[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls CipherSuite.cs,1.10,1.11 CipherSuiteFactory.cs,1.1,1.2 SslCipherSuite.cs,1.2,1.3 TlsCipherSuite.cs,1.7,1.8

[Carlos Guzm?n ?l. <car...@us...>]

Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5169

Modified Files:
	CipherSuite.cs CipherSuiteFactory.cs SslCipherSuite.cs 
	TlsCipherSuite.cs 
Log Message:
2004-03-18 Sebastien Pouliot  <seb...@xi...>

	* Mono.Security.Protocol.Tls/CipherSuite.cs:
	* Mono.Security.Protocol.Tls/CipherSuiteFactory.cs:
	* Mono.Security.Protocol.Tls/SslCipherSuite.cs:
	* Mono.Security.Protocol.Tls/TlsCipherSuite.cs:
	* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientKeyExchange.cs:

		- Added Support for exportable Cipher Suites.

Index: SslCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** SslCipherSuite.cs	16 Mar 2004 16:33:38 -0000	1.2
--- SslCipherSuite.cs	18 Mar 2004 14:06:31 -0000	1.3
***************
*** 212,230 ****
  				HashAlgorithm md5 = MD5.Create();
  
  				// Generate final write keys
! 				byte[] finalClientWriteKey	= new byte[md5.HashSize];
! 				md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, finalClientWriteKey, 0);
! 				finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
  
! 				byte[] finalServerWriteKey	= new byte[md5.HashSize];
! 				md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, finalServerWriteKey, 0);
! 				finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
  				
! 				this.Context.ClientWriteKey	= finalClientWriteKey;
! 				this.Context.ServerWriteKey	= finalServerWriteKey;
  
  				// Generate IV keys
! 				this.Context.ClientWriteIV = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
! 				this.Context.ServerWriteIV = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
  			}
  
--- 212,251 ----
  				HashAlgorithm md5 = MD5.Create();
  
+ 				int keySize = (md5.HashSize >> 3); //in bytes not bits
+ 				byte[] temp = new byte [keySize];
+ 
  				// Generate final write keys
! 				md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
! 				md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
! 				byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
! 				Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
  
! 				md5.Initialize();
! 				md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
! 				md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
! 				byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
! 				Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
  				
! 				this.Context.ClientWriteKey = finalClientWriteKey;
! 				this.Context.ServerWriteKey = finalServerWriteKey;
  
  				// Generate IV keys
! 				if (this.IvSize > 0) 
! 				{
! 					md5.Initialize();
! 					temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
! 					this.Context.ClientWriteIV = new byte[this.IvSize];
! 					Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
! 
! 					md5.Initialize();
! 					temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
! 					this.Context.ServerWriteIV = new byte[this.IvSize];
! 					Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
! 				}
! 				else 
! 				{
! 					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
! 					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
! 				}
  			}
  

Index: CipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** CipherSuite.cs	15 Mar 2004 13:18:30 -0000	1.10
--- CipherSuite.cs	18 Mar 2004 14:06:31 -0000	1.11
***************
*** 380,384 ****
  			HashAlgorithm sha1	= SHA1.Create();
  
! 			int secretLen = secret.Length / 2;
  
  			// Seed
--- 380,398 ----
  			HashAlgorithm sha1	= SHA1.Create();
  
! 			/* Secret Length calc exmplain from the RFC2246. Section 5
! 			 * 
! 			 * S1 and S2 are the two halves of the secret and each is the same
! 			 * length. S1 is taken from the first half of the secret, S2 from the
! 			 * second half. Their length is created by rounding up the length of the
! 			 * overall secret divided by two; thus, if the original secret is an odd
! 			 * number of bytes long, the last byte of S1 will be the same as the
! 			 * first byte of S2.
! 			 */
! 
! 			// split secret in 2
! 			int secretLen = secret.Length >> 1;
! 			// rounding up
! 			if ((secret.Length & 0x1) == 0x1)
! 				secretLen++;
  
  			// Seed
***************
*** 395,399 ****
  			// Secret2
  			byte[] secret2 = new byte[secretLen];
! 			Buffer.BlockCopy(secret, secretLen, secret2, 0, secretLen);
  
  			// Secret 1 processing
--- 409,413 ----
  			// Secret2
  			byte[] secret2 = new byte[secretLen];
! 			Buffer.BlockCopy(secret, (secret.Length - secretLen), secret2, 0, secretLen);
  
  			// Secret 1 processing
***************
*** 484,488 ****
  				this.encryptionAlgorithm.Mode		= this.cipherMode;
  				this.encryptionAlgorithm.Padding	= PaddingMode.None;
! 				this.encryptionAlgorithm.KeySize	= this.keyMaterialSize * 8;
  				this.encryptionAlgorithm.BlockSize	= this.blockSize * 8;
  			}
--- 498,502 ----
  				this.encryptionAlgorithm.Mode		= this.cipherMode;
  				this.encryptionAlgorithm.Padding	= PaddingMode.None;
! 				this.encryptionAlgorithm.KeySize	= this.expandedKeyMaterialSize * 8;
  				this.encryptionAlgorithm.BlockSize	= this.blockSize * 8;
  			}
***************
*** 550,554 ****
  				this.decryptionAlgorithm.Mode		= this.cipherMode;
  				this.decryptionAlgorithm.Padding	= PaddingMode.None;
! 				this.decryptionAlgorithm.KeySize	= this.keyMaterialSize * 8;
  				this.decryptionAlgorithm.BlockSize	= this.blockSize * 8;
  			}
--- 564,568 ----
  				this.decryptionAlgorithm.Mode		= this.cipherMode;
  				this.decryptionAlgorithm.Padding	= PaddingMode.None;
! 				this.decryptionAlgorithm.KeySize	= this.expandedKeyMaterialSize * 8;
  				this.decryptionAlgorithm.BlockSize	= this.blockSize * 8;
  			}

Index: CipherSuiteFactory.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** CipherSuiteFactory.cs	3 Mar 2004 16:22:36 -0000	1.1
--- CipherSuiteFactory.cs	18 Mar 2004 14:06:31 -0000	1.2
***************
*** 60,63 ****
--- 60,73 ----
  			scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
  			
+ 			// Supported exportable ciphers
+ 			scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+ 			scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+ 			scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+ 			scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ 			scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+ 			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
+ 			scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); 
+ 			scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ 			
  			// Default CipherSuite
  			// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
***************
*** 126,130 ****
  			scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
  			scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
! 			
  			// Default CipherSuite
  			// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
--- 136,150 ----
  			scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
  			scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
! 
! 			// Supported exportable ciphers
! 			scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
! 			scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
! 			scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
! 			scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
! 			scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
! 			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
! 			scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); 
! 			scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
! 
  			// Default CipherSuite
  			// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);

Index: TlsCipherSuite.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** TlsCipherSuite.cs	15 Mar 2004 13:18:30 -0000	1.7
--- TlsCipherSuite.cs	18 Mar 2004 14:06:31 -0000	1.8
***************
*** 149,167 ****
  			{
  				// Generate final write keys
! 				byte[] finalClientWriteKey	= PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.KeyMaterialSize);
! 				byte[] finalServerWriteKey	= PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.KeyMaterialSize);
  				
  				this.Context.ClientWriteKey	= finalClientWriteKey;
  				this.Context.ServerWriteKey	= finalServerWriteKey;
  
! 				// Generate IV block
! 				byte[] ivBlock = PRF(new byte[]{}, "IV block", this.Context.RandomCS, this.IvSize*2);
  
! 				// Generate IV keys
! 				this.Context.ClientWriteIV = new byte[this.IvSize];				
! 				Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
  
! 				this.Context.ServerWriteIV = new byte[this.IvSize];
! 				Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
  			}
  
--- 149,175 ----
  			{
  				// Generate final write keys
! 				byte[] finalClientWriteKey	= PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
! 				byte[] finalServerWriteKey	= PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
  				
  				this.Context.ClientWriteKey	= finalClientWriteKey;
  				this.Context.ServerWriteKey	= finalServerWriteKey;
  
! 				if (this.IvSize > 0) 
! 				{
! 					// Generate IV block
! 					byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
  
! 					// Generate IV keys
! 					this.Context.ClientWriteIV = new byte[this.IvSize];				
! 					Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
  
! 					this.Context.ServerWriteIV = new byte[this.IvSize];
! 					Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
! 				}
! 				else 
! 				{
! 					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
! 					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
! 				}
  			}