[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls TlsCiphe
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls TlsCipherSuite.cs,1.4,1.5 TlsCipherSuiteCollection.cs,1.2,1.3 TlsCipherSuiteFactory.cs,1.2,1.3 TlsContentType.cs,1.1,1.2 TlsSession.cs,1.6,1.7 TlsSessionContext.cs,1.7,1.8 TlsSessionSettings.cs,1.2,1.3 TlsSslCipherSuite.cs,1.3,1.4
|
From: <car...@us...> - 2003-10-21 16:06:17
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls
In directory sc8-pr-cvs1:/tmp/cvs-serv25618
Modified Files:
TlsCipherSuite.cs TlsCipherSuiteCollection.cs
TlsCipherSuiteFactory.cs TlsContentType.cs TlsSession.cs
TlsSessionContext.cs TlsSessionSettings.cs
TlsSslCipherSuite.cs
Log Message:
Added partial implementation of SSL3 protocol
Index: TlsCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsCipherSuite.cs,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** TlsCipherSuite.cs 21 Oct 2003 12:17:10 -0000 1.4
--- TlsCipherSuite.cs 21 Oct 2003 16:05:12 -0000 1.5
***************
*** 158,187 ****
public override void CreateMasterSecret(byte[] preMasterSecret)
{
- TlsStream seed = new TlsStream();
-
- // Seed
- seed.Write(context.ClientRandom);
- seed.Write(context.ServerRandom);
-
// Create master secret
! context.MasterSecret = new byte[preMasterSecret.Length];
! context.MasterSecret = PRF(preMasterSecret, "master secret", seed.ToArray(), 48);
!
! seed.Reset();
}
public override void CreateKeys()
{
- TlsStream seed = new TlsStream();
-
- // Seed
- seed.Write(context.ServerRandom);
- seed.Write(context.ClientRandom);
-
// Create keyblock
TlsStream keyBlock = new TlsStream(
PRF(this.Context.MasterSecret,
"key expansion",
! seed.ToArray(),
this.KeyBlockSize));
--- 158,174 ----
public override void CreateMasterSecret(byte[] preMasterSecret)
{
// Create master secret
! this.Context.MasterSecret = new byte[preMasterSecret.Length];
! this.Context.MasterSecret = PRF(
! preMasterSecret, "master secret", this.Context.RandomCS, 48);
}
public override void CreateKeys()
{
// Create keyblock
TlsStream keyBlock = new TlsStream(
PRF(this.Context.MasterSecret,
"key expansion",
! this.Context.RandomSC,
this.KeyBlockSize));
***************
*** 206,217 ****
else
{
- // Seed
- seed.Reset();
- seed.Write(this.Context.ClientRandom);
- seed.Write(this.Context.ServerRandom);
-
// Generate final write keys
! byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", seed.ToArray(), this.KeyMaterialSize);
! byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", seed.ToArray(), this.KeyMaterialSize);
this.Context.ClientWriteKey = finalClientWriteKey;
--- 193,199 ----
else
{
// Generate final write keys
! byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.KeyMaterialSize);
! byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.KeyMaterialSize);
this.Context.ClientWriteKey = finalClientWriteKey;
***************
*** 219,223 ****
// Generate IV block
! byte[] ivBlock = PRF(new byte[]{}, "IV block", seed.ToArray(), this.IvSize*2);
// Generate IV keys
--- 201,205 ----
// Generate IV block
! byte[] ivBlock = PRF(new byte[]{}, "IV block", this.Context.RandomCS, this.IvSize*2);
// Generate IV keys
***************
*** 229,233 ****
// Clear no more needed data
- seed.Reset();
keyBlock.Reset();
}
--- 211,214 ----
Index: TlsCipherSuiteCollection.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsCipherSuiteCollection.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** TlsCipherSuiteCollection.cs 20 Oct 2003 09:58:29 -0000 1.2
--- TlsCipherSuiteCollection.cs 21 Oct 2003 16:05:12 -0000 1.3
***************
*** 32,53 ****
internal sealed class TlsCipherSuiteCollection : ArrayList
{
#region PROPERTIES
! public TlsCipherSuite this[string name]
{
! get { return (TlsCipherSuite)this[IndexOf(name)]; }
! set { this[IndexOf(name)] = (TlsCipherSuite)value; }
}
! public TlsCipherSuite this[short code]
{
! get { return (TlsCipherSuite)base[IndexOf(code)]; }
! set { base[IndexOf(code)] = (TlsCipherSuite)value; }
}
! public new TlsCipherSuite this[int code]
{
! get { return (TlsCipherSuite)base[code]; }
! set { base[code] = (TlsCipherSuite)value; }
}
--- 32,68 ----
internal sealed class TlsCipherSuiteCollection : ArrayList
{
+ #region FIELDS
+
+ private TlsProtocol protocol;
+
+ #endregion
+
#region PROPERTIES
! public TlsAbstractCipherSuite this[string name]
{
! get { return (TlsAbstractCipherSuite)this[IndexOf(name)]; }
! set { this[IndexOf(name)] = (TlsAbstractCipherSuite)value; }
}
! public TlsAbstractCipherSuite this[short code]
{
! get { return (TlsAbstractCipherSuite)base[IndexOf(code)]; }
! set { base[IndexOf(code)] = (TlsAbstractCipherSuite)value; }
}
! public new TlsAbstractCipherSuite this[int code]
{
! get { return (TlsAbstractCipherSuite)base[code]; }
! set { base[code] = (TlsAbstractCipherSuite)value; }
! }
!
! #endregion
!
! #region CONSTRUCTORS
!
! public TlsCipherSuiteCollection(TlsProtocol protocol) : base()
! {
! this.protocol = protocol;
}
***************
*** 64,68 ****
{
int index = 0;
! foreach(TlsCipherSuite suite in this)
{
if (cultureAwareCompare(suite.Name, name))
--- 79,83 ----
{
int index = 0;
! foreach (TlsAbstractCipherSuite suite in this)
{
if (cultureAwareCompare(suite.Name, name))
***************
*** 78,82 ****
{
int index = 0;
! foreach(TlsCipherSuite suite in this)
{
if (suite.Code == code)
--- 93,97 ----
{
int index = 0;
! foreach (TlsAbstractCipherSuite suite in this)
{
if (suite.Code == code)
***************
*** 94,98 ****
}
! public TlsCipherSuite Add(TlsCipherSuite cipherSuite)
{
base.Add(cipherSuite);
--- 109,130 ----
}
! public TlsAbstractCipherSuite Add(short code, string name, string algName, string hashName, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
! {
! switch (this.protocol)
! {
! case TlsProtocol.Tls1:
! return this.add(
! new TlsCipherSuite(code, name, algName, hashName, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
!
! case TlsProtocol.Ssl3:
! return this.add(
! new TlsSslCipherSuite(code, name, algName, hashName, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
!
! default:
! throw new NotSupportedException();
! }
! }
!
! private TlsCipherSuite add(TlsCipherSuite cipherSuite)
{
base.Add(cipherSuite);
***************
*** 101,109 ****
}
! public TlsCipherSuite Add(short code, string name, string algName, string hashName, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
{
! TlsCipherSuite cipherSuite = new TlsCipherSuite(code, name, algName, hashName, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize);
! return Add(cipherSuite);
}
--- 133,141 ----
}
! private TlsSslCipherSuite add(TlsSslCipherSuite cipherSuite)
{
! base.Add(cipherSuite);
! return cipherSuite;
}
Index: TlsCipherSuiteFactory.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsCipherSuiteFactory.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** TlsCipherSuiteFactory.cs 21 Oct 2003 09:31:41 -0000 1.2
--- TlsCipherSuiteFactory.cs 21 Oct 2003 16:05:12 -0000 1.3
***************
*** 48,52 ****
private static TlsCipherSuiteCollection GetTls1SupportedCiphers()
{
! TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection();
// Supported ciphers
--- 48,52 ----
private static TlsCipherSuiteCollection GetTls1SupportedCiphers()
{
! TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(TlsProtocol.Tls1);
// Supported ciphers
***************
*** 117,121 ****
private static TlsCipherSuiteCollection GetSsl3SupportedCiphers()
{
! TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection();
// Supported ciphers
--- 117,121 ----
private static TlsCipherSuiteCollection GetSsl3SupportedCiphers()
{
! TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(TlsProtocol.Ssl3);
// Supported ciphers
Index: TlsContentType.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsContentType.cs,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** TlsContentType.cs 11 Oct 2003 10:04:20 -0000 1.1
--- TlsContentType.cs 21 Oct 2003 16:05:12 -0000 1.2
***************
*** 33,37 ****
Handshake = 22,
ApplicationData = 23,
- Unknown = 255
}
}
--- 33,36 ----
Index: TlsSession.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSession.cs,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** TlsSession.cs 20 Oct 2003 22:00:28 -0000 1.6
--- TlsSession.cs 21 Oct 2003 16:05:12 -0000 1.7
***************
*** 167,171 ****
this.supportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.Protocol);
this.socket.DoHandshake();
! this.state = TlsSessionState.OpenSecure;
}
catch (TlsException ex)
--- 167,171 ----
this.supportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.Protocol);
this.socket.DoHandshake();
! this.state = TlsSessionState.OpenSecure;
}
catch (TlsException ex)
Index: TlsSessionContext.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSessionContext.cs,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** TlsSessionContext.cs 20 Oct 2003 22:00:29 -0000 1.7
--- TlsSessionContext.cs 21 Oct 2003 16:05:12 -0000 1.8
***************
*** 48,52 ****
private bool isActual;
private bool connectionEnd;
! private TlsCipherSuite cipher;
// Sequence numbers
--- 48,52 ----
private bool isActual;
private bool connectionEnd;
! private TlsAbstractCipherSuite cipher;
// Sequence numbers
***************
*** 57,60 ****
--- 57,62 ----
private byte[] clientRandom;
private byte[] serverRandom;
+ private byte[] randomCS;
+ private byte[] randomSC;
// Key information
***************
*** 82,188 ****
public TlsProtocol Protocol
{
! get { return protocol; }
! set { protocol = value; }
}
public TlsCompressionMethod CompressionMethod
{
! get { return compressionMethod; }
! set { compressionMethod = value; }
}
public TlsServerSettings ServerSettings
{
! get { return serverSettings; }
! set { serverSettings = value; }
}
public bool IsActual
{
! get { return isActual; }
! set { isActual = value; }
}
public bool ConnectionEnd
{
! get { return connectionEnd; }
! set { connectionEnd = value; }
}
! public TlsCipherSuite Cipher
{
! get { return cipher; }
! set { cipher = value; }
}
public TlsHandshakeHashes HandshakeHashes
{
! get { return handshakeHashes; }
}
public long WriteSequenceNumber
{
! get { return writeSequenceNumber; }
! set { writeSequenceNumber = value; }
}
public long ReadSequenceNumber
{
! get { return readSequenceNumber; }
! set { readSequenceNumber = value; }
}
public byte[] ClientRandom
{
! get { return clientRandom; }
! set { clientRandom = value; }
}
public byte[] ServerRandom
{
! get { return serverRandom; }
! set { serverRandom = value; }
}
public byte[] MasterSecret
{
! get { return masterSecret; }
! set { masterSecret = value; }
}
public byte[] ClientWriteMAC
{
! get { return clientWriteMAC; }
! set { clientWriteMAC = value; }
}
public byte[] ServerWriteMAC
{
! get { return serverWriteMAC; }
! set { serverWriteMAC = value; }
}
public byte[] ClientWriteKey
{
! get { return clientWriteKey; }
! set { clientWriteKey = value; }
}
public byte[] ServerWriteKey
{
! get { return serverWriteKey; }
! set { serverWriteKey = value; }
}
public byte[] ClientWriteIV
{
! get { return clientWriteIV; }
! set { clientWriteIV = value; }
}
public byte[] ServerWriteIV
{
! get { return serverWriteIV; }
! set { serverWriteIV = value; }
}
--- 84,202 ----
public TlsProtocol Protocol
{
! get { return this.protocol; }
! set { this.protocol = value; }
}
public TlsCompressionMethod CompressionMethod
{
! get { return this.compressionMethod; }
! set { this.compressionMethod = value; }
}
public TlsServerSettings ServerSettings
{
! get { return this.serverSettings; }
! set { this.serverSettings = value; }
}
public bool IsActual
{
! get { return this.isActual; }
! set { this.isActual = value; }
}
public bool ConnectionEnd
{
! get { return this.connectionEnd; }
! set { this.connectionEnd = value; }
}
! public TlsAbstractCipherSuite Cipher
{
! get { return this.cipher; }
! set { this.cipher = value; }
}
public TlsHandshakeHashes HandshakeHashes
{
! get { return this.handshakeHashes; }
}
public long WriteSequenceNumber
{
! get { return this.writeSequenceNumber; }
! set { this.writeSequenceNumber = value; }
}
public long ReadSequenceNumber
{
! get { return this.readSequenceNumber; }
! set { this.readSequenceNumber = value; }
}
public byte[] ClientRandom
{
! get { return this.clientRandom; }
! set { this.clientRandom = value; }
}
public byte[] ServerRandom
{
! get { return this.serverRandom; }
! set { this.serverRandom = value; }
! }
!
! public byte[] RandomCS
! {
! get { return this.randomCS; }
! set { this.randomCS = value; }
! }
!
! public byte[] RandomSC
! {
! get { return this.randomSC; }
! set { this.randomSC = value; }
}
public byte[] MasterSecret
{
! get { return this.masterSecret; }
! set { this.masterSecret = value; }
}
public byte[] ClientWriteMAC
{
! get { return this.clientWriteMAC; }
! set { this.clientWriteMAC = value; }
}
public byte[] ServerWriteMAC
{
! get { return this.serverWriteMAC; }
! set { this.serverWriteMAC = value; }
}
public byte[] ClientWriteKey
{
! get { return this.clientWriteKey; }
! set { this.clientWriteKey = value; }
}
public byte[] ServerWriteKey
{
! get { return this.serverWriteKey; }
! set { this.serverWriteKey = value; }
}
public byte[] ClientWriteIV
{
! get { return this.clientWriteIV; }
! set { this.clientWriteIV = value; }
}
public byte[] ServerWriteIV
{
! get { return this.serverWriteIV; }
! set { this.serverWriteIV = value; }
}
***************
*** 224,244 ****
{
// Clear Master Secret
! masterSecret = null;
// Clear client and server random
! clientRandom = null;
! serverRandom = null;
// Clear client keys
! clientWriteKey = null;
! clientWriteIV = null;
! clientWriteMAC = null;
// Clear server keys
! serverWriteKey = null;
! serverWriteIV = null;
! serverWriteMAC = null;
!
! // Force the GC to recollect the memory ??
}
--- 238,258 ----
{
// Clear Master Secret
! this.masterSecret = null;
// Clear client and server random
! this.clientRandom = null;
! this.serverRandom = null;
! this.randomCS = null;
! this.randomSC = null;
// Clear client keys
! this.clientWriteKey = null;
! this.clientWriteIV = null;
! this.clientWriteMAC = null;
// Clear server keys
! this.serverWriteKey = null;
! this.serverWriteIV = null;
! this.serverWriteMAC = null;
}
Index: TlsSessionSettings.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSessionSettings.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** TlsSessionSettings.cs 20 Oct 2003 18:21:43 -0000 1.2
--- TlsSessionSettings.cs 21 Oct 2003 16:05:12 -0000 1.3
***************
*** 67,71 ****
set
{
! if (value != TlsProtocol.Tls1)
{
throw new NotSupportedException("Specified protocol is not supported");
--- 67,72 ----
set
{
! if (value != TlsProtocol.Tls1 &&
! value != TlsProtocol.Ssl3)
{
throw new NotSupportedException("Specified protocol is not supported");
Index: TlsSslCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** TlsSslCipherSuite.cs 21 Oct 2003 12:17:10 -0000 1.3
--- TlsSslCipherSuite.cs 21 Oct 2003 16:05:12 -0000 1.4
***************
*** 132,141 ****
public override void CreateMasterSecret(byte[] preMasterSecret)
{
! throw new NotSupportedException();
}
public override void CreateKeys()
{
! throw new NotSupportedException();
}
--- 132,246 ----
public override void CreateMasterSecret(byte[] preMasterSecret)
{
! TlsStream masterSecret = new TlsStream();
!
! masterSecret.Write(this.prf(preMasterSecret, "A", this.Context.RandomCS));
! masterSecret.Write(this.prf(preMasterSecret, "BB", this.Context.RandomCS));
! masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));
!
! this.context.MasterSecret = masterSecret.ToArray();
}
public override void CreateKeys()
{
! // Compute KeyBlock
! TlsStream tmp = new TlsStream();
!
! char labelChar = 'A';
! int count = 1;
! while (tmp.Length < this.KeyBlockSize)
! {
! string label = String.Empty;
!
! for (int i = 0; i < count; i++)
! {
! label += labelChar.ToString();
! }
!
! byte[] block = this.prf(this.Context.MasterSecret, label.ToString(), this.Context.RandomSC);
!
! int size = (tmp.Length + block.Length) > this.KeyBlockSize ? (this.KeyBlockSize - (int)tmp.Length) : block.Length;
!
! tmp.Write(block, 0, size);
!
! labelChar++;
! count++;
! }
!
! // Create keyblock
! TlsStream keyBlock = new TlsStream(tmp.ToArray());
!
! this.Context.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);
! this.Context.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);
! this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
! this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
!
! if (!this.IsExportable)
! {
! if (this.IvSize != 0)
! {
! this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
! this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
! }
! else
! {
! this.Context.ClientWriteIV = new byte[0];
! this.Context.ServerWriteIV = new byte[0];
! }
! }
! else
! {
! MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
!
! // Generate final write keys
! byte[] finalClientWriteKey = new byte[md5.HashSize];
! md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, finalClientWriteKey, 0);
! finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
!
! byte[] finalServerWriteKey = new byte[md5.HashSize];
! md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, finalServerWriteKey, 0);
! finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
!
! this.Context.ClientWriteKey = finalClientWriteKey;
! this.Context.ServerWriteKey = finalServerWriteKey;
!
! // Generate IV keys
! this.Context.ClientWriteIV = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
! this.Context.ServerWriteIV = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
! }
!
! // Clear no more needed data
! keyBlock.Reset();
! tmp.Reset();
! }
!
! #endregion
!
! #region PRIVATE_METHODS
!
! private byte[] prf(byte[] secret, string label, byte[] random)
! {
! MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
! SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
!
! // Compute SHA hash
! TlsStream block = new TlsStream();
! block.Write(Encoding.ASCII.GetBytes(label));
! block.Write(secret);
! block.Write(random);
!
! byte[] shaHash = sha.ComputeHash(block.ToArray(), 0, (int)block.Length);
!
! block.Reset();
!
! // Compute MD5 hash
! block.Write(secret);
! block.Write(shaHash);
!
! byte[] result = md5.ComputeHash(block.ToArray(), 0, (int)block.Length);
!
! // Free resources
! block.Reset();
!
! return result;
}
|
