diff options
author | Adam Frisby | 2007-07-11 08:02:47 +0000 |
---|---|---|
committer | Adam Frisby | 2007-07-11 08:02:47 +0000 |
commit | 5c7ffdde0b9642a42e8f5987e06eb01220ff7776 (patch) | |
tree | 4b825dc642cb6eb9a060e54bf8d69288fbee4904 /Common/OpenSim.Framework/Remoting.cs | |
parent | Who would have known that the only way of specifying utf-8 without preamble, ... (diff) | |
download | opensim-SC_OLD-5c7ffdde0b9642a42e8f5987e06eb01220ff7776.zip opensim-SC_OLD-5c7ffdde0b9642a42e8f5987e06eb01220ff7776.tar.gz opensim-SC_OLD-5c7ffdde0b9642a42e8f5987e06eb01220ff7776.tar.bz2 opensim-SC_OLD-5c7ffdde0b9642a42e8f5987e06eb01220ff7776.tar.xz |
* Wiping trunk in prep for Sugilite
Diffstat (limited to 'Common/OpenSim.Framework/Remoting.cs')
-rw-r--r-- | Common/OpenSim.Framework/Remoting.cs | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/Common/OpenSim.Framework/Remoting.cs b/Common/OpenSim.Framework/Remoting.cs deleted file mode 100644 index 660cdde..0000000 --- a/Common/OpenSim.Framework/Remoting.cs +++ /dev/null | |||
@@ -1,137 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://www.openmetaverse.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | * | ||
27 | */ | ||
28 | |||
29 | using System; | ||
30 | using System.Collections.Generic; | ||
31 | using System.Text; | ||
32 | using System.Security.Cryptography; | ||
33 | |||
34 | namespace OpenSim.Framework | ||
35 | { | ||
36 | /// <summary> | ||
37 | /// NEEDS AUDIT. | ||
38 | /// </summary> | ||
39 | /// <remarks> | ||
40 | /// Suggested implementation | ||
41 | /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> | ||
42 | /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> | ||
43 | /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> | ||
44 | /// <para>Both hosts should be performing these operations for this to be effective.</para> | ||
45 | /// </remarks> | ||
46 | class RemoteDigest | ||
47 | { | ||
48 | private byte[] currentHash; | ||
49 | private byte[] secret; | ||
50 | |||
51 | private SHA512Managed SHA512; | ||
52 | |||
53 | /// <summary> | ||
54 | /// Initialises a new RemoteDigest authentication mechanism | ||
55 | /// </summary> | ||
56 | /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> | ||
57 | /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> | ||
58 | /// <param name="salt">Binary salt - some common value - to be decided what</param> | ||
59 | /// <param name="challenge">The challenge key provided by the third party</param> | ||
60 | public RemoteDigest(string sharedSecret, byte[] salt, string challenge) | ||
61 | { | ||
62 | SHA512 = new SHA512Managed(); | ||
63 | Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); | ||
64 | secret = RFC2898.GetBytes(512); | ||
65 | ASCIIEncoding ASCII = new ASCIIEncoding(); | ||
66 | |||
67 | currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); | ||
68 | } | ||
69 | |||
70 | /// <summary> | ||
71 | /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. | ||
72 | /// </summary> | ||
73 | /// <param name="data">The incoming data</param> | ||
74 | /// <param name="digest">The remote digest</param> | ||
75 | /// <returns></returns> | ||
76 | public bool Authenticate(byte[] data, byte[] digest) | ||
77 | { | ||
78 | byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
79 | if (digest == newHash) | ||
80 | { | ||
81 | currentHash = newHash; | ||
82 | return true; | ||
83 | } | ||
84 | else | ||
85 | { | ||
86 | throw new Exception("Hash comparison failed. Key resync required."); | ||
87 | } | ||
88 | } | ||
89 | |||
90 | /// <summary> | ||
91 | /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. | ||
92 | /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the | ||
93 | /// hashes will get out of sync and throw an exception when validation is attempted. | ||
94 | /// </summary> | ||
95 | /// <param name="data">The outgoing data</param> | ||
96 | /// <returns>The local digest</returns> | ||
97 | public byte[] Sign(byte[] data) | ||
98 | { | ||
99 | currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
100 | return currentHash; | ||
101 | } | ||
102 | |||
103 | /// <summary> | ||
104 | /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator. | ||
105 | /// </summary> | ||
106 | /// <returns>A 128-character hexadecimal string containing the challenge.</returns> | ||
107 | public static string GenerateChallenge() | ||
108 | { | ||
109 | RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider(); | ||
110 | byte[] bytes = new byte[64]; | ||
111 | RNG.GetBytes(bytes); | ||
112 | |||
113 | StringBuilder sb = new StringBuilder(bytes.Length * 2); | ||
114 | foreach (byte b in bytes) | ||
115 | { | ||
116 | sb.AppendFormat("{0:x2}", b); | ||
117 | } | ||
118 | return sb.ToString(); | ||
119 | } | ||
120 | |||
121 | /// <summary> | ||
122 | /// Helper function, merges two byte arrays | ||
123 | /// </summary> | ||
124 | /// <remarks>Sourced from MSDN Forum</remarks> | ||
125 | /// <param name="a">A</param> | ||
126 | /// <param name="b">B</param> | ||
127 | /// <returns>C</returns> | ||
128 | private byte[] AppendArrays(byte[] a, byte[] b) | ||
129 | { | ||
130 | byte[] c = new byte[a.Length + b.Length]; | ||
131 | Buffer.BlockCopy(a, 0, c, 0, a.Length); | ||
132 | Buffer.BlockCopy(b, 0, c, a.Length, b.Length); | ||
133 | return c; | ||
134 | } | ||
135 | |||
136 | } | ||
137 | } | ||