[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls CipherS
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls CipherSuite.cs,1.10,1.11 CipherSuiteFactory.cs,1.1,1.2 SslCipherSuite.cs,1.2,1.3 TlsCipherSuite.cs,1.7,1.8
|
From: Carlos Guzm?n ?l. <car...@us...> - 2004-03-18 14:16:13
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5169 Modified Files: CipherSuite.cs CipherSuiteFactory.cs SslCipherSuite.cs TlsCipherSuite.cs Log Message: 2004-03-18 Sebastien Pouliot <seb...@xi...> * Mono.Security.Protocol.Tls/CipherSuite.cs: * Mono.Security.Protocol.Tls/CipherSuiteFactory.cs: * Mono.Security.Protocol.Tls/SslCipherSuite.cs: * Mono.Security.Protocol.Tls/TlsCipherSuite.cs: * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientKeyExchange.cs: - Added Support for exportable Cipher Suites. Index: SslCipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** SslCipherSuite.cs 16 Mar 2004 16:33:38 -0000 1.2 --- SslCipherSuite.cs 18 Mar 2004 14:06:31 -0000 1.3 *************** *** 212,230 **** HashAlgorithm md5 = MD5.Create(); // Generate final write keys ! byte[] finalClientWriteKey = new byte[md5.HashSize]; ! md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, finalClientWriteKey, 0); ! finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length); ! byte[] finalServerWriteKey = new byte[md5.HashSize]; ! md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, finalServerWriteKey, 0); ! finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length); ! this.Context.ClientWriteKey = finalClientWriteKey; ! this.Context.ServerWriteKey = finalServerWriteKey; // Generate IV keys ! this.Context.ClientWriteIV = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length); ! this.Context.ServerWriteIV = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length); } --- 212,251 ---- HashAlgorithm md5 = MD5.Create(); + int keySize = (md5.HashSize >> 3); //in bytes not bits + byte[] temp = new byte [keySize]; + // Generate final write keys ! md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0); ! md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length); ! byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize]; ! Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize); ! md5.Initialize(); ! md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0); ! md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length); ! byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize]; ! Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize); ! this.Context.ClientWriteKey = finalClientWriteKey; ! this.Context.ServerWriteKey = finalServerWriteKey; // Generate IV keys ! if (this.IvSize > 0) ! { ! md5.Initialize(); ! temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length); ! this.Context.ClientWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize); ! ! md5.Initialize(); ! temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length); ! this.Context.ServerWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize); ! } ! else ! { ! this.Context.ClientWriteIV = CipherSuite.EmptyArray; ! this.Context.ServerWriteIV = CipherSuite.EmptyArray; ! } } Index: CipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** CipherSuite.cs 15 Mar 2004 13:18:30 -0000 1.10 --- CipherSuite.cs 18 Mar 2004 14:06:31 -0000 1.11 *************** *** 380,384 **** HashAlgorithm sha1 = SHA1.Create(); ! int secretLen = secret.Length / 2; // Seed --- 380,398 ---- HashAlgorithm sha1 = SHA1.Create(); ! /* Secret Length calc exmplain from the RFC2246. Section 5 ! * ! * S1 and S2 are the two halves of the secret and each is the same ! * length. S1 is taken from the first half of the secret, S2 from the ! * second half. Their length is created by rounding up the length of the ! * overall secret divided by two; thus, if the original secret is an odd ! * number of bytes long, the last byte of S1 will be the same as the ! * first byte of S2. ! */ ! ! // split secret in 2 ! int secretLen = secret.Length >> 1; ! // rounding up ! if ((secret.Length & 0x1) == 0x1) ! secretLen++; // Seed *************** *** 395,399 **** // Secret2 byte[] secret2 = new byte[secretLen]; ! Buffer.BlockCopy(secret, secretLen, secret2, 0, secretLen); // Secret 1 processing --- 409,413 ---- // Secret2 byte[] secret2 = new byte[secretLen]; ! Buffer.BlockCopy(secret, (secret.Length - secretLen), secret2, 0, secretLen); // Secret 1 processing *************** *** 484,488 **** this.encryptionAlgorithm.Mode = this.cipherMode; this.encryptionAlgorithm.Padding = PaddingMode.None; ! this.encryptionAlgorithm.KeySize = this.keyMaterialSize * 8; this.encryptionAlgorithm.BlockSize = this.blockSize * 8; } --- 498,502 ---- this.encryptionAlgorithm.Mode = this.cipherMode; this.encryptionAlgorithm.Padding = PaddingMode.None; ! this.encryptionAlgorithm.KeySize = this.expandedKeyMaterialSize * 8; this.encryptionAlgorithm.BlockSize = this.blockSize * 8; } *************** *** 550,554 **** this.decryptionAlgorithm.Mode = this.cipherMode; this.decryptionAlgorithm.Padding = PaddingMode.None; ! this.decryptionAlgorithm.KeySize = this.keyMaterialSize * 8; this.decryptionAlgorithm.BlockSize = this.blockSize * 8; } --- 564,568 ---- this.decryptionAlgorithm.Mode = this.cipherMode; this.decryptionAlgorithm.Padding = PaddingMode.None; ! this.decryptionAlgorithm.KeySize = this.expandedKeyMaterialSize * 8; this.decryptionAlgorithm.BlockSize = this.blockSize * 8; } Index: CipherSuiteFactory.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** CipherSuiteFactory.cs 3 Mar 2004 16:22:36 -0000 1.1 --- CipherSuiteFactory.cs 18 Mar 2004 14:06:31 -0000 1.2 *************** *** 60,63 **** --- 60,73 ---- scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); + // Supported exportable ciphers + scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); + scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); + scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); + scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); + scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); + // 56 bits but we use 64 bits because of parity (DES is really 56 bits) + scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); + scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); + // Default CipherSuite // scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); *************** *** 126,130 **** scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); ! // Default CipherSuite // scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0); --- 136,150 ---- scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); ! ! // Supported exportable ciphers ! scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); ! scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); ! scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); ! scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); ! scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); ! // 56 bits but we use 64 bits because of parity (DES is really 56 bits) ! scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); ! scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); ! // Default CipherSuite // scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0); Index: TlsCipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** TlsCipherSuite.cs 15 Mar 2004 13:18:30 -0000 1.7 --- TlsCipherSuite.cs 18 Mar 2004 14:06:31 -0000 1.8 *************** *** 149,167 **** { // Generate final write keys ! byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.KeyMaterialSize); ! byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.KeyMaterialSize); this.Context.ClientWriteKey = finalClientWriteKey; this.Context.ServerWriteKey = finalServerWriteKey; ! // Generate IV block ! byte[] ivBlock = PRF(new byte[]{}, "IV block", this.Context.RandomCS, this.IvSize*2); ! // Generate IV keys ! this.Context.ClientWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length); ! this.Context.ServerWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length); } --- 149,175 ---- { // Generate final write keys ! byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize); ! byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize); this.Context.ClientWriteKey = finalClientWriteKey; this.Context.ServerWriteKey = finalServerWriteKey; ! if (this.IvSize > 0) ! { ! // Generate IV block ! byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2); ! // Generate IV keys ! this.Context.ClientWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length); ! this.Context.ServerWriteIV = new byte[this.IvSize]; ! Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length); ! } ! else ! { ! this.Context.ClientWriteIV = CipherSuite.EmptyArray; ! this.Context.ServerWriteIV = CipherSuite.EmptyArray; ! } } |
