Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unitytls integration #784

Merged
merged 72 commits into from
Jan 17, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
d773c76
[unitytls] Added UnityTLS interface defintion
AndreasReich Dec 12, 2017
90d29d7
[unitytls] Added UnityTlsProvider stub + registration.
AndreasReich Dec 13, 2017
5ce647e
[unitytls] Added stubs for UnityTlsContext/Stream
AndreasReich Dec 13, 2017
b1e0d68
[unitytls] Activate SslStreamTest on Mac if we're building for unity
AndreasReich Dec 13, 2017
4d49d8b
[unitytls] size_t is now a struct instead of an alias. Change char* p…
AndreasReich Dec 13, 2017
8f1c80b
[unitytls] Implemented UnityTlsProvider.ValidateCertificate
AndreasReich Dec 13, 2017
5b0f3c4
[unitytls] fixed access modifies for some structs in UnityTls interface
AndreasReich Dec 14, 2017
1b25fe8
[unitytls] Added debug helper for handling unitytls_errorstate
AndreasReich Dec 14, 2017
598e0d4
[unitytls] Implemented UnityTlsContext init
AndreasReich Dec 14, 2017
98e940d
[unitytls] added checking method that evaluates unitytls_x509verify_r…
AndreasReich Dec 14, 2017
0b84cf2
[unitytls] size_t is now IntPtr and can convert to int implicitely. U…
AndreasReich Dec 14, 2017
74d5592
[unitytls] Implemented tracing, basic handshake and read/write method…
AndreasReich Dec 14, 2017
f7dac9e
[unitytls] Cleaned up CheckAndThrow methods.
AndreasReich Dec 14, 2017
ad45770
[unitytls] Implemented verify callback
AndreasReich Dec 14, 2017
f77b0c5
[unitytls] Use of CertHelper in TlsProvider
AndreasReich Dec 14, 2017
f6c2b75
[unitytls] Mono coding style compliance fixes
AndreasReich Dec 14, 2017
cfa1e04
[unitytls] Removed full mapping of ciphersuite enum since it is not n…
AndreasReich Dec 14, 2017
445e584
[sslstreamtest] Added check for correct certificates and no policy er…
AndreasReich Dec 15, 2017
594e2ac
[sslstreamtest] a few renamings for clarification
AndreasReich Dec 15, 2017
ca57238
[unitytls] Added exception handling for native callbacks as a safety …
AndreasReich Dec 15, 2017
af91c35
[unitytls] implemented data read/write
AndreasReich Dec 15, 2017
5bb3eb6
[unitytls] Filling out MonoTlsConnectionInfo now
AndreasReich Dec 15, 2017
9ea74ae
[unitytls] moved conversion functions into separate file
AndreasReich Dec 15, 2017
22b6ae9
[unitytls] Updated interfaces to newer mono version.
AndreasReich Dec 15, 2017
6ecb133
[sslstreamtest] Added separate test suite for BadSsl authentification…
AndreasReich Dec 15, 2017
32ca087
[sslstreamtest] SslStreamBadSslTest unpacks AggregateException now
AndreasReich Dec 15, 2017
af58b51
[unitytls] unitytls api update - changed callback names
AndreasReich Dec 18, 2017
4a0611c
[unitytls] removed unused & unnecessary handling of intermediate cert…
AndreasReich Dec 18, 2017
d282ba9
[unitytls] Fixed path casing for a couple of files
AndreasReich Dec 18, 2017
01d462a
[unitytls] use der instead of pem in NativeChainToManagedCollection
AndreasReich Dec 18, 2017
6492173
[unitytls] Improved wording of NotImplementedException for server-sid…
AndreasReich Dec 18, 2017
a898096
[unitytls] Brought back handling of intermediate certificates in AddC…
AndreasReich Dec 18, 2017
048d08a
[unitytls] fixed internal read blocking handling
AndreasReich Dec 18, 2017
7f65773
[unitytls] Fixed UNITYTLS_X509VERIFY_FATAL_ERROR being translated to …
AndreasReich Dec 18, 2017
86c910f
[unitytls] Fixed serversided handshake errors being ignored
AndreasReich Dec 18, 2017
7cf1799
[unitytls] Fixed indentation of BadSslTest
AndreasReich Dec 18, 2017
3e58282
[unitytls] Added new (so far) unity specific test suite for ssl tests…
AndreasReich Dec 18, 2017
bc25f62
[unitytls] Fixed incorrect type in MonoPInvokeCallback attribute
AndreasReich Dec 19, 2017
afc9bb2
[unitytls] Cleanup of properties in UntyTlsProvider. Comment notes on…
AndreasReich Dec 19, 2017
d303e41
[unitytls] UnityTlsProvider no longer ignores validator.Settings.Trus…
AndreasReich Dec 19, 2017
2cb0c4c
[unitytls] Reverted mono's orginal SslStreamTest
AndreasReich Dec 19, 2017
9bd3b1a
[unitytls] TlsProvider validation fills out policy errors now
AndreasReich Dec 19, 2017
dbe0ae8
[unitytls] Added tests for correct policy errors
AndreasReich Dec 19, 2017
936a925
[unitytls] No longer keeping server certs and private key alive.
AndreasReich Dec 19, 2017
f938941
[unitytls] Emulating .net's behavior to call authentification even if…
AndreasReich Dec 21, 2017
39be2ef
[unitytls] Added tests for server client auth callback and getting co…
AndreasReich Dec 21, 2017
bf391b2
[unitytls] Added test for failing handshake via user exception
AndreasReich Dec 21, 2017
e7671c1
[unitytls] Added simple read write test
AndreasReich Dec 21, 2017
3b9f52d
[unitytls] Added test to verify properties of encryption after handshake
AndreasReich Dec 21, 2017
f9c524f
[unitytls] Reduced UnityTls interface to used functions
AndreasReich Jan 3, 2018
9d07185
[unitytls] UnityTls interface is now installed over a struct of callb…
AndreasReich Jan 3, 2018
1382d28
[unitytls] Added missing MONO_API to mono_unity_get_unitytls_interfac…
AndreasReich Jan 5, 2018
62e7a52
[unitytls] Removed SslStream tests again since they are not passing w…
AndreasReich Jan 5, 2018
b990700
[unitytls] mono_unity_unitytls_interface exposes now invalid_handle, …
AndreasReich Jan 5, 2018
a47260d
[unitytls] Removed calls to UnityTls.GetInterface
AndreasReich Jan 5, 2018
b1a8eca
[unitytls] Making use of Settings.EnabledCiphers now
AndreasReich Jan 8, 2018
589f130
[unitytls] Native interface is retrieved via static property now inst…
AndreasReich Jan 8, 2018
ca2058f
[unitytls] Removed local caching of unitytls native interface again.
AndreasReich Jan 8, 2018
0a1e777
Merge branch 'unity-master' into unity-master-staging-unitytls
AndreasReich Jan 8, 2018
d90ff2f
[unitytls] Removed commented debug output in MonoTlsProviderFactory a…
AndreasReich Jan 8, 2018
f9e79da
[unitytls] Reverted remaining changes in system tests
AndreasReich Jan 8, 2018
9889bec
[unitytls] added comment explaining use of mono_unity_unitytls_interface
AndreasReich Jan 8, 2018
a5df54c
[unitytls] FinishHandshake no longer passes null for errorState when …
AndreasReich Jan 8, 2018
fe8bf68
[unitytls] Removed leftover from previous p/invoke based integration.
AndreasReich Jan 9, 2018
1165e17
[unitytls] User exceptions from read/write/handshake are now passed o…
AndreasReich Jan 9, 2018
8f7503b
[unitytls] Commented on UInt8/Int8 aliases
AndreasReich Jan 9, 2018
02aa179
[unitytls] Implemented client->server authentification
AndreasReich Jan 10, 2018
3843d8e
[unitytls] Update of error code to newest version
AndreasReich Jan 10, 2018
601111c
[unitytls] Mono convention compliance fixes
AndreasReich Jan 10, 2018
52e347b
[unitytls] UnityTls.IsSupported no longer relies on exception handlin…
AndreasReich Jan 12, 2018
65af3e7
[unitytls] mono_unity_get_unitytls_interface is now called via icall
AndreasReich Jan 12, 2018
5a28379
[unitytls] Renamed mono_unity_unitytls_interface to unitytls_interfac…
AndreasReich Jan 16, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,7 @@ internal static void Debug (string message, params object[] args)

#endregion

internal static readonly Guid UnityTlsId = new Guid("06414A97-74F6-488F-877B-A6CA9BBEB82E");
internal static readonly Guid AppleTlsId = new Guid ("981af8af-a3a3-419a-9f01-a518e3a17c1c");
internal static readonly Guid BtlsId = new Guid ("432d18c9-9348-4b90-bfbf-9f2a10e1f15b");
internal static readonly Guid LegacyId = new Guid ("809e77d5-56cc-4da8-b9f0-45e65ba9cceb");
Expand All @@ -226,6 +227,16 @@ static void InitializeProviderRegistration ()
providerRegistration = new Dictionary<string,Tuple<Guid,string>> ();
providerCache = new Dictionary<Guid,MSI.MonoTlsProvider> ();

#if UNITY
if (Mono.Unity.UnityTls.IsSupported)
{
var unityTlsEntry = new Tuple<Guid,String> (UnityTlsId, "Mono.Unity.UnityTlsProvider");
providerRegistration.Add ("default", unityTlsEntry);
providerRegistration.Add ("unitytls", unityTlsEntry);
return;
}
#endif

var appleTlsEntry = new Tuple<Guid,String> (AppleTlsId, "Mono.AppleTls.AppleTlsProvider");

#if ONLY_APPLETLS || MONOTOUCH || XAMMAC
Expand Down
53 changes: 53 additions & 0 deletions mcs/class/System/Mono.UnityTls/CertHelper.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#if SECURITY_DEP
using System.Security.Cryptography.X509Certificates;

namespace Mono.Unity
{
internal unsafe static class CertHelper
{
public static void AddCertificatesToNativeChain (UnityTls.unitytls_x509list* nativeCertificateChain, X509CertificateCollection certificates, UnityTls.unitytls_errorstate* errorState)
{
foreach (var certificate in certificates) {
AddCertificateToNativeChain (nativeCertificateChain, certificate, errorState);
}
}

public static void AddCertificateToNativeChain (UnityTls.unitytls_x509list* nativeCertificateChain, X509Certificate certificate, UnityTls.unitytls_errorstate* errorState)
{
byte[] certDer = certificate.GetRawCertData ();
fixed(byte* certDerPtr = certDer) {
UnityTls.NativeInterface.unitytls_x509list_append_der (nativeCertificateChain, certDerPtr, certDer.Length, errorState);
}

var certificateImpl2 = certificate.Impl as X509Certificate2Impl;
if (certificateImpl2 != null) {
var intermediates = certificateImpl2.IntermediateCertificates;
if (intermediates != null && intermediates.Count > 0) {
for (int i=0; i<intermediates.Count; ++i) {
AddCertificateToNativeChain (nativeCertificateChain, new X509Certificate (intermediates[i]), errorState);
}
}
}
}

public static X509CertificateCollection NativeChainToManagedCollection (UnityTls.unitytls_x509list_ref nativeCertificateChain, UnityTls.unitytls_errorstate* errorState)
{
X509CertificateCollection certificates = new X509CertificateCollection ();

var cert = UnityTls.NativeInterface.unitytls_x509list_get_x509 (nativeCertificateChain, 0, errorState);
for (int i = 0; cert.handle != UnityTls.NativeInterface.UNITYTLS_INVALID_HANDLE; ++i) {
size_t certBufferSize = UnityTls.NativeInterface.unitytls_x509_export_der (cert, null, 0, errorState);
var certBuffer = new byte[certBufferSize]; // Need to reallocate every time since X509Certificate constructor takes no length but only a byte array.
fixed(byte* certBufferPtr = certBuffer) {
UnityTls.NativeInterface.unitytls_x509_export_der (cert, certBufferPtr, certBufferSize, errorState);
}
certificates.Add (new X509Certificate (certBuffer));

cert = UnityTls.NativeInterface.unitytls_x509list_get_x509 (nativeCertificateChain, i, errorState);
}

return certificates;
}
}
}
#endif
39 changes: 39 additions & 0 deletions mcs/class/System/Mono.UnityTls/Debug.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif

#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif

namespace Mono.Unity
{
internal static class Debug
{
public static void CheckAndThrow (UnityTls.unitytls_errorstate errorState, string context, AlertDescription defaultAlert = AlertDescription.InternalError)
{
if (errorState.code == UnityTls.unitytls_error_code.UNITYTLS_SUCCESS)
return;

string message = string.Format ("{0} - error code: {1}", context, errorState.code);
throw new TlsException (defaultAlert, message);
}

public static void CheckAndThrow(UnityTls.unitytls_errorstate errorState, UnityTls.unitytls_x509verify_result verifyResult, string context, AlertDescription defaultAlert = AlertDescription.InternalError)
{
// Ignore verify result if verification is not the issue.
if (verifyResult == UnityTls.unitytls_x509verify_result.UNITYTLS_X509VERIFY_SUCCESS) {
CheckAndThrow (errorState, context, defaultAlert);
return;
}

AlertDescription alert = UnityTlsConversions.VerifyResultToAlertDescription (verifyResult, defaultAlert);
string message = string.Format ("{0} - error code: {1}, verify result: {2}", context, errorState.code, verifyResult);
throw new TlsException (alert, message);
}
}
}
#endif
Loading