GitHub/GameNetworkingSockets
1
0
Fork 0
mirror of https://github.com/ValveSoftware/GameNetworkingSockets.git synced 2026-05-29 16:20:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto: normalize indentation via editorconfig, NFC

Browse Source 
Signed-off-by: Steven Noonan <steven@valvesoftware.com>
This commit is contained in:
Steven Noonan
2020-09-03 15:31:24 -07:00
parent 0eedd618eb
commit e6a91dae1c
6 changed files with 242 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/common/crypto_25519_libsodium.cpp
+69 -69
View File
@@ -19,130 +19,130 @@ bool CEC25519KeyBase::IsValid() const
uint32 CEC25519KeyBase::GetRawData( void *pData ) const
{
return CCryptoKeyBase_RawBuffer::GetRawData( pData );
return CCryptoKeyBase_RawBuffer::GetRawData( pData );
}
void CEC25519KeyBase::Wipe()
{
CCryptoKeyBase_RawBuffer::Wipe();
CCryptoKeyBase_RawBuffer::Wipe();
}
bool CEC25519KeyBase::SetRawData( const void *pData, size_t cbData )
{
if ( cbData != 32 )
if ( cbData != 32 )
return false;
return CCryptoKeyBase_RawBuffer::SetRawData( pData, cbData );
}
bool CCrypto::PerformKeyExchange( const CECKeyExchangePrivateKey &localPrivateKey, const CECKeyExchangePublicKey &remotePublicKey, SHA256Digest_t *pSharedSecretOut )
{
Assert( localPrivateKey.IsValid() );
Assert( remotePublicKey.IsValid() );
Assert( localPrivateKey.IsValid() );
Assert( remotePublicKey.IsValid() );
if ( !localPrivateKey.IsValid() || !remotePublicKey.IsValid() )
{
// Fail securely - generate something that won't be the same on both sides!
GenerateRandomBlock( *pSharedSecretOut, sizeof( SHA256Digest_t ) );
return false;
}
if ( !localPrivateKey.IsValid() || !remotePublicKey.IsValid() )
{
// Fail securely - generate something that won't be the same on both sides!
GenerateRandomBlock( *pSharedSecretOut, sizeof( SHA256Digest_t ) );
return false;
}
uint8 bufSharedSecret[32];
uint8 bufLocalPrivate[32];
uint8 bufRemotePublic[32];
uint8 bufSharedSecret[32];
uint8 bufLocalPrivate[32];
uint8 bufRemotePublic[32];
localPrivateKey.GetRawData(bufLocalPrivate);
remotePublicKey.GetRawData(bufRemotePublic);
localPrivateKey.GetRawData(bufLocalPrivate);
remotePublicKey.GetRawData(bufRemotePublic);
const int nResult = crypto_scalarmult_curve25519(bufSharedSecret, bufLocalPrivate, bufRemotePublic);
const int nResult = crypto_scalarmult_curve25519(bufSharedSecret, bufLocalPrivate, bufRemotePublic);
SecureZeroMemory( bufLocalPrivate, 32 );
SecureZeroMemory( bufRemotePublic, 32 );
SecureZeroMemory( bufLocalPrivate, 32 );
SecureZeroMemory( bufRemotePublic, 32 );
if(nResult != 0)
{
return false;
}
if(nResult != 0)
{
return false;
}
GenerateSHA256Digest( bufSharedSecret, sizeof(bufSharedSecret), pSharedSecretOut );
SecureZeroMemory( bufSharedSecret, 32 );
GenerateSHA256Digest( bufSharedSecret, sizeof(bufSharedSecret), pSharedSecretOut );
SecureZeroMemory( bufSharedSecret, 32 );
return true;
return true;
}
void CECSigningPrivateKey::GenerateSignature( const void *pData, size_t cbData, CryptoSignature_t *pSignatureOut ) const
{
if ( !IsValid() )
if ( !IsValid() )
{
AssertMsg( false, "Key not initialized, cannot generate signature" );
sodium_memzero( pSignatureOut, sizeof( CryptoSignature_t ) );
sodium_memzero( pSignatureOut, sizeof( CryptoSignature_t ) );
return;
}
// libsodium secret key is concatenation of:
// seed (i.e. what everyone else calls the secret key)
// public key
// libsodium secret key is concatenation of:
// seed (i.e. what everyone else calls the secret key)
// public key
uint8 bufSodiumSecret[crypto_sign_ed25519_SECRETKEYBYTES];
uint8 bufSodiumSecret[crypto_sign_ed25519_SECRETKEYBYTES];
Assert( CCryptoKeyBase_RawBuffer::GetRawDataSize() == 32 );
Assert( sizeof(m_publicKey) == 32 );
Assert( crypto_sign_ed25519_SECRETKEYBYTES == 64 );
Assert( CCryptoKeyBase_RawBuffer::GetRawDataSize() == 32 );
Assert( sizeof(m_publicKey) == 32 );
Assert( crypto_sign_ed25519_SECRETKEYBYTES == 64 );
memcpy(bufSodiumSecret, CCryptoKeyBase_RawBuffer::GetRawDataPtr(), 32 );
memcpy(bufSodiumSecret + 32, m_publicKey, sizeof(m_publicKey));
memcpy(bufSodiumSecret, CCryptoKeyBase_RawBuffer::GetRawDataPtr(), 32 );
memcpy(bufSodiumSecret + 32, m_publicKey, sizeof(m_publicKey));
crypto_sign_ed25519_detached(*pSignatureOut, nullptr, static_cast<const unsigned char*>( pData ), cbData, bufSodiumSecret );
sodium_memzero(bufSodiumSecret, sizeof(bufSodiumSecret) );
crypto_sign_ed25519_detached(*pSignatureOut, nullptr, static_cast<const unsigned char*>( pData ), cbData, bufSodiumSecret );
sodium_memzero(bufSodiumSecret, sizeof(bufSodiumSecret) );
}
bool CECSigningPublicKey::VerifySignature( const void *pData, size_t cbData, const CryptoSignature_t &signature ) const
{
if ( !IsValid() )
if ( !IsValid() )
{
AssertMsg( false, "Key not initialized, cannot verify signature" );
return false;
}
return crypto_sign_ed25519_verify_detached( signature, static_cast<const unsigned char*>( pData ), cbData, CCryptoKeyBase_RawBuffer::GetRawDataPtr() ) == 0;
return crypto_sign_ed25519_verify_detached( signature, static_cast<const unsigned char*>( pData ), cbData, CCryptoKeyBase_RawBuffer::GetRawDataPtr() ) == 0;
}
bool CEC25519PrivateKeyBase::CachePublicKey()
{
// Need to convert the private key into a public key here
// then store in m_publicKey
if ( !IsValid() )
{
return false;
}
if ( m_eKeyType == k_ECryptoKeyTypeKeyExchangePrivate )
// then store in m_publicKey
if ( !IsValid() )
{
// Get public key from secret key
AssertMsg( sizeof(m_publicKey) == crypto_scalarmult_curve25519_bytes(), "Public key size mismatch." );
AssertMsg( CCryptoKeyBase_RawBuffer::GetRawDataSize() == crypto_scalarmult_curve25519_scalarbytes(), "Private key size mismatch." );
return false;
}
crypto_scalarmult_curve25519_base( m_publicKey, CCryptoKeyBase_RawBuffer::GetRawDataPtr() );
}
else if ( m_eKeyType == k_ECryptoKeyTypeSigningPrivate )
{
// Convert ed25519 private signing key to ed25519 public key
// Note that what everyone else calls the private key, libsodium calls the seed
AssertMsg( sizeof(m_publicKey) == crypto_sign_ed25519_publickeybytes(), "Public key size mismatch." );
AssertMsg( CCryptoKeyBase_RawBuffer::GetRawDataSize() == crypto_sign_ed25519_seedbytes(), "Private key size mismatch." );
if ( m_eKeyType == k_ECryptoKeyTypeKeyExchangePrivate )
{
// Get public key from secret key
AssertMsg( sizeof(m_publicKey) == crypto_scalarmult_curve25519_bytes(), "Public key size mismatch." );
AssertMsg( CCryptoKeyBase_RawBuffer::GetRawDataSize() == crypto_scalarmult_curve25519_scalarbytes(), "Private key size mismatch." );
unsigned char h[crypto_hash_sha512_BYTES];
crypto_scalarmult_curve25519_base( m_publicKey, CCryptoKeyBase_RawBuffer::GetRawDataPtr() );
}
else if ( m_eKeyType == k_ECryptoKeyTypeSigningPrivate )
{
// Convert ed25519 private signing key to ed25519 public key
// Note that what everyone else calls the private key, libsodium calls the seed
AssertMsg( sizeof(m_publicKey) == crypto_sign_ed25519_publickeybytes(), "Public key size mismatch." );
AssertMsg( CCryptoKeyBase_RawBuffer::GetRawDataSize() == crypto_sign_ed25519_seedbytes(), "Private key size mismatch." );
crypto_sign_ed25519_seed_keypair( m_publicKey, h, static_cast<const unsigned char*>( CCryptoKeyBase_RawBuffer::GetRawDataPtr() ) );
unsigned char h[crypto_hash_sha512_BYTES];
sodium_memzero(h, sizeof(h));
}
else
{
Assert( false );
return false;
}
crypto_sign_ed25519_seed_keypair( m_publicKey, h, static_cast<const unsigned char*>( CCryptoKeyBase_RawBuffer::GetRawDataPtr() ) );
return true;
sodium_memzero(h, sizeof(h));
}
else
{
Assert( false );
return false;
}
return true;
}
#endif
src/common/crypto_25519_openssl.cpp
+2 -2
View File
@@ -8,8 +8,8 @@
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER < 0x10101000
// https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_get_raw_private_key.html
#error "Raw access to 25519 keys requires OpenSSL 1.1.1"
// https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_get_raw_private_key.html
#error "Raw access to 25519 keys requires OpenSSL 1.1.1"
#endif
CEC25519KeyBase::~CEC25519KeyBase()
src/common/crypto_bcrypt.cpp
+44 -44
View File
@@ -50,25 +50,25 @@ typedef struct _BCryptContext {
void CCrypto::Init()
{
BCryptOpenAlgorithmProvider(
&hAlgRandom,
BCRYPT_RNG_ALGORITHM,
nullptr,
0
);
&hAlgRandom,
BCRYPT_RNG_ALGORITHM,
nullptr,
0
);
AssertFatal( hAlgRandom != INVALID_HANDLE_VALUE );
BCryptOpenAlgorithmProvider(
&hAlgSHA256,
BCRYPT_SHA256_ALGORITHM,
nullptr,
0
);
&hAlgSHA256,
BCRYPT_SHA256_ALGORITHM,
nullptr,
0
);
AssertFatal( hAlgSHA256 != INVALID_HANDLE_VALUE );
BCryptOpenAlgorithmProvider(
&hAlgHMACSHA256,
BCRYPT_SHA256_ALGORITHM,
nullptr,
BCRYPT_ALG_HANDLE_HMAC_FLAG
);
&hAlgHMACSHA256,
BCRYPT_SHA256_ALGORITHM,
nullptr,
BCRYPT_ALG_HANDLE_HMAC_FLAG
);
AssertFatal( hAlgHMACSHA256 != INVALID_HANDLE_VALUE );
}
@@ -122,11 +122,11 @@ bool AES_GCM_CipherContext::InitCipher( const void *pKey, size_t cbKey, size_t c
}
bool AES_GCM_EncryptContext::Encrypt(
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData // Optional additional authentication data. Not encrypted, but will be included in the tag, so it can be authenticated.
)
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData // Optional additional authentication data. Not encrypted, but will be included in the tag, so it can be authenticated.
)
{
BCryptContext *ctx = (BCryptContext *)(this->m_ctx);
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO paddingInfo;
@@ -141,13 +141,13 @@ bool AES_GCM_EncryptContext::Encrypt(
paddingInfo.pbAuthData = cbAuthenticationData ? (PUCHAR)pAdditionalAuthenticationData : NULL;
ULONG ct_size;
NTSTATUS status = BCryptEncrypt(
ctx->hKey,
( PUCHAR )pPlaintextData, (ULONG)cbPlaintextData,
&paddingInfo,
NULL, 0,
( PUCHAR )pEncryptedDataAndTag, *pcbEncryptedDataAndTag,
&ct_size,
0 );
ctx->hKey,
( PUCHAR )pPlaintextData, (ULONG)cbPlaintextData,
&paddingInfo,
NULL, 0,
( PUCHAR )pEncryptedDataAndTag, *pcbEncryptedDataAndTag,
&ct_size,
0 );
AssertFatal( ( ct_size + m_cbTag ) < *pcbEncryptedDataAndTag );
memcpy( ( PUCHAR )( pEncryptedDataAndTag ) + ct_size, buffer, m_cbTag );
ct_size += m_cbTag;
@@ -156,11 +156,11 @@ bool AES_GCM_EncryptContext::Encrypt(
}
bool AES_GCM_DecryptContext::Decrypt(
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
{
BCryptContext *ctx = (BCryptContext *)(this->m_ctx);
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO paddingInfo;
@@ -178,13 +178,13 @@ bool AES_GCM_DecryptContext::Decrypt(
paddingInfo.pbAuthData = cbAuthenticationData ? (PUCHAR)pAdditionalAuthenticationData : NULL;
ULONG pt_size;
NTSTATUS status = BCryptDecrypt(
ctx->hKey,
( PUCHAR )pEncryptedDataAndTag, (ULONG)cbEncryptedDataAndTag,
&paddingInfo,
NULL, 0,
( PUCHAR )pPlaintextData, *pcbPlaintextData,
&pt_size,
0 );
ctx->hKey,
( PUCHAR )pEncryptedDataAndTag, (ULONG)cbEncryptedDataAndTag,
&paddingInfo,
NULL, 0,
( PUCHAR )pPlaintextData, *pcbPlaintextData,
&pt_size,
0 );
*pcbPlaintextData = pt_size;
return NT_SUCCESS(status);
}
@@ -232,11 +232,11 @@ void CCrypto::GenerateRandomBlock( void *pvDest, int cubDest )
AssertFatal( cubDest >= 0 );
NTSTATUS status = BCryptGenRandom(
hAlgRandom,
(PUCHAR)pvDest,
(ULONG)cubDest,
0
);
hAlgRandom,
(PUCHAR)pvDest,
(ULONG)cubDest,
0
);
AssertFatal( NT_SUCCESS( status) );
}
src/common/crypto_libsodium.cpp
+67 -65
View File
@@ -10,46 +10,47 @@
#ifdef STEAMNETWORKINGSOCKETS_CRYPTO_LIBSODIUM
SymmetricCryptContextBase::SymmetricCryptContextBase()
: m_ctx(nullptr), m_cbIV(0), m_cbTag(0)
: m_ctx(nullptr), m_cbIV(0), m_cbTag(0)
{
}
void SymmetricCryptContextBase::Wipe()
{
sodium_free(m_ctx);
sodium_free(m_ctx);
m_ctx = nullptr;
m_cbIV = 0;
m_cbTag = 0;
m_ctx = nullptr;
m_cbIV = 0;
m_cbTag = 0;
}
bool AES_GCM_CipherContext::InitCipher( const void *pKey, size_t cbKey, size_t cbIV, size_t cbTag, bool bEncrypt )
{
// Libsodium requires AES and CLMUL instructions for AES-GCM, available in
// Intel "Westmere" and up. 90.41% of Steam users have this as of the
// November 2019 survey.
// Libsodium recommends ChaCha20-Poly1305 in software if you've not got AES support
// in hardware.
AssertMsg( crypto_aead_aes256gcm_is_available() == 1, "No hardware AES support on this CPU." );
AssertMsg( cbKey == crypto_aead_aes256gcm_KEYBYTES, "AES key sizes other than 256 are unsupported." );
AssertMsg( cbIV == crypto_aead_aes256gcm_NPUBBYTES, "Nonce size is unsupported" );
// Libsodium requires AES and CLMUL instructions for AES-GCM, available in
// Intel "Westmere" and up. 90.41% of Steam users have this as of the
// November 2019 survey.
// Libsodium recommends ChaCha20-Poly1305 in software if you've not got AES support
// in hardware.
AssertMsg( crypto_aead_aes256gcm_is_available() == 1, "No hardware AES support on this CPU." );
AssertMsg( cbKey == crypto_aead_aes256gcm_KEYBYTES, "AES key sizes other than 256 are unsupported." );
AssertMsg( cbIV == crypto_aead_aes256gcm_NPUBBYTES, "Nonce size is unsupported" );
if(m_ctx == nullptr)
{
m_ctx = sodium_malloc( sizeof(crypto_aead_aes256gcm_state) );
}
if(m_ctx == nullptr)
{
m_ctx = sodium_malloc( sizeof(crypto_aead_aes256gcm_state) );
}
crypto_aead_aes256gcm_beforenm( static_cast<crypto_aead_aes256gcm_state*>( m_ctx ), static_cast<const unsigned char*>( pKey ) );
crypto_aead_aes256gcm_beforenm( static_cast<crypto_aead_aes256gcm_state*>( m_ctx ), static_cast<const unsigned char*>( pKey ) );
return true;
return true;
}
bool AES_GCM_EncryptContext::Encrypt(
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
) {
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
{
// Make sure caller's buffer is big enough to hold the result.
if ( cbPlaintextData + crypto_aead_aes256gcm_ABYTES > *pcbEncryptedDataAndTag )
@@ -58,27 +59,28 @@ bool AES_GCM_EncryptContext::Encrypt(
return false;
}
unsigned long long cbEncryptedDataAndTag_longlong;
crypto_aead_aes256gcm_encrypt_afternm(
static_cast<unsigned char*>( pEncryptedDataAndTag ), &cbEncryptedDataAndTag_longlong,
static_cast<const unsigned char*>( pPlaintextData ), cbPlaintextData,
static_cast<const unsigned char*>(pAdditionalAuthenticationData), cbAuthenticationData,
nullptr,
static_cast<const unsigned char*>( pIV ),
static_cast<const crypto_aead_aes256gcm_state*>( m_ctx )
);
unsigned long long cbEncryptedDataAndTag_longlong;
crypto_aead_aes256gcm_encrypt_afternm(
static_cast<unsigned char*>( pEncryptedDataAndTag ), &cbEncryptedDataAndTag_longlong,
static_cast<const unsigned char*>( pPlaintextData ), cbPlaintextData,
static_cast<const unsigned char*>(pAdditionalAuthenticationData), cbAuthenticationData,
nullptr,
static_cast<const unsigned char*>( pIV ),
static_cast<const crypto_aead_aes256gcm_state*>( m_ctx )
);
*pcbEncryptedDataAndTag = cbEncryptedDataAndTag_longlong;
*pcbEncryptedDataAndTag = cbEncryptedDataAndTag_longlong;
return true;
return true;
}
bool AES_GCM_DecryptContext::Decrypt(
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
) {
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
{
// Make sure caller's buffer is big enough to hold the result
if ( cbEncryptedDataAndTag > *pcbPlaintextData + crypto_aead_aes256gcm_ABYTES )
{
@@ -86,60 +88,60 @@ bool AES_GCM_DecryptContext::Decrypt(
return false;
}
unsigned long long cbPlaintextData_longlong;
const int nDecryptResult = crypto_aead_aes256gcm_decrypt_afternm(
static_cast<unsigned char*>( pPlaintextData ), &cbPlaintextData_longlong,
nullptr,
static_cast<const unsigned char*>( pEncryptedDataAndTag ), cbEncryptedDataAndTag,
static_cast<const unsigned char*>( pAdditionalAuthenticationData ), cbAuthenticationData,
static_cast<const unsigned char*>( pIV ), static_cast<const crypto_aead_aes256gcm_state*>( m_ctx )
);
unsigned long long cbPlaintextData_longlong;
const int nDecryptResult = crypto_aead_aes256gcm_decrypt_afternm(
static_cast<unsigned char*>( pPlaintextData ), &cbPlaintextData_longlong,
nullptr,
static_cast<const unsigned char*>( pEncryptedDataAndTag ), cbEncryptedDataAndTag,
static_cast<const unsigned char*>( pAdditionalAuthenticationData ), cbAuthenticationData,
static_cast<const unsigned char*>( pIV ), static_cast<const crypto_aead_aes256gcm_state*>( m_ctx )
);
*pcbPlaintextData = cbPlaintextData_longlong;
*pcbPlaintextData = cbPlaintextData_longlong;
return nDecryptResult == 0;
return nDecryptResult == 0;
}
void CCrypto::Init()
{
// sodium_init is safe to call multiple times from multiple threads
// so no need to do anything clever here.
if(sodium_init() < 0)
{
AssertMsg( false, "libsodium didn't init" );
}
// sodium_init is safe to call multiple times from multiple threads
// so no need to do anything clever here.
if(sodium_init() < 0)
{
AssertMsg( false, "libsodium didn't init" );
}
}
void CCrypto::GenerateRandomBlock( void *pubDest, int cubDest )
{
VPROF_BUDGET( "CCrypto::GenerateRandomBlock", VPROF_BUDGETGROUP_ENCRYPTION );
VPROF_BUDGET( "CCrypto::GenerateRandomBlock", VPROF_BUDGETGROUP_ENCRYPTION );
AssertFatal( cubDest >= 0 );
randombytes_buf( pubDest, cubDest );
randombytes_buf( pubDest, cubDest );
}
void CCrypto::GenerateSHA256Digest( const void *pData, size_t cbData, SHA256Digest_t *pOutputDigest )
{
VPROF_BUDGET( "CCrypto::GenerateSHA256Digest", VPROF_BUDGETGROUP_ENCRYPTION );
VPROF_BUDGET( "CCrypto::GenerateSHA256Digest", VPROF_BUDGETGROUP_ENCRYPTION );
Assert( pData );
Assert( pOutputDigest );
Assert( pOutputDigest );
crypto_hash_sha256( *pOutputDigest, static_cast<const unsigned char*>(pData), cbData );
crypto_hash_sha256( *pOutputDigest, static_cast<const unsigned char*>(pData), cbData );
}
void CCrypto::GenerateHMAC256( const uint8 *pubData, uint32 cubData, const uint8 *pubKey, uint32 cubKey, SHA256Digest_t *pOutputDigest )
{
VPROF_BUDGET( "CCrypto::GenerateHMAC256", VPROF_BUDGETGROUP_ENCRYPTION );
VPROF_BUDGET( "CCrypto::GenerateHMAC256", VPROF_BUDGETGROUP_ENCRYPTION );
Assert( pubData );
Assert( cubData > 0 );
Assert( pubKey );
Assert( cubKey > 0 );
Assert( pOutputDigest );
Assert( sizeof(*pOutputDigest) == crypto_auth_hmacsha256_BYTES );
Assert( cubKey == crypto_auth_hmacsha256_KEYBYTES );
Assert( sizeof(*pOutputDigest) == crypto_auth_hmacsha256_BYTES );
Assert( cubKey == crypto_auth_hmacsha256_KEYBYTES );
crypto_auth_hmacsha256( *pOutputDigest, pubData, cubData, pubKey );
crypto_auth_hmacsha256( *pOutputDigest, pubData, cubData, pubKey );
}
#endif
src/common/crypto_openssl.cpp
+53 -51
View File
@@ -54,12 +54,12 @@ void CCrypto::Init()
template < typename CTXType, void(*CleanupFunc)(CTXType)>
class EVPCTXPointer
{
public:
CTXType ctx;
public:
CTXType ctx;
EVPCTXPointer() { this->ctx = NULL; }
EVPCTXPointer(CTXType ctx) { this->ctx = ctx; }
~EVPCTXPointer() { CleanupFunc(ctx); }
EVPCTXPointer() { this->ctx = NULL; }
EVPCTXPointer(CTXType ctx) { this->ctx = ctx; }
~EVPCTXPointer() { CleanupFunc(ctx); }
};
SymmetricCryptContextBase::SymmetricCryptContextBase()
@@ -74,12 +74,12 @@ void SymmetricCryptContextBase::Wipe()
if ( m_ctx )
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)m_ctx;
#if OPENSSL_VERSION_NUMBER < 0x10100000
EVP_CIPHER_CTX_cleanup( ctx );
delete ctx;
#else
EVP_CIPHER_CTX_free( ctx );
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000
EVP_CIPHER_CTX_cleanup( ctx );
delete ctx;
#else
EVP_CIPHER_CTX_free( ctx );
#endif
m_ctx = nullptr;
}
m_cbIV = 0;
@@ -91,25 +91,25 @@ bool AES_GCM_CipherContext::InitCipher( const void *pKey, size_t cbKey, size_t c
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)m_ctx;
if ( ctx )
{
#if OPENSSL_VERSION_NUMBER < 0x10100000
EVP_CIPHER_CTX_cleanup( ctx );
EVP_CIPHER_CTX_init( ctx );
#else
EVP_CIPHER_CTX_reset( ctx );
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000
EVP_CIPHER_CTX_cleanup( ctx );
EVP_CIPHER_CTX_init( ctx );
#else
EVP_CIPHER_CTX_reset( ctx );
#endif
}
else
{
#if OPENSSL_VERSION_NUMBER < 0x10100000
ctx = new EVP_CIPHER_CTX;
if ( !ctx )
return false;
EVP_CIPHER_CTX_init( ctx );
#else
ctx = EVP_CIPHER_CTX_new();
if ( !ctx )
return false;
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000
ctx = new EVP_CIPHER_CTX;
if ( !ctx )
return false;
EVP_CIPHER_CTX_init( ctx );
#else
ctx = EVP_CIPHER_CTX_new();
if ( !ctx )
return false;
#endif
m_ctx = ctx;
}
@@ -150,11 +150,11 @@ bool AES_GCM_CipherContext::InitCipher( const void *pKey, size_t cbKey, size_t c
}
bool AES_GCM_EncryptContext::Encrypt(
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData // Optional additional authentication data. Not encrypted, but will be included in the tag, so it can be authenticated.
)
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData // Optional additional authentication data. Not encrypted, but will be included in the tag, so it can be authenticated.
)
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)m_ctx;
if ( !ctx )
@@ -222,11 +222,11 @@ bool AES_GCM_EncryptContext::Encrypt(
}
bool AES_GCM_DecryptContext::Decrypt(
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData
)
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)m_ctx;
@@ -312,13 +312,14 @@ bool AES_GCM_DecryptContext::Decrypt(
//-----------------------------------------------------------------------------
bool CCrypto::SymmetricAuthEncryptWithIV(
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV, size_t cbIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pKey, size_t cbKey,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData,
size_t cbTag
) {
const void *pPlaintextData, size_t cbPlaintextData,
const void *pIV, size_t cbIV,
void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag,
const void *pKey, size_t cbKey,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData,
size_t cbTag
)
{
// Setup a context. If you are going to be encrypting many buffers with the same parameters,
// you should create a context and reuse it, to avoid this setup cost
@@ -332,13 +333,14 @@ bool CCrypto::SymmetricAuthEncryptWithIV(
//-----------------------------------------------------------------------------
bool CCrypto::SymmetricAuthDecryptWithIV(
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV, size_t cbIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pKey, size_t cbKey,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData,
size_t cbTag
) {
const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag,
const void *pIV, size_t cbIV,
void *pPlaintextData, uint32 *pcbPlaintextData,
const void *pKey, size_t cbKey,
const void *pAdditionalAuthenticationData, size_t cbAuthenticationData,
size_t cbTag
)
{
// Setup a context. If you are going to be decrypting many buffers with the same parameters,
// you should create a context and reuse it, to avoid this setup cost
AES_GCM_DecryptContext ctx;
src/common/crypto_textencode.cpp
+7 -7
View File
@@ -186,14 +186,14 @@ bool CCrypto::Base64Encode( const void *pubData, uint32 cubData, char *pchEncode
bool CCrypto::Base64Encode( const void *pData, uint32 cubData, char *pchEncodedData, uint32* pcchEncodedData, const char *pszLineBreak )
{
VPROF_BUDGET( "CCrypto::Base64Encode", VPROF_BUDGETGROUP_ENCRYPTION );
if ( pchEncodedData == NULL )
{
AssertMsg( *pcchEncodedData == 0, "NULL output buffer with non-zero size passed to Base64Encode" );
*pcchEncodedData = Base64EncodeMaxOutput( cubData, pszLineBreak );
return true;
}
const uint8 *pubData = (const uint8 *)pData;
const uint8 *pubDataEnd = pubData + cubData;
char *pchEncodedDataStart = pchEncodedData;
@@ -213,7 +213,7 @@ bool CCrypto::Base64Encode( const void *pData, uint32 cubData, char *pchEncodedD
{
if ( cchEncodedData < 4 + unLineBreakLen )
goto out_of_space;
if ( nNextLineBreak == 0 )
{
memcpy( pchEncodedData, pszLineBreak, unLineBreakLen );
@@ -316,7 +316,7 @@ bool CCrypto::Base64Decode( const char *pchData, void *pubDecodedData, uint32 *p
bool CCrypto::Base64Decode( const char *pchData, uint32 cchDataMax, void *pDecodedData, uint32 *pcubDecodedData, bool bIgnoreInvalidCharacters )
{
VPROF_BUDGET( "CCrypto::Base64Decode", VPROF_BUDGETGROUP_ENCRYPTION );
uint8 *pubDecodedData = (uint8 *)pDecodedData;
uint32 cubDecodedData = *pcubDecodedData;
uint32 cubDecodedDataOrig = cubDecodedData;
@@ -326,13 +326,13 @@ bool CCrypto::Base64Decode( const char *pchData, uint32 cchDataMax, void *pDecod
AssertMsg( *pcubDecodedData == 0, "NULL output buffer with non-zero size passed to Base64Decode" );
cubDecodedDataOrig = cubDecodedData = ~0u;
}
// valid base64 character range: '+' (0x2B) to 'z' (0x7A)
// table entries are 0-63, -1 for invalid entries, -2 for '='
static const signed char rgchInvBase64[] = {
62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
-1, -1, -1, -2, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31,
32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
47, 48, 49, 50, 51
@@ -412,7 +412,7 @@ bool CCrypto::Base64Decode( const char *pchData, uint32 cchDataMax, void *pDecod
un24BitsWithSentinel <<= 8;
}
}
*pcubDecodedData = cubDecodedDataOrig - cubDecodedData;
return true;