[Mono-dev] BouncyCastle C# port under Mono

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Aug 21 13:29:46 EDT 2006 

Hello Carlos,

On Mon, 2006-08-21 at 12:04 -0400, Carlos J. Muentes wrote:
>     I don't mean to plug my software in this list, but I built a
> wrapper library for the .NET FCL encryption libraries.  

Are you sure about that ? ;-)

> It compiles in mono with no changes (I use it in a text editor app I
> built to provide encryption).  It's extremely simple to use, and I
> started building support for certificates, but haven't had time to
> finish it (it's licensed under the GPL, so changes are very welcome).
> Check it out here:
> http://www.rockwithme.org/index.php?option=com_remository&Itemid=37&func=fileinfo&id=3

You're right that the framework isn't easy to use, even for the most
simple things. Having a wrapper class for some common scenarios, like
yours, makes a lot of sense (but, as Miguel said, a GPL one may be a
little restrictive).

I had a very quick look at your library. It looks mostly correct except
for the following:


First, you're not using the power of the Fx design to help you. 

E.g. you should be able to have a single class accepting a
SymmetricAlgorithm instance (or, with a different ctor, an
AsymmetricAlgorithm and/or an X509Certificate ...) and hide all
difference inside your code.

This would reduce code duplication and make any (existing or future)
cryptographic algorithm usable by your library (without any more
work/code).


Second, you should also take care about non-portable API.

E.g. des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, /*Add a little salt
*/ new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64});

In this case this is not even 100% portable within Windows - because the
code will call the default CSP, which can be different from machine to
machine (and implement a different key derivation algorithm).

Note: Of course using a static salt isn't a good idea.


Finally (well from my quick look ;-) you should use "using" for
IDispose-able types. This will ensure that all the critical data will be
zeroize as soon as possible. This is "less" a problem when you're
dealing with strings (because of the way the VM deals with them) but a
good idea nevertheless (e.g. if you want to deal with private keys
later).

> 
> 
> On Mon, 2006-08-21 at 08:37 -0400, Sebastien Pouliot wrote: 
> > Hello Peter,
> > 
> > On Mon, 2006-08-21 at 16:17 +1000, Peter Dettman wrote:
> > > Hi all,
> > > 
> > > I want to report on my recent experiences getting the C# port of  
> > > BouncyCastle Crypto API (http://www.bouncycastle.org/csharp/) running on 
> > > Mono. It will be a reasonably brief report as it turned out to be mostly 
> > > painless :).
> > > 
> > > (BC is written entirely in C# for .NET 1.1 by the way).
> > 
> > BouncyCastle is a great cryptographic library. However it's C# port
> > doesn't use the cryptographic base classes of the FX so it somewhat
> > limits it's usefulness (e.g. yet another API to learn and difficult
> > interop with existing code).
> > 
> > > Here's what I did:
> > > - Installed Mono 1.1.13.6  and MonoDevelop 0.10 via the Ubuntu package 
> > > manager.
> > > - Imported the existing VS2003 solution file in MonoDevelop, and built 
> > > everything, with no significant issues.
> > > - The existing NAnt build file also seemed to work without modification 
> > > (although I am having a little trouble running the nunit tests via nant).
> > > - Ran our regression tests revealing only one failure, which I tracked 
> > > down to a bug in the x86 runtime (Bug# 79087), fixed in svn.
> > > 
> > > ...and that's all there was to it.
> > > 
> > > I certainly expected it to be more painful; that it wasn't is to the 
> > > credit of the Mono developers.
> > > 
> > > The regression tests take a few minutes to run, allowing a (very) 
> > > ballpark performance observation that Mono is about twice as slow as 
> > > MS.NET for running these tests. I guess anyone concerned with 
> > > performance of Mono might find some or all of these tests a useful 
> > > benchmark.
> > 
> > The results are similar to running our cryptographic code on top of the
> > MS runtime, i.e. they get twice as fast.
> > 
> > > I would be interested in hearing from people who are able to test 
> > > BC/Mono on other architectures than x86. The crypto algorithms do a lot 
> > > of bit/byte twiddling, and could potentially shake out similar problems 
> > > in other runtimes to the bug above.
> > 
> > You can get an approximate idea of the time required by other
> > architectures when looking at monobuild, compare the unit tests
> > execution time with the runtime build time. However the results will be
> > more "general" (and better reflect real-life scenarios) than CPU-bound
> > cryptographic tests.
> > 
> > > Cheers,
> > > Pete.
> > 
> > Thanks for the report!
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-devel-list mailing list