Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ExchangeAlgorithmType enum is missing 44550 #55570

Closed
omghb opened this issue Jul 13, 2021 · 15 comments
Closed

ExchangeAlgorithmType enum is missing 44550 #55570

omghb opened this issue Jul 13, 2021 · 15 comments
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-System.Net.Security
Milestone
10.0.0

Comments

@omghb
Copy link

omghb commented Jul 13, 2021

Description

  • ExchangeAlgorithmType enum is missing 44550
  • I stumbled about this as I logged SslStream.KeyExchangeAlgorithm
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);

https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.keyexchangealgorithm?view=net-5.0

Configuration

.NET 5.0

Regression?

No, was never included.

Other information

See also Archived Forums > .NET Framework Class Libraries > SslStream.KeyExchangeAlgorithm 44550
@dotnet-issue-labeler dotnet-issue-labeler bot added area-System.Net.Security untriaged New issue has not been triaged by the area owner labels Jul 13, 2021
@ghost
Copy link

ghost commented Jul 13, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

  • ExchangeAlgorithmType enum is missing 44550
  • I stumbled about this as I logged SslStream.KeyExchangeAlgorithm
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);

https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.keyexchangealgorithm?view=net-5.0

Configuration

.NET 5.0

Regression?

No, was never included.

Other information

See also Archived Forums > .NET Framework Class Libraries > SslStream.KeyExchangeAlgorithm 44550

Author: omghb
Assignees: -
Labels:

area-System.Net.Security, untriaged
Milestone: -

@karelz
Copy link
Member

karelz commented Jul 13, 2021

That would be missing in System.Security.Authentication.ExchangeAlgorithmType ... moving to Security area ...

@ghost
Copy link

ghost commented Jul 13, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

  • ExchangeAlgorithmType enum is missing 44550
  • I stumbled about this as I logged SslStream.KeyExchangeAlgorithm
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);

https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.keyexchangealgorithm?view=net-5.0

Configuration

.NET 5.0

Regression?

No, was never included.

Other information

See also Archived Forums > .NET Framework Class Libraries > SslStream.KeyExchangeAlgorithm 44550

Author: omghb
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@vcsjones
Copy link
Member

vcsjones commented Jul 13, 2021
edited
Loading

I noticed that in the Unix PAL for KeyExchangeAlgorithm that DiffieHellman is used for ECDHE suites, whereas SChannel uses the unnamed enum value.

runtime/src/libraries/System.Net.Security/src/System/Net/Security/TlsCipherSuiteData.Lookup.cs

Lines 1833 to 1836 in b2a670b

TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
new TlsCipherSuiteData()
{
KeyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman,

My understanding of ExchangeAlgorithmType.DiffieHellman is that it is for FF-DH, not ECDH. If a new enum value is added for ECDH then it would perhaps make sense to change the Unix PAL lookup to use the new enum instead of mixing it in with DiffieHellman.

@bartonjs
Copy link
Member

@karelz The enum is part of System.Net.Primitives and is logically part of SslStream, namespace notwithstanding.

@ghost
Copy link

ghost commented Jul 13, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

  • ExchangeAlgorithmType enum is missing 44550
  • I stumbled about this as I logged SslStream.KeyExchangeAlgorithm
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);

https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.keyexchangealgorithm?view=net-5.0

Configuration

.NET 5.0

Regression?

No, was never included.

Other information

See also Archived Forums > .NET Framework Class Libraries > SslStream.KeyExchangeAlgorithm 44550

Author: omghb
Assignees: -
Labels:

area-System.Net.Security, untriaged
Milestone: -

@karelz karelz added this to the Future milestone Jul 15, 2021
@karelz karelz added api-suggestion Early API idea and discussion, it is NOT ready for implementation and removed untriaged New issue has not been triaged by the area owner labels Jul 15, 2021
@rzikm rzikm mentioned this issue Mar 16, 2022
Closed
@rzikm
Copy link
Member

rzikm commented Mar 16, 2022

Looks like we explicitly group all Diffie-Hellman variants together to a single enum value (https://github.com/dotnet/runtime/blob/main/src/libraries/System.Net.Security/src/System/Net/Security/TlsCipherSuiteNameParser.ttinclude#L75-L96), we can do the same on Windows for consistency, or add new enum values and use them everywhere.

@bartonjs
Copy link
Member

I think a distinct value is better. Presumably SChannel agreed, as presumably 44550 is a number out of Windows SslStream.

If non-Windows is folding it down to FF-DH that's just because of a square-peg/round-hole (but-I-have-a-lathe!) problem.

@wfurt
Copy link
Member

wfurt commented Nov 16, 2022

triage: we should add new enum and fix up the mapping.

@wfurt wfurt modified the milestones: Future, 8.0.0 Nov 16, 2022
@wfurt wfurt added the help wanted [up-for-grabs] Good issue for external contributors label Nov 16, 2022
@wfurt wfurt mentioned this issue Nov 16, 2022
Closed
@wfurt wfurt modified the milestones: 8.0.0, Future Jun 6, 2023
@karelz karelz modified the milestones: Future, 9.0.0 Jul 18, 2023
@liveans liveans removed their assignment Oct 3, 2023
@rzikm rzikm self-assigned this Oct 4, 2023
@rzikm rzikm removed their assignment Oct 24, 2023
@rzikm rzikm removed the help wanted [up-for-grabs] Good issue for external contributors label Oct 24, 2023
@rzikm
Copy link
Member

rzikm commented Oct 24, 2023

Triage: It would be good to update all 3 enum types pertaining to the cipher suite properties to stay current and to report more detailed information for users who use the properties for auditing purposes.

@rzikm rzikm self-assigned this Mar 26, 2024
@rzikm
Copy link
Member

rzikm commented Mar 26, 2024
edited
Loading

I tried looking into adding more values so that we are on par with what we get from TLS ciphersuites in

runtime/src/libraries/System.Net.Security/src/System/Net/Security/TlsCipherSuiteNameParser.ttinclude

Lines 11 to 71 in f92b9ef

public enum ExchangeAlgorithmType
{
None,
Rsa,
DiffieHellmanStatic,
DiffieHellmanEphermal,
ECDiffieHellman,
ECDiffieHellmanEphermal,
Kerberos5,
PSK,
SRP,
ECCPWD,
Any,
}
public enum CipherAlgorithmType
{
Aes,
Aes128,
Aes192,
Aes256,
Des,
None,
Null,
Rc2,
Rc4,
TripleDes,
AesGcm,
AesCcm,
Aes128Gcm,
Aes256Gcm,
Aes128Ccm,
Aes128Ccm8,
Aes256Ccm,
Aes256Ccm8,
Camellia,
Camellia128,
Camellia256,
Camellia128Gcm,
Camellia256Gcm,
ChaCha20,
ChaCha20Poly1305,
Seed,
Idea,
Aria,
Aria128,
Aria256,
Aria128Gcm,
Aria256Gcm,
}
public enum HashAlgorithmType
{
None,
Md5,
Sha1,
Sha256,
Sha384,
Sha512,
Aead,
}

So far, there are following obstacles:

  • The numerical values of the enums seem to be the wincrypt.h algorithm identifier, but some algorithms are not supported by wincrypt and don't have such an identifier assigned, e.g. Kerberos5, ECCPWD, Camellia, ChaCha20, Aria*
  • related to the above, wincrypt alg ids don't seem to distinguish between GCM or CCM or CCM_8 modes of AES ciphers

@wfurt, @bartonjs do we care about using the same numbers as underlying windows crypto does? I think we could do without it and just use the lookup table we have for Unix on all OSes and gain also consistency.

@bartonjs
Copy link
Member

do we care about using the same numbers as underlying windows crypto does?

My gut says the numbers are the same so that no one had to write a mapping table; a convenience that only made sense when the framework was (largely) Windows-only. So, "no" (but we can't change any of the existing numbered things).

@wfurt
Copy link
Member

wfurt commented Mar 26, 2024

We had similar problem with https://learn.microsoft.com/en-us/dotnet/api/system.net.sockets.protocolfamily?view=net-8.0 There are some Linux specific so we put them to the end so they are less likely to collide with Windows numbering.
If Windows will ever supports them we will need to add some mapping like we do for other platforms.

@rzikm rzikm mentioned this issue Mar 27, 2024
Closed
@rzikm
Copy link
Member

rzikm commented Jun 26, 2024

Moving to 10.0.0 milestone as this is not critical to 9.0.0, but still would be nice to get it in.

@rzikm rzikm modified the milestones: 9.0.0, 10.0.0 Jun 26, 2024
@rzikm
Copy link
Member

rzikm commented Aug 14, 2024

Since #100361, the plan is to obsolete the enum, closing as won't do.

@rzikm rzikm closed this as not planned Won't fix, can't repro, duplicate, stale Aug 14, 2024
@rzikm rzikm removed their assignment Aug 14, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Sep 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-System.Net.Security
Projects
None yet
Milestone
10.0.0
Development

No branches or pull requests
7 participants
@vcsjones @karelz @bartonjs @wfurt @rzikm @liveans @omghb