diff options
author | Sean Dague | 2007-07-16 15:40:11 +0000 |
---|---|---|
committer | Sean Dague | 2007-07-16 15:40:11 +0000 |
commit | 2a3c79df83e800d5dfe75a1a3b140ed81da2b1d6 (patch) | |
tree | e3f80ad51736cf17e856547b1bcf956010927434 /OpenSim/Framework/General/Remoting.cs | |
parent | *Trunk compiles now (diff) | |
download | opensim-SC_OLD-2a3c79df83e800d5dfe75a1a3b140ed81da2b1d6.zip opensim-SC_OLD-2a3c79df83e800d5dfe75a1a3b140ed81da2b1d6.tar.gz opensim-SC_OLD-2a3c79df83e800d5dfe75a1a3b140ed81da2b1d6.tar.bz2 opensim-SC_OLD-2a3c79df83e800d5dfe75a1a3b140ed81da2b1d6.tar.xz |
changed to native line ending encoding
Diffstat (limited to 'OpenSim/Framework/General/Remoting.cs')
-rw-r--r-- | OpenSim/Framework/General/Remoting.cs | 270 |
1 files changed, 135 insertions, 135 deletions
diff --git a/OpenSim/Framework/General/Remoting.cs b/OpenSim/Framework/General/Remoting.cs index df32db2..0e94b90 100644 --- a/OpenSim/Framework/General/Remoting.cs +++ b/OpenSim/Framework/General/Remoting.cs | |||
@@ -1,135 +1,135 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) Contributors, http://www.openmetaverse.org/ | 2 | * Copyright (c) Contributors, http://www.openmetaverse.org/ |
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions are met: | 6 | * modification, are permitted provided that the following conditions are met: |
7 | * * Redistributions of source code must retain the above copyright | 7 | * * Redistributions of source code must retain the above copyright |
8 | * notice, this list of conditions and the following disclaimer. | 8 | * notice, this list of conditions and the following disclaimer. |
9 | * * Redistributions in binary form must reproduce the above copyright | 9 | * * Redistributions in binary form must reproduce the above copyright |
10 | * notice, this list of conditions and the following disclaimer in the | 10 | * notice, this list of conditions and the following disclaimer in the |
11 | * documentation and/or other materials provided with the distribution. | 11 | * documentation and/or other materials provided with the distribution. |
12 | * * Neither the name of the OpenSim Project nor the | 12 | * * Neither the name of the OpenSim Project nor the |
13 | * names of its contributors may be used to endorse or promote products | 13 | * names of its contributors may be used to endorse or promote products |
14 | * derived from this software without specific prior written permission. | 14 | * derived from this software without specific prior written permission. |
15 | * | 15 | * |
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY |
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | using System; | 28 | using System; |
29 | using System.Security.Cryptography; | 29 | using System.Security.Cryptography; |
30 | using System.Text; | 30 | using System.Text; |
31 | 31 | ||
32 | namespace OpenSim.Framework | 32 | namespace OpenSim.Framework |
33 | { | 33 | { |
34 | /// <summary> | 34 | /// <summary> |
35 | /// NEEDS AUDIT. | 35 | /// NEEDS AUDIT. |
36 | /// </summary> | 36 | /// </summary> |
37 | /// <remarks> | 37 | /// <remarks> |
38 | /// Suggested implementation | 38 | /// Suggested implementation |
39 | /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> | 39 | /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> |
40 | /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> | 40 | /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> |
41 | /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> | 41 | /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> |
42 | /// <para>Both hosts should be performing these operations for this to be effective.</para> | 42 | /// <para>Both hosts should be performing these operations for this to be effective.</para> |
43 | /// </remarks> | 43 | /// </remarks> |
44 | class RemoteDigest | 44 | class RemoteDigest |
45 | { | 45 | { |
46 | private byte[] currentHash; | 46 | private byte[] currentHash; |
47 | private byte[] secret; | 47 | private byte[] secret; |
48 | 48 | ||
49 | private SHA512Managed SHA512; | 49 | private SHA512Managed SHA512; |
50 | 50 | ||
51 | /// <summary> | 51 | /// <summary> |
52 | /// Initialises a new RemoteDigest authentication mechanism | 52 | /// Initialises a new RemoteDigest authentication mechanism |
53 | /// </summary> | 53 | /// </summary> |
54 | /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> | 54 | /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> |
55 | /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> | 55 | /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> |
56 | /// <param name="salt">Binary salt - some common value - to be decided what</param> | 56 | /// <param name="salt">Binary salt - some common value - to be decided what</param> |
57 | /// <param name="challenge">The challenge key provided by the third party</param> | 57 | /// <param name="challenge">The challenge key provided by the third party</param> |
58 | public RemoteDigest(string sharedSecret, byte[] salt, string challenge) | 58 | public RemoteDigest(string sharedSecret, byte[] salt, string challenge) |
59 | { | 59 | { |
60 | SHA512 = new SHA512Managed(); | 60 | SHA512 = new SHA512Managed(); |
61 | Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); | 61 | Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); |
62 | secret = RFC2898.GetBytes(512); | 62 | secret = RFC2898.GetBytes(512); |
63 | ASCIIEncoding ASCII = new ASCIIEncoding(); | 63 | ASCIIEncoding ASCII = new ASCIIEncoding(); |
64 | 64 | ||
65 | currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); | 65 | currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); |
66 | } | 66 | } |
67 | 67 | ||
68 | /// <summary> | 68 | /// <summary> |
69 | /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. | 69 | /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. |
70 | /// </summary> | 70 | /// </summary> |
71 | /// <param name="data">The incoming data</param> | 71 | /// <param name="data">The incoming data</param> |
72 | /// <param name="digest">The remote digest</param> | 72 | /// <param name="digest">The remote digest</param> |
73 | /// <returns></returns> | 73 | /// <returns></returns> |
74 | public bool Authenticate(byte[] data, byte[] digest) | 74 | public bool Authenticate(byte[] data, byte[] digest) |
75 | { | 75 | { |
76 | byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | 76 | byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); |
77 | if (digest == newHash) | 77 | if (digest == newHash) |
78 | { | 78 | { |
79 | currentHash = newHash; | 79 | currentHash = newHash; |
80 | return true; | 80 | return true; |
81 | } | 81 | } |
82 | else | 82 | else |
83 | { | 83 | { |
84 | throw new Exception("Hash comparison failed. Key resync required."); | 84 | throw new Exception("Hash comparison failed. Key resync required."); |
85 | } | 85 | } |
86 | } | 86 | } |
87 | 87 | ||
88 | /// <summary> | 88 | /// <summary> |
89 | /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. | 89 | /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. |
90 | /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the | 90 | /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the |
91 | /// hashes will get out of sync and throw an exception when validation is attempted. | 91 | /// hashes will get out of sync and throw an exception when validation is attempted. |
92 | /// </summary> | 92 | /// </summary> |
93 | /// <param name="data">The outgoing data</param> | 93 | /// <param name="data">The outgoing data</param> |
94 | /// <returns>The local digest</returns> | 94 | /// <returns>The local digest</returns> |
95 | public byte[] Sign(byte[] data) | 95 | public byte[] Sign(byte[] data) |
96 | { | 96 | { |
97 | currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | 97 | currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); |
98 | return currentHash; | 98 | return currentHash; |
99 | } | 99 | } |
100 | 100 | ||
101 | /// <summary> | 101 | /// <summary> |
102 | /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator. | 102 | /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator. |
103 | /// </summary> | 103 | /// </summary> |
104 | /// <returns>A 128-character hexadecimal string containing the challenge.</returns> | 104 | /// <returns>A 128-character hexadecimal string containing the challenge.</returns> |
105 | public static string GenerateChallenge() | 105 | public static string GenerateChallenge() |
106 | { | 106 | { |
107 | RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider(); | 107 | RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider(); |
108 | byte[] bytes = new byte[64]; | 108 | byte[] bytes = new byte[64]; |
109 | RNG.GetBytes(bytes); | 109 | RNG.GetBytes(bytes); |
110 | 110 | ||
111 | StringBuilder sb = new StringBuilder(bytes.Length * 2); | 111 | StringBuilder sb = new StringBuilder(bytes.Length * 2); |
112 | foreach (byte b in bytes) | 112 | foreach (byte b in bytes) |
113 | { | 113 | { |
114 | sb.AppendFormat("{0:x2}", b); | 114 | sb.AppendFormat("{0:x2}", b); |
115 | } | 115 | } |
116 | return sb.ToString(); | 116 | return sb.ToString(); |
117 | } | 117 | } |
118 | 118 | ||
119 | /// <summary> | 119 | /// <summary> |
120 | /// Helper function, merges two byte arrays | 120 | /// Helper function, merges two byte arrays |
121 | /// </summary> | 121 | /// </summary> |
122 | /// <remarks>Sourced from MSDN Forum</remarks> | 122 | /// <remarks>Sourced from MSDN Forum</remarks> |
123 | /// <param name="a">A</param> | 123 | /// <param name="a">A</param> |
124 | /// <param name="b">B</param> | 124 | /// <param name="b">B</param> |
125 | /// <returns>C</returns> | 125 | /// <returns>C</returns> |
126 | private byte[] AppendArrays(byte[] a, byte[] b) | 126 | private byte[] AppendArrays(byte[] a, byte[] b) |
127 | { | 127 | { |
128 | byte[] c = new byte[a.Length + b.Length]; | 128 | byte[] c = new byte[a.Length + b.Length]; |
129 | Buffer.BlockCopy(a, 0, c, 0, a.Length); | 129 | Buffer.BlockCopy(a, 0, c, 0, a.Length); |
130 | Buffer.BlockCopy(b, 0, c, a.Length, b.Length); | 130 | Buffer.BlockCopy(b, 0, c, a.Length, b.Length); |
131 | return c; | 131 | return c; |
132 | } | 132 | } |
133 | 133 | ||
134 | } | 134 | } |
135 | } | 135 | } |