diff --git a/libs/client_server/piclientserver_client.cpp b/libs/client_server/piclientserver_client.cpp
index 2699603e..f03c62a4 100644
--- a/libs/client_server/piclientserver_client.cpp
+++ b/libs/client_server/piclientserver_client.cpp
@@ -1,6 +1,6 @@
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
@@ -48,7 +48,6 @@ PIClientServer::Client::~Client() {
void PIClientServer::Client::connect(PINetworkAddress addr) {
if (!tcp || !own_tcp) return;
close();
- config.apply(this);
tcp->connect(addr, true);
tcp->startThreadedRead();
}
diff --git a/libs/client_server/piclientserver_client_base.cpp b/libs/client_server/piclientserver_client_base.cpp
index 3fec5e93..688e1330 100644
--- a/libs/client_server/piclientserver_client_base.cpp
+++ b/libs/client_server/piclientserver_client_base.cpp
@@ -1,6 +1,6 @@
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
diff --git a/libs/client_server/piclientserver_config.cpp b/libs/client_server/piclientserver_config.cpp
deleted file mode 100644
index a8d190a0..00000000
--- a/libs/client_server/piclientserver_config.cpp
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see .
-*/
-
-#include "piclientserver_config.h"
-
-#include "piclientserver_client_base.h"
-
-
-void PIClientServer::Config::setPacketSign(ushort sign) {
- packet_sign = sign;
-}
-
-
-void PIClientServer::Config::setPacketSize(int bytes) {
- packet_size = bytes;
-}
-
-
-void PIClientServer::Config::enableSymmetricEncryption(const PIByteArray & key) {
- crypt_key = key;
-}
-
-
-void PIClientServer::Config::apply(ClientBase * client) {
- auto & s(client->stream);
-
- s.setPacketSign(packet_sign);
- s.setMaxPacketSize(packet_size);
-
- if (crypt_key.isNotEmpty()) {
- s.setCryptEnabled(true);
- s.setCryptKey(crypt_key);
- } else
- s.setCryptEnabled(false);
-}
diff --git a/libs/client_server/piclientserver_server.cpp b/libs/client_server/piclientserver_server.cpp
index d31087bb..f1700b01 100644
--- a/libs/client_server/piclientserver_server.cpp
+++ b/libs/client_server/piclientserver_server.cpp
@@ -1,6 +1,6 @@
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
@@ -132,7 +132,7 @@ void PIClientServer::Server::stopServer() {
void PIClientServer::Server::newClient(ServerClient * c) {
clients << c;
- config.apply(c);
+ c->setConfiguration(configuration());
c->tcp->startThreadedRead();
c->connected();
}
diff --git a/libs/crypt/picrypt.cpp b/libs/crypt/picrypt.cpp
index 0220c155..bee924d9 100644
--- a/libs/crypt/picrypt.cpp
+++ b/libs/crypt/picrypt.cpp
@@ -20,30 +20,29 @@
#include "picrypt.h"
#include "pitranslator.h"
-#ifdef PIP_CRYPT
-# include
-#endif
+#include
-#define PICRYPT_DISABLED_WARNING \
- piCout << "[PICrypt]" \
- << "Warning: PICrypt is disabled, to enable install sodium library and rebuild pip"_tr("PICrypt");
-const char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0";
-const int hash_def_key_size = 9;
+namespace {
+constexpr char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0";
+constexpr int hash_def_key_size = 9;
+} // namespace
PICrypt::PICrypt() {
-#ifdef PIP_CRYPT
- if (!init())
+ if (!init()) {
piCout << "[PICrypt]"
<< "Error while initialize sodium!"_tr("PICrypt");
+ }
nonce_.resize(crypto_secretbox_NONCEBYTES);
key_.resize(crypto_secretbox_KEYBYTES);
randombytes_buf(key_.data(), key_.size());
randombytes_buf(nonce_.data(), nonce_.size());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+}
+
+PICrypt::~PICrypt() {
+ key_.fill(0);
+ nonce_.fill(0);
}
@@ -54,156 +53,138 @@ bool PICrypt::setKey(const PIByteArray & _key) {
}
-PIByteArray PICrypt::setKey(const PIString & secret) {
- PIByteArray hash;
-#ifdef PIP_CRYPT
- hash.resize(crypto_generichash_BYTES);
- PIByteArray s(secret.data(), secret.size());
- crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size);
- hash.resize(key_.size());
- setKey(hash);
-#endif
- return hash;
+bool PICrypt::setKey(const PIString & secret) {;
+ key_ = hash(secret);
+ return key_.isNotEmpty();
}
PIByteArray PICrypt::crypt(const PIByteArray & data) {
PIByteArray ret;
-#ifdef PIP_CRYPT
ret.resize(data.size() + crypto_secretbox_MACBYTES);
randombytes_buf(nonce_.data(), nonce_.size());
- crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data());
- ret.append(nonce_);
-#endif
+ if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()) != 0) {
+ ret.clear();
+ } else {
+ ret.append(nonce_);
+ }
return ret;
}
PIByteArray PICrypt::crypt(const PIByteArray & data, PIByteArray key) {
- PIByteArray ret;
-#ifdef PIP_CRYPT
+ if (!init()) {
+ key.fill(0);
+ return PIByteArray();
+ }
if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
- // return PIByteArray();
- if (!init()) return ret;
PIByteArray n;
- ret.resize(data.size() + crypto_secretbox_MACBYTES);
n.resize(crypto_secretbox_NONCEBYTES);
+ PIByteArray ret;
+ ret.resize(data.size() + crypto_secretbox_MACBYTES);
randombytes_buf(n.data(), n.size());
- crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data());
- ret.append(n);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()) != 0) {
+ ret.clear();
+ } else {
+ ret.append(n);
+ }
+ key.fill(0);
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool * ok) {
- PIByteArray ret;
-#ifdef PIP_CRYPT
if (crypt_data.size() < nonce_.size() + crypto_secretbox_MACBYTES) {
if (ok) *ok = false;
return PIByteArray();
}
- ret.resize(crypt_data.size() - nonce_.size() - crypto_secretbox_MACBYTES);
- memcpy(nonce_.data(), crypt_data.data(crypt_data.size() - nonce_.size()), nonce_.size());
- if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - nonce_.size(), nonce_.data(), key_.data()) != 0) {
+ const ullong data_size = crypt_data.size() - nonce_.size();
+ PIByteArray ret;
+ ret.resize(data_size - crypto_secretbox_MACBYTES);
+ memcpy(nonce_.data(), crypt_data.data(data_size), nonce_.size());
+ if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, nonce_.data(), key_.data()) != 0) {
+ // Bad key
if (ok) *ok = false;
- // piCout << "[PICrypt]" << "bad key_";
- return PIByteArray();
+ ret.clear();
+ } else if (ok) {
+ *ok = true;
}
-#endif
- if (ok) *ok = true;
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bool * ok) {
- PIByteArray ret;
-#ifdef PIP_CRYPT
- if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
- /*if (ok) *ok = false;
- return PIByteArray();
-}*/
- if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) {
- if (ok) *ok = false;
+ if (!init()) {
+ key.fill(0);
return PIByteArray();
}
- if (!init()) return ret;
+ if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) {
+ if (ok) *ok = false;
+ key.fill(0);
+ return PIByteArray();
+ }
+ if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
PIByteArray n;
n.resize(crypto_secretbox_NONCEBYTES);
- ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
- memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
- if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) {
+ const ullong data_size = crypt_data.size() - n.size();
+ PIByteArray ret;
+ ret.resize(data_size - crypto_secretbox_MACBYTES);
+ memcpy(n.data(), crypt_data.data(data_size), n.size());
+ if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), key.data()) != 0) {
+ // Bad key
if (ok) *ok = false;
- // piCout << "[PICrypt]" << "bad key_";
- return PIByteArray();
- } else if (ok)
+ ret.clear();
+ } else if (ok) {
*ok = true;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ }
+ key.fill(0);
return ret;
}
-PIByteArray PICrypt::hash(const PIString & secret) {
- PIByteArray hash;
-#ifdef PIP_CRYPT
- if (!init()) return hash;
- hash.resize(crypto_generichash_BYTES);
- PIByteArray s(secret.data(), secret.size());
- crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return hash;
+PIByteArray PICrypt::hash(PIString secret) {
+ if (!init()) return {};
+ PIByteArray s = secret.toUTF8();
+ PIByteArray h = hash(s);
+ memset(const_cast(secret.data()), 0, s.size());
+ secret.fill('\0');
+ s.fill(0);
+ return h;
}
PIByteArray PICrypt::hash(const PIByteArray & data) {
- PIByteArray hash;
-#ifdef PIP_CRYPT
- if (!init()) return hash;
- hash.resize(crypto_generichash_BYTES);
- crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return hash;
+ if (!init()) return {};
+ PIByteArray h;
+ h.resize(crypto_generichash_BYTES);
+ crypto_generichash(h.data(), h.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size);
+ return h;
}
PIByteArray PICrypt::hash(const PIByteArray & data, const unsigned char * key, size_t keylen) {
PIByteArray hash;
-#ifdef PIP_CRYPT
if (!init()) return hash;
hash.resize(crypto_generichash_BYTES);
crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), key, keylen);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
return hash;
}
size_t PICrypt::sizeHash() {
-#ifdef PIP_CRYPT
return crypto_generichash_BYTES;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return 0;
}
ullong PICrypt::shorthash(const PIString & s, PIByteArray key) {
ullong hash = 0;
-#ifdef PIP_CRYPT
+ if (!init()) {
+ key.fill(0);
+ return hash;
+ }
if (crypto_shorthash_BYTES != sizeof(hash))
piCout << "[PICrypt]"
<< "internal error: bad hash size"_tr("PICrypt");
- if (!init()) return hash;
if (key.size() != crypto_shorthash_KEYBYTES) {
piCout << "[PICrypt]"
<< "invalid key size %1, should be %2, filled with zeros"_tr("PICrypt").arg(key.size()).arg(crypto_shorthash_KEYBYTES);
@@ -211,207 +192,154 @@ ullong PICrypt::shorthash(const PIString & s, PIByteArray key) {
}
PIByteArray in(s.data(), s.size());
crypto_shorthash((uchar *)&hash, in.data(), in.size(), key.data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ key.fill(0);
return hash;
}
PIByteArray PICrypt::generateKey() {
- PIByteArray hash;
-#ifdef PIP_CRYPT
- if (!init()) return hash;
- hash.resize(crypto_secretbox_KEYBYTES);
- randombytes_buf(hash.data(), hash.size());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return hash;
+ return generateRandomBuff(sizeKey());
}
PIByteArray PICrypt::generateRandomBuff(int size) {
PIByteArray hash;
-#ifdef PIP_CRYPT
if (!init() || size <= 0) return hash;
hash.resize(size);
randombytes_buf(hash.data(), hash.size());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
return hash;
}
size_t PICrypt::sizeKey() {
-#ifdef PIP_CRYPT
return crypto_secretbox_KEYBYTES;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return 0;
}
size_t PICrypt::sizeCrypt() {
-#ifdef PIP_CRYPT
return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return 0;
}
-void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
-#ifdef PIP_CRYPT
- if (!init()) return;
+bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
+ if (!init()) return false;
public_key.resize(crypto_sign_PUBLICKEYBYTES);
secret_key.resize(crypto_sign_SECRETKEYBYTES);
- crypto_sign_keypair(public_key.data(), secret_key.data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ return crypto_sign_keypair(public_key.data(), secret_key.data()) == 0;
}
-void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
-#ifdef PIP_CRYPT
- if (!init() || seed.isEmpty()) return;
+bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
+ if (!init() || seed.isEmpty()) return false;
public_key.resize(crypto_sign_PUBLICKEYBYTES);
secret_key.resize(crypto_sign_SECRETKEYBYTES);
- crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ return crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}
PIByteArray PICrypt::extractSignPublicKey(const PIByteArray & secret_key) {
PIByteArray pk;
-#ifdef PIP_CRYPT
if (!init() || secret_key.size() != crypto_sign_SECRETKEYBYTES) return pk;
pk.resize(crypto_sign_PUBLICKEYBYTES);
- crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ if (crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data()) != 0) {
+ pk.clear();
+ }
return pk;
}
-PIByteArray PICrypt::signMessage(const PIByteArray & data, PIByteArray secret_key) {
+PIByteArray PICrypt::signMessage(const PIByteArray & data, const PIByteArray & secret_key) {
PIByteArray sign;
-#ifdef PIP_CRYPT
if (!init()) return sign;
sign.resize(crypto_sign_BYTES);
- crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ if (crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data()) != 0) {
+ sign.clear();
+ }
return sign;
}
-bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key) {
-#ifdef PIP_CRYPT
+bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key) {
if (!init()) return false;
return (crypto_sign_verify_detached(signature.data(), data.data(), data.size(), public_key.data()) == 0);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
return false;
}
-void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
-#ifdef PIP_CRYPT
- if (!init()) return;
+bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
+ if (!init()) return false;
public_key.resize(crypto_box_PUBLICKEYBYTES);
secret_key.resize(crypto_box_SECRETKEYBYTES);
- crypto_box_keypair(public_key.data(), secret_key.data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ return crypto_box_keypair(public_key.data(), secret_key.data()) == 0;
}
-void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
-#ifdef PIP_CRYPT
- if (!init()) return;
+bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
+ if (!init()) return false;
public_key.resize(crypto_box_PUBLICKEYBYTES);
secret_key.resize(crypto_box_SECRETKEYBYTES);
- crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ return crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}
PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & public_key, const PIByteArray & secret_key) {
- PIByteArray ret;
-#ifdef PIP_CRYPT
- if (!init()) return ret;
- if (public_key.size() != crypto_box_PUBLICKEYBYTES) return ret;
- if (secret_key.size() != crypto_box_SECRETKEYBYTES) return ret;
+ if (!init()) return PIByteArray();
+ if (public_key.size() != crypto_box_PUBLICKEYBYTES) return PIByteArray();
+ if (secret_key.size() != crypto_box_SECRETKEYBYTES) return PIByteArray();
PIByteArray n;
- ret.resize(data.size() + crypto_box_MACBYTES);
n.resize(crypto_box_NONCEBYTES);
+ PIByteArray ret;
+ ret.resize(data.size() + crypto_box_MACBYTES);
randombytes_buf(n.data(), n.size());
- if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) return PIByteArray();
+ if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) {
+ return PIByteArray();
+ }
ret.append(n);
-#else
- PICRYPT_DISABLED_WARNING
-#endif
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & public_key, const PIByteArray & secret_key, bool * ok) {
- PIByteArray ret;
-#ifdef PIP_CRYPT
- if (!init()) return ret;
+ if (!init()) {
+ if (ok) *ok = false;
+ return PIByteArray();
+ }
if (public_key.size() != crypto_box_PUBLICKEYBYTES) {
if (ok) *ok = false;
- return ret;
+ return PIByteArray();
}
if (secret_key.size() != crypto_box_SECRETKEYBYTES) {
if (ok) *ok = false;
- return ret;
+ return PIByteArray();
}
if (crypt_data.size() < crypto_box_NONCEBYTES + crypto_box_MACBYTES) {
if (ok) *ok = false;
- return ret;
+ return PIByteArray();
}
PIByteArray n;
n.resize(crypto_secretbox_NONCEBYTES);
- ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
- memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
- if (crypto_box_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), public_key.data(), secret_key.data()) !=
- 0) {
+ const ullong data_size = crypt_data.size() - n.size();
+ PIByteArray ret;
+ ret.resize(data_size - crypto_secretbox_MACBYTES);
+ memcpy(n.data(), crypt_data.data(data_size), n.size());
+ if (crypto_box_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), public_key.data(), secret_key.data()) != 0) {
+ // Bad key
if (ok) *ok = false;
- // piCout << "[PICrypt]" << "bad key_";
- return PIByteArray();
- } else if (ok)
+ ret.clear();
+ } else if (ok) {
*ok = true;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
+ }
return ret;
}
-PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & seed) {
+PIByteArray PICrypt::passwordHash(PIString password, const PIByteArray & seed) {
#ifdef crypto_pwhash_ALG_ARGON2I13
- // char out[crypto_pwhash_STRBYTES];
PIByteArray pass = password.toUTF8();
PIByteArray n = hash(seed);
PIByteArray ph;
ph.resize(crypto_box_SEEDBYTES);
n.resize(crypto_pwhash_SALTBYTES);
- // randombytes_buf(n.data(), n.size());
- // crypto_shorthash(n.data(), seed.data(), seed.size(), PIByteArray(crypto_shorthash_KEYBYTES).data());
int r = crypto_pwhash(ph.data(),
ph.size(),
(const char *)pass.data(),
@@ -420,31 +348,24 @@ PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray &
crypto_pwhash_argon2i_opslimit_moderate(),
crypto_pwhash_argon2i_memlimit_moderate(),
crypto_pwhash_ALG_ARGON2I13);
- // crypto_pwhash_str(out, (const char*)pass.data(), pass.size(), crypto_pwhash_argon2i_opslimit_moderate(),
- // crypto_pwhash_argon2i_memlimit_moderate());
pass.fill(0);
+ memset(const_cast(password.data()), 0, pass.size());
+ password.fill('\0');
if (r != 0) return PIByteArray();
return ph;
-// PIByteArray ret;
-// ret << ph << n << crypto_pwhash_argon2i_opslimit_moderate() << crypto_pwhash_argon2i_memlimit_moderate();
-// return ret;
#else
+ piCout << "[PICrypt] Error, ALG_ARGON2I13 not availible!";
return PIByteArray();
#endif
}
PIString PICrypt::version() {
-#ifdef PIP_CRYPT
return SODIUM_VERSION_STRING;
-#else
- return PIString();
-#endif
}
bool PICrypt::init() {
-#ifdef PIP_CRYPT
static bool inited = false;
if (inited) return true;
// piCout << "[PICrypt]" << "init ...";
@@ -452,8 +373,4 @@ bool PICrypt::init() {
if (!inited) inited = sodium_init();
// piCout << "[PICrypt]" << "init" << inited;
return inited;
-#else
- PICRYPT_DISABLED_WARNING
-#endif
- return false;
}
diff --git a/libs/io_utils/piethutilbase.cpp b/libs/io_utils/piethutilbase.cpp
index dfa24d02..d5aa41f1 100644
--- a/libs/io_utils/piethutilbase.cpp
+++ b/libs/io_utils/piethutilbase.cpp
@@ -121,3 +121,11 @@ PIByteArray PIEthUtilBase::decryptData(const PIByteArray & data) {
return PIByteArray();
#endif
}
+
+size_t PIEthUtilBase::cryptSizeAddition() {
+#ifdef PIP_CRYPT
+ return PICrypt::sizeCrypt();
+#else
+ return 0;
+#endif
+}
diff --git a/libs/io_utils/pipackedtcp.cpp b/libs/io_utils/pipackedtcp.cpp
index d9efac7b..9d0dcab0 100644
--- a/libs/io_utils/pipackedtcp.cpp
+++ b/libs/io_utils/pipackedtcp.cpp
@@ -108,7 +108,7 @@ void PIPackedTCP::init() {
// piCout << "Server connected" << client;
packer.assignDevice(client);
CONNECTL(client, disconnected, [this](bool) {
- packer.assignDevice(nullptr);
+ // packer.assignDevice(nullptr); WTF?
packer.clear();
disconnected();
});
@@ -193,7 +193,7 @@ bool PIPackedTCP::closeDevice() {
client->close();
client->stopAndWait();
piDeleteSafety(client);
- packer.assignDevice(nullptr);
+ // packer.assignDevice(nullptr); WTF?
}
return eth->close();
}
diff --git a/libs/io_utils/pistreampacker.cpp b/libs/io_utils/pistreampacker.cpp
index a062a149..c16db3b0 100644
--- a/libs/io_utils/pistreampacker.cpp
+++ b/libs/io_utils/pistreampacker.cpp
@@ -24,7 +24,6 @@
#include "pistreampacker.h"
#include "piiodevice.h"
-#include "piliterals_bytes.h"
#include "pitranslator.h"
#ifdef __GNUC__
# pragma GCC diagnostic pop
@@ -50,28 +49,10 @@
PIStreamPacker::PIStreamPacker(PIIODevice * dev): PIObject() {
- crypt_frag = crypt_size = false;
- aggressive_optimization = true;
- packet_size = -1;
- size_crypted_size = sizeof(int);
- crypt_frag_size = 1_MiB;
- max_packet_size = 1400;
- packet_sign = 0xAFBE;
- assignDevice(dev);
+ packet_size = -1;
+ if (dev) assignDevice(dev);
}
-
-void PIStreamPacker::setCryptSizeEnabled(bool on) {
- crypt_size = on;
- if (crypt_size) {
- PIByteArray ba;
- ba << int(0);
- size_crypted_size = cryptData(ba).size_s();
- } else
- size_crypted_size = sizeof(int);
-}
-
-
void PIStreamPacker::clear() {
packet.clear();
packet_size = -1;
@@ -81,22 +62,7 @@ void PIStreamPacker::clear() {
void PIStreamPacker::send(const PIByteArray & data) {
if (data.isEmpty()) return;
- PIByteArray cd;
- if (crypt_frag) {
- int fcnt = (data.size_s() - 1) / crypt_frag_size + 1, fst = 0;
- // piCout << "crypt_frag send" << fcnt << "frags";
- PIByteArray frag;
- for (int i = 0; i < fcnt; ++i) {
- if (i == fcnt - 1)
- frag = PIByteArray(data.data(fst), data.size_s() - fst);
- else
- frag = PIByteArray(data.data(fst), crypt_frag_size);
- fst += crypt_frag_size;
- cd << cryptData(frag);
- }
- } else {
- cd = cryptData(data);
- }
+ PIByteArray cd = cryptData(data);
// piCout << "crypt" << data.size() << "->" << cd.size() << key().size();
PIByteArray hdr, part;
hdr << packet_sign;
@@ -130,7 +96,7 @@ void PIStreamPacker::received(const PIByteArray & data) {
stream.append(data);
// piCout << "rec" << data.size();
while (!stream.isEmpty()) {
- int hdr_size = sizeof(packet_sign) + size_crypted_size;
+ int hdr_size = sizeof(packet_sign) + sizeCryptedSize();
if (packet_size < 0) {
if (stream.size_s() < hdr_size) return;
ushort sign(0);
@@ -144,8 +110,8 @@ void PIStreamPacker::received(const PIByteArray & data) {
}
int sz = -1;
if (crypt_size) {
- PIByteArray crsz((uint)size_crypted_size);
- memcpy(crsz.data(), stream.data(2), size_crypted_size);
+ PIByteArray crsz(sizeCryptedSize());
+ memcpy(crsz.data(), stream.data(2), crsz.size());
crsz = decryptData(crsz);
if (crsz.size() < sizeof(sz)) {
if (aggressive_optimization)
@@ -156,7 +122,7 @@ void PIStreamPacker::received(const PIByteArray & data) {
}
crsz >> sz;
} else {
- memcpy(&sz, stream.data(2), size_crypted_size);
+ memcpy(&sz, stream.data(2), sizeCryptedSize());
}
if (sz < 0) {
if (aggressive_optimization)
@@ -178,26 +144,7 @@ void PIStreamPacker::received(const PIByteArray & data) {
packet.append(stream.data(), ps);
stream.remove(0, ps);
if (packet.size_s() == packet_size) {
- PIByteArray cd;
- if (crypt_frag) {
- // piCout << "decrypt frags ..." << packet_size;
- while (packet.size_s() >= 4) {
- // piCout << "decrypt frags take data ...";
- PIByteArray frag;
- // piCout << "decrypt frags take data done" << frag.size_s();
- packet >> frag;
- if (frag.isEmpty()) {
- // piCout << "decrypt frags corrupt, break";
- cd.clear();
- break;
- }
- cd.append(decryptData(frag));
- // piCout << "decrypt frags add" << frag.size_s();
- }
- // piCout << "decrypt frags done" << cd.size();
- } else {
- cd = decryptData(packet);
- }
+ PIByteArray cd = decryptData(packet);
// piCout << "decrypt" << packet.size() << "->" << cd.size() << key().size();
if (!cd.isEmpty()) {
endPacketReceive();
@@ -213,10 +160,17 @@ void PIStreamPacker::received(const PIByteArray & data) {
void PIStreamPacker::assignDevice(PIIODevice * dev) {
- if (!dev) return;
+ if (!dev) {
+ piCoutObj << "Error! device is NULL";
+ return;
+ }
if (!dev->infoFlags()[PIIODevice::Reliable]) {
piCoutObj << "Warning! Not recommended to use with non-reliable device"_tr("PIStreamPacker") << dev;
}
CONNECT2(void, const uchar *, ssize_t, dev, threadedReadEvent, this, received);
CONNECT1(void, PIByteArray, this, sendRequest, dev, write);
}
+
+uint PIStreamPacker::sizeCryptedSize() {
+ return sizeof(int) + (crypt_size ? cryptSizeAddition() : 0);
+}
diff --git a/libs/main/client_server/piclientserver_client.h b/libs/main/client_server/piclientserver_client.h
index 556f3a6c..20ebe99f 100644
--- a/libs/main/client_server/piclientserver_client.h
+++ b/libs/main/client_server/piclientserver_client.h
@@ -6,7 +6,7 @@
*/
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
diff --git a/libs/main/client_server/piclientserver_client_base.h b/libs/main/client_server/piclientserver_client_base.h
index 1ee07290..2f0d7560 100644
--- a/libs/main/client_server/piclientserver_client_base.h
+++ b/libs/main/client_server/piclientserver_client_base.h
@@ -6,7 +6,7 @@
*/
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
@@ -25,7 +25,6 @@
#ifndef piclientserver_client_base_H
#define piclientserver_client_base_H
-#include "piclientserver_config.h"
#include "pidiagnostics.h"
#include "pip_client_server_export.h"
#include "pistreampacker.h"
@@ -36,8 +35,10 @@ namespace PIClientServer {
class Server;
+class ClientInterface {};
+
+// template
class PIP_CLIENT_SERVER_EXPORT ClientBase {
- friend class Config;
friend class Server;
NO_COPY_CLASS(ClientBase);
@@ -57,7 +58,9 @@ public:
PIDiagnostics::State diagnostics() const;
int receivePacketProgress() const;
- Config & configuration() { return config; }
+ const PIStreamPackerConfig & configuration() const { return stream.configuration(); }
+ PIStreamPackerConfig & configuration() { return stream.configuration(); }
+ void setConfiguration(const PIStreamPackerConfig & config) { stream.setConfiguration(config); }
protected:
virtual void readed(PIByteArray data) {}
@@ -71,7 +74,6 @@ protected:
bool own_tcp = false;
std::atomic_bool can_write = {true};
PIEthernet * tcp = nullptr;
- Config config;
private:
void destroy();
diff --git a/libs/main/client_server/piclientserver_config.h b/libs/main/client_server/piclientserver_config.h
deleted file mode 100644
index 6ed6b5f4..00000000
--- a/libs/main/client_server/piclientserver_config.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*! \file piclientserver_config.h
- * \ingroup ClientServer
- * \~\brief
- * \~english
- * \~russian
- */
-/*
- PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see .
-*/
-
-#ifndef piclientserver_config_H
-#define piclientserver_config_H
-
-#include "pibytearray.h"
-#include "pip_client_server_export.h"
-
-
-namespace PIClientServer {
-
-class Server;
-class Client;
-class ClientBase;
-
-class PIP_CLIENT_SERVER_EXPORT Config {
- friend class Server;
- friend class Client;
-
-public:
- void setPacketSign(ushort sign);
- void setPacketSize(int bytes);
-
- void enableSymmetricEncryption(const PIByteArray & key);
-
-protected:
- void apply(ClientBase * client);
-
- PIByteArray crypt_key;
- ushort packet_sign = 0xAFBE;
- int packet_size = 1400;
-
-private:
-};
-
-} // namespace PIClientServer
-
-#endif
diff --git a/libs/main/client_server/piclientserver_server.h b/libs/main/client_server/piclientserver_server.h
index 2827332b..5e30f033 100644
--- a/libs/main/client_server/piclientserver_server.h
+++ b/libs/main/client_server/piclientserver_server.h
@@ -6,7 +6,7 @@
*/
/*
PIP - Platform Independent Primitives
- Ivan Pelipenko peri4ko@yandex.ru
+ Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
@@ -25,10 +25,10 @@
#ifndef piclientserver_server_H
#define piclientserver_server_H
-#include "piclientserver_config.h"
#include "pimutex.h"
#include "pinetworkaddress.h"
#include "pip_client_server_export.h"
+#include "pistreampacker.h"
#include "pithreadnotifier.h"
class PIEthernet;
@@ -38,7 +38,7 @@ namespace PIClientServer {
class ServerClient;
-class PIP_CLIENT_SERVER_EXPORT Server {
+class PIP_CLIENT_SERVER_EXPORT Server: public PIStreamPackerConfig {
friend class ServerClient;
NO_COPY_CLASS(Server);
@@ -59,8 +59,6 @@ public:
void setClientFactory(std::function f) { client_factory = f; }
- Config & configuration() { return config; }
-
private:
void newClient(ServerClient * c);
void clientDisconnected(ServerClient * c);
@@ -70,7 +68,6 @@ private:
PIEthernet * tcp_server = nullptr;
PIThread * clean_thread = nullptr;
PIThreadNotifier clean_notifier;
- Config config;
PIVector clients;
mutable PIMutex clients_mutex;
diff --git a/libs/main/crypt/picrypt.h b/libs/main/crypt/picrypt.h
index 79a319c5..51780b7c 100644
--- a/libs/main/crypt/picrypt.h
+++ b/libs/main/crypt/picrypt.h
@@ -5,22 +5,22 @@
* \~russian Шифрование с помощью libsodium
*/
/*
- PIP - Platform Independent Primitives
- Cryptographic class using lib Sodium
- Andrey Bychkov work.a.b@yandex.ru
+ PIP - Platform Independent Primitives
+ Cryptographic class using lib Sodium
+ Andrey Bychkov work.a.b@yandex.ru
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see .
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see .
*/
#ifndef PICRYPT_H
@@ -40,6 +40,8 @@ public:
//! \~russian Конструктор, генерирующий случайный ключ
PICrypt();
+ ~PICrypt();
+
//! \~\brief
//! \~english Set key to "key", key size must be a \a sizeKey()
//! \~russian Установить ключ "key", размер ключа должен быть равен \a sizeKey()
@@ -48,7 +50,7 @@ public:
//! \~\brief
//! \~english Generate and set key from keyphrase "secret"
//! \~russian Генерировать и установить ключ из ключевой фразы "secret"
- PIByteArray setKey(const PIString & secret);
+ bool setKey(const PIString & secret);
//! \~\brief
//! \~english Returns current key
@@ -78,7 +80,7 @@ public:
//! \~\brief
//! \~english Generate hash from keyphrase "secret", may be used as a key for encryption
//! \~russian Генерировать хэш из ключевой фразы "secret", может использоваться в качестве ключа для шифрования
- static PIByteArray hash(const PIString & secret);
+ static PIByteArray hash(PIString secret);
//! \~\brief
//! \~english Generate hash from bytearray
@@ -123,12 +125,12 @@ public:
//! \~\brief
//! \~english Function randomly generates a secret key and a corresponding public key for digital signature
//! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для цифровой подписи
- static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key);
+ static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key);
//! \~\brief
//! \~english Function generates a secret key from input data and a corresponding public key for digital signature
//! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для цифровой подписи
- static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
+ static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
//! \~\brief
//! \~english Function extract sign public key from sing secret key
@@ -138,24 +140,24 @@ public:
//! \~\brief
//! \~english Calculate digital signature for data
//! \~russian Вычислить цифровую подпись для данных
- PIByteArray signMessage(const PIByteArray & data, PIByteArray secret_key);
+ PIByteArray signMessage(const PIByteArray & data, const PIByteArray & secret_key);
//! \~\brief
//! \~english Verify digital signature of signed message
//! \~russian Проверить цифровую подпись подписанного сообщения
- bool verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key);
+ bool verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key);
//! \~\brief
//! \~english Function randomly generates a secret key and a corresponding public key for authenticated encryption
//! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для аутентифицированного
//! шифрования
- static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key);
+ static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key);
//! \~\brief
//! \~english Function generates a secret key from input data and a corresponding public key for authenticated encryption
//! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для аутентифицированного
//! шифрования
- static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
+ static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
//! \~\brief
//! \~english Encrypt given data "data"
@@ -170,7 +172,7 @@ public:
//! \~\brief
//! \~english Generate password hash from "password"
//! \~russian Генерировать хэш пароля из "password"
- static PIByteArray passwordHash(const PIString & password, const PIByteArray & seed);
+ static PIByteArray passwordHash(PIString password, const PIByteArray & seed);
//! \~\brief
//! \~english Returns libsodium version
diff --git a/libs/main/io_utils/piethutilbase.h b/libs/main/io_utils/piethutilbase.h
index 160feee0..c763d47d 100644
--- a/libs/main/io_utils/piethutilbase.h
+++ b/libs/main/io_utils/piethutilbase.h
@@ -57,6 +57,9 @@ public:
//! Returns crypt layer key
PIByteArray cryptKey() const;
+ //! \brief Returns addition size for crypted data.
+ static size_t cryptSizeAddition();
+
protected:
/*! \brief Returns encrypted data if layer enabled,
* otherwise returns unchanged \"data\" */
diff --git a/libs/main/io_utils/pistreampacker.h b/libs/main/io_utils/pistreampacker.h
index 88a8c35a..ce49919a 100644
--- a/libs/main/io_utils/pistreampacker.h
+++ b/libs/main/io_utils/pistreampacker.h
@@ -33,15 +33,16 @@
class PIIODevice;
-class PIP_IO_UTILS_EXPORT PIStreamPacker
- : public PIObject
- , public PIEthUtilBase {
- PIOBJECT(PIStreamPacker)
+class PIStreamPackerConfig: public PIEthUtilBase {
+ friend class PIStreamPacker;
public:
- //! Contructs packer and try to assign \"dev\"
- PIStreamPacker(PIIODevice * dev = 0);
-
+ PIStreamPackerConfig() {
+ crypt_size = false;
+ aggressive_optimization = true;
+ max_packet_size = 1400;
+ packet_sign = 0xAFBE;
+ }
//! Set maximum size of single packet
void setMaxPacketSize(int max_size) { max_packet_size = max_size; }
@@ -49,17 +50,12 @@ public:
//! Returns maximum size of single packet, default 1400 bytes
int maxPacketSize() const { return max_packet_size; }
-
//! Set packet sinature
void setPacketSign(ushort sign_) { packet_sign = sign_; }
//! Returns packet sinature, default 0xAFBE
ushort packetSign() const { return packet_sign; }
- //! Returns progress of current packet receive in bytes
- int receivePacketProgress() const { return packet.size_s(); }
-
-
//! Set receive aggressive optimization. If yes then %PIStreamPacker doesn`t
//! check every byte in incoming stream but check only begin of each read()
//! result. Default is \b true.
@@ -68,17 +64,37 @@ public:
//! Returns aggressive optimization
bool aggressiveOptimization() const { return aggressive_optimization; }
-
- bool cryptFragmentationEnabled() const { return crypt_frag; }
- void setCryptFragmentationEnabled(bool on) { crypt_frag = on; }
- int cryptFragmentationSize() const { return crypt_frag_size; }
- void setCryptFragmentationSize(int size_) { crypt_frag_size = size_; }
bool cryptSizeEnabled() const { return crypt_size; }
- void setCryptSizeEnabled(bool on);
+ void setCryptSizeEnabled(bool on) { crypt_size = on; }
+
+ //! Get configuration
+ const PIStreamPackerConfig & configuration() const { return *this; }
+ PIStreamPackerConfig & configuration() { return *this; }
+
+ //! Apply configuration
+ void setConfiguration(const PIStreamPackerConfig & config) { *this = config; }
+
+private:
+ bool crypt_size, aggressive_optimization;
+ ushort packet_sign;
+ int max_packet_size;
+};
+
+
+class PIP_IO_UTILS_EXPORT PIStreamPacker
+ : public PIObject
+ , public PIStreamPackerConfig {
+ PIOBJECT(PIStreamPacker)
+
+public:
+ //! Contructs packer and try to assign \"dev\"
+ PIStreamPacker(PIIODevice * dev = nullptr);
+
+ //! Returns progress of current packet receive in bytes
+ int receivePacketProgress() const { return packet.size_s(); }
void clear();
-
//! Prepare data for send and raise \a sendRequest() events
void send(const PIByteArray & data);
@@ -130,11 +146,10 @@ protected:
virtual void packetReceived(PIByteArray data) {}
private:
+ uint sizeCryptedSize();
+
PIByteArray stream, packet;
- bool crypt_frag, crypt_size, aggressive_optimization;
- int packet_size, crypt_frag_size;
- ushort packet_sign;
- int max_packet_size, size_crypted_size;
+ int packet_size;
mutable PIMutex prog_s_mutex, prog_r_mutex;
};