Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...


Mono.Security follow-up

Here's a little update on Mono.Security assembly since it's official introduction.


It's easy to miss but actually none of the class derived from SymmetricAlgorithm (like DES, TripleDES, Rijndael or RC2) encrypt nor decrypt anything. To do so you must create an encryptor (or a decryptor), which are classes implementing the ICryptoTransform interface. Those classes do the "real job".

DES des = DES.Create (); ICryptoTransform enc = des.CreateEncryptor (); // now encrypt using a CryptoStream ICryptoTransform dec = des.CreateDecryptor (); // now decrypt using another CryptoStream

In Microsoft implementation all symmetric algorithms returns a CryptoAPITransform instance, with the notable exception of Rjindael, which is a managed implementation. The CryptoAPITransform is the class that P/Invoke into CryptoAPI to encrypt, or decrypt, the supplied data with the selected options. The transforms can be used as-is but are generally used with a CryptoStream.

Now notice the with the selected options. Apart from the key and IV (optional parameters to the Create[En|De]cryptor methods) what other options are there ?

Well every block cipher transforms has to be able to support, on their own, different mode of operation (like CBC, CFB ...) and padding (e.g. PKCS #7). This is clearly a design flaw in .NET cryptography - as every cryptographic algorithm implementer must develop it's own solution to the same problem. The current design is (most probably) attributable to the fact that much of the framework is based on CryptoAPI (which do not expose modes or padding independently from an algorithm implementation).

However that does mean that every supported algorithm in Mono had to provide such support itself. That didn't make sense and luckily didn't happen. What happened was SymmetricTransform - which until a few days ago this class was well hidden inside Mono's corlib.

In Mono, all [*] SymmetricAlgorithm Create[En|De]cryptor algorithms returns an instance of a class derived from SymmetricTransform. The only thing required in the derived class is to implement the abstract EBC (Electronic Code Book) method - which is the most basic mode of operation. All other modes are implemented using ECB and all the padding methods are algorithm agnostic.

So by including SymmetricTransform as a public class into Mono.Security assembly it becomes much easier to implement new block ciphers (e.g. Twofish) without worrying about modes and padding.

[*] Actually the ARC4Managed class, already present in Mono.Security assembly, didn't and wont use the SymmetricTransform because it is a stream cipher (while others are block ciphers). Stream ciphers works on bytes (not blocks) so they don't need padding or modes.


Another nice thing was hidden since a long time in corlib, BigInteger - an optimized version (thanks again Ben) from Chew Keong TAN. This class is used to implement Mono's DSA and RSA implementations (and the soon to be included Diffie-Hellman).


As promised last time, support for decoding PKCS #12 is now included in Mono.Security.X509 namespace. This is a requirement to support version 1.2 of the .NET framework. PKCS #12 encoding should follow soon.


Lastly, but very worthy, Carlos has just updated it's TLS implementation to support client-side certificates. Good job Carlos!

2/9/2004 21:08:19 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.