mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.8.0.22

Browse Source 
Former-commit-id: df344e34b07851d296efb3e6604c8db42b6f7aa3
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2017-10-19 20:04:20 +00:00
parent 5f4a27cc8a
commit 7d05485754
5020 changed files with 114082 additions and 186061 deletions
Download Patch File Download Diff File Expand all files Collapse all files

255
external/corefx/Documentation/architecture/cross-platform-cryptography.md vendored Normal file
View File

@@ -0,0 +1,255 @@
Cross-Platform Cryptography
===========================
Cryptographic operations in .NET are performed by existing system libraries.
As with most technological decisions, there are various pros and cons.
Since the system already has a vested interest in making the cryptography libraries safe from security vulnerabilities,
and already has an update mechanism that system administrators should be using, .NET gets to benefit from this reliability.
Users who have requirements to use FIPS-validated algorithm implementations also get that benefit for free (when the system
libraries are FIPS-validated, of course).
The biggest con is that not all system libraries offer the same capabilities.
While the core capabilities are present across the various platforms, there are some rough edges.
### Versioning
In .NET Core 1.0 and .NET Core 1.1 the macOS implementation of the cryptography classes was based on OpenSSL.
In .NET Core 2.0 the dependency was changed to use Apple's Security.framework.
Within this document "macOS" should use the values for "Linux" if running .NET Core 1.x, as .NET Core uses OpenSSL in all Linux versions.
## Hash Algorithms
Hash algorithms, and HMAC algorithms, are very standard bytes-in-bytes-out operations.
All hash algorithm (and HMAC) classes in .NET Core defer to the system libraries (including the \*Managed classes).
While the various system libraries may have different performance, there should not be concerns of compatibility.
In the future there is a possibility that new hash algorithms may be added to .NET Core before one (or more) supported platforms have system support for the algorithm.
This would result in a `PlatformNotSupportedException` when invoking the `Create()` method for the algorithm.
## Symmetric Encryption
The underlying ciphers and chaining are performed by the system libraries.
| Cipher + Mode | Windows | Linux | macOS |
|---------------|---------|-------|-------|
| AES-CBC | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| AES-ECB | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 3DES-CBC | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 3DES-ECB | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| DES-CBC | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| DES-ECB | :white_check_mark: | :white_check_mark: | :white_check_mark: |
In the future there is a possibility that new ciphers may be added to .NET Core before one (or more) supported platforms have system support for it.
This would result in a `PlatformNotSupportedException` when invoking the `Create()` method for the algorithm.
In the future there is a possibility that new cipher/chaining modes may be added to .NET Core before one (or more) supported platforms have system support for it.
This would result in a `PlatformNotSupportedException` when invoking the `CreateEncryptor()` or `CreateDecryptor()` methods for the algorithm (or overloads to those methods).
In the future there is a possibility that new cipher/chaining modes may be added to .NET Core and that these new modes may not apply to all symmetric algorithms.
This would likely result in a `NotSupportedException` when using the set-accessor of the `Mode` property on the `SymmetricAlgorithm` object, but this prediction is subject to change.
## Asymmetric Cryptography
### RSA
RSA key generation is performed by the system libraries, and is subject to size limitations and performance characteristics thereof.
RSA key operations are performed by the system libraries, and the types of key that may be loaded are subject to system requirements.
.NET Core does not expose "raw" (unpadded) RSA operations, and .NET Core relies on the system libraries for encryption (and decryption) padding.
Not all platforms support the same padding options.
| Padding Mode | Windows (CNG) | Linux (OpenSSL) | macOS | Windows (CAPI) |
|--------------|---------------|-----------------|-------|----------------|
| PKCS1 Encryption | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| OAEP - SHA-1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| OAEP - SHA-2 (SHA256, SHA384, SHA512) | :white_check_mark: | :x: | :x: | :x: |
| PKCS1 Signature (MD5, SHA-1) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| PKCS1 Signature (SHA-2) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :question: |
| PSS | :white_check_mark: | :x: | :x: | :x: |
Windows CAPI is capable of PKCS1 signature with a SHA-2 algorithm, but the individual RSA object may be loaded in a CSP which does not support it.
#### RSA on Windows
* Windows CNG is used on Windows whenever `new RSACng()` is used.
* Windows CAPI is used on Windows whenever `new RSACryptoServiceProvider()` is used.
* The object returned by `RSA.Create()` is internally powered by Windows CNG, but this is an implementation detail subject to change.
* The `GetRSAPublicKey()` extension method for X509Certificate2 will currently always return an RSACng instance, but this could change as the platform evolves.
* The `GetRSAPrivateKey()` extension method for X509Certiicate2 will currently prefer an RSACng instance, but if RSACng cannot open the key RSACryptoServiceProvider will be attempted.
* In the future other providers could be preferred over RSACng.
#### Native Interop
.NET Core exposes types to allow programs to interoperate with the system libraries upon which the .NET cryptography code is layered.
The types involved do not translate between platforms, and should only be directly used when necessary.
| Type | Windows | Linux | macOS |
|------|---------|-------|-------|
| RSACryptoServiceProvider | :white_check_mark: | :question: | :question: |
| RSACng | :white_check_mark: | :x: | :x: |
| RSAOpenSsl | :x: | :white_check_mark: | :question: |
RSAOpenSsl on macOS works if OpenSSL is installed in the system and an appropriate libcrypto dylib can be found via dynamic library loading, otherwise exceptions will be thrown.
On non-Windows systems RSACryptoServiceProvider can be used for compatibility with existing programs, but a `PlatformNotSupportedException` will be thrown from any method which requires system interop, such as opening a named key.
### ECDSA
ECDSA key generation is performed by the system libraries, and is subject to size limitations and performance characteristics thereof.
ECDSA key curves are defined by the system libraries, and are subject to the limitations thereof.
| EC Curve | Windows 10 | Windows 7 - 8.1 | Linux | macOS |
|----------|------------|-------|-------|-----------------|
| NIST P-256 (secp256r1) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| NIST P-384 (secp384r1) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| NIST P-521 (secp521r1) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| brainpool curves (as named curves) | :white_check_mark: | :x: | :question: | :x: |
| other named curves | :question: | :x: | :question: | :x: |
| explicit curves | :white_check_mark: | :x: | :white_check_mark: | :x: |
| Export or import as explicit | :white_check_mark: | :x: | :white_check_mark: | :x: |
Support for named curves was added to Windows CNG in Windows 10, and is not available in prior OSes, with the exception of the three curves which had special support in Windows 7.
See [CNG Named Elliptic Curves](https://msdn.microsoft.com/en-us/library/windows/desktop/mt632245(v=vs.85).aspx) for the expected support.
Not all Linux distributions have support for the same named curves.
Exporting with explicit curve parameters requires system library support which is not available on macOS or older versions of Windows.
#### Native Interop
.NET Core exposes types to allow programs to interoperate with the system libraries upon which the .NET cryptography code is layered.
The types involved do not translate between platforms, and should only be directly used when necessary.
| Type | Windows | Linux | macOS |
|------|---------|-------|-------|
| ECDsaCng | :white_check_mark: | :x: | :x: |
| ECDsaOpenSsl | :x: | :white_check_mark: | :question: |
ECDsaOpenSsl on macOS works if OpenSSL is installed in the system and an appropriate libcrypto dylib can be found via dynamic library loading, otherwise exceptions will be raised.
### DSA
DSA key generation is performed by the system libraries, and is subject to size limitations and performance characteristics thereof.
| Function | Windows CNG | Linux | macOS | Windows CAPI |
|----------|-------------|-------|-------|--------------|
| Key creation (<= 1024 bits) | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: |
| Key creation (> 1024 bits) | :white_check_mark: | :white_check_mark: | :x: | :x: |
| Loading keys (<= 1024 bits) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Loading keys (> 1024 bits) | :white_check_mark: | :white_check_mark: | :question: | :x: |
| FIPS 186-2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| FIPS 186-3 (SHA-2 signatures) | :white_check_mark: | :white_check_mark: | :x: | :x: |
macOS seems to be capable of loading DSA keys whose size exceeds 1024-bit, but does not perform FIPS 186-3 behaviors with those keys, so the behavior of those keys is undefined.
#### DSA on Windows
* Windows CNG is used on Windows whenever `new DSACng()` is used.
* Windows CAPI is used on Windows whenever `new DSACryptoServiceProvider()` is used.
* The object returned by `DSA.Create()` is internally powered by Windows CNG, but this is an implementation detail subject to change.
* The `GetDSAPublicKey()` extension method for X509Certificate2 will currently always return an DSACng instance, but this could change as the platform evolves.
* The `GetDSAPrivateKey()` extension method for X509Certiicate2 will currently prefer an DSACng instance, but if DSACng cannot open the key DSACryptoServiceProvider will be attempted.
* In the future other providers could be preferred over DSACng.
#### Native Interop
.NET Core exposes types to allow programs to interoperate with the system libraries upon which the .NET cryptography code is layered.
The types involved do not translate between platforms, and should only be directly used when necessary.
| Type | Windows | Linux | macOS |
|------|---------|-------|-------|
| DSACryptoServiceProvider | :white_check_mark: | :question: | :question: |
| DSACng | :white_check_mark: | :x: | :x: |
| DSAOpenSsl | :x: | :white_check_mark: | :question: |
DSAOpenSsl on macOS works if OpenSSL is installed in the system and an appropriate libcrypto dylib can be found via dynamic library loading, otherwise exceptions will be raised.
On non-Windows systems RSACryptoServiceProvider can be used for compatibility with existing programs, but a `PlatformNotSupportedException` will be thrown from any method which requires system interop, such as opening a named key.
## X.509 Certificates
The majority of support for X.509 certificates in .NET Core comes from system libraries.
All certificates are required to be loaded by the underlying system library to be loaded into an `X509Certificate2` instance in .NET Core (or an `X509Certificate` instance).
### Reading a PKCS12/PFX
| Scenario | Windows | Linux | macOS |
|----------|---------|-------|-------|
| Empty | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| One certificate, no private key | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| One certificate, with private key | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Multiple certificates, no private keys | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Multiple certificates, one private key | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Multiple certificates, multiple private keys | :white_check_mark: | :x: | :white_check_mark: |
### Writing a PKCS12/PFX
| Scenario | Windows | Linux | macOS |
|----------|---------|-------|-------|
| Empty | :white_check_mark: | :white_check_mark: | :x: |
| One certificate, no private key | :white_check_mark: | :white_check_mark: | :x: |
| One certificate, with private key | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Multiple certificates, no private keys | :white_check_mark: | :white_check_mark: | :x: |
| Multiple certificates, one private key | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Multiple certificates, multiple private keys | :white_check_mark: | :x: | :white_check_mark: |
| Ephemeral loading | :white_check_mark: | :white_check_mark: | :x: |
macOS cannot load certificate private keys without a keychain object, which requires writing to disk.
Keychains are created automatically for PFX loading, and are deleted when no longer in use.
Since the `X509KeyStorageFlags.EphemeralKeySet` option means that the private key should not be written to disk, asserting that flag on macOS results in a `PlatformNotSupportedException`.
### Writing a PKCS7 certificate collection
Windows and Linux both emit DER-encoded PKCS7 blobs. macOS emits indefinite-length-CER-encoded PKCS7 blobs.
### X509Store
On Windows the X509Store class is a representation of the Windows Certificate Store APIs, and work the same as they did on .NET Framework.
On Linux the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-write), and user key storage (read-write).
On macOS the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-only), and user key storage (read-write).
| Scenario | Windows | Linux | macOS |
|----------|---------|-------|-------|
| Open CurrentUser\My (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Open CurrentUser\My (ReadWrite) | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Open CurrentUser\My (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: |
| Open LocalMachine\My | :white_check_mark: | `CryptographicException` | :white_check_mark: |
| Open CurrentUser\Root (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Open CurrentUser\Root (ReadWrite) | :white_check_mark: | :white_check_mark: | `CryptographicException` |
| Open CurrentUser\Root (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) |
| Open LocalMachine\Root (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Open LocalMachine\Root (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` |
| Open LocalMachine\Root (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) |
| Open CurrentUser\Disallowed (ReadOnly) | :white_check_mark: | :question: | :white_check_mark: |
| Open CurrentUser\Disallowed (ReadWrite) | :white_check_mark: | :question: | `CryptographicException` |
| Open CurrentUser\Disallowed (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) |
| Open LocalMachine\Disallowed (ReadOnly) | :white_check_mark: | `CryptographicException` | :white_check_mark: |
| Open LocalMachine\Disallowed (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` |
| Open LocalMachine\Disallowed (ExistingOnly) | :white_check_mark: | `CryptographicException` | :white_check_mark: (if ReadOnly) |
| Open non-existant store (ExistingOnly) | `CryptographicException` | `CryptographicException` | `CryptographicException` |
| Open CurrentUser non-existant store (ReadWrite) | :white_check_mark: | :white_check_mark: | `CryptographicException` |
| Open LocalMachine non-existant store (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` |
On Linux stores are created on first-write, and no user stores exist by default, so opening CurrentUser\My with ExistingOnly may fail.
On Linux the Disallowed store is not used in chain building, and attempting to add contents to it will result in a `CryptographicException` being thrown.
A `CryptographicException` will be thrown when opening the Disallowed store on Linux if it has already acquired contents.
The LocalMachnie\Root store on Linux is an interpretation of the CA bundle in the default path for OpenSSL.
The LocalMachine\Intermediate store on Linux is an interpretation of the CA bundle in the default path for OpenSSL.
The CurrentUser\Intermediate store on Linux is used as a cache when downloading intermediate CAs by their Authority Information Access records on successful X509Chain builds.
On macOS the CurrentUser\My store is the user's default keychain (login.keychain, by default).
The LocalMachine\My store is System.keychain.
The CurrentUser\Root store on macOS is an interpretation of the SecTrustSettings results for the user trust domain.
The LocalMachine\Root store on macOS is an interpretation of the SecTrustSettings results for the admin and system trust domains.
The CurrentUser\Disallowed and LocalMachine\Disallowed stores are interpretations of the appropriate SecTrustSettings results for certificates whose trust is set to Always Deny.
Keychain creation on macOS requires more input than is captured with the X509Store API, so attempting to create a new store will fail with a `PlatformNotSupportedException`.
If a keychain is opened by P/Invoke to SecKeychainOpen, the resulting `IntPtr` can be passed to `new X509Store(IntPtr)` to obtain a read/write-capable store (subject to the current user's permissions).
### X509Chain
macOS does not support Offline CRL utilization, so `X509RevocationMode.Offline` is treated as `X509RevocationMode.Online`.
macOS does not support a user-initiated timeout on CRL/OCSP/AIA downloading, so `X509ChainPolicy.UrlRetrievalTimeout` is ignored.
OCSP is not supported on Linux, CRLs are required for `X509RevocationMode.Offline` or `X509RevocationMode.Online`.

120
external/corefx/Documentation/architecture/globalization-invariant-mode.md vendored Normal file
View File

@@ -0,0 +1,120 @@
# .NET Core Globalization Invariant Mode
Author: [Tarek Mahmoud Sayed](https://github.com/tarekgh)
The globalization invariant mode - new in .NET Core 2.0 - enables you to remove application dependencies on globalization data and [globalization behavior](https://docs.microsoft.com/en-us/dotnet/standard/globalization-localization/). This mode is an opt-in feature that provides more flexibility if you care more about reducing dependencies and the size of distribution than globalization functionality or globalization-correctness.
The drawback of running in the invariant mode is applications will get poor globalization support. This new option is only recommended for developers that understand globalization and the impact of its absence.
The following scenarios are affected when the invariant mode is enabled. Their invariant mode behavior is defined in this document.
- Cultures and culture data
- String casing
- String sorting and searching
- Sort keys
- String Normalization
- Internationalized Domain Names (IDN) support
- Time Zone display name on Linux
## Background
Globalization rules and the data that represents those rules frequently change, often due to country-specific policy changes (for example, changes in currency symbol, sorting behavior or time zones). Developers expect globalization behavior to always be current and for their applications to adapt to new data over time. In order to keep up with those changes, .NET Core (and the .NET Framework, too) depends on the underlying OS to keep up with these changes.
Relying on the underlying OS for globalization data has the following benefits:
* .NET apps have the same globalization behavior on a given OS as native apps (assuming they also rely on the OS).
* .NET apps do not have to carry this data.
* The .NET team doesn't have to maintain this data themselves (it's very expensive to do this!).
Globalization support has the following potential challenges for applications:
* Different behavior across OSes (and potentially OS versions).
* Installing/carrying the [ICU](http://icu-project.org) package on Linux (~28 MB).
Note: On Linux, .NET Core relies on globalization data from ICU. For example, [.NET Core Linux Docker images](https://github.com/dotnet/dotnet-docker/blob/master/2.0/runtime-deps/stretch/Dockerfile) install this component. Globalization data is available on Windows and macOS as part of their base installs.
## Cultures and culture data
When enabling the invariant mode, all cultures behave like the invariant culture. The invariant culture has the following characteristics:
* Culture names (English, native display, ISO, language names) will return invariant names. For instance, when requesting culture native name, you will get "Invariant Language (Invariant Country)".
* All cultures LCID will have value 0x1000 (which means Custom Locale ID). The exception is the invariant cultures which will still have 0x7F.
* All culture parents will be invariant. In other word, there will not be any neutral cultures by default but the apps can still create a culture like "en".
* The application can still create any culture (e.g. "en-US") but all the culture data will still be driven from the Invariant culture. Also, the culture name used to create the culture should conform to [BCP 47 specs](https://tools.ietf.org/html/bcp47).
* All Date/Time formatting and parsing will use fixed date and time patterns. For example, the short date will be "MM/dd/yyyy" regardless of the culture used. Applications having old formatted date/time strings may not be able to parse such strings without using ParseExact.
* Numbers will always be formatted as the invariant culture. For example, decimal point will always be formatted as ".". Number strings previously formatted with cultures that have different symbols will fail parsing.
* All cultures will have currency symbol as "¤"
* Culture enumeration will always return a list with one culture which is the invariant culture.
## String casing
String casing (ToUpper and ToLower) will be performed for the ASCII range only. Requests to case code points outside that range will not be performed, however no exception will be thrown. In other words, casing will only be performed for character range ['a'..'z'].
Turkish I casing will not be supported when using Turkish cultures.
## String sorting and searching
String operations like [Compare](https://docs.microsoft.com/dotnet/api/?term=string.compare), [IndexOf](https://docs.microsoft.com/dotnet/api/?term=string.indexof) and [LastIndexOf](https://docs.microsoft.com/dotnet/api/?term=string.lastindexof) are always performed as [ordinal](https://en.wikipedia.org/wiki/Ordinal_number) and not linguistic operations regardless of the string comparing options passed to the APIs.
The [ignore case](https://docs.microsoft.com/dotnet/api/system.globalization.compareoptions.ignorecase) string sorting option is supported but only for the ASCII range as mentioned previously.
For example, the following comparison will resolve to being unequal:
* 'i', compared to
* Turkish I '\u0130', given
* Turkish culture, using
* CompareOptions.Ignorecase
However, the following comparison will resolve to being equal:
* 'i', compared to
* 'I', using
* CompareOptions.Ignorecase
It is worth noticing that all other [sort comparison options](https://docs.microsoft.com/dotnet/api/system.globalization.compareoptions) (for example, ignore symbols, ignore space, Katakana, Hiragana) will have no effect in the invariant mode (they are ignored).
## Sort keys
Sort keys are used mostly when indexing some data (for example, database indexing). When generating sort keys of 2 strings and comparing the sort keys the results should hold the exact same results as if comparing the original 2 strings. In the invariant mode, sort keys will be generated according to ordinal comparison while respecting ignore casing options.
## String normalization
String normalization normalizes a string into some form (for example, composed, decomposed forms). Normalization data is required to perform these operations, which isn't available in invariant mode. In this mode, all strings are considered as already normalized, per the following behavior:
* If the app requested to normalize any string, the original string is returned without modification.
* If the app asked if any string is normalized, the return value will always be `true`.
## Internationalized Domain Names (IDN) support
[Internationalized Domain Names](https://en.wikipedia.org/wiki/Internationalized_domain_name) require globalization data to perform conversion to ASCII or Unicode forms, which isn't available in the invariant mode. In this mode, IDN functionality has the following behavior:
* IDN support doesn't conform to the latest standard.
* IDN support will be incorrect if the input IDN string is not normalized since normalization is not supported in invariant mode.
* Some basic IDN strings will still produce correct values.
## Time zone display name in Linux
When running on Linux, ICU is used to get the time zone display name. In invariant mode, the standard time zone names are returned instead.
## Enabling the invariant mode
Applications can enable the invariant mode by setting the config switch System.Globalization.Invariant to true, in the `runtimeconfig.json` file, as you can see in the following example:
```json
{
"runtimeOptions": {
"configProperties": {
"System.Globalization.Invariant": true
},
}
}
```
## APP behavior with and without the invariant config switch
- If the invariant config switch is not set or it is set false
- The framework will depend on the OS for the globalization support.
- On Linux, if the ICU package is not installed, the application will fail to start.
- If the invariant config switch is defined and set to true
- The invariant mode will be enabled and the app will get the behavior described in this document
- Globalization data will not be used, even if available.