search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
disable broken tests on net_4_0
[mcs.git] / class / System.ServiceModel / Mono.Security.Protocol.Tls / SslCipherSuite.cs
blob14540520be2aa531b01fdee6be30f2fb09acf066
1 // Transport Security Layer (TLS)
2 // Copyright (c) 2003-2004 Carlos Guzman Alvarez
3 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
4 //
5 // Permission is hereby granted, free of charge, to any person obtaining
6 // a copy of this software and associated documentation files (the
7 // "Software"), to deal in the Software without restriction, including
8 // without limitation the rights to use, copy, modify, merge, publish,
9 // distribute, sublicense, and/or sell copies of the Software, and to
10 // permit persons to whom the Software is furnished to do so, subject to
11 // the following conditions:
12 //
13 // The above copyright notice and this permission notice shall be
14 // included in all copies or substantial portions of the Software.
15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 //
24
25 using System;
26 using System.IO;
27 using System.Security.Cryptography;
28 using System.Text;
29
30 namespace Mono.Security.Protocol.Tls
31 {
32 internal class SslCipherSuite : CipherSuite
33 {
34 #region Fields
35
36 private byte[] pad1;
37 private byte[] pad2;
38
39 private const int MacHeaderLength = 11;
40 private byte[] header;
41
42 #endregion
43
44 #region Constructors
45
46 public SslCipherSuite(
47 short code, string name, CipherAlgorithmType cipherAlgorithmType,
48 HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
49 bool exportable, bool blockMode, byte keyMaterialSize,
50 byte expandedKeyMaterialSize, short effectiveKeyBytes,
51 byte ivSize, byte blockSize) :
52 base(code, name, cipherAlgorithmType, hashAlgorithmType,
53 exchangeAlgorithmType, exportable, blockMode, keyMaterialSize,
54 expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
55
56 {
57 int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40;
58
59 // Fill pad arrays
60 this.pad1 = new byte[padLength];
61 this.pad2 = new byte[padLength];
62
63 /* Pad the key for inner and outer digest */
64 for (int i = 0; i < padLength; ++i)
65 {
66 this.pad1[i] = 0x36;
67 this.pad2[i] = 0x5C;
68 }
69 }
70
71 #endregion
72
73 #region MAC Generation Methods
74
75 public override byte[] ComputeServerRecordMAC(ContentType contentType, byte[] fragment)
76 {
77 HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);
78
79 byte[] smac = this.Context.Read.ServerWriteMAC;
80 hash.TransformBlock (smac, 0, smac.Length, smac, 0);
81 hash.TransformBlock (pad1, 0, pad1.Length, pad1, 0);
82
83 if (header == null)
84 header = new byte [MacHeaderLength];
85
86 ulong seqnum = (Context is ClientContext) ? Context.ReadSequenceNumber : Context.WriteSequenceNumber;
87 Write (header, 0, seqnum);
88 header [8] = (byte) contentType;
89 Write (header, 9, (short)fragment.Length);
90 hash.TransformBlock (header, 0, header.Length, header, 0);
91 hash.TransformBlock (fragment, 0, fragment.Length, fragment, 0);
92 // hack, else the method will allocate a new buffer of the same length (negative half the optimization)
93 hash.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
94
95 byte[] blockHash = hash.Hash;
96
97 hash.Initialize ();
98
99 hash.TransformBlock (smac, 0, smac.Length, smac, 0);
100 hash.TransformBlock (pad2, 0, pad2.Length, pad2, 0);
101 hash.TransformBlock (blockHash, 0, blockHash.Length, blockHash, 0);
102 // hack again
103 hash.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
104
105 return hash.Hash;
106 }
107
108 public override byte[] ComputeClientRecordMAC(ContentType contentType, byte[] fragment)
109 {
110 HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);
111
112 byte[] cmac = this.Context.Current.ClientWriteMAC;
113 hash.TransformBlock (cmac, 0, cmac.Length, cmac, 0);
114 hash.TransformBlock (pad1, 0, pad1.Length, pad1, 0);
115
116 if (header == null)
117 header = new byte [MacHeaderLength];
118
119 ulong seqnum = (Context is ClientContext) ? Context.WriteSequenceNumber : Context.ReadSequenceNumber;
120 Write (header, 0, seqnum);
121 header [8] = (byte) contentType;
122 Write (header, 9, (short)fragment.Length);
123 hash.TransformBlock (header, 0, header.Length, header, 0);
124 hash.TransformBlock (fragment, 0, fragment.Length, fragment, 0);
125 // hack, else the method will allocate a new buffer of the same length (negative half the optimization)
126 hash.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
127
128 byte[] blockHash = hash.Hash;
129
130 hash.Initialize ();
131
132 hash.TransformBlock (cmac, 0, cmac.Length, cmac, 0);
133 hash.TransformBlock (pad2, 0, pad2.Length, pad2, 0);
134 hash.TransformBlock (blockHash, 0, blockHash.Length, blockHash, 0);
135 // hack again
136 hash.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
137
138 return hash.Hash;
139 }
140
141 #endregion
142
143 #region Key Generation Methods
144
145 public override void ComputeMasterSecret(byte[] preMasterSecret)
146 {
147 TlsStream masterSecret = new TlsStream();
148
149 masterSecret.Write(this.prf(preMasterSecret, "A", this.Context.RandomCS));
150 masterSecret.Write(this.prf(preMasterSecret, "BB", this.Context.RandomCS));
151 masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));
152
153 this.Context.MasterSecret = masterSecret.ToArray();
154
155 DebugHelper.WriteLine(">>>> MasterSecret", this.Context.MasterSecret);
156 }
157
158 public override void ComputeKeys()
159 {
160 // Compute KeyBlock
161 TlsStream tmp = new TlsStream();
162
163 char labelChar = 'A';
164 int count = 1;
165
166 while (tmp.Length < this.KeyBlockSize)
167 {
168 string label = String.Empty;
169
170 for (int i = 0; i < count; i++)
171 {
172 label += labelChar.ToString();
173 }
174
175 byte[] block = this.prf(this.Context.MasterSecret, label.ToString(), this.Context.RandomSC);
176
177 int size = (tmp.Length + block.Length) > this.KeyBlockSize ? (this.KeyBlockSize - (int)tmp.Length) : block.Length;
178
179 tmp.Write(block, 0, size);
180
181 labelChar++;
182 count++;
183 }
184
185 // Create keyblock
186 TlsStream keyBlock = new TlsStream(tmp.ToArray());
187
188 this.Context.Negotiating.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);
189 this.Context.Negotiating.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);
190 this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
191 this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
192
193 if (!this.IsExportable)
194 {
195 if (this.IvSize != 0)
196 {
197 this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
198 this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
199 }
200 else
201 {
202 this.Context.ClientWriteIV = CipherSuite.EmptyArray;
203 this.Context.ServerWriteIV = CipherSuite.EmptyArray;
204 }
205 }
206 else
207 {
208 HashAlgorithm md5 = MD5.Create();
209
210 int keySize = (md5.HashSize >> 3); //in bytes not bits
211 byte[] temp = new byte [keySize];
212
213 // Generate final write keys
214 md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
215 md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
216 byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
217 Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
218
219 md5.Initialize();
220 md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
221 md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
222 byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
223 Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
224
225 this.Context.ClientWriteKey = finalClientWriteKey;
226 this.Context.ServerWriteKey = finalServerWriteKey;
227
228 // Generate IV keys
229 if (this.IvSize > 0)
230 {
231 md5.Initialize();
232 temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
233 this.Context.ClientWriteIV = new byte[this.IvSize];
234 Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
235
236 md5.Initialize();
237 temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
238 this.Context.ServerWriteIV = new byte[this.IvSize];
239 Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
240 }
241 else
242 {
243 this.Context.ClientWriteIV = CipherSuite.EmptyArray;
244 this.Context.ServerWriteIV = CipherSuite.EmptyArray;
245 }
246 }
247
248 DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
249 DebugHelper.WriteLine(">>>> ClientWriteKey", this.Context.ClientWriteKey);
250 DebugHelper.WriteLine(">>>> ClientWriteIV", this.Context.ClientWriteIV);
251 DebugHelper.WriteLine(">>>> ClientWriteMAC", this.Context.Negotiating.ClientWriteMAC);
252 DebugHelper.WriteLine(">>>> ServerWriteKey", this.Context.ServerWriteKey);
253 DebugHelper.WriteLine(">>>> ServerWriteIV", this.Context.ServerWriteIV);
254 DebugHelper.WriteLine(">>>> ServerWriteMAC", this.Context.Negotiating.ServerWriteMAC);
255
256 ClientSessionCache.SetContextInCache (this.Context);
257 // Clear no more needed data
258 keyBlock.Reset();
259 tmp.Reset();
260 }
261
262 #endregion
263
264 #region Private Methods
265
266 private byte[] prf(byte[] secret, string label, byte[] random)
267 {
268 HashAlgorithm md5 = MD5.Create();
269 HashAlgorithm sha = SHA1.Create();
270
271 // Compute SHA hash
272 TlsStream block = new TlsStream();
273 block.Write(Encoding.ASCII.GetBytes(label));
274 block.Write(secret);
275 block.Write(random);
276
277 byte[] shaHash = sha.ComputeHash(block.ToArray(), 0, (int)block.Length);
278
279 block.Reset();
280
281 // Compute MD5 hash
282 block.Write(secret);
283 block.Write(shaHash);
284
285 byte[] result = md5.ComputeHash(block.ToArray(), 0, (int)block.Length);
286
287 // Free resources
288 block.Reset();
289
290 return result;
291 }
292
293 #endregion
294 }
295 }
git-svn mirror of mcs