aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/General/Remoting.cs
diff options
context:
space:
mode:
authorMW2007-06-27 15:28:52 +0000
committerMW2007-06-27 15:28:52 +0000
commit646bbbc84b8010e0dacbeed5342cdb045f46cc49 (patch)
tree770b34d19855363c3c113ab9a0af9a56d821d887 /OpenSim/Framework/General/Remoting.cs
downloadopensim-SC_OLD-646bbbc84b8010e0dacbeed5342cdb045f46cc49.zip
opensim-SC_OLD-646bbbc84b8010e0dacbeed5342cdb045f46cc49.tar.gz
opensim-SC_OLD-646bbbc84b8010e0dacbeed5342cdb045f46cc49.tar.bz2
opensim-SC_OLD-646bbbc84b8010e0dacbeed5342cdb045f46cc49.tar.xz
Some work on restructuring the namespaces / project names. Note this doesn't compile yet as not all the code has been changed to use the new namespaces. Am committing it now for feedback on the namespaces.
Diffstat (limited to 'OpenSim/Framework/General/Remoting.cs')
-rw-r--r--OpenSim/Framework/General/Remoting.cs136
1 files changed, 136 insertions, 0 deletions
diff --git a/OpenSim/Framework/General/Remoting.cs b/OpenSim/Framework/General/Remoting.cs
new file mode 100644
index 0000000..e6fdf70
--- /dev/null
+++ b/OpenSim/Framework/General/Remoting.cs
@@ -0,0 +1,136 @@
1/*
2* Copyright (c) Contributors, http://www.openmetaverse.org/
3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4*
5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions are met:
7* * Redistributions of source code must retain the above copyright
8* notice, this list of conditions and the following disclaimer.
9* * Redistributions in binary form must reproduce the above copyright
10* notice, this list of conditions and the following disclaimer in the
11* documentation and/or other materials provided with the distribution.
12* * Neither the name of the OpenSim Project nor the
13* names of its contributors may be used to endorse or promote products
14* derived from this software without specific prior written permission.
15*
16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY
17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*
27*/
28using System;
29using System.Collections.Generic;
30using System.Text;
31using System.Security.Cryptography;
32
33namespace OpenSim.Framework
34{
35 /// <summary>
36 /// NEEDS AUDIT.
37 /// </summary>
38 /// <remarks>
39 /// Suggested implementation
40 /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para>
41 /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para>
42 /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para>
43 /// <para>Both hosts should be performing these operations for this to be effective.</para>
44 /// </remarks>
45 class RemoteDigest
46 {
47 private byte[] currentHash;
48 private byte[] secret;
49
50 private SHA512Managed SHA512;
51
52 /// <summary>
53 /// Initialises a new RemoteDigest authentication mechanism
54 /// </summary>
55 /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks>
56 /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param>
57 /// <param name="salt">Binary salt - some common value - to be decided what</param>
58 /// <param name="challenge">The challenge key provided by the third party</param>
59 public RemoteDigest(string sharedSecret, byte[] salt, string challenge)
60 {
61 SHA512 = new SHA512Managed();
62 Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt);
63 secret = RFC2898.GetBytes(512);
64 ASCIIEncoding ASCII = new ASCIIEncoding();
65
66 currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge)));
67 }
68
69 /// <summary>
70 /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented.
71 /// </summary>
72 /// <param name="data">The incoming data</param>
73 /// <param name="digest">The remote digest</param>
74 /// <returns></returns>
75 public bool Authenticate(byte[] data, byte[] digest)
76 {
77 byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
78 if (digest == newHash)
79 {
80 currentHash = newHash;
81 return true;
82 }
83 else
84 {
85 throw new Exception("Hash comparison failed. Key resync required.");
86 }
87 }
88
89 /// <summary>
90 /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message.
91 /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the
92 /// hashes will get out of sync and throw an exception when validation is attempted.
93 /// </summary>
94 /// <param name="data">The outgoing data</param>
95 /// <returns>The local digest</returns>
96 public byte[] Sign(byte[] data)
97 {
98 currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
99 return currentHash;
100 }
101
102 /// <summary>
103 /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator.
104 /// </summary>
105 /// <returns>A 128-character hexadecimal string containing the challenge.</returns>
106 public static string GenerateChallenge()
107 {
108 RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider();
109 byte[] bytes = new byte[64];
110 RNG.GetBytes(bytes);
111
112 StringBuilder sb = new StringBuilder(bytes.Length * 2);
113 foreach (byte b in bytes)
114 {
115 sb.AppendFormat("{0:x2}", b);
116 }
117 return sb.ToString();
118 }
119
120 /// <summary>
121 /// Helper function, merges two byte arrays
122 /// </summary>
123 /// <remarks>Sourced from MSDN Forum</remarks>
124 /// <param name="a">A</param>
125 /// <param name="b">B</param>
126 /// <returns>C</returns>
127 private byte[] AppendArrays(byte[] a, byte[] b)
128 {
129 byte[] c = new byte[a.Length + b.Length];
130 Buffer.BlockCopy(a, 0, c, 0, a.Length);
131 Buffer.BlockCopy(b, 0, c, a.Length, b.Length);
132 return c;
133 }
134
135 }
136}