diff options
Diffstat (limited to 'core/crypto')
| -rw-r--r-- | core/crypto/SCsub | 3 | ||||
| -rw-r--r-- | core/crypto/aes_context.cpp | 4 | ||||
| -rw-r--r-- | core/crypto/aes_context.h | 10 | ||||
| -rw-r--r-- | core/crypto/crypto.cpp | 19 | ||||
| -rw-r--r-- | core/crypto/crypto.h | 23 | ||||
| -rw-r--r-- | core/crypto/crypto_core.cpp | 47 | ||||
| -rw-r--r-- | core/crypto/crypto_core.h | 30 | ||||
| -rw-r--r-- | core/crypto/hashing_context.cpp | 4 | ||||
| -rw-r--r-- | core/crypto/hashing_context.h | 10 |
9 files changed, 107 insertions, 43 deletions
diff --git a/core/crypto/SCsub b/core/crypto/SCsub index 4f3104d84b..9b7953fdc5 100644 --- a/core/crypto/SCsub +++ b/core/crypto/SCsub @@ -30,6 +30,9 @@ if not has_module: thirdparty_mbedtls_sources = [ "aes.c", "base64.c", + "constant_time.c", + "ctr_drbg.c", + "entropy.c", "md5.c", "sha1.c", "sha256.c", diff --git a/core/crypto/aes_context.cpp b/core/crypto/aes_context.cpp index b387aeb27d..8ff4f6a34c 100644 --- a/core/crypto/aes_context.cpp +++ b/core/crypto/aes_context.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ diff --git a/core/crypto/aes_context.h b/core/crypto/aes_context.h index cc00b18fd2..2121adfcc6 100644 --- a/core/crypto/aes_context.h +++ b/core/crypto/aes_context.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -32,10 +32,10 @@ #define AES_CONTEXT_H #include "core/crypto/crypto_core.h" -#include "core/object/reference.h" +#include "core/object/ref_counted.h" -class AESContext : public Reference { - GDCLASS(AESContext, Reference); +class AESContext : public RefCounted { + GDCLASS(AESContext, RefCounted); public: enum Mode { diff --git a/core/crypto/crypto.cpp b/core/crypto/crypto.cpp index f43f3e3290..d0fd4feaa5 100644 --- a/core/crypto/crypto.cpp +++ b/core/crypto/crypto.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -100,7 +100,7 @@ void Crypto::load_default_certificates(String p_path) { PackedByteArray Crypto::hmac_digest(HashingContext::HashType p_hash_type, PackedByteArray p_key, PackedByteArray p_msg) { Ref<HMACContext> ctx = Ref<HMACContext>(HMACContext::create()); - ERR_FAIL_COND_V_MSG(ctx.is_null(), PackedByteArray(), "HMAC is not available witout mbedtls module."); + ERR_FAIL_COND_V_MSG(ctx.is_null(), PackedByteArray(), "HMAC is not available without mbedtls module."); Error err = ctx->start(p_hash_type, p_key); ERR_FAIL_COND_V(err != OK, PackedByteArray()); err = ctx->update(p_msg); @@ -108,7 +108,7 @@ PackedByteArray Crypto::hmac_digest(HashingContext::HashType p_hash_type, Packed return ctx->finish(); } -// Compares two HMACS for equality without leaking timing information in order to prevent timing attakcs. +// Compares two HMACS for equality without leaking timing information in order to prevent timing attacks. // @see: https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy bool Crypto::constant_time_compare(PackedByteArray p_trusted, PackedByteArray p_received) { const uint8_t *t = p_trusted.ptr(); @@ -141,7 +141,7 @@ void Crypto::_bind_methods() { /// Resource loader/saver -RES ResourceFormatLoaderCrypto::load(const String &p_path, const String &p_original_path, Error *r_error, bool p_use_sub_threads, float *r_progress, CacheMode p_cache_mode) { +Ref<Resource> ResourceFormatLoaderCrypto::load(const String &p_path, const String &p_original_path, Error *r_error, bool p_use_sub_threads, float *r_progress, CacheMode p_cache_mode) { String el = p_path.get_extension().to_lower(); if (el == "crt") { X509Certificate *cert = X509Certificate::create(); @@ -157,8 +157,9 @@ RES ResourceFormatLoaderCrypto::load(const String &p_path, const String &p_origi return key; } else if (el == "pub") { CryptoKey *key = CryptoKey::create(); - if (key) + if (key) { key->load(p_path, true); + } return key; } return nullptr; @@ -184,7 +185,7 @@ String ResourceFormatLoaderCrypto::get_resource_type(const String &p_path) const return ""; } -Error ResourceFormatSaverCrypto::save(const String &p_path, const RES &p_resource, uint32_t p_flags) { +Error ResourceFormatSaverCrypto::save(const String &p_path, const Ref<Resource> &p_resource, uint32_t p_flags) { Error err; Ref<X509Certificate> cert = p_resource; Ref<CryptoKey> key = p_resource; @@ -200,7 +201,7 @@ Error ResourceFormatSaverCrypto::save(const String &p_path, const RES &p_resourc return OK; } -void ResourceFormatSaverCrypto::get_recognized_extensions(const RES &p_resource, List<String> *p_extensions) const { +void ResourceFormatSaverCrypto::get_recognized_extensions(const Ref<Resource> &p_resource, List<String> *p_extensions) const { const X509Certificate *cert = Object::cast_to<X509Certificate>(*p_resource); const CryptoKey *key = Object::cast_to<CryptoKey>(*p_resource); if (cert) { @@ -214,6 +215,6 @@ void ResourceFormatSaverCrypto::get_recognized_extensions(const RES &p_resource, } } -bool ResourceFormatSaverCrypto::recognize(const RES &p_resource) const { +bool ResourceFormatSaverCrypto::recognize(const Ref<Resource> &p_resource) const { return Object::cast_to<X509Certificate>(*p_resource) || Object::cast_to<CryptoKey>(*p_resource); } diff --git a/core/crypto/crypto.h b/core/crypto/crypto.h index 9438fcfea5..fb4f7dd88f 100644 --- a/core/crypto/crypto.h +++ b/core/crypto/crypto.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -35,7 +35,7 @@ #include "core/io/resource.h" #include "core/io/resource_loader.h" #include "core/io/resource_saver.h" -#include "core/object/reference.h" +#include "core/object/ref_counted.h" class CryptoKey : public Resource { GDCLASS(CryptoKey, Resource); @@ -67,8 +67,8 @@ public: virtual Error save(String p_path) = 0; }; -class HMACContext : public Reference { - GDCLASS(HMACContext, Reference); +class HMACContext : public RefCounted { + GDCLASS(HMACContext, RefCounted); protected: static void _bind_methods(); @@ -82,10 +82,11 @@ public: virtual PackedByteArray finish() = 0; HMACContext() {} + virtual ~HMACContext() {} }; -class Crypto : public Reference { - GDCLASS(Crypto, Reference); +class Crypto : public RefCounted { + GDCLASS(Crypto, RefCounted); protected: static void _bind_methods(); @@ -116,7 +117,7 @@ public: class ResourceFormatLoaderCrypto : public ResourceFormatLoader { public: - virtual RES load(const String &p_path, const String &p_original_path = "", Error *r_error = nullptr, bool p_use_sub_threads = false, float *r_progress = nullptr, CacheMode p_cache_mode = CACHE_MODE_REUSE); + virtual Ref<Resource> load(const String &p_path, const String &p_original_path = "", Error *r_error = nullptr, bool p_use_sub_threads = false, float *r_progress = nullptr, CacheMode p_cache_mode = CACHE_MODE_REUSE); virtual void get_recognized_extensions(List<String> *p_extensions) const; virtual bool handles_type(const String &p_type) const; virtual String get_resource_type(const String &p_path) const; @@ -124,9 +125,9 @@ public: class ResourceFormatSaverCrypto : public ResourceFormatSaver { public: - virtual Error save(const String &p_path, const RES &p_resource, uint32_t p_flags = 0); - virtual void get_recognized_extensions(const RES &p_resource, List<String> *p_extensions) const; - virtual bool recognize(const RES &p_resource) const; + virtual Error save(const String &p_path, const Ref<Resource> &p_resource, uint32_t p_flags = 0); + virtual void get_recognized_extensions(const Ref<Resource> &p_resource, List<String> *p_extensions) const; + virtual bool recognize(const Ref<Resource> &p_resource) const; }; #endif // CRYPTO_H diff --git a/core/crypto/crypto_core.cpp b/core/crypto/crypto_core.cpp index f90092056e..3cf7b6c310 100644 --- a/core/crypto/crypto_core.cpp +++ b/core/crypto/crypto_core.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -30,12 +30,55 @@ #include "crypto_core.h" +#include "core/os/os.h" + #include <mbedtls/aes.h> #include <mbedtls/base64.h> +#include <mbedtls/ctr_drbg.h> +#include <mbedtls/entropy.h> #include <mbedtls/md5.h> #include <mbedtls/sha1.h> #include <mbedtls/sha256.h> +// RandomGenerator +CryptoCore::RandomGenerator::RandomGenerator() { + entropy = memalloc(sizeof(mbedtls_entropy_context)); + mbedtls_entropy_init((mbedtls_entropy_context *)entropy); + mbedtls_entropy_add_source((mbedtls_entropy_context *)entropy, &CryptoCore::RandomGenerator::_entropy_poll, nullptr, 256, MBEDTLS_ENTROPY_SOURCE_STRONG); + ctx = memalloc(sizeof(mbedtls_ctr_drbg_context)); + mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx); +} + +CryptoCore::RandomGenerator::~RandomGenerator() { + mbedtls_ctr_drbg_free((mbedtls_ctr_drbg_context *)ctx); + memfree(ctx); + mbedtls_entropy_free((mbedtls_entropy_context *)entropy); + memfree(entropy); +} + +int CryptoCore::RandomGenerator::_entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len) { + *r_len = 0; + Error err = OS::get_singleton()->get_entropy(r_buffer, p_len); + ERR_FAIL_COND_V(err, MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); + *r_len = p_len; + return 0; +} + +Error CryptoCore::RandomGenerator::init() { + int ret = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx, mbedtls_entropy_func, (mbedtls_entropy_context *)entropy, nullptr, 0); + if (ret) { + ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret)); + } + return OK; +} + +Error CryptoCore::RandomGenerator::get_random_bytes(uint8_t *r_buffer, size_t p_bytes) { + ERR_FAIL_COND_V(!ctx, ERR_UNCONFIGURED); + int ret = mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *)ctx, r_buffer, p_bytes); + ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret)); + return OK; +} + // MD5 CryptoCore::MD5Context::MD5Context() { ctx = memalloc(sizeof(mbedtls_md5_context)); diff --git a/core/crypto/crypto_core.h b/core/crypto/crypto_core.h index 27b380e838..008e9e92b5 100644 --- a/core/crypto/crypto_core.h +++ b/core/crypto/crypto_core.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -31,13 +31,28 @@ #ifndef CRYPTO_CORE_H #define CRYPTO_CORE_H -#include "core/object/reference.h" +#include "core/object/ref_counted.h" class CryptoCore { public: + class RandomGenerator { + private: + void *entropy = nullptr; + void *ctx = nullptr; + + static int _entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len); + + public: + RandomGenerator(); + ~RandomGenerator(); + + Error init(); + Error get_random_bytes(uint8_t *r_buffer, size_t p_bytes); + }; + class MD5Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: MD5Context(); @@ -50,7 +65,7 @@ public: class SHA1Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: SHA1Context(); @@ -63,7 +78,7 @@ public: class SHA256Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: SHA256Context(); @@ -76,7 +91,7 @@ public: class AESContext { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: AESContext(); @@ -100,4 +115,5 @@ public: static Error sha1(const uint8_t *p_src, int p_src_len, unsigned char r_hash[20]); static Error sha256(const uint8_t *p_src, int p_src_len, unsigned char r_hash[32]); }; + #endif // CRYPTO_CORE_H diff --git a/core/crypto/hashing_context.cpp b/core/crypto/hashing_context.cpp index 070d2d4dd7..2ff540f798 100644 --- a/core/crypto/hashing_context.cpp +++ b/core/crypto/hashing_context.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ diff --git a/core/crypto/hashing_context.h b/core/crypto/hashing_context.h index 892a48a4e8..1a7cabf0f1 100644 --- a/core/crypto/hashing_context.h +++ b/core/crypto/hashing_context.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -31,10 +31,10 @@ #ifndef HASHING_CONTEXT_H #define HASHING_CONTEXT_H -#include "core/object/reference.h" +#include "core/object/ref_counted.h" -class HashingContext : public Reference { - GDCLASS(HashingContext, Reference); +class HashingContext : public RefCounted { + GDCLASS(HashingContext, RefCounted); public: enum HashType { |