diff options
author | Adam Frisby | 2007-04-27 01:48:52 +0000 |
---|---|---|
committer | Adam Frisby | 2007-04-27 01:48:52 +0000 |
commit | 379552b0f92e86f5fd39a4c166b90e73901f1260 (patch) | |
tree | 04a05db71676390f38329ae9fc6c376c935e3c31 | |
parent | added just what opensim needs...yet another command line option: -noverbose .... (diff) | |
download | opensim-SC-379552b0f92e86f5fd39a4c166b90e73901f1260.zip opensim-SC-379552b0f92e86f5fd39a4c166b90e73901f1260.tar.gz opensim-SC-379552b0f92e86f5fd39a4c166b90e73901f1260.tar.bz2 opensim-SC-379552b0f92e86f5fd39a4c166b90e73901f1260.tar.xz |
Cryptographic framework for authenticating and verifying remoting messages. Must be implemented as per the suggested implementation in the comments. Buyer beware - this code has not been peer reviewed by an expert cryptologist and needs to be done so before this security is relied upon for important transactions.
Diffstat (limited to '')
-rw-r--r-- | OpenSim.Framework/Remoting.cs | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/OpenSim.Framework/Remoting.cs b/OpenSim.Framework/Remoting.cs new file mode 100644 index 0000000..88f5598 --- /dev/null +++ b/OpenSim.Framework/Remoting.cs | |||
@@ -0,0 +1,90 @@ | |||
1 | using System; | ||
2 | using System.Collections.Generic; | ||
3 | using System.Text; | ||
4 | using System.Security.Cryptography; | ||
5 | |||
6 | namespace OpenSim.Framework | ||
7 | { | ||
8 | /// <summary> | ||
9 | /// NEEDS AUDIT. | ||
10 | /// </summary> | ||
11 | /// <remarks> | ||
12 | /// Suggested implementation | ||
13 | /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> | ||
14 | /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> | ||
15 | /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> | ||
16 | /// <para>Both hosts should be performing these operations for this to be effective.</para> | ||
17 | /// </remarks> | ||
18 | class RemoteDigest | ||
19 | { | ||
20 | private byte[] currentHash; | ||
21 | private byte[] secret; | ||
22 | |||
23 | private SHA512Managed SHA512; | ||
24 | |||
25 | /// <summary> | ||
26 | /// Initialises a new RemoteDigest authentication mechanism | ||
27 | /// </summary> | ||
28 | /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> | ||
29 | /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> | ||
30 | /// <param name="salt">Binary salt - some common value - to be decided what</param> | ||
31 | /// <param name="challenge">The challenge key provided by the third party</param> | ||
32 | public RemoteDigest(string sharedSecret, byte[] salt, string challenge) | ||
33 | { | ||
34 | SHA512 = new SHA512Managed(); | ||
35 | Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); | ||
36 | secret = RFC2898.GetBytes(512); | ||
37 | ASCIIEncoding ASCII = new ASCIIEncoding(); | ||
38 | |||
39 | currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); | ||
40 | } | ||
41 | |||
42 | /// <summary> | ||
43 | /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. | ||
44 | /// </summary> | ||
45 | /// <param name="data">The incoming data</param> | ||
46 | /// <param name="digest">The remote digest</param> | ||
47 | /// <returns></returns> | ||
48 | public bool Authenticate(byte[] data, byte[] digest) | ||
49 | { | ||
50 | byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
51 | if (digest == newHash) | ||
52 | { | ||
53 | currentHash = newHash; | ||
54 | return true; | ||
55 | } | ||
56 | else | ||
57 | { | ||
58 | throw new Exception("Hash comparison failed. Key resync required."); | ||
59 | } | ||
60 | } | ||
61 | |||
62 | /// <summary> | ||
63 | /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. | ||
64 | /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the | ||
65 | /// hashes will get out of sync and throw an exception when validation is attempted. | ||
66 | /// </summary> | ||
67 | /// <param name="data">The outgoing data</param> | ||
68 | /// <returns>The local digest</returns> | ||
69 | public byte[] Sign(byte[] data) | ||
70 | { | ||
71 | currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
72 | return currentHash; | ||
73 | } | ||
74 | |||
75 | /// <summary> | ||
76 | /// Helper function, merges two byte arrays | ||
77 | /// </summary> | ||
78 | /// <param name="a">A</param> | ||
79 | /// <param name="b">B</param> | ||
80 | /// <returns>C</returns> | ||
81 | private byte[] AppendArrays(byte[] a, byte[] b) | ||
82 | { | ||
83 | byte[] c = new byte[a.Length + b.Length]; | ||
84 | Buffer.BlockCopy(a, 0, c, 0, a.Length); | ||
85 | Buffer.BlockCopy(b, 0, c, a.Length, b.Length); | ||
86 | return c; | ||
87 | } | ||
88 | |||
89 | } | ||
90 | } | ||