Init

Source/include/slikenet/crypto/cryptomanager.h

@@ -0,0 +1,48 @@
+/*
+ *  Copyright (c) 2019, SLikeSoft UG (haftungsbeschr<68>nkt)
+ *
+ *  This source code is  licensed under the MIT-style license found in the license.txt
+ *  file in the root directory of this source tree.
+ */
+#pragma once
+
+#include <openssl/evp.h> // used for EVP_xxxx
+
+namespace SLNet
+{
+	namespace Experimental
+	{
+		namespace Crypto
+		{
+			class CCryptoManager
+			{
+			private:
+				// class members
+				// note: using distinct contexts for encryption/decryption to prevent potential for race conditions
+				// #med - consider moving to SessionEncrypter class
+				static EVP_CIPHER_CTX* m_decryptionContext;
+				static EVP_CIPHER_CTX* m_encryptionContext;
+				static unsigned char m_initializationVector[EVP_MAX_IV_LENGTH];
+				static unsigned char m_sessionKey[EVP_MAX_KEY_LENGTH];
+				static bool m_Initialized;
+
+			public:
+				// initialization
+				static bool Initialize();
+
+			public:
+				// session encryption
+				static bool EncryptSessionData(const unsigned char* plaintext, size_t dataLength, unsigned char* outBuffer, size_t& inOutBufferSize);
+				static bool DecryptSessionData(const unsigned char* encryptedtext, size_t dataLength, unsigned char* outBuffer, size_t& inOutBufferSize);
+				static bool GetRequiredEncryptionBufferSize(size_t& encryptionDataByteLength);
+
+			public:
+				// secure memory management methods
+				// #med - consider moving to separate class (SecureMemory/MemoryManager)
+				static void* AllocateSecureMemory(size_t size);
+				static void FreeSecureMemory(void* pointer, size_t size);
+				static void SecureClearMemory(void* pointer, size_t dataSize);
+			};
+		}
+	}
+}

Source/include/slikenet/crypto/factory.h

@@ -0,0 +1,26 @@
+/*
+ *  Copyright (c) 2018-2019, SLikeSoft UG (haftungsbeschr<68>nkt)
+ *
+ *  This source code is  licensed under the MIT-style license found in the license.txt
+ *  file in the root directory of this source tree.
+ */
+#pragma once
+
+#include "securestring.h"   // used for SLNet::Crypto::CSecureString
+#include "ifileencrypter.h" // used for SLNet::Crypto::IFileEncrypter
+
+namespace SLNet
+{
+	namespace Experimental
+	{
+		namespace Crypto
+		{
+			class Factory
+			{
+			public:
+				static IFileEncrypter* ConstructFileEncrypter(const char *publicKey, size_t publicKeyLength);
+				static IFileEncrypter* ConstructFileEncrypter(const char *publicKey, size_t publicKeyLength, const char *privateKey, size_t privateKeyLength, CSecureString& privateKeyPassword);
+			};
+		}
+	}
+}

Source/include/slikenet/crypto/fileencrypter.h

@@ -0,0 +1,53 @@
+/*
+ *  Copyright (c) 2018-2019, SLikeSoft UG (haftungsbeschr<68>nkt)
+ *
+ *  This source code is  licensed under the MIT-style license found in the license.txt
+ *  file in the root directory of this source tree.
+ */
+#pragma once
+
+#include "ifileencrypter.h"    // used for Crypto::IFileEncrypter
+#include "securestring.h"      // used for Crypto::CSecureString
+ #include <openssl/ossl_typ.h> // used for RSA
+
+namespace SLNet
+{
+	namespace Experimental
+	{
+		namespace Crypto
+		{
+			class CFileEncrypter : public IFileEncrypter
+			{
+				// member variables
+				RSA *m_privateKey;
+				EVP_PKEY *m_privatePKey;
+				RSA *m_publicKey;
+				EVP_PKEY *m_publicPKey;
+				unsigned char m_sigBuffer[1024];
+				char m_sigBufferBase64[1369]; // 1369 = 1368 (size of base64-encoded 1k signature which is 1024 / 3 * 4 (representing 1023 bytes) + 4 bytes for the last byte) + 1 byte for trailing \0-terminator
+
+				// constructor
+			public:
+				// #high - drop the default ctor again (provide load from file instead incl. routing through customized file open handlers)
+				CFileEncrypter();
+				CFileEncrypter(const char *publicKey, size_t publicKeyLength);
+				CFileEncrypter(const char *publicKey, size_t publicKeyLength, const char *privateKey, size_t privateKeyLength, CSecureString &password);
+				~CFileEncrypter();
+			
+				// signing methods
+			public:
+				const unsigned char* SignData(const unsigned char *data, const size_t dataLength) override;
+				const char* SignDataBase64(const unsigned char *data, const size_t dataLength) override;
+				// #med reconsider/review interface here (char / unsigned char)
+				bool VerifyData(const unsigned char *data, const size_t dataLength, const unsigned char *signature, const size_t signatureLength) override;
+				bool VerifyDataBase64(const unsigned char *data, const size_t dataLength, const char *signature, const size_t signatureLength) override;
+
+				// internal helpers
+			private:
+				static int PasswordCallback(char *buffer, int bufferSize, int, void *password);
+				const char* SetPrivateKey(const char *privateKey, size_t privateKeyLength, CSecureString &password);
+				const char* SetPublicKey(const char *publicKey, size_t publicKeyLength);
+			};
+		}
+	}
+}

Source/include/slikenet/crypto/ifileencrypter.h

@@ -0,0 +1,34 @@
+/*
+ *  Copyright (c) 2018-2019, SLikeSoft UG (haftungsbeschr<68>nkt)
+ *
+ *  This source code is  licensed under the MIT-style license found in the license.txt
+ *  file in the root directory of this source tree.
+ */
+#pragma once
+
+#include <cstddef> // required for size_t
+
+namespace SLNet
+{
+	namespace Experimental
+	{
+		namespace Crypto
+		{
+			class IFileEncrypter
+			{
+				// constructor / destructor
+			protected:
+				IFileEncrypter() = default;
+			public:
+				virtual ~IFileEncrypter() = default;
+
+				// signing methods
+			public:
+				virtual const unsigned char* SignData(const unsigned char* data, const size_t dataLength) = 0;
+				virtual const char* SignDataBase64(const unsigned char* data, const size_t dataLength) = 0;
+				virtual bool VerifyData(const unsigned char *data, const size_t dataLength, const unsigned char *signature, const size_t signatureLength) = 0;
+				virtual bool VerifyDataBase64(const unsigned char *data, const size_t dataLength, const char *signature, const size_t signatureLength) = 0;
+			};
+		}
+	}
+}

Source/include/slikenet/crypto/securestring.h

@@ -0,0 +1,54 @@
+/*
+*  Copyright (c) 2018-2019, SLikeSoft UG (haftungsbeschr<68>nkt)
+*
+*  This source code is licensed under the MIT-style license found in the license.txt
+*  file in the root directory of this source tree.
+*/
+
+#pragma once
+#include <cstddef> // required for size_t
+
+namespace SLNet
+{
+	namespace Experimental
+	{
+		namespace Crypto
+		{
+			// #med - consider CSecureMemoryBuffer and derive CSecureString from that class
+			//        difference would be implicit null-terminated buffer in string buffer (upon Decrypt calls)
+			// document: document Decrypt/FlushUnencryptedData() requirements for most secure handling
+			//           i.e. emphasize that FlushUnencryptedData() must be called after having called Decrypt() ASAP once access to the unencrypted data
+			//           data is no longer required
+			class CSecureString
+			{
+				// member variables
+			private:
+				bool m_UTF8Mode;
+				bool m_wasFlushed;
+				size_t m_EncryptedBufferSize;    // size of the buffer for the encrypted string
+				size_t m_numBufferSize;          // size of the actual supported string buffer (excluding the trailing \0-terminator)
+				size_t m_numBufferUsed;          // size of the available buffer currently used
+				size_t m_numEncryptedBufferUsed; // size of the encrypted buffer which is used and contains the encrypted data
+				size_t m_UnencryptedBufferSize;  // size of the buffer allocated to retrieve the decrypted string
+				unsigned char* m_EncryptedMemory;
+				char* m_UnencryptedBuffer;
+
+				// constructor / destructor
+			public:
+				CSecureString(const size_t maxBufferSize, const bool utf8Mode = false);
+				~CSecureString();
+
+				// container methods
+			public:
+				size_t AddChar(char* character);
+				bool RemoveLastChar();
+				void Reset();
+
+				// decryption methods
+			public:
+				const char* Decrypt();
+				void FlushUnencryptedData();
+			};
+		}
+	}
+}