This is the brains of the operation. User code can ask for a Secure Sender for a given sender, this will return one and begin the process of securing the sender. Sending over a sender is only secure if it is done throug the secure sender. On the other side, the user should ensure that the packet was sent via a secure sender at some point in the stack.
Inheritance: SecurityOverlord, IReplyHandler
示例#1
0
        public void TestWithPreExchangedKeys()
        {
            Timer t   = new Timer(Timeout, null, 0, 500);
            int   spi = 123333;

            new SecurityPolicy(spi, "Rijndael", "SHA1", true);
            PeerSecOverlord so0 = CreateValidSO("valid0");
            PeerSecOverlord so1 = CreateValidSO("valid1");

            MockSender ms0 = new MockSender(null, null, so1, 0);
            MockSender ms1 = new MockSender(ms0, null, so0, 0);

            ms0.ReturnPath = ms1;

            SecurityAssociation sa0 = so0.CreateSecurityAssociation(ms0, spi);

            Assert.IsFalse((sa0 as PeerSecAssociation).Start(), "Cannot start SA again");
            SecurityAssociation sa1 = so1.CreateSecurityAssociation(ms1, spi);

            Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
            Assert.AreEqual(sa1.State, SecurityAssociation.States.Active, "sa1 should be active!");
            Assert.AreEqual(so0.SACount, 1, "so0 should contain just one!");
            Assert.AreEqual(so1.SACount, 1, "so1 should contain just one!");

            t.Dispose();
        }
示例#2
0
        protected PeerSecOverlord CreateInvalidSO(string name, int level)
        {
            if (rsa == null)
            {
                rsa = new RSACryptoServiceProvider();
                byte[] blob = rsa.ExportCspBlob(false);
                RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
                rsa_pub.ImportCspBlob(blob);
                CertificateMaker cm = new CertificateMaker("United States", "UFL",
                                                           "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
                                                           "brunet:node:abcdefghijklmnopqrs");
                Certificate cert = cm.Sign(cm, rsa);
                x509 = cert.X509;
            }

            CertificateHandler ch = new CertificateHandler();

            if (level == 2 || level == 0)
            {
                ch.AddCACertificate(x509);
            }
            if (level == 3 || level == 0)
            {
                ch.AddSignedCertificate(x509);
            }
            Random        rand = new Random();
            ReqrepManager rrm  = new ReqrepManager("so" + name + rand.Next());

            _timeout += rrm.TimeoutChecker;

            PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm);

            so.AnnounceSA += AnnounceSA;
            RoutingDataHandler rdh = new RoutingDataHandler();

            rrm.Subscribe(so, null);
            so.Subscribe(rdh, null);
            rdh.Subscribe(rrm, null);
            return(so);
        }
示例#3
0
        public void TestRemoteRestart()
        {
            Timer t   = new Timer(Timeout, null, 0, 500);
            int   spi = 123333;

            new SecurityPolicy(spi, "Rijndael", "SHA1", true);
            PeerSecOverlord so0 = CreateValidSO("valid0");
            PeerSecOverlord so1 = CreateValidSO("valid1");

            MockSender ms0 = new MockSender(null, null, so1, 0);
            MockSender ms1 = new MockSender(ms0, null, so0, 0);

            ms0.ReturnPath = ms1;

            SecurityAssociation sa0 = so0.CreateSecurityAssociation(ms0, spi);
            SecurityAssociation sa1 = so1.CreateSecurityAssociation(ms1, spi);

            Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
            Assert.AreEqual(sa1.State, SecurityAssociation.States.Active, "sa1 should be active!");

            sa0.CheckState();
            sa1.CheckState();
            sa1.Send(MemBlock.Reference(new byte[] { 0, 1, 2, 3 }));

            Assert.AreEqual(so0.SACount, 1, "so0 should contain just one! 0");
            Assert.AreEqual(so1.SACount, 1, "so1 should contain just one! 0");

            sa0.CheckState();
            sa0.CheckState();
            sa1.CheckState();
            Assert.AreEqual(so0.SACount, 0, "so0 should contain just zero!");
            Assert.AreEqual(so1.SACount, 1, "so1 should contain just one! 1");

            sa1.Send(MemBlock.Reference(new byte[] { 0, 1, 2, 3 }));
            Assert.AreEqual(so0.SACount, 1, "so0 should contain just one! 2");
            Assert.AreEqual(so1.SACount, 1, "so1 should contain just one! 1");

            t.Dispose();
        }
示例#4
0
    protected PeerSecOverlord CreateInvalidSO(string name, int level) {
      if(rsa == null) {
        rsa = new RSACryptoServiceProvider();
        byte[] blob = rsa.ExportCspBlob(false);
        RSACryptoServiceProvider rsa_pub = new RSACryptoServiceProvider();
        rsa_pub.ImportCspBlob(blob);
        CertificateMaker cm = new CertificateMaker("United States", "UFL", 
            "ACIS", "David Wolinsky", "*****@*****.**", rsa_pub,
            "brunet:node:abcdefghijklmnopqrs");
        Certificate cert = cm.Sign(cm, rsa);
        x509 = cert.X509;
      }

      CertificateHandler ch = new CertificateHandler();
      if(level == 2 || level == 0) {
        ch.AddCACertificate(x509);
      }
      if(level == 3 || level == 0) {
        ch.AddSignedCertificate(x509);
      }
      Random rand = new Random();
      ReqrepManager rrm = new ReqrepManager("so" + name + rand.Next());
      _timeout += rrm.TimeoutChecker;

      PeerSecOverlord so = new PeerSecOverlord(rsa_safe, ch, rrm);
      so.AnnounceSA += AnnounceSA;
      RoutingDataHandler rdh = new RoutingDataHandler();
      rrm.Subscribe(so, null);
      so.Subscribe(rdh, null);
      rdh.Subscribe(rrm, null);
      return so;
    }
示例#5
0
        public void Test()
        {
            Timer           t   = new Timer(Timeout, null, 0, 500);
            PeerSecOverlord so0 = CreateValidSO("valid0");
            PeerSecOverlord so1 = CreateValidSO("valid1");

            //Test block one
            {
                MockSender ms0 = new MockSender(null, null, so1, 0);
                MockSender ms1 = new MockSender(ms0, null, so0, 0);
                ms0.ReturnPath = ms1;

                SecurityAssociation sa0 = so0.CreateSecurityAssociation(ms0);
                SecurityAssociation sa1 = so1.CreateSecurityAssociation(ms1);
                Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
                Assert.AreEqual(sa1.State, SecurityAssociation.States.Active, "sa1 should be active!");
                Assert.AreEqual(so0.SACount, 1, "so0 should contain just one!");
                Assert.AreEqual(so1.SACount, 1, "so1 should contain just one!");

                Random rand = new Random();
                byte[] b    = new byte[128];
                rand.NextBytes(b);
                MemBlock mb = MemBlock.Reference(b);
                sa1.Send(mb);

                new SecurityPolicy(12345, "DES", "MD5");
                sa0 = so0.CreateSecurityAssociation(ms0, 12345);
                Assert.AreEqual(sa0.State, SecurityAssociation.States.Active, "sa0 should be active!");
                Assert.AreEqual(so0.SACount, 2, "so0 should contain just one!");
                Assert.AreEqual(so1.SACount, 2, "so1 should contain just one!");

                b = new byte[128];
                rand.NextBytes(b);
                mb = MemBlock.Reference(b);
                sa0.Send(mb);
            }

            // create ~250 valid SAs for one guy...
            for (int i = 2; i < 250; i++)
            {
                PeerSecOverlord so  = CreateValidSO("valid" + i);
                MockSender      msa = new MockSender(null, null, so, 0);
                MockSender      msb = new MockSender(msa, null, so0, 0);
                msa.ReturnPath = msb;

                SecurityAssociation sab = so.CreateSecurityAssociation(msb);
                Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i);
                SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
                Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i);

                MockDataHandler mdha = new MockDataHandler();
                saa.Subscribe(mdha, null);
                MockDataHandler mdhb = new MockDataHandler();
                sab.Subscribe(mdhb, null);

                Random rand = new Random();
                byte[] b    = new byte[128];
                rand.NextBytes(b);
                MemBlock mb = MemBlock.Reference(b);
                sab.Send(mb);
                Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i);

                b = new byte[128];
                rand.NextBytes(b);
                mb = MemBlock.Reference(b);
                sab.Send(mb);
                Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i);
            }

            for (int i = 250; i < 500; i++)
            {
                int             ij  = (250 % 3) + 1;
                PeerSecOverlord so  = CreateInvalidSO("valid" + i, ij);
                MockSender      msa = new MockSender(null, null, so, 0);
                MockSender      msb = new MockSender(msa, null, so0, 0);
                msa.ReturnPath = msb;

                SecurityAssociation sab = so.CreateSecurityAssociation(msb);
                SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
                Assert.AreEqual(sab.State, SecurityAssociation.States.Waiting, "sab should be waiting! " + i);
                Assert.AreEqual(saa.State, SecurityAssociation.States.Waiting, "saa should be waiting! " + i);
            }

            // create ~250 valid SAs for one guy...
            for (int i = 500; i < 750; i++)
            {
                PeerSecOverlord so  = CreateValidSO("valid" + i);
                MockSender      msa = new MockSender(null, null, so, 0);
                MockSender      msb = new MockSender(msa, null, so0, 0);
                msa.ReturnPath = msb;

                SecurityAssociation sab = so.CreateSecurityAssociation(msb);
                Assert.AreEqual(sab.State, SecurityAssociation.States.Active, "sab should be active! " + i);
                SecurityAssociation saa = so0.CreateSecurityAssociation(msa);
                Assert.AreEqual(saa.State, SecurityAssociation.States.Active, "saa should be active! " + i);

                MockDataHandler mdha = new MockDataHandler();
                saa.Subscribe(mdha, null);
                MockDataHandler mdhb = new MockDataHandler();
                sab.Subscribe(mdhb, null);

                Random rand = new Random();
                byte[] b    = new byte[128];
                rand.NextBytes(b);
                MemBlock mb = MemBlock.Reference(b);
                sab.Send(mb);
                Assert.IsTrue(mdha.Contains(mb), "mdhb Contains " + i);

                b = new byte[128];
                rand.NextBytes(b);
                mb = MemBlock.Reference(b);
                sab.Send(mb);
                Assert.IsTrue(mdha.Contains(mb), "mdha Contains " + i);
            }

            Random randr = new Random();

            byte[] br = new byte[128];
            randr.NextBytes(br);
            MemBlock mbr = MemBlock.Reference(br);

            // New logic requires that we call this first, to set all SAs to not
            // running, the following for loop sets all "Active" SAs back to _running
            // Thus keeping the original intent of this test.  The new logic only
            // affects testing paths.
            so0.CheckSAs(DateTime.UtcNow);

            foreach (Dictionary <ISender, PeerSecAssociation> sender_to_sa in so0.SPI.Values)
            {
                foreach (SecurityAssociation sa in sender_to_sa.Values)
                {
                    if (sa.State == SecurityAssociation.States.Active)
                    {
                        sa.Send(mbr);
                    }
                }
            }

            so0.CheckSAs(DateTime.UtcNow);
            Assert.AreEqual(500, so0.SACount, "Count!");

            so0.CheckSAs(DateTime.UtcNow);
            Assert.AreEqual(0, so0.SACount, "Count!");

            t.Dispose();
        }