- 365,370 ----
// Set the key and IV for the algorithm
! decryptionAlgorithm.Key = sessionContext.ServerWriteKey;
! decryptionAlgorithm.IV = sessionContext.ServerWriteIV;
// Create decryption cipher
***************
*** 365,369 ****
// Create the HMAC algorithm for the server
! serverHMAC = new HMAC(hashName, sessionState.ServerWriteMAC);
}
--- 372,376 ----
// Create the HMAC algorithm for the server
! serverHMAC = new HMAC(hashName, sessionContext.ServerWriteMAC);
}
Index: TlsNetworkStream.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsNetworkStream.cs,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** TlsNetworkStream.cs 16 Sep 2003 12:28:03 -0000 1.1
--- TlsNetworkStream.cs 16 Sep 2003 22:29:26 -0000 1.2
***************
*** 175,178 ****
--- 175,182 ----
return socket.Receive(buffer, offset, size, SocketFlags.None);
}
+ catch (TlsException ex)
+ {
+ throw ex;
+ }
catch (Exception ex)
{
***************
*** 213,216 ****
--- 217,224 ----
{
socket.Send(buffer, offset, size, SocketFlags.None);
+ }
+ catch (TlsException ex)
+ {
+ throw ex;
}
catch (Exception ex)
Index: TlsSocket.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsSocket.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** TlsSocket.cs 16 Sep 2003 14:28:45 -0000 1.2
--- TlsSocket.cs 16 Sep 2003 22:29:26 -0000 1.3
***************
*** 66,71 ****
public new void Close()
{
base.Close();
! session.Close();
}
--- 66,72 ----
public new void Close()
{
+ this.resetBuffer();
base.Close();
! this.session.Close();
}
***************
*** 91,94 ****
--- 92,101 ----
return base.Receive(buffer, offset, size, socketFlags);
}
+
+ // If actual buffer is full readed reset it
+ if (inputBuffer.Position == inputBuffer.Length)
+ {
+ this.resetBuffer();
+ }
// Check if we have space in the middle buffer
***************
*** 97,103 ****
{
// Read next record and write it into the inputBuffer
! long position = inputBuffer.Position;
byte[] record = this.receiveRecord();
!
if (record.Length > 0)
{
--- 104,110 ----
{
// Read next record and write it into the inputBuffer
! long position = inputBuffer.Position;
byte[] record = this.receiveRecord();
!
if (record.Length > 0)
{
***************
*** 135,138 ****
--- 142,146 ----
return base.Send(buffer, offset, size, socketFlags);
}
+
// Send the buffer as a TLS record
byte[] recordData = new byte[size];
***************
*** 156,161 ****
TlsProtocol protocol = (TlsProtocol)this.ReadShort();
int length = this.ReadShort();
! TlsStreamReader message = new TlsStreamReader(this.ReadBytes(length));
// Check that the message as a valid protocol version
--- 164,173 ----
TlsProtocol protocol = (TlsProtocol)this.ReadShort();
int length = this.ReadShort();
+
+ // Read Record data
+ byte[] buffer = new byte[length];
+ base.Receive(buffer, 0, buffer.Length, SocketFlags.None);
! TlsStreamReader message = new TlsStreamReader(buffer);
// Check that the message as a valid protocol version
***************
*** 175,179 ****
contentType != TlsContentType.ChangeCipherSpec)
{
! message = new TlsStreamReader(decryptRecordFragment(contentType, protocol, message.GetBytes()));
}
}
--- 187,194 ----
contentType != TlsContentType.ChangeCipherSpec)
{
! message = decryptRecordFragment(
! contentType,
! protocol,
! message.GetBytes());
}
}
***************
*** 195,199 ****
case TlsContentType.ApplicationData:
- // result = message.GetBytes();
break;
--- 210,213 ----
***************
*** 217,223 ****
#endregion
! #region TLS_READ_CRYPT_METHODS
! private byte[] decryptRecordFragment(TlsContentType contentType,
TlsProtocol protocol,
byte[] fragment)
--- 231,259 ----
#endregion
! #region TLS_CRYPTO_METHODS
! private byte[] encryptRecordFragment(TlsContentType contentType, byte[] fragment)
! {
! // Calculate message MAC
! byte[] mac = encodeClientRecordMAC(contentType, fragment);
!
! // Encrypt the message
! byte[] ecr = session.Context.Cipher.EncryptRecord(fragment, mac);
!
! // Set new IV
! if (session.Context.Cipher.CipherMode == CipherMode.CBC)
! {
! byte[] iv = new byte[session.Context.Cipher.IvSize];
! System.Array.Copy(ecr, ecr.Length - iv.Length, iv, 0, iv.Length);
! session.Context.Cipher.UpdateClientCipherIV(iv);
! }
!
! // Update sequence number
! session.Context.WriteSequenceNumber++;
!
! return ecr;
! }
!
! private TlsStreamReader decryptRecordFragment(TlsContentType contentType,
TlsProtocol protocol,
byte[] fragment)
***************
*** 256,265 ****
session.Context.ReadSequenceNumber++;
! return dcrFragment;
}
#endregion
! #region TLS_WRITE_CRYPT_METHODS
internal int SendAlert(TlsAlert alert)
--- 292,301 ----
session.Context.ReadSequenceNumber++;
! return new TlsStreamReader(dcrFragment);
}
#endregion
! #region TLS_SEND_METHODS
internal int SendAlert(TlsAlert alert)
***************
*** 346,371 ****
}
- private byte[] encryptRecordFragment(TlsContentType contentType, byte[] fragment)
- {
- // Calculate message MAC
- byte[] mac = encodeClientRecordMAC(contentType, fragment);
-
- // Encrypt the message
- byte[] ecr = session.Context.Cipher.EncryptRecord(fragment, mac);
-
- // Set new IV
- if (session.Context.Cipher.CipherMode == CipherMode.CBC)
- {
- byte[] iv = new byte[session.Context.Cipher.IvSize];
- System.Array.Copy(ecr, ecr.Length - iv.Length, iv, 0, iv.Length);
- session.Context.Cipher.UpdateClientCipherIV(iv);
- }
-
- // Update sequence number
- session.Context.WriteSequenceNumber++;
-
- return ecr;
- }
-
private byte[][] fragmentData(byte[] messageData)
{
--- 382,385 ----
***************
*** 452,455 ****
--- 466,475 ----
#region MISC_METHODS
+ private void resetBuffer()
+ {
+ this.inputBuffer.SetLength(0);
+ this.inputBuffer.Position = 0;
+ }
+
private byte[] encodeServerRecordMAC(TlsContentType contentType, byte[] fragment)
{
***************
*** 463,467 ****
data.Write(fragment);
! result = session.Context.Cipher.ComputeServerMAC(data.GetBytes());
data.Reset();
--- 483,487 ----
data.Write(fragment);
! result = session.Context.Cipher.ServerHMAC.ComputeHash(data.GetBytes());
data.Reset();
***************
*** 481,485 ****
data.Write(fragment);
! result = session.Context.Cipher.ComputeClientMAC(data.GetBytes());
data.Reset();
--- 501,505 ----
data.Write(fragment);
! result = session.Context.Cipher.ClientHMAC.ComputeHash(data.GetBytes());
data.Reset();
***************
*** 496,507 ****
}
- private byte[] ReadBytes(int length)
- {
- byte[] b = new byte[length];
- base.Receive(b);
-
- return b;
- }
-
private short ReadShort()
{
--- 516,519 ----
***************
*** 572,574 ****
#endregion
}
! }
--- 584,586 ----
#endregion
}
! }
\ No newline at end of file
|
