- Crypto

- added CMake support for crypto functionality (#255) - small corrections/fixes for CSecureString (#255) - fixed compile error on non-Windows platforms (#255)
SLikeSoft · Sep 3, 2019 · 843e626 · 843e626
1 parent 2c10737
commit 843e626
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 7 deletions.
diff --git a/Lib/DLL/CMakeLists.txt b/Lib/DLL/CMakeLists.txt
@@ -17,8 +17,9 @@ FILE(GLOB ALL_HEADER_SRCS ${SLikeNet_SOURCE_DIR}/Source/include/slikenet/*.h)
 FILE(GLOB ALL_COMPATIBILITY_HEADER_SRC ${SLikeNet_SOURCE_DIR}/Source/*.h)
 FILE(GLOB ALL_COMPATIBILITY_HEADER_SRC_2 ${SLikeNet_SOURCE_DIR}/Source/slikenet/*.h)
 FILE(GLOB ALL_CPP_SRCS ${SLikeNet_SOURCE_DIR}/Source/src/*.cpp)
+FILE(GLOB CRYPTO_CPP_SRCS ${SLikeNet_SOURCE_DIR}/Source/src/crypto/*.cpp)
 
-add_library(SLikeNetDLL SHARED ${ALL_CPP_SRCS} ${ALL_HEADER_SRCS})
+add_library(SLikeNetDLL SHARED ${ALL_CPP_SRCS} ${CRYPTO_CPP_SRCS} ${ALL_HEADER_SRCS})
 
 #if(NOT (CMAKE_VERSION VERSION_LESS 2.8))
 	# target_include_directories is only supported since CMake 2.8

diff --git a/Lib/LibStatic/CMakeLists.txt b/Lib/LibStatic/CMakeLists.txt
@@ -17,8 +17,9 @@ FILE(GLOB ALL_HEADER_SRCS ${SLikeNet_SOURCE_DIR}/Source/include/slikenet/*.h)
 FILE(GLOB ALL_COMPATIBILITY_HEADER_SRC ${SLikeNet_SOURCE_DIR}/Source/*.h)
 FILE(GLOB ALL_COMPATIBILITY_HEADER_SRC_2 ${SLikeNet_SOURCE_DIR}/Source/slikenet/*.h)
 FILE(GLOB ALL_CPP_SRCS ${SLikeNet_SOURCE_DIR}/Source/src/*.cpp)
+FILE(GLOB CRYPTO_CPP_SRCS ${SLikeNet_SOURCE_DIR}/Source/src/crypto/*.cpp)
 
-add_library(SLikeNetLibStatic STATIC ${ALL_CPP_SRCS} ${ALL_HEADER_SRCS})
+add_library(SLikeNetLibStatic STATIC ${ALL_CPP_SRCS} ${CRYPTO_CPP_SRCS} ${ALL_HEADER_SRCS})
 
 #if(NOT (CMAKE_VERSION VERSION_LESS 2.8))
 	# target_include_directories is only supported since CMake 2.8

diff --git a/Source/include/slikenet/crypto/ifileencrypter.h b/Source/include/slikenet/crypto/ifileencrypter.h
@@ -1,11 +1,13 @@
 /*
- *  Copyright (c) 2018, SLikeSoft UG (haftungsbeschränkt)
+ *  Copyright (c) 2018-2019, SLikeSoft UG (haftungsbeschränkt)
  *
  *  This source code is  licensed under the MIT-style license found in the license.txt
  *  file in the root directory of this source tree.
  */
 #pragma once
 
+#include <cstddef> // required for size_t
+
 namespace SLNet
 {
 	namespace Experimental
@@ -22,8 +24,10 @@ namespace SLNet
 
 				// signing methods
 			public:
-				virtual const char* SignData(const char* data) = 0;
-				virtual bool VerifyData(const char *data, const size_t dataLength, const unsigned char *signature, const size_t signatureLength) = 0;
+				virtual const unsigned char* SignData(const unsigned char* data, const size_t dataLength) = 0;
+				virtual const char* SignDataBase64(const unsigned char* data, const size_t dataLength) = 0;
+				virtual bool VerifyData(const unsigned char *data, const size_t dataLength, const unsigned char *signature, const size_t signatureLength) = 0;
+				virtual bool VerifyDataBase64(const unsigned char *data, const size_t dataLength, const char *signature, const size_t signatureLength) = 0;
 			};
 		}
 	}

diff --git a/Source/include/slikenet/crypto/securestring.h b/Source/include/slikenet/crypto/securestring.h
@@ -6,6 +6,7 @@
 */
 
 #pragma once
+#include <cstddef> // required for size_t
 
 namespace SLNet
 {

diff --git a/Source/src/crypto/cryptomanager.cpp b/Source/src/crypto/cryptomanager.cpp
@@ -33,8 +33,14 @@ namespace SLNet
 				ERR_load_crypto_strings();
 				OpenSSL_add_all_algorithms();
 
+#ifdef _WIN32
+				// #med - once OpenSSL support for older OpenSSL versions is dropped, just remove this call - newer OpenSSL versions provide proper entropy
+				//        also on Windows platforms - https://security.stackexchange.com/questions/7718/openssl-rand-poll-good-enough
+				// RAND_screen() is only required on Windows - on Linux RAND_poll() will be used (called implicitly by the following RAND_bytes()-call) and
+				// provides OS-specific entropy quality.
 				// #high - replace with EGADS
 				RAND_screen();
+#endif
 
 				if (RAND_bytes(m_sessionKey, EVP_MAX_KEY_LENGTH) == 0) {
 					return false; // failed to initialize the random session key

diff --git a/Source/src/crypto/securestring.cpp b/Source/src/crypto/securestring.cpp
@@ -11,7 +11,8 @@
 #include "slikenet/assert.h"               // used for assert() (via SLNET_VERIFY)
 #include "slikenet/memoryoverride.h"       // used for OP_NEW_ARRAY
 
-#include <limits> // used for std::numeric_limits
+#include <cstring> // used for std::memcpy
+#include <limits>  // used for std::numeric_limits
 
 namespace SLNet
 {
@@ -116,7 +117,7 @@ namespace SLNet
 						return 0;
 					}
 				}
-				memcpy_s(m_UnencryptedBuffer + m_numBufferUsed, m_UnencryptedBufferSize - m_numBufferUsed, character, charSize);
+				memcpy(m_UnencryptedBuffer + m_numBufferUsed, character, charSize);
 				m_numBufferUsed += charSize;
 
 				// clear the source data