Background and motivation
Enums ExchangeAlgorithmType, CipherAlgorithmType and HashAlgorithmType haven't been updated in a long time and code which uses them (SslStream) sometimes even returns values which do not map to existing members. See e.g. #55570. Similarly, many algorithms/ciphers belonging to the same general family are being mapped to the same enum member, discarding information in the process.
Since the expected use of these properites is mainly logging for auditing purposes, it makes sense to report more specific information.
API Proposal
This proposal adds missing members so that we are on par with
|
public enum ExchangeAlgorithmType |
|
{ |
|
None, |
|
Rsa, |
|
DiffieHellmanStatic, |
|
DiffieHellmanEphermal, |
|
ECDiffieHellman, |
|
ECDiffieHellmanEphermal, |
|
Kerberos5, |
|
PSK, |
|
SRP, |
|
ECCPWD, |
|
Any, |
|
} |
|
|
|
public enum CipherAlgorithmType |
|
{ |
|
Aes, |
|
Aes128, |
|
Aes192, |
|
Aes256, |
|
Des, |
|
None, |
|
Null, |
|
Rc2, |
|
Rc4, |
|
TripleDes, |
|
AesGcm, |
|
AesCcm, |
|
Aes128Gcm, |
|
Aes256Gcm, |
|
Aes128Ccm, |
|
Aes128Ccm8, |
|
Aes256Ccm, |
|
Aes256Ccm8, |
|
Camellia, |
|
Camellia128, |
|
Camellia256, |
|
Camellia128Gcm, |
|
Camellia256Gcm, |
|
ChaCha20, |
|
ChaCha20Poly1305, |
|
Seed, |
|
Idea, |
|
Aria, |
|
Aria128, |
|
Aria256, |
|
Aria128Gcm, |
|
Aria256Gcm, |
|
} |
|
|
|
public enum HashAlgorithmType |
|
{ |
|
None, |
|
Md5, |
|
Sha1, |
|
Sha256, |
|
Sha384, |
|
Sha512, |
|
Aead, |
|
} |
namespace System.Security.Authentication
{
public enum ExchangeAlgorithmType
{
// existing members
None = 0,
RsaSign = 9216, // note: Not used by TlsCipherSuiteNameParser
RsaKeyX = 41984,
DiffieHellman = 43522, // the code is for Diffie-Hellman ephemeral kex
// values chosen to match values from wincrypt
+ DiffieHellmanStatic = 0xaa01,
+ DiffieHellmanEphermal = DiffieHellman,
+ ECDiffieHellman 0xaa05,
+ ECDiffieHellmanEphermal = 0xaa06,
// following are not present in wincrypt.h on which numerical values are based
// are assigned values ok?
+ Kerberos5 = 1,
+ PSK,
+ SRP,
+ ECCPWD,
}
public enum CipherAlgorithmType
{
// existing members
None = 0,
Null = 24576,
Des = 26113,
Rc2 = 26114,
TripleDes = 26115,
Aes128 = 26126,
Aes192 = 26127,
Aes256 = 26128,
Aes = 26129,
Rc4 = 26625,
// wincrypt does not tell us difference between GCM and CCM?
+ AesGcm = 1,
+ AesCcm,
+ Aes128Gcm,
+ Aes256Gcm,
+ Aes128Ccm,
+ Aes128Ccm8,
+ Aes256Ccm,
+ Aes256Ccm8,
// No algorithm identifier in wincrypt.h, assign arbitrary values
+ Camellia,
+ Camellia128,
+ Camellia256,
+ Camellia128Gcm,
+ Camellia256Gcm,
+ ChaCha20,
+ ChaCha20Poly1305,
+ Seed,
+ Idea,
+ Aria,
+ Aria128,
+ Aria256,
+ Aria128Gcm,
+ Aria256Gcm,
}
public enum HashAlgorithmType
{
// existing members
None = 0,
Md5 = 32771,
Sha1 = 32772,
Sha256 = 32780,
Sha384 = 32781,
Sha512 = 32782,
// No algorithm identifier in wincrypt.h
+ Aead = 1,
}
}API Usage
The values are expected to be used mainly for logging and audit purposes.
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}Alternative Designs
The above mentioned enum types are only used on properties of SslStream where
they expose information about the negotiated TLS cipher suite. All information
can be deduced from the SslStream.TlsCipherSuite so another option is to
obsolete all of
- ExchangeAlgorithmType, CipherAlgorithmType, HashAlgorithmType enums
- KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm, HashStrength properties of
SslStream
And leave TlsCipherSuite SslStream.NegotiatedCipherSuite as the only source of truth.
Risks
If -- in the future -- Windows adds ALG_ID for algorithms we assigned an
arbitrary value, the values will no longer be in sync. However, we plan to mitigate this by using the lookup table from
|
static int GetPackedData(TlsCipherSuite cipherSuite) |
on all platforms for consistency between platforms (to fix #37578).
Background and motivation
Enums
ExchangeAlgorithmType,CipherAlgorithmTypeandHashAlgorithmTypehaven't been updated in a long time and code which uses them (SslStream) sometimes even returns values which do not map to existing members. See e.g. #55570. Similarly, many algorithms/ciphers belonging to the same general family are being mapped to the same enum member, discarding information in the process.Since the expected use of these properites is mainly logging for auditing purposes, it makes sense to report more specific information.
API Proposal
This proposal adds missing members so that we are on par with
runtime/src/libraries/System.Net.Security/src/System/Net/Security/TlsCipherSuiteNameParser.ttinclude
Lines 11 to 71 in f92b9ef
namespace System.Security.Authentication { public enum ExchangeAlgorithmType { // existing members None = 0, RsaSign = 9216, // note: Not used by TlsCipherSuiteNameParser RsaKeyX = 41984, DiffieHellman = 43522, // the code is for Diffie-Hellman ephemeral kex // values chosen to match values from wincrypt + DiffieHellmanStatic = 0xaa01, + DiffieHellmanEphermal = DiffieHellman, + ECDiffieHellman 0xaa05, + ECDiffieHellmanEphermal = 0xaa06, // following are not present in wincrypt.h on which numerical values are based // are assigned values ok? + Kerberos5 = 1, + PSK, + SRP, + ECCPWD, } public enum CipherAlgorithmType { // existing members None = 0, Null = 24576, Des = 26113, Rc2 = 26114, TripleDes = 26115, Aes128 = 26126, Aes192 = 26127, Aes256 = 26128, Aes = 26129, Rc4 = 26625, // wincrypt does not tell us difference between GCM and CCM? + AesGcm = 1, + AesCcm, + Aes128Gcm, + Aes256Gcm, + Aes128Ccm, + Aes128Ccm8, + Aes256Ccm, + Aes256Ccm8, // No algorithm identifier in wincrypt.h, assign arbitrary values + Camellia, + Camellia128, + Camellia256, + Camellia128Gcm, + Camellia256Gcm, + ChaCha20, + ChaCha20Poly1305, + Seed, + Idea, + Aria, + Aria128, + Aria256, + Aria128Gcm, + Aria256Gcm, } public enum HashAlgorithmType { // existing members None = 0, Md5 = 32771, Sha1 = 32772, Sha256 = 32780, Sha384 = 32781, Sha512 = 32782, // No algorithm identifier in wincrypt.h + Aead = 1, } }API Usage
The values are expected to be used mainly for logging and audit purposes.
Alternative Designs
The above mentioned enum types are only used on properties of
SslStreamwherethey expose information about the negotiated TLS cipher suite. All information
can be deduced from the
SslStream.TlsCipherSuiteso another option is toobsolete all of
SslStreamAnd leave
TlsCipherSuiteSslStream.NegotiatedCipherSuiteas the only source of truth.Risks
If -- in the future -- Windows adds
ALG_IDfor algorithms we assigned anarbitrary value, the values will no longer be in sync. However, we plan to mitigate this by using the lookup table from
runtime/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs
Line 41 in f92b9ef
on all platforms for consistency between platforms (to fix #37578).