[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls TlsCiphe
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls TlsCipherSuite.cs,1.6,1.7 TlsCipherSuiteCollection.cs,1.3,1.4 TlsSession.cs,1.7,1.8 TlsSessionContext.cs,1.8,1.9 TlsSocket.cs,1.7,1.8 TlsSslCipherSuite.cs,1.5,1.6
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls
In directory sc8-pr-cvs1:/tmp/cvs-serv7205
Modified Files:
TlsCipherSuite.cs TlsCipherSuiteCollection.cs TlsSession.cs
TlsSessionContext.cs TlsSocket.cs TlsSslCipherSuite.cs
Log Message:
Added partial implementation of SSL3 protocol
Index: TlsCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsCipherSuite.cs,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** TlsCipherSuite.cs 21 Oct 2003 17:48:27 -0000 1.6
--- TlsCipherSuite.cs 21 Oct 2003 20:04:09 -0000 1.7
***************
*** 34,38 ****
namespace Mono.Security.Protocol.Tls
{
! internal class TlsCipherSuite : TlsAbstractCipherSuite
{
#region CONSTRUCTORS
--- 34,38 ----
namespace Mono.Security.Protocol.Tls
{
! internal class TlsCipherSuite : CipherSuite
{
#region CONSTRUCTORS
***************
*** 56,68 ****
// Encryption ( fragment + mac [+ padding + padding_length] )
MemoryStream ms = new MemoryStream();
! CryptoStream cs = new CryptoStream(ms, encryptionCipher, CryptoStreamMode.Write);
cs.Write(fragment, 0, fragment.Length);
cs.Write(mac, 0, mac.Length);
! if (cipherMode == CipherMode.CBC)
{
// Calculate padding_length
int fragmentLength = fragment.Length + mac.Length + 1;
! int paddingLength = (((fragmentLength/blockSize)*blockSize) + blockSize) - fragmentLength;
// Write padding length byte
--- 56,68 ----
// Encryption ( fragment + mac [+ padding + padding_length] )
MemoryStream ms = new MemoryStream();
! CryptoStream cs = new CryptoStream(ms, this.EncryptionCipher, CryptoStreamMode.Write);
cs.Write(fragment, 0, fragment.Length);
cs.Write(mac, 0, mac.Length);
! if (this.CipherMode == CipherMode.CBC)
{
// Calculate padding_length
int fragmentLength = fragment.Length + mac.Length + 1;
! int paddingLength = (((fragmentLength/this.BlockSize)*this.BlockSize) + this.BlockSize) - fragmentLength;
// Write padding length byte
***************
*** 82,89 ****
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! decryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
! if (cipherMode == CipherMode.CBC)
{
// Calculate padding_length
--- 82,89 ----
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! this.DecryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
! if (this.CipherMode == CipherMode.CBC)
{
// Calculate padding_length
***************
*** 121,125 ****
byte[] result = null;
! data.Write(context.ReadSequenceNumber);
data.Write((byte)contentType);
data.Write((short)this.Context.Protocol);
--- 121,125 ----
byte[] result = null;
! data.Write(this.Context.ReadSequenceNumber);
data.Write((byte)contentType);
data.Write((short)this.Context.Protocol);
***************
*** 127,131 ****
data.Write(fragment);
! result = serverHMAC.ComputeHash(data.ToArray());
data.Reset();
--- 127,131 ----
data.Write(fragment);
! result = this.ServerHMAC.ComputeHash(data.ToArray());
data.Reset();
***************
*** 139,143 ****
byte[] result = null;
! data.Write(context.WriteSequenceNumber);
data.Write((byte)contentType);
data.Write((short)this.Context.Protocol);
--- 139,143 ----
byte[] result = null;
! data.Write(this.Context.WriteSequenceNumber);
data.Write((byte)contentType);
data.Write((short)this.Context.Protocol);
***************
*** 145,149 ****
data.Write(fragment);
! result = clientHMAC.ComputeHash(data.ToArray());
data.Reset();
--- 145,149 ----
data.Write(fragment);
! result = this.ClientHMAC.ComputeHash(data.ToArray());
data.Reset();
***************
*** 160,164 ****
// Create master secret
this.Context.MasterSecret = new byte[preMasterSecret.Length];
! this.Context.MasterSecret = PRF(
preMasterSecret, "master secret", this.Context.RandomCS, 48);
}
--- 160,164 ----
// Create master secret
this.Context.MasterSecret = new byte[preMasterSecret.Length];
! this.Context.MasterSecret = this.PRF(
preMasterSecret, "master secret", this.Context.RandomCS, 48);
}
***************
*** 168,172 ****
// Create keyblock
TlsStream keyBlock = new TlsStream(
! PRF(this.Context.MasterSecret,
"key expansion",
this.Context.RandomSC,
--- 168,173 ----
// Create keyblock
TlsStream keyBlock = new TlsStream(
! this.PRF(
! this.Context.MasterSecret,
"key expansion",
this.Context.RandomSC,
***************
*** 206,209 ****
--- 207,211 ----
this.Context.ClientWriteIV = new byte[this.IvSize];
System.Array.Copy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
+
this.Context.ServerWriteIV = new byte[this.IvSize];
System.Array.Copy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
Index: TlsCipherSuiteCollection.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsCipherSuiteCollection.cs,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** TlsCipherSuiteCollection.cs 21 Oct 2003 16:05:12 -0000 1.3
--- TlsCipherSuiteCollection.cs 21 Oct 2003 20:04:09 -0000 1.4
***************
*** 40,59 ****
#region PROPERTIES
! public TlsAbstractCipherSuite this[string name]
{
! get { return (TlsAbstractCipherSuite)this[IndexOf(name)]; }
! set { this[IndexOf(name)] = (TlsAbstractCipherSuite)value; }
}
! public TlsAbstractCipherSuite this[short code]
{
! get { return (TlsAbstractCipherSuite)base[IndexOf(code)]; }
! set { base[IndexOf(code)] = (TlsAbstractCipherSuite)value; }
}
! public new TlsAbstractCipherSuite this[int code]
{
! get { return (TlsAbstractCipherSuite)base[code]; }
! set { base[code] = (TlsAbstractCipherSuite)value; }
}
--- 40,59 ----
#region PROPERTIES
! public CipherSuite this[string name]
{
! get { return (CipherSuite)this[IndexOf(name)]; }
! set { this[IndexOf(name)] = (CipherSuite)value; }
}
! public CipherSuite this[short code]
{
! get { return (CipherSuite)base[IndexOf(code)]; }
! set { base[IndexOf(code)] = (CipherSuite)value; }
}
! public new CipherSuite this[int code]
{
! get { return (CipherSuite)base[code]; }
! set { base[code] = (CipherSuite)value; }
}
***************
*** 79,83 ****
{
int index = 0;
! foreach (TlsAbstractCipherSuite suite in this)
{
if (cultureAwareCompare(suite.Name, name))
--- 79,83 ----
{
int index = 0;
! foreach (CipherSuite suite in this)
{
if (cultureAwareCompare(suite.Name, name))
***************
*** 93,97 ****
{
int index = 0;
! foreach (TlsAbstractCipherSuite suite in this)
{
if (suite.Code == code)
--- 93,97 ----
{
int index = 0;
! foreach (CipherSuite suite in this)
{
if (suite.Code == code)
***************
*** 109,113 ****
}
! public TlsAbstractCipherSuite Add(short code, string name, string algName, string hashName, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
{
switch (this.protocol)
--- 109,113 ----
}
! public CipherSuite Add(short code, string name, string algName, string hashName, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
{
switch (this.protocol)
Index: TlsSession.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSession.cs,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** TlsSession.cs 21 Oct 2003 16:05:12 -0000 1.7
--- TlsSession.cs 21 Oct 2003 20:04:09 -0000 1.8
***************
*** 47,54 ****
private byte[] sessionId;
private TlsSessionContext context;
- private bool helloDone;
- private bool handshakeFinished;
private TlsSessionSettings settings;
- private TlsCipherSuiteCollection supportedCiphers;
private TlsSocket socket;
private TlsNetworkStream networkStream;
--- 47,51 ----
***************
*** 84,104 ****
}
- internal TlsCipherSuiteCollection SupportedCiphers
- {
- get { return supportedCiphers; }
- }
-
- internal bool HelloDone
- {
- get { return helloDone; }
- set { helloDone = value; }
- }
-
- internal bool HandshakeFinished
- {
- get { return handshakeFinished; }
- set { handshakeFinished = value; }
- }
-
internal bool IsSecure
{
--- 81,84 ----
***************
*** 164,169 ****
this.context.Protocol = settings.Protocol;
this.context.CompressionMethod = settings.CompressionMethod;
! this.state = TlsSessionState.OpeningSecure;
! this.supportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.Protocol);
this.socket.DoHandshake();
this.state = TlsSessionState.OpenSecure;
--- 144,149 ----
this.context.Protocol = settings.Protocol;
this.context.CompressionMethod = settings.CompressionMethod;
! this.context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.Protocol);
! this.state = TlsSessionState.OpeningSecure;
this.socket.DoHandshake();
this.state = TlsSessionState.OpenSecure;
***************
*** 277,282 ****
// Reset session information
this.isSecure = false;
- this.helloDone = false;
- this.handshakeFinished = false;
this.context = new TlsSessionContext();
this.sessionId = new byte[0];
--- 257,260 ----
Index: TlsSessionContext.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSessionContext.cs,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** TlsSessionContext.cs 21 Oct 2003 16:05:12 -0000 1.8
--- TlsSessionContext.cs 21 Oct 2003 20:04:10 -0000 1.9
***************
*** 45,53 ****
private TlsServerSettings serverSettings;
// Misc
private bool isActual;
private bool connectionEnd;
! private TlsAbstractCipherSuite cipher;
!
// Sequence numbers
private long writeSequenceNumber;
--- 45,58 ----
private TlsServerSettings serverSettings;
+ // Cipher suite information
+ private CipherSuite cipher;
+ private TlsCipherSuiteCollection supportedCiphers;
+
// Misc
private bool isActual;
+ private bool helloDone;
+ private bool handshakeFinished;
private bool connectionEnd;
!
// Sequence numbers
private long writeSequenceNumber;
***************
*** 106,109 ****
--- 111,126 ----
}
+ public bool HelloDone
+ {
+ get { return helloDone; }
+ set { helloDone = value; }
+ }
+
+ public bool HandshakeFinished
+ {
+ get { return handshakeFinished; }
+ set { handshakeFinished = value; }
+ }
+
public bool ConnectionEnd
{
***************
*** 112,119 ****
}
! public TlsAbstractCipherSuite Cipher
{
get { return this.cipher; }
set { this.cipher = value; }
}
--- 129,142 ----
}
! public CipherSuite Cipher
{
get { return this.cipher; }
set { this.cipher = value; }
+ }
+
+ public TlsCipherSuiteCollection SupportedCiphers
+ {
+ get { return supportedCiphers; }
+ set { supportedCiphers = value; }
}
Index: TlsSocket.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSocket.cs,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** TlsSocket.cs 21 Oct 2003 17:48:27 -0000 1.7
--- TlsSocket.cs 21 Oct 2003 20:04:10 -0000 1.8
***************
*** 193,197 ****
TlsContentType contentType = (TlsContentType)this.ReadByte();
TlsProtocol protocol = (TlsProtocol)this.ReadShort();
! int length = this.ReadShort();
// Read Record data
--- 193,197 ----
TlsContentType contentType = (TlsContentType)this.ReadByte();
TlsProtocol protocol = (TlsProtocol)this.ReadShort();
! short length = this.ReadShort();
// Read Record data
***************
*** 207,212 ****
// Check that the message as a valid protocol version
! if ((protocol != this.session.Context.Protocol &&
! this.session.HelloDone) ||
(protocol != TlsProtocol.Tls1 && protocol != TlsProtocol.Ssl3 ))
{
--- 207,211 ----
// Check that the message as a valid protocol version
! if ((protocol != this.session.Context.Protocol && this.session.Context.HelloDone) ||
(protocol != TlsProtocol.Tls1 && protocol != TlsProtocol.Ssl3 ))
{
***************
*** 215,220 ****
// Decrypt message contents if needed
! if (contentType == TlsContentType.Alert &&
! length == 2)
{
}
--- 214,218 ----
// Decrypt message contents if needed
! if (contentType == TlsContentType.Alert && length == 2)
{
}
***************
*** 566,570 ****
// Read server response
! while (!session.HelloDone)
{
// Read next record
--- 564,568 ----
// Read server response
! while (!this.session.Context.HelloDone)
{
// Read next record
***************
*** 573,577 ****
// Send client certificate if requested
! if (session.Context.ServerSettings.CertificateRequest)
{
this.sendRecord(TlsHandshakeType.Certificate);
--- 571,575 ----
// Send client certificate if requested
! if (this.session.Context.ServerSettings.CertificateRequest)
{
this.sendRecord(TlsHandshakeType.Certificate);
***************
*** 585,589 ****
// Send certificate verify if requested
! if (session.Context.ServerSettings.CertificateRequest)
{
this.sendRecord(TlsHandshakeType.CertificateVerify);
--- 583,587 ----
// Send certificate verify if requested
! if (this.session.Context.ServerSettings.CertificateRequest)
{
this.sendRecord(TlsHandshakeType.CertificateVerify);
***************
*** 597,601 ****
// Read server finished
! if (!session.HandshakeFinished)
{
this.receiveRecord();
--- 595,599 ----
// Read server finished
! if (!this.session.Context.HandshakeFinished)
{
this.receiveRecord();
Index: TlsSslCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** TlsSslCipherSuite.cs 21 Oct 2003 17:48:27 -0000 1.5
--- TlsSslCipherSuite.cs 21 Oct 2003 20:04:10 -0000 1.6
***************
*** 34,38 ****
namespace Mono.Security.Protocol.Tls
{
! internal class TlsSslCipherSuite : TlsAbstractCipherSuite
{
#region FIELDS
--- 34,38 ----
namespace Mono.Security.Protocol.Tls
{
! internal class TlsSslCipherSuite : CipherSuite
{
#region FIELDS
***************
*** 43,46 ****
--- 43,60 ----
#endregion
+ #region PROPERTIES
+
+ public byte[] Pad1
+ {
+ get { return pad1; }
+ }
+
+ public byte[] Pad2
+ {
+ get { return pad2; }
+ }
+
+ #endregion
+
#region CONSTRUCTORS
***************
*** 53,57 ****
ivSize, blockSize)
{
! this.initializePad();
}
--- 67,71 ----
ivSize, blockSize)
{
! this.GeneratePad(hashName, ref this.pad1, ref this.pad2);
}
***************
*** 64,76 ****
// Encryption ( fragment + mac [+ padding + padding_length] )
MemoryStream ms = new MemoryStream();
! CryptoStream cs = new CryptoStream(ms, encryptionCipher, CryptoStreamMode.Write);
cs.Write(fragment, 0, fragment.Length);
cs.Write(mac, 0, mac.Length);
! if (cipherMode == CipherMode.CBC)
{
// Calculate padding_length
int fragmentLength = fragment.Length + mac.Length + 1;
! int paddingLength = (((fragmentLength/blockSize)*8) + blockSize) - fragmentLength;
// Write padding length byte
--- 78,90 ----
// Encryption ( fragment + mac [+ padding + padding_length] )
MemoryStream ms = new MemoryStream();
! CryptoStream cs = new CryptoStream(ms, this.EncryptionCipher, CryptoStreamMode.Write);
cs.Write(fragment, 0, fragment.Length);
cs.Write(mac, 0, mac.Length);
! if (this.CipherMode == CipherMode.CBC)
{
// Calculate padding_length
int fragmentLength = fragment.Length + mac.Length + 1;
! int paddingLength = (((fragmentLength/this.BlockSize)*8) + this.BlockSize) - fragmentLength;
// Write padding length byte
***************
*** 90,97 ****
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! decryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
! if (cipherMode == CipherMode.CBC)
{
// Calculate padding_length
--- 104,111 ----
// Decrypt message fragment ( fragment + mac [+ padding + padding_length] )
byte[] buffer = new byte[fragment.Length];
! this.DecryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0);
// Calculate fragment size
! if (this.CipherMode == CipherMode.CBC)
{
// Calculate padding_length
***************
*** 126,136 ****
public override byte[] GenerateServerRecordMAC(TlsContentType contentType, byte[] fragment)
{
! HashAlgorithm hash = HashAlgorithm.Create(this.hashName);
TlsStream block = new TlsStream();
- byte[] result = null;
block.Write(this.Context.ServerWriteMAC);
block.Write(this.pad1);
! block.Write(context.ReadSequenceNumber);
block.Write((byte)contentType);
block.Write((short)fragment.Length);
--- 140,149 ----
public override byte[] GenerateServerRecordMAC(TlsContentType contentType, byte[] fragment)
{
! HashAlgorithm hash = HashAlgorithm.Create(this.HashName);
TlsStream block = new TlsStream();
block.Write(this.Context.ServerWriteMAC);
block.Write(this.pad1);
! block.Write(this.Context.ReadSequenceNumber);
block.Write((byte)contentType);
block.Write((short)fragment.Length);
***************
*** 154,164 ****
public override byte[] GenerateClientRecordMAC(TlsContentType contentType, byte[] fragment)
{
! HashAlgorithm hash = HashAlgorithm.Create(this.hashName);
TlsStream block = new TlsStream();
- byte[] result = null;
block.Write(this.Context.ClientWriteMAC);
block.Write(this.pad1);
! block.Write(context.WriteSequenceNumber);
block.Write((byte)contentType);
block.Write((short)fragment.Length);
--- 167,176 ----
public override byte[] GenerateClientRecordMAC(TlsContentType contentType, byte[] fragment)
{
! HashAlgorithm hash = HashAlgorithm.Create(this.HashName);
TlsStream block = new TlsStream();
block.Write(this.Context.ClientWriteMAC);
block.Write(this.pad1);
! block.Write(this.Context.WriteSequenceNumber);
block.Write((byte)contentType);
block.Write((short)fragment.Length);
***************
*** 180,183 ****
--- 192,218 ----
}
+ public void GeneratePad(string hashName, ref byte[] pad1, ref byte[] pad2)
+ {
+ switch (hashName)
+ {
+ case "MD5":
+ pad1 = new byte[48];
+ pad2 = new byte[48];
+ break;
+
+ case "SHA":
+ case "SHA1":
+ pad1 = new byte[40];
+ pad2 = new byte[40];
+ break;
+ }
+
+ for (int i = 0; i < pad1.Length; i++)
+ {
+ pad1[i] = (byte)0x36;
+ pad2[i] = (byte)0x5C;
+ }
+ }
+
#endregion
***************
*** 192,196 ****
masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));
! this.context.MasterSecret = masterSecret.ToArray();
}
--- 227,231 ----
masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));
! this.Context.MasterSecret = masterSecret.ToArray();
}
***************
*** 271,296 ****
#region PRIVATE_METHODS
-
- private void initializePad()
- {
- switch (hashName)
- {
- case "MD5":
- pad1 = new byte[48];
- pad2 = new byte[48];
- break;
-
- case "SHA":
- pad1 = new byte[40];
- pad2 = new byte[40];
- break;
- }
-
- for (int i = 0; i < pad1.Length; i++)
- {
- pad1[i] = (byte)0x36;
- pad2[i] = (byte)0x5C;
- }
- }
private byte[] prf(byte[] secret, string label, byte[] random)
--- 306,309 ----
|
