Skip to content

Commit 9c38772

Browse files
spouliotmigueldeicaza
authored andcommitted
Remove the EXPORT ciphers and related code path
That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them.
1 parent b371da6 commit 9c38772

File tree

5 files changed

+26
-115
lines changed

5 files changed

+26
-115
lines changed

Diff for: mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs

+14-14
Original file line numberDiff line numberDiff line change
@@ -116,14 +116,14 @@ private static CipherSuiteCollection GetTls1SupportedCiphers()
116116
scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
117117

118118
// Supported exportable ciphers
119-
scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
120-
scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
121-
scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
122-
scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
123-
scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
119+
// scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
120+
// scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
121+
// scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
122+
// scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
123+
// scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
124124
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
125-
scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
126-
scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
125+
// scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
126+
// scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
127127

128128
// Default CipherSuite
129129
// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
@@ -195,14 +195,14 @@ private static CipherSuiteCollection GetSsl3SupportedCiphers()
195195
scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
196196

197197
// Supported exportable ciphers
198-
scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
199-
scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
200-
scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
201-
scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
202-
scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
198+
// scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
199+
// scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
200+
// scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
201+
// scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
202+
// scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
203203
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
204-
scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
205-
scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
204+
// scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
205+
// scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
206206

207207
// Default CipherSuite
208208
// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);

Diff for: mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs

-7
Original file line numberDiff line numberDiff line change
@@ -159,13 +159,6 @@ private HandshakeMessage createServerHandshakeMessage(
159159
break;
160160
return new TlsServerCertificate(this.context, buffer);
161161

162-
// Optional
163-
case HandshakeType.ServerKeyExchange:
164-
// only for RSA_EXPORT
165-
if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable)
166-
return new TlsServerKeyExchange(this.context, buffer);
167-
break;
168-
169162
// Optional
170163
case HandshakeType.CertificateRequest:
171164
if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate)

Diff for: mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs

+5-49
Original file line numberDiff line numberDiff line change
@@ -190,59 +190,15 @@ public override void ComputeKeys()
190190
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
191191
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
192192

193-
if (!this.IsExportable)
193+
if (this.IvSize != 0)
194194
{
195-
if (this.IvSize != 0)
196-
{
197-
this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
198-
this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
199-
}
200-
else
201-
{
202-
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
203-
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
204-
}
195+
this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
196+
this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
205197
}
206198
else
207199
{
208-
HashAlgorithm md5 = MD5.Create();
209-
210-
int keySize = (md5.HashSize >> 3); //in bytes not bits
211-
byte[] temp = new byte [keySize];
212-
213-
// Generate final write keys
214-
md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
215-
md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
216-
byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
217-
Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
218-
219-
md5.Initialize();
220-
md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
221-
md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
222-
byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
223-
Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
224-
225-
this.Context.ClientWriteKey = finalClientWriteKey;
226-
this.Context.ServerWriteKey = finalServerWriteKey;
227-
228-
// Generate IV keys
229-
if (this.IvSize > 0)
230-
{
231-
md5.Initialize();
232-
temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
233-
this.Context.ClientWriteIV = new byte[this.IvSize];
234-
Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
235-
236-
md5.Initialize();
237-
temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
238-
this.Context.ServerWriteIV = new byte[this.IvSize];
239-
Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
240-
}
241-
else
242-
{
243-
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
244-
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
245-
}
200+
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
201+
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
246202
}
247203

248204
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());

Diff for: mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs

+2-10
Original file line numberDiff line numberDiff line change
@@ -233,16 +233,8 @@ internal override void EndNegotiateHandshake(IAsyncResult asyncResult)
233233
// Send ServerCertificate message
234234
this.protocol.SendRecord(HandshakeType.Certificate);
235235

236-
// If the negotiated cipher is a KeyEx cipher send ServerKeyExchange
237-
if (this.context.Negotiating.Cipher.IsExportable)
238-
{
239-
this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
240-
}
241-
242-
// If the negotiated cipher is a KeyEx cipher or
243-
// the client certificate is required send the CertificateRequest message
244-
if (this.context.Negotiating.Cipher.IsExportable ||
245-
((ServerContext)this.context).ClientCertificateRequired ||
236+
// If the client certificate is required send the CertificateRequest message
237+
if (((ServerContext)this.context).ClientCertificateRequired ||
246238
((ServerContext)this.context).RequestClientCertificate)
247239
{
248240
this.protocol.SendRecord(HandshakeType.CertificateRequest);

Diff for: mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs

+5-35
Original file line numberDiff line numberDiff line change
@@ -123,45 +123,15 @@ public override void ComputeKeys()
123123
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
124124
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
125125

126-
if (!this.IsExportable)
126+
if (this.IvSize != 0)
127127
{
128-
if (this.IvSize != 0)
129-
{
130-
this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
131-
this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
132-
}
133-
else
134-
{
135-
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
136-
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
137-
}
128+
this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
129+
this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
138130
}
139131
else
140132
{
141-
// Generate final write keys
142-
byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
143-
byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
144-
145-
this.Context.ClientWriteKey = finalClientWriteKey;
146-
this.Context.ServerWriteKey = finalServerWriteKey;
147-
148-
if (this.IvSize > 0)
149-
{
150-
// Generate IV block
151-
byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
152-
153-
// Generate IV keys
154-
this.Context.ClientWriteIV = new byte[this.IvSize];
155-
Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
156-
157-
this.Context.ServerWriteIV = new byte[this.IvSize];
158-
Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
159-
}
160-
else
161-
{
162-
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
163-
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
164-
}
133+
this.Context.ClientWriteIV = CipherSuite.EmptyArray;
134+
this.Context.ServerWriteIV = CipherSuite.EmptyArray;
165135
}
166136

167137
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());

0 commit comments

Comments
 (0)