• Stars
    star
    139
  • Rank 262,954 (Top 6 %)
  • Language Visual Basic 6.0
  • License
    MIT License
  • Created almost 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sockets with pure VB6 impl of TLS encryption

VbAsyncSocket

Simple and thin WinSock API wrappers for VB6 loosly based on the original CAsyncSocket wrapper in MFC.

Description

Base class cAsyncSocket wraps OS non-blocking sockets that can be used to implement various network components in VB6 -- clients and servers -- and supports both async and blocking network communications.

Additionally there is a source-compatible cTlsSocket class for transparent TLS transport layer encryption with several crypto backend implementations:

  1. mdTlsThunks is a pure VB6 with ASM thunks implementation for TLS 1.3 and (legacy) TLS 1.2 client-side and server-side support with no dependency on external libraries (like openssl)

  2. mdTlsNative is a native client-side and server-side TLS support using OS provided SSPI/Schannel library for all available protocol versions.

  3. mdTlsSodium is a stripped down compact backend with dependency on libsodium for crypto primitives (no ASM thunking used) with a total compiled size of 64KB.

The VB6 with thunks backend implementation auto-detects AES-NI and PCLMULQDQ instruction set availability on client machine and switches to performance optimized implementation of AES-GCM which is even faster that OS native SSPI/Schannel implementation of this cipher suit. The VB6 with thunks backend and native backend support legacy OSes up to NT 4.0 while libsodium DLL is compiled with XP support only.

Usage

Start by including src\cAsyncSocket.cls in your project to have a convenient wrapper of most WinSock API functions.

Optionally you can add src\cTlsSocket.cls and src\mdTlsThunks.bas pair of source files to your project for TLS secured connections using VB6 with thunks backend or add src\cTlsSocket.cls and src\mdTlsNative.bas pair of source files for an alternative backend using native OS provided SSPI/Schannel library.

WinHttpRequest Replacement Class

Start by including src\cAsyncSocket.cls, src\cTlsSocket.cls and src\mdTlsThunks.bas backend for TLS support (or any other backend) and finally add contrib\cHttpRequest.cls for the TLS 1.3 capable source-compatible replacement class.

Notice that the original Open method and Option property of the WinHttpRequest object have been suffixed with an underscore (_) in the replacement implementation (a limitation of the VB6 IDE) so some source-code fixes will be required to integrate the replacement cHttpRequest class.

Sample SMTP with STARTTLS

Here is a working sample with error checking omitted for brevity for accessing smtp.gmail.com over port 587.

At first the communication goes over unencrypted plain-text socket, then later it is switched to TLS secured one before issuing the final QUIT command.

With New cTlsSocket
    .SyncConnect "smtp.gmail.com", 587, UseTls:=False
    Debug.Print .SyncReceiveText();
    .SyncSendText "HELO 127.0.0.1" & vbCrLf
    Debug.Print .SyncReceiveText();
    .SyncSendText "STARTTLS" & vbCrLf
    Debug.Print .SyncReceiveText();
    .SyncStartTls "smtp.gmail.com"
    Debug.Print "TLS handshake complete: " & .RemoteHostName
    .SyncSendText "QUIT" & vbCrLf
    Debug.Print .SyncReceiveText();
End With

Which produces debug output in Immediate Window similar to this:

220 smtp.gmail.com ESMTP c69sm2955334lfg.23 - gsmtp
250 smtp.gmail.com at your service
220 2.0.0 Ready to start TLS
1428790.043 [INFO] Using TLS_AES_128_GCM_SHA256 from smtp.gmail.com [mdTlsThunks.pvTlsParseHandshakeServerHello]
1428790.057 [INFO] Valid ECDSA_SECP256R1_SHA256 signature [mdTlsThunks.pvTlsSignatureVerify]
TLS handshake complete: smtp.gmail.com
221 2.0.0 closing connection c69sm2955334lfg.23 - gsmtp

Is it any good?

Yes.

Implemented Cipher Suites

This list includes cipher suites as implemented in the ASM thunks backend while the native backend list depends on the OS version and SSPI/Schannel settings.

Cipher Suite FirstΒ In Selection String Notes
TLS_AES_128_GCM_SHA256 TLS 1.3 EECDH+AESGCM AEAD
TLS_AES_256_GCM_SHA384 TLS 1.3 EECDH+AESGCM AEAD
TLS_CHACHA20_POLY1305_SHA256 TLS 1.3 EECDH+AESGCM AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS 1.2 EECDH+AESGCM AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 EECDH+AESGCM AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS 1.2 EECDH+AESGCM AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 EECDH+AESGCM AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2 EECDH+CHACHA20 AEAD
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2 EECDH+CHACHA20 AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS 1.2 EECDH+AES+SHA256 Weak, Exotic
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 EECDH+AES+SHA256 Weak, Exotic
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS 1.2 EECDH+AES+SHA384 Weak, Exotic
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2 EECDH+AES+SHA384 Weak, Exotic
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLSv1 EECDH+AES+SHA1 Weak, HMAC-SHA1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLSv1 EECDH+AES+SHA1 Weak, HMAC-SHA1
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLSv1 EECDH+AES+SHA1 Weak, HMAC-SHA1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLSv1 EECDH+AES+SHA1 Weak, HMAC-SHA1
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 RSA+AESGCM Weak, No FS
TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 RSA+AESGCM Weak, No FS
TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 RSA+AES+SHA256 Weak, No FS, Exotic
TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2 RSA+AES+SHA256 Weak, No FS, Exotic
TLS_RSA_WITH_AES_128_CBC_SHA SSLv3 RSA+AES+SHA1 Weak, No FS, HMAC-SHA1
TLS_RSA_WITH_AES_256_CBC_SHA SSLv3 RSA+AES+SHA1 Weak, No FS, HMAC-SHA1

Note that "exotic" cipher suites are included behind a conditional compilation flag only (off by default).

ToDo

  • Allow client to assign client certificate for connection
  • Provide UI for end-user to choose suitable certificates from Personal certificate store
  • Add wrapper for http protocol
  • Add wrapper for ftp protocol
  • Add WinSock control replacement
  • Add more samples (incl. vbcurl.exe utility)
  • Refactor subclassing thunk to use msg queue not to re-enter IDE in debug mode

More Repositories

1

UMMM

Unattended Make My Manifest
VBA
54
star
2

ZipArchive

A single-class pure VB6 library for zip with ASM speed
Visual Basic 6.0
43
star
3

VszLib

7-zip VB6 Helper
VBA
40
star
4

VbRtcc

Runtime Tiny C Compiler for VB6
C
23
star
5

vbsqlite

Staticly compiled sqlite into a VB6 ActiveX dll
C
22
star
6

VBLLVM

LLVM bindings for VB6
C++
21
star
7

VbQRCodegen

QR Code generator library for VB6/VBA
Visual Basic 6.0
20
star
8

VBD3D11

A fairly complete VB6-compatible DirectX 11 type library
VBA
18
star
9

VbVncServer

Simple VNC Server in VB6 using DXGI Desktop Duplication
Visual Basic 6.0
17
star
10

ModernSubclassingThunk

The Modern Subclassing Thunk (MST) for VB6
C++
15
star
11

NinePatch

Nine Patch PNGs for VB6
VBA
15
star
12

VbPeg

PEG parser generator for VB6
Visual Basic
13
star
13

UnzipClass

VB6 Unzip Class
VBA
13
star
14

AlphaBlendImage

Poor Man's Transparent Image Control
13
star
15

Biff12Writer

A VB6 library for consuming/producing BIFF12 (.xlsb) spreadsheets
VBA
11
star
16

VBTixyLand

VBA
10
star
17

UsbBarcodeScanner

A VB6 sample project for HID/USB input devices enumeration and interception
Visual Basic
9
star
18

VbGcp

VB6 Google Cloud Print proxy
VBA
7
star
19

VbYoga

Facebook's Yoga bindings for VB6
Visual Basic
5
star
20

AsmBB

Unofficial AsmBB mirror
Assembly
5
star
21

RotServer

VB6 server registration in ROT
Visual Basic
4
star
22

VbUdpBroadcast

UDP Broadcast Forwarder
VBA
4
star
23

VbScalesReader

Serial Port Electronic Scales Weight Reader
Visual Basic 6.0
4
star
24

kscope

LLVM's Kaleidoscope Toy Language to Lua Transpiler
Lua
3
star
25

peg

Fork of Ian Piumarta's peg/leg 0.1.18
C
2
star
26

vbpithy

Pithy fast compression/decompression static component for VB6
C
2
star
27

ClipBar

Create and copy EAN barcode to clipboard
VBA
2
star
28

VbLessPass

VB LessPass Desktop Tool
Visual Basic 6.0
1
star
29

wqweto

1
star