diff options
Diffstat (limited to 'OpenSim/Framework/General/Remoting.cs')
-rw-r--r-- | OpenSim/Framework/General/Remoting.cs | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/OpenSim/Framework/General/Remoting.cs b/OpenSim/Framework/General/Remoting.cs new file mode 100644 index 0000000..df32db2 --- /dev/null +++ b/OpenSim/Framework/General/Remoting.cs | |||
@@ -0,0 +1,135 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://www.openmetaverse.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | * | ||
27 | */ | ||
28 | using System; | ||
29 | using System.Security.Cryptography; | ||
30 | using System.Text; | ||
31 | |||
32 | namespace OpenSim.Framework | ||
33 | { | ||
34 | /// <summary> | ||
35 | /// NEEDS AUDIT. | ||
36 | /// </summary> | ||
37 | /// <remarks> | ||
38 | /// Suggested implementation | ||
39 | /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para> | ||
40 | /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para> | ||
41 | /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para> | ||
42 | /// <para>Both hosts should be performing these operations for this to be effective.</para> | ||
43 | /// </remarks> | ||
44 | class RemoteDigest | ||
45 | { | ||
46 | private byte[] currentHash; | ||
47 | private byte[] secret; | ||
48 | |||
49 | private SHA512Managed SHA512; | ||
50 | |||
51 | /// <summary> | ||
52 | /// Initialises a new RemoteDigest authentication mechanism | ||
53 | /// </summary> | ||
54 | /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks> | ||
55 | /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param> | ||
56 | /// <param name="salt">Binary salt - some common value - to be decided what</param> | ||
57 | /// <param name="challenge">The challenge key provided by the third party</param> | ||
58 | public RemoteDigest(string sharedSecret, byte[] salt, string challenge) | ||
59 | { | ||
60 | SHA512 = new SHA512Managed(); | ||
61 | Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret,salt); | ||
62 | secret = RFC2898.GetBytes(512); | ||
63 | ASCIIEncoding ASCII = new ASCIIEncoding(); | ||
64 | |||
65 | currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge))); | ||
66 | } | ||
67 | |||
68 | /// <summary> | ||
69 | /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented. | ||
70 | /// </summary> | ||
71 | /// <param name="data">The incoming data</param> | ||
72 | /// <param name="digest">The remote digest</param> | ||
73 | /// <returns></returns> | ||
74 | public bool Authenticate(byte[] data, byte[] digest) | ||
75 | { | ||
76 | byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
77 | if (digest == newHash) | ||
78 | { | ||
79 | currentHash = newHash; | ||
80 | return true; | ||
81 | } | ||
82 | else | ||
83 | { | ||
84 | throw new Exception("Hash comparison failed. Key resync required."); | ||
85 | } | ||
86 | } | ||
87 | |||
88 | /// <summary> | ||
89 | /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message. | ||
90 | /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the | ||
91 | /// hashes will get out of sync and throw an exception when validation is attempted. | ||
92 | /// </summary> | ||
93 | /// <param name="data">The outgoing data</param> | ||
94 | /// <returns>The local digest</returns> | ||
95 | public byte[] Sign(byte[] data) | ||
96 | { | ||
97 | currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data)); | ||
98 | return currentHash; | ||
99 | } | ||
100 | |||
101 | /// <summary> | ||
102 | /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator. | ||
103 | /// </summary> | ||
104 | /// <returns>A 128-character hexadecimal string containing the challenge.</returns> | ||
105 | public static string GenerateChallenge() | ||
106 | { | ||
107 | RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider(); | ||
108 | byte[] bytes = new byte[64]; | ||
109 | RNG.GetBytes(bytes); | ||
110 | |||
111 | StringBuilder sb = new StringBuilder(bytes.Length * 2); | ||
112 | foreach (byte b in bytes) | ||
113 | { | ||
114 | sb.AppendFormat("{0:x2}", b); | ||
115 | } | ||
116 | return sb.ToString(); | ||
117 | } | ||
118 | |||
119 | /// <summary> | ||
120 | /// Helper function, merges two byte arrays | ||
121 | /// </summary> | ||
122 | /// <remarks>Sourced from MSDN Forum</remarks> | ||
123 | /// <param name="a">A</param> | ||
124 | /// <param name="b">B</param> | ||
125 | /// <returns>C</returns> | ||
126 | private byte[] AppendArrays(byte[] a, byte[] b) | ||
127 | { | ||
128 | byte[] c = new byte[a.Length + b.Length]; | ||
129 | Buffer.BlockCopy(a, 0, c, 0, a.Length); | ||
130 | Buffer.BlockCopy(b, 0, c, a.Length, b.Length); | ||
131 | return c; | ||
132 | } | ||
133 | |||
134 | } | ||
135 | } | ||