aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/General/Remoting.cs
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Framework/General/Remoting.cs')
-rw-r--r--OpenSim/Framework/General/Remoting.cs270
1 files changed, 135 insertions, 135 deletions
diff --git a/OpenSim/Framework/General/Remoting.cs b/OpenSim/Framework/General/Remoting.cs
index df32db2..0e94b90 100644
--- a/OpenSim/Framework/General/Remoting.cs
+++ b/OpenSim/Framework/General/Remoting.cs
@@ -1,135 +1,135 @@
1/* 1/*
2* Copyright (c) Contributors, http://www.openmetaverse.org/ 2* Copyright (c) Contributors, http://www.openmetaverse.org/
3* See CONTRIBUTORS.TXT for a full list of copyright holders. 3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4* 4*
5* Redistribution and use in source and binary forms, with or without 5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions are met: 6* modification, are permitted provided that the following conditions are met:
7* * Redistributions of source code must retain the above copyright 7* * Redistributions of source code must retain the above copyright
8* notice, this list of conditions and the following disclaimer. 8* notice, this list of conditions and the following disclaimer.
9* * Redistributions in binary form must reproduce the above copyright 9* * Redistributions in binary form must reproduce the above copyright
10* notice, this list of conditions and the following disclaimer in the 10* notice, this list of conditions and the following disclaimer in the
11* documentation and/or other materials provided with the distribution. 11* documentation and/or other materials provided with the distribution.
12* * Neither the name of the OpenSim Project nor the 12* * Neither the name of the OpenSim Project nor the
13* names of its contributors may be used to endorse or promote products 13* names of its contributors may be used to endorse or promote products
14* derived from this software without specific prior written permission. 14* derived from this software without specific prior written permission.
15* 15*
16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY 16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY
17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY 19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26* 26*
27*/ 27*/
28using System; 28using System;
29using System.Security.Cryptography; 29using System.Security.Cryptography;
30using System.Text; 30using System.Text;
31 31
32namespace OpenSim.Framework 32namespace OpenSim.Framework
33{ 33{
34 /// <summary> 34 /// <summary>
35 /// NEEDS AUDIT. 35 /// NEEDS AUDIT.
36 /// </summary> 36 /// </summary>
37 /// <remarks> 37 /// <remarks>
38 /// Suggested implementation 38 /// Suggested implementation
39 /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> 39 /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para>
40 /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> 40 /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para>
41 /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> 41 /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para>
42 /// <para>Both hosts should be performing these operations for this to be effective.</para> 42 /// <para>Both hosts should be performing these operations for this to be effective.</para>
43 /// </remarks> 43 /// </remarks>
44 class RemoteDigest 44 class RemoteDigest
45 { 45 {
46 private byte[] currentHash; 46 private byte[] currentHash;
47 private byte[] secret; 47 private byte[] secret;
48 48
49 private SHA512Managed SHA512; 49 private SHA512Managed SHA512;
50 50
51 /// <summary> 51 /// <summary>
52 /// Initialises a new RemoteDigest authentication mechanism 52 /// Initialises a new RemoteDigest authentication mechanism
53 /// </summary> 53 /// </summary>
54 /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> 54 /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks>
55 /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> 55 /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param>
56 /// <param name="salt">Binary salt - some common value - to be decided what</param> 56 /// <param name="salt">Binary salt - some common value - to be decided what</param>
57 /// <param name="challenge">The challenge key provided by the third party</param> 57 /// <param name="challenge">The challenge key provided by the third party</param>
58 public RemoteDigest(string sharedSecret, byte[] salt, string challenge) 58 public RemoteDigest(string sharedSecret, byte[] salt, string challenge)
59 { 59 {
60 SHA512 = new SHA512Managed(); 60 SHA512 = new SHA512Managed();
61 Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); 61 Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt);
62 secret = RFC2898.GetBytes(512); 62 secret = RFC2898.GetBytes(512);
63 ASCIIEncoding ASCII = new ASCIIEncoding(); 63 ASCIIEncoding ASCII = new ASCIIEncoding();
64 64
65 currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); 65 currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge)));
66 } 66 }
67 67
68 /// <summary> 68 /// <summary>
69 /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. 69 /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented.
70 /// </summary> 70 /// </summary>
71 /// <param name="data">The incoming data</param> 71 /// <param name="data">The incoming data</param>
72 /// <param name="digest">The remote digest</param> 72 /// <param name="digest">The remote digest</param>
73 /// <returns></returns> 73 /// <returns></returns>
74 public bool Authenticate(byte[] data, byte[] digest) 74 public bool Authenticate(byte[] data, byte[] digest)
75 { 75 {
76 byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); 76 byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
77 if (digest == newHash) 77 if (digest == newHash)
78 { 78 {
79 currentHash = newHash; 79 currentHash = newHash;
80 return true; 80 return true;
81 } 81 }
82 else 82 else
83 { 83 {
84 throw new Exception("Hash comparison failed. Key resync required."); 84 throw new Exception("Hash comparison failed. Key resync required.");
85 } 85 }
86 } 86 }
87 87
88 /// <summary> 88 /// <summary>
89 /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. 89 /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message.
90 /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the 90 /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the
91 /// hashes will get out of sync and throw an exception when validation is attempted. 91 /// hashes will get out of sync and throw an exception when validation is attempted.
92 /// </summary> 92 /// </summary>
93 /// <param name="data">The outgoing data</param> 93 /// <param name="data">The outgoing data</param>
94 /// <returns>The local digest</returns> 94 /// <returns>The local digest</returns>
95 public byte[] Sign(byte[] data) 95 public byte[] Sign(byte[] data)
96 { 96 {
97 currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); 97 currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
98 return currentHash; 98 return currentHash;
99 } 99 }
100 100
101 /// <summary> 101 /// <summary>
102 /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator. 102 /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator.
103 /// </summary> 103 /// </summary>
104 /// <returns>A 128-character hexadecimal string containing the challenge.</returns> 104 /// <returns>A 128-character hexadecimal string containing the challenge.</returns>
105 public static string GenerateChallenge() 105 public static string GenerateChallenge()
106 { 106 {
107 RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider(); 107 RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider();
108 byte[] bytes = new byte[64]; 108 byte[] bytes = new byte[64];
109 RNG.GetBytes(bytes); 109 RNG.GetBytes(bytes);
110 110
111 StringBuilder sb = new StringBuilder(bytes.Length * 2); 111 StringBuilder sb = new StringBuilder(bytes.Length * 2);
112 foreach (byte b in bytes) 112 foreach (byte b in bytes)
113 { 113 {
114 sb.AppendFormat("{0:x2}", b); 114 sb.AppendFormat("{0:x2}", b);
115 } 115 }
116 return sb.ToString(); 116 return sb.ToString();
117 } 117 }
118 118
119 /// <summary> 119 /// <summary>
120 /// Helper function, merges two byte arrays 120 /// Helper function, merges two byte arrays
121 /// </summary> 121 /// </summary>
122 /// <remarks>Sourced from MSDN Forum</remarks> 122 /// <remarks>Sourced from MSDN Forum</remarks>
123 /// <param name="a">A</param> 123 /// <param name="a">A</param>
124 /// <param name="b">B</param> 124 /// <param name="b">B</param>
125 /// <returns>C</returns> 125 /// <returns>C</returns>
126 private byte[] AppendArrays(byte[] a, byte[] b) 126 private byte[] AppendArrays(byte[] a, byte[] b)
127 { 127 {
128 byte[] c = new byte[a.Length + b.Length]; 128 byte[] c = new byte[a.Length + b.Length];
129 Buffer.BlockCopy(a, 0, c, 0, a.Length); 129 Buffer.BlockCopy(a, 0, c, 0, a.Length);
130 Buffer.BlockCopy(b, 0, c, a.Length, b.Length); 130 Buffer.BlockCopy(b, 0, c, a.Length, b.Length);
131 return c; 131 return c;
132 } 132 }
133 133
134 } 134 }
135} 135}