[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls CipherS
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls CipherSuite.cs,1.3,1.4 RecordProtocol.cs,1.2,1.3 SslClientStream.cs,1.11,1.12 TlsContext.cs,1.4,1.5
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7191 Modified Files: CipherSuite.cs RecordProtocol.cs SslClientStream.cs TlsContext.cs Log Message: 2004-02-20 Carlos Guzmán Álvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/RecordProtocol.cs: * Mono.Security.Protocol.Tls/TlsContext.cs: - Added changes for handle te SecurityProtocolType enum as a Flags enum. * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs: - Let the Ssl3 message to be process in the same way as the Tls1. * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs: - Added changes for use the Protocol version send by the server * Mono.Security.Protocol.Tls/CipherSuite.cs: - Compute the premaster secret using the protocol version sent in the ClientHello message instead of the actual protocol version. Index: CipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** CipherSuite.cs 18 Feb 2004 15:28:13 -0000 1.3 --- CipherSuite.cs 20 Feb 2004 18:13:53 -0000 1.4 *************** *** 356,360 **** // Write protocol version ! stream.Write(this.Context.Protocol); // Generate random bytes --- 356,363 ---- // Write protocol version ! // We need to send here the protocol version used in ! // the ClientHello message, that can be different than the actual ! // protocol version ! stream.Write(this.Context.ClientHelloProtocol); // Generate random bytes Index: RecordProtocol.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** RecordProtocol.cs 20 Feb 2004 10:03:48 -0000 1.2 --- RecordProtocol.cs 20 Feb 2004 18:13:53 -0000 1.3 *************** *** 109,113 **** // Check that the message has a valid protocol version ! if (protocol != this.context.Protocol) { throw this.context.CreateException("Invalid protocol version on message received from server"); --- 109,114 ---- // Check that the message has a valid protocol version ! if (protocol != this.context.Protocol && ! this.context.HelloDone) { throw this.context.CreateException("Invalid protocol version on message received from server"); Index: SslClientStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** SslClientStream.cs 20 Feb 2004 10:08:51 -0000 1.11 --- SslClientStream.cs 20 Feb 2004 18:13:53 -0000 1.12 *************** *** 606,610 **** catch (TlsException ex) { ! throw new IOException("The authentication or decryption has failed.", ex); } catch (Exception ex) --- 606,610 ---- catch (TlsException ex) { ! throw new IOException("The authentication or decryption has failed."); } catch (Exception ex) *************** *** 739,787 **** private void doHandshake() { ! // Obtain supported cipher suites ! this.context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(this.context.SecurityProtocol); ! // Send client hello ! this.protocol.SendRecord(TlsHandshakeType.ClientHello); ! // Read server response ! while (!this.context.HelloDone) ! { ! // Read next record ! this.protocol.ReceiveRecord(); ! } ! ! // Send client certificate if requested ! if (this.context.ServerSettings.CertificateRequest) ! { ! this.protocol.SendRecord(TlsHandshakeType.Certificate); ! } ! // Send Client Key Exchange ! this.protocol.SendRecord(TlsHandshakeType.ClientKeyExchange); ! // Now initialize session cipher with the generated keys ! this.context.Cipher.InitializeCipher(); ! // Send certificate verify if requested ! if (this.context.ServerSettings.CertificateRequest) ! { ! this.protocol.SendRecord(TlsHandshakeType.CertificateVerify); ! } ! // Send Cipher Spec protocol ! this.protocol.SendChangeCipherSpec(); ! // Read record until server finished is received ! while (!this.context.HandshakeFinished) { ! // If all goes well this will process messages: ! // Change Cipher Spec ! // Server finished ! this.protocol.ReceiveRecord(); } - - // Clear Key Info - this.context.ClearKeyInfo(); } --- 739,794 ---- private void doHandshake() { ! try ! { ! // Obtain supported cipher suites ! this.context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(this.context.SecurityProtocol); ! // Send client hello ! this.protocol.SendRecord(TlsHandshakeType.ClientHello); ! // Read server response ! while (!this.context.HelloDone) ! { ! // Read next record ! this.protocol.ReceiveRecord(); ! } ! // Send client certificate if requested ! if (this.context.ServerSettings.CertificateRequest) ! { ! this.protocol.SendRecord(TlsHandshakeType.Certificate); ! } ! // Send Client Key Exchange ! this.protocol.SendRecord(TlsHandshakeType.ClientKeyExchange); ! // Now initialize session cipher with the generated keys ! this.context.Cipher.InitializeCipher(); ! // Send certificate verify if requested ! if (this.context.ServerSettings.CertificateRequest) ! { ! this.protocol.SendRecord(TlsHandshakeType.CertificateVerify); ! } ! ! // Send Cipher Spec protocol ! this.protocol.SendChangeCipherSpec(); ! // Read record until server finished is received ! while (!this.context.HandshakeFinished) ! { ! // If all goes well this will process messages: ! // Change Cipher Spec ! // Server finished ! this.protocol.ReceiveRecord(); ! } ! ! // Clear Key Info ! this.context.ClearKeyInfo(); ! } ! catch { ! throw new IOException("The authentication or decryption has failed."); } } Index: TlsContext.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/TlsContext.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** TlsContext.cs 18 Feb 2004 15:28:13 -0000 1.4 --- TlsContext.cs 20 Feb 2004 18:13:53 -0000 1.5 *************** *** 37,40 **** --- 37,49 ---- internal class TlsContext { + #region Internal Constants + + internal const short MAX_FRAGMENT_SIZE = 16384; // 2^14 + internal const short TLS1_PROTOCOL_CODE = (0x03 << 8) | 0x01; + internal const short SSL3_PROTOCOL_CODE = (0x03 << 8) | 0x00; + internal const long UNIX_BASE_TICKS = 621355968000000000; + + #endregion + #region Fields *************** *** 44,47 **** --- 53,59 ---- // Protocol version private SecurityProtocolType securityProtocol; + + // Client hello protocol code + private short clientHelloProtocol; // Sesison ID *************** *** 52,59 **** // Information sent and request by the server in the Handshake protocol ! private TlsServerSettings serverSettings; // Client configuration ! private TlsClientSettings clientSettings; // Cipher suite information --- 64,71 ---- // Information sent and request by the server in the Handshake protocol ! private TlsServerSettings serverSettings; // Client configuration ! private TlsClientSettings clientSettings; // Cipher suite information *************** *** 89,93 **** private TlsStream handshakeMessages; - // Secure Random generator private RandomNumberGenerator random; --- 101,104 ---- *************** *** 95,107 **** #endregion - #region Internal Constants - - internal const short MAX_FRAGMENT_SIZE = 16384; // 2^14 - internal const short TLS1_PROTOCOL_CODE = (0x03 << 8) | 0x01; - internal const short SSL3_PROTOCOL_CODE = (0x03 << 8) | 0x00; - internal const long UNIX_BASE_TICKS = 621355968000000000; - - #endregion - #region Properties --- 106,109 ---- *************** *** 113,132 **** public SecurityProtocolType SecurityProtocol { ! get { return this.securityProtocol; } set { this.securityProtocol = value; } } public short Protocol { get { ! switch (this.securityProtocol) { case SecurityProtocolType.Tls: case SecurityProtocolType.Default: ! return TLS1_PROTOCOL_CODE; case SecurityProtocolType.Ssl3: ! return SSL3_PROTOCOL_CODE; case SecurityProtocolType.Ssl2: --- 115,163 ---- public SecurityProtocolType SecurityProtocol { ! get ! { ! if (this.handshakeFinished) ! { ! return this.securityProtocol; ! } ! else ! { ! if ((this.securityProtocol & SecurityProtocolType.Tls) == SecurityProtocolType.Tls || ! (this.securityProtocol & SecurityProtocolType.Default) == SecurityProtocolType.Default) ! { ! return SecurityProtocolType.Tls; ! } ! else ! { ! if ((this.securityProtocol & SecurityProtocolType.Ssl3) == SecurityProtocolType.Ssl3) ! { ! return SecurityProtocolType.Ssl3; ! } ! } ! ! throw new NotSupportedException("Unsupported security protocol type"); ! } ! } ! set { this.securityProtocol = value; } } + public SecurityProtocolType SecurityProtocolFlags + { + get { return this.securityProtocol; } + } + public short Protocol { get { ! switch (this.SecurityProtocol) { case SecurityProtocolType.Tls: case SecurityProtocolType.Default: ! return TlsContext.TLS1_PROTOCOL_CODE; case SecurityProtocolType.Ssl3: ! return TlsContext.SSL3_PROTOCOL_CODE; case SecurityProtocolType.Ssl2: *************** *** 137,140 **** --- 168,177 ---- } + public short ClientHelloProtocol + { + get { return this.clientHelloProtocol; } + set { this.clientHelloProtocol = value; } + } + public byte[] SessionId { *************** *** 291,295 **** { this.sslStream = sslStream; ! this.securityProtocol = securityProtocolType; this.compressionMethod = SecurityCompressionType.None; this.serverSettings = new TlsServerSettings(); --- 328,332 ---- { this.sslStream = sslStream; ! this.SecurityProtocol = securityProtocolType; this.compressionMethod = SecurityCompressionType.None; this.serverSettings = new TlsServerSettings(); *************** *** 351,354 **** --- 388,406 ---- } + public SecurityProtocolType DecodeProtocolCode(short code) + { + switch (code) + { + case TlsContext.TLS1_PROTOCOL_CODE: + return SecurityProtocolType.Tls; + + case TlsContext.SSL3_PROTOCOL_CODE: + return SecurityProtocolType.Ssl3; + + default: + throw new NotSupportedException("Unsupported security protocol type"); + } + } + #endregion |
