From 92a0a9356c4a0e5464b19418ae557791070f649c Mon Sep 17 00:00:00 2001 From: Andrey Bychkov Date: Fri, 18 Oct 2024 18:59:20 +0300 Subject: [PATCH 1/4] refactoring PICrypt, add PIStreamPackerConfig, delete piclientserver_config --- libs/client_server/piclientserver_client.cpp | 3 +- .../piclientserver_client_base.cpp | 2 +- libs/client_server/piclientserver_config.cpp | 50 --- libs/client_server/piclientserver_server.cpp | 5 +- libs/crypt/picrypt.cpp | 305 +++++++----------- libs/io_utils/piethutilbase.cpp | 8 + libs/io_utils/pistreampacker.cpp | 40 +-- .../client_server/piclientserver_client.h | 2 +- .../piclientserver_client_base.h | 12 +- .../client_server/piclientserver_config.h | 60 ---- .../client_server/piclientserver_server.h | 9 +- libs/main/crypt/picrypt.h | 42 +-- libs/main/io_utils/piethutilbase.h | 3 + libs/main/io_utils/pistreampacker.h | 59 ++-- libs/main/text/pistring.h | 1 + main.cpp | 6 +- 16 files changed, 220 insertions(+), 387 deletions(-) delete mode 100644 libs/client_server/piclientserver_config.cpp delete mode 100644 libs/main/client_server/piclientserver_config.h diff --git a/libs/client_server/piclientserver_client.cpp b/libs/client_server/piclientserver_client.cpp index 2699603e..f03c62a4 100644 --- a/libs/client_server/piclientserver_client.cpp +++ b/libs/client_server/piclientserver_client.cpp @@ -1,6 +1,6 @@ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -48,7 +48,6 @@ PIClientServer::Client::~Client() { void PIClientServer::Client::connect(PINetworkAddress addr) { if (!tcp || !own_tcp) return; close(); - config.apply(this); tcp->connect(addr, true); tcp->startThreadedRead(); } diff --git a/libs/client_server/piclientserver_client_base.cpp b/libs/client_server/piclientserver_client_base.cpp index 3fec5e93..688e1330 100644 --- a/libs/client_server/piclientserver_client_base.cpp +++ b/libs/client_server/piclientserver_client_base.cpp @@ -1,6 +1,6 @@ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/libs/client_server/piclientserver_config.cpp b/libs/client_server/piclientserver_config.cpp deleted file mode 100644 index a8d190a0..00000000 --- a/libs/client_server/piclientserver_config.cpp +++ /dev/null @@ -1,50 +0,0 @@ -/* - PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with this program. If not, see . -*/ - -#include "piclientserver_config.h" - -#include "piclientserver_client_base.h" - - -void PIClientServer::Config::setPacketSign(ushort sign) { - packet_sign = sign; -} - - -void PIClientServer::Config::setPacketSize(int bytes) { - packet_size = bytes; -} - - -void PIClientServer::Config::enableSymmetricEncryption(const PIByteArray & key) { - crypt_key = key; -} - - -void PIClientServer::Config::apply(ClientBase * client) { - auto & s(client->stream); - - s.setPacketSign(packet_sign); - s.setMaxPacketSize(packet_size); - - if (crypt_key.isNotEmpty()) { - s.setCryptEnabled(true); - s.setCryptKey(crypt_key); - } else - s.setCryptEnabled(false); -} diff --git a/libs/client_server/piclientserver_server.cpp b/libs/client_server/piclientserver_server.cpp index 4a6ec693..1b949998 100644 --- a/libs/client_server/piclientserver_server.cpp +++ b/libs/client_server/piclientserver_server.cpp @@ -1,6 +1,6 @@ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -20,7 +20,6 @@ #include "piclientserver_client.h" #include "piethernet.h" -#include "piliterals_time.h" PIClientServer::Server::Server() { @@ -132,7 +131,7 @@ void PIClientServer::Server::stopServer() { void PIClientServer::Server::newClient(ServerClient * c) { clients << c; - config.apply(c); + c->setConfiguration(configuration()); c->tcp->startThreadedRead(); c->connected(); } diff --git a/libs/crypt/picrypt.cpp b/libs/crypt/picrypt.cpp index 38e55853..49fbfb12 100644 --- a/libs/crypt/picrypt.cpp +++ b/libs/crypt/picrypt.cpp @@ -18,30 +18,28 @@ */ #include "picrypt.h" -#ifdef PIP_CRYPT -# include -#endif -#define PICRYPT_DISABLED_WARNING \ - piCout << "[PICrypt]" \ - << "Warning: PICrypt is disabled, to enable install sodium library and rebuild pip"; - -const char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0"; -const int hash_def_key_size = 9; +#include +namespace { +constexpr char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0"; +constexpr int hash_def_key_size = 9; +} // namespace PICrypt::PICrypt() { -#ifdef PIP_CRYPT - if (!init()) + if (!init()) { piCout << "[PICrypt]" << "Error while initialize sodium!"; + } nonce_.resize(crypto_secretbox_NONCEBYTES); key_.resize(crypto_secretbox_KEYBYTES); randombytes_buf(key_.data(), key_.size()); randombytes_buf(nonce_.data(), nonce_.size()); -#else - PICRYPT_DISABLED_WARNING -#endif +} + +PICrypt::~PICrypt() { + key_.fill(0); + nonce_.fill(0); } @@ -52,156 +50,144 @@ bool PICrypt::setKey(const PIByteArray & _key) { } -PIByteArray PICrypt::setKey(const PIString & secret) { +bool PICrypt::setKey(const PIString & secret) { PIByteArray hash; -#ifdef PIP_CRYPT hash.resize(crypto_generichash_BYTES); PIByteArray s(secret.data(), secret.size()); crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size); hash.resize(key_.size()); - setKey(hash); -#endif - return hash; + key_ = std::move(hash); + secret.deleteData(); + return true; } PIByteArray PICrypt::crypt(const PIByteArray & data) { PIByteArray ret; -#ifdef PIP_CRYPT ret.resize(data.size() + crypto_secretbox_MACBYTES); randombytes_buf(nonce_.data(), nonce_.size()); - crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()); - ret.append(nonce_); -#endif + if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()) != 0) { + ret.clear(); + } else { + ret.append(nonce_); + } return ret; } PIByteArray PICrypt::crypt(const PIByteArray & data, PIByteArray key) { - PIByteArray ret; -#ifdef PIP_CRYPT + if (!init()) { + key.fill(0); + return PIByteArray(); + } if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' '); - // return PIByteArray(); - if (!init()) return ret; PIByteArray n; - ret.resize(data.size() + crypto_secretbox_MACBYTES); n.resize(crypto_secretbox_NONCEBYTES); + PIByteArray ret; + ret.resize(data.size() + crypto_secretbox_MACBYTES); randombytes_buf(n.data(), n.size()); - crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()); - ret.append(n); -#else - PICRYPT_DISABLED_WARNING -#endif + if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()) != 0) { + ret.clear(); + } else { + ret.append(n); + } + key.fill(0); return ret; } PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool * ok) { - PIByteArray ret; -#ifdef PIP_CRYPT if (crypt_data.size() < nonce_.size() + crypto_secretbox_MACBYTES) { if (ok) *ok = false; return PIByteArray(); } - ret.resize(crypt_data.size() - nonce_.size() - crypto_secretbox_MACBYTES); - memcpy(nonce_.data(), crypt_data.data(crypt_data.size() - nonce_.size()), nonce_.size()); - if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - nonce_.size(), nonce_.data(), key_.data()) != 0) { + const ullong data_size = crypt_data.size() - nonce_.size(); + PIByteArray ret; + ret.resize(data_size - crypto_secretbox_MACBYTES); + memcpy(nonce_.data(), crypt_data.data(data_size), nonce_.size()); + if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, nonce_.data(), key_.data()) != 0) { + // Bad key if (ok) *ok = false; - // piCout << "[PICrypt]" << "bad key_"; - return PIByteArray(); + ret.clear(); + } else if (ok) { + *ok = true; } -#endif - if (ok) *ok = true; return ret; } PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bool * ok) { - PIByteArray ret; -#ifdef PIP_CRYPT - if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' '); - /*if (ok) *ok = false; - return PIByteArray(); -}*/ - if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) { - if (ok) *ok = false; + if (!init()) { + key.fill(0); return PIByteArray(); } - if (!init()) return ret; + if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) { + if (ok) *ok = false; + key.fill(0); + return PIByteArray(); + } + if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' '); PIByteArray n; n.resize(crypto_secretbox_NONCEBYTES); - ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES); - memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size()); - if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) { + const ullong data_size = crypt_data.size() - n.size(); + PIByteArray ret; + ret.resize(data_size - crypto_secretbox_MACBYTES); + memcpy(n.data(), crypt_data.data(data_size), n.size()); + if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), key.data()) != 0) { + // Bad key if (ok) *ok = false; - // piCout << "[PICrypt]" << "bad key_"; - return PIByteArray(); - } else if (ok) + ret.clear(); + } else if (ok) { *ok = true; -#else - PICRYPT_DISABLED_WARNING -#endif + } + key.fill(0); return ret; } PIByteArray PICrypt::hash(const PIString & secret) { PIByteArray hash; -#ifdef PIP_CRYPT if (!init()) return hash; hash.resize(crypto_generichash_BYTES); PIByteArray s(secret.data(), secret.size()); crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size); -#else - PICRYPT_DISABLED_WARNING -#endif + secret.deleteData(); return hash; } PIByteArray PICrypt::hash(const PIByteArray & data) { PIByteArray hash; -#ifdef PIP_CRYPT if (!init()) return hash; hash.resize(crypto_generichash_BYTES); crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size); -#else - PICRYPT_DISABLED_WARNING -#endif return hash; } PIByteArray PICrypt::hash(const PIByteArray & data, const unsigned char * key, size_t keylen) { PIByteArray hash; -#ifdef PIP_CRYPT if (!init()) return hash; hash.resize(crypto_generichash_BYTES); crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), key, keylen); -#else - PICRYPT_DISABLED_WARNING -#endif return hash; } size_t PICrypt::sizeHash() { -#ifdef PIP_CRYPT return crypto_generichash_BYTES; -#else - PICRYPT_DISABLED_WARNING -#endif - return 0; } ullong PICrypt::shorthash(const PIString & s, PIByteArray key) { ullong hash = 0; -#ifdef PIP_CRYPT + if (!init()) { + key.fill(0); + return hash; + } if (crypto_shorthash_BYTES != sizeof(hash)) piCout << "[PICrypt]" << "internal error: bad hash size"; - if (!init()) return hash; if (key.size() != crypto_shorthash_KEYBYTES) { piCout << "[PICrypt]" << "invalid key size" << key.size() << ", shoud be" << crypto_shorthash_KEYBYTES << ", filled zeros"; @@ -209,207 +195,154 @@ ullong PICrypt::shorthash(const PIString & s, PIByteArray key) { } PIByteArray in(s.data(), s.size()); crypto_shorthash((uchar *)&hash, in.data(), in.size(), key.data()); -#else - PICRYPT_DISABLED_WARNING -#endif + key.fill(0); return hash; } PIByteArray PICrypt::generateKey() { - PIByteArray hash; -#ifdef PIP_CRYPT - if (!init()) return hash; - hash.resize(crypto_secretbox_KEYBYTES); - randombytes_buf(hash.data(), hash.size()); -#else - PICRYPT_DISABLED_WARNING -#endif - return hash; + return generateRandomBuff(sizeKey()); } PIByteArray PICrypt::generateRandomBuff(int size) { PIByteArray hash; -#ifdef PIP_CRYPT if (!init() || size <= 0) return hash; hash.resize(size); randombytes_buf(hash.data(), hash.size()); -#else - PICRYPT_DISABLED_WARNING -#endif return hash; } size_t PICrypt::sizeKey() { -#ifdef PIP_CRYPT return crypto_secretbox_KEYBYTES; -#else - PICRYPT_DISABLED_WARNING -#endif - return 0; } size_t PICrypt::sizeCrypt() { -#ifdef PIP_CRYPT return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES; -#else - PICRYPT_DISABLED_WARNING -#endif - return 0; } -void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) { -#ifdef PIP_CRYPT - if (!init()) return; +bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) { + if (!init()) return false; public_key.resize(crypto_sign_PUBLICKEYBYTES); secret_key.resize(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(public_key.data(), secret_key.data()); -#else - PICRYPT_DISABLED_WARNING -#endif + return crypto_sign_keypair(public_key.data(), secret_key.data()) == 0; } -void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) { -#ifdef PIP_CRYPT - if (!init() || seed.isEmpty()) return; +bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) { + if (!init() || seed.isEmpty()) return false; public_key.resize(crypto_sign_PUBLICKEYBYTES); secret_key.resize(crypto_sign_SECRETKEYBYTES); - crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()); -#else - PICRYPT_DISABLED_WARNING -#endif + return crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0; } PIByteArray PICrypt::extractSignPublicKey(const PIByteArray & secret_key) { PIByteArray pk; -#ifdef PIP_CRYPT if (!init() || secret_key.size() != crypto_sign_SECRETKEYBYTES) return pk; pk.resize(crypto_sign_PUBLICKEYBYTES); - crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data()); -#else - PICRYPT_DISABLED_WARNING -#endif + if (crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data()) != 0) { + pk.clear(); + } return pk; } -PIByteArray PICrypt::signMessage(const PIByteArray & data, PIByteArray secret_key) { +PIByteArray PICrypt::signMessage(const PIByteArray & data, const PIByteArray & secret_key) { PIByteArray sign; -#ifdef PIP_CRYPT if (!init()) return sign; sign.resize(crypto_sign_BYTES); - crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data()); -#else - PICRYPT_DISABLED_WARNING -#endif + if (crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data()) != 0) { + sign.clear(); + } return sign; } -bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key) { -#ifdef PIP_CRYPT +bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key) { if (!init()) return false; return (crypto_sign_verify_detached(signature.data(), data.data(), data.size(), public_key.data()) == 0); -#else - PICRYPT_DISABLED_WARNING -#endif return false; } -void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) { -#ifdef PIP_CRYPT - if (!init()) return; +bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) { + if (!init()) return false; public_key.resize(crypto_box_PUBLICKEYBYTES); secret_key.resize(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(public_key.data(), secret_key.data()); -#else - PICRYPT_DISABLED_WARNING -#endif + return crypto_box_keypair(public_key.data(), secret_key.data()) == 0; } -void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) { -#ifdef PIP_CRYPT - if (!init()) return; +bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) { + if (!init()) return false; public_key.resize(crypto_box_PUBLICKEYBYTES); secret_key.resize(crypto_box_SECRETKEYBYTES); - crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()); -#else - PICRYPT_DISABLED_WARNING -#endif + return crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0; } PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & public_key, const PIByteArray & secret_key) { - PIByteArray ret; -#ifdef PIP_CRYPT - if (!init()) return ret; - if (public_key.size() != crypto_box_PUBLICKEYBYTES) return ret; - if (secret_key.size() != crypto_box_SECRETKEYBYTES) return ret; + if (!init()) return PIByteArray(); + if (public_key.size() != crypto_box_PUBLICKEYBYTES) return PIByteArray(); + if (secret_key.size() != crypto_box_SECRETKEYBYTES) return PIByteArray(); PIByteArray n; - ret.resize(data.size() + crypto_box_MACBYTES); n.resize(crypto_box_NONCEBYTES); + PIByteArray ret; + ret.resize(data.size() + crypto_box_MACBYTES); randombytes_buf(n.data(), n.size()); - if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) return PIByteArray(); + if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) { + return PIByteArray(); + } ret.append(n); -#else - PICRYPT_DISABLED_WARNING -#endif return ret; } PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & public_key, const PIByteArray & secret_key, bool * ok) { - PIByteArray ret; -#ifdef PIP_CRYPT - if (!init()) return ret; + if (!init()) { + if (ok) *ok = false; + return PIByteArray(); + } if (public_key.size() != crypto_box_PUBLICKEYBYTES) { if (ok) *ok = false; - return ret; + return PIByteArray(); } if (secret_key.size() != crypto_box_SECRETKEYBYTES) { if (ok) *ok = false; - return ret; + return PIByteArray(); } if (crypt_data.size() < crypto_box_NONCEBYTES + crypto_box_MACBYTES) { if (ok) *ok = false; - return ret; + return PIByteArray(); } PIByteArray n; n.resize(crypto_secretbox_NONCEBYTES); - ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES); - memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size()); - if (crypto_box_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), public_key.data(), secret_key.data()) != - 0) { + const ullong data_size = crypt_data.size() - n.size(); + PIByteArray ret; + ret.resize(data_size - crypto_secretbox_MACBYTES); + memcpy(n.data(), crypt_data.data(data_size), n.size()); + if (crypto_box_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), public_key.data(), secret_key.data()) != 0) { + // Bad key if (ok) *ok = false; - // piCout << "[PICrypt]" << "bad key_"; - return PIByteArray(); - } else if (ok) + ret.clear(); + } else if (ok) { *ok = true; -#else - PICRYPT_DISABLED_WARNING -#endif + } return ret; } PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & seed) { #ifdef crypto_pwhash_ALG_ARGON2I13 - // char out[crypto_pwhash_STRBYTES]; PIByteArray pass = password.toUTF8(); PIByteArray n = hash(seed); PIByteArray ph; ph.resize(crypto_box_SEEDBYTES); n.resize(crypto_pwhash_SALTBYTES); - // randombytes_buf(n.data(), n.size()); - // crypto_shorthash(n.data(), seed.data(), seed.size(), PIByteArray(crypto_shorthash_KEYBYTES).data()); int r = crypto_pwhash(ph.data(), ph.size(), (const char *)pass.data(), @@ -418,31 +351,23 @@ PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & crypto_pwhash_argon2i_opslimit_moderate(), crypto_pwhash_argon2i_memlimit_moderate(), crypto_pwhash_ALG_ARGON2I13); - // crypto_pwhash_str(out, (const char*)pass.data(), pass.size(), crypto_pwhash_argon2i_opslimit_moderate(), - // crypto_pwhash_argon2i_memlimit_moderate()); pass.fill(0); + password.deleteData(); if (r != 0) return PIByteArray(); return ph; -// PIByteArray ret; -// ret << ph << n << crypto_pwhash_argon2i_opslimit_moderate() << crypto_pwhash_argon2i_memlimit_moderate(); -// return ret; #else + piCout << "[PICrypt] Error, ALG_ARGON2I13 not availible!"; return PIByteArray(); #endif } PIString PICrypt::version() { -#ifdef PIP_CRYPT return SODIUM_VERSION_STRING; -#else - return PIString(); -#endif } bool PICrypt::init() { -#ifdef PIP_CRYPT static bool inited = false; if (inited) return true; // piCout << "[PICrypt]" << "init ..."; @@ -450,8 +375,4 @@ bool PICrypt::init() { if (!inited) inited = sodium_init(); // piCout << "[PICrypt]" << "init" << inited; return inited; -#else - PICRYPT_DISABLED_WARNING -#endif - return false; } diff --git a/libs/io_utils/piethutilbase.cpp b/libs/io_utils/piethutilbase.cpp index 5121239d..e6877a21 100644 --- a/libs/io_utils/piethutilbase.cpp +++ b/libs/io_utils/piethutilbase.cpp @@ -118,3 +118,11 @@ PIByteArray PIEthUtilBase::decryptData(const PIByteArray & data) { return PIByteArray(); #endif } + +size_t PIEthUtilBase::cryptSizeAddition() { +#ifdef PIP_CRYPT + return PICrypt::sizeCrypt(); +#else + return 0; +#endif +} diff --git a/libs/io_utils/pistreampacker.cpp b/libs/io_utils/pistreampacker.cpp index 7ec34a18..85424617 100644 --- a/libs/io_utils/pistreampacker.cpp +++ b/libs/io_utils/pistreampacker.cpp @@ -24,7 +24,6 @@ #include "pistreampacker.h" #include "piiodevice.h" -#include "piliterals_bytes.h" #ifdef __GNUC__ # pragma GCC diagnostic pop #endif @@ -49,28 +48,10 @@ PIStreamPacker::PIStreamPacker(PIIODevice * dev): PIObject() { - crypt_frag = crypt_size = false; - aggressive_optimization = true; - packet_size = -1; - size_crypted_size = sizeof(int); - crypt_frag_size = 1_MiB; - max_packet_size = 1400; - packet_sign = 0xAFBE; - assignDevice(dev); + packet_size = -1; + if (dev) assignDevice(dev); } - -void PIStreamPacker::setCryptSizeEnabled(bool on) { - crypt_size = on; - if (crypt_size) { - PIByteArray ba; - ba << int(0); - size_crypted_size = cryptData(ba).size_s(); - } else - size_crypted_size = sizeof(int); -} - - void PIStreamPacker::clear() { packet.clear(); packet_size = -1; @@ -129,7 +110,7 @@ void PIStreamPacker::received(const PIByteArray & data) { stream.append(data); // piCout << "rec" << data.size(); while (!stream.isEmpty()) { - int hdr_size = sizeof(packet_sign) + size_crypted_size; + int hdr_size = sizeof(packet_sign) + sizeCryptedSize(); if (packet_size < 0) { if (stream.size_s() < hdr_size) return; ushort sign(0); @@ -143,8 +124,8 @@ void PIStreamPacker::received(const PIByteArray & data) { } int sz = -1; if (crypt_size) { - PIByteArray crsz((uint)size_crypted_size); - memcpy(crsz.data(), stream.data(2), size_crypted_size); + PIByteArray crsz(sizeCryptedSize()); + memcpy(crsz.data(), stream.data(2), crsz.size()); crsz = decryptData(crsz); if (crsz.size() < sizeof(sz)) { if (aggressive_optimization) @@ -155,7 +136,7 @@ void PIStreamPacker::received(const PIByteArray & data) { } crsz >> sz; } else { - memcpy(&sz, stream.data(2), size_crypted_size); + memcpy(&sz, stream.data(2), sizeCryptedSize()); } if (sz < 0) { if (aggressive_optimization) @@ -212,10 +193,17 @@ void PIStreamPacker::received(const PIByteArray & data) { void PIStreamPacker::assignDevice(PIIODevice * dev) { - if (!dev) return; + if (!dev) { + piCoutObj << "Error! device is NULL"; + return; + } if (!dev->infoFlags()[PIIODevice::Reliable]) { piCoutObj << "Warning! Not recommended to use with non-reliable" << dev; } CONNECT2(void, const uchar *, ssize_t, dev, threadedReadEvent, this, received); CONNECT1(void, PIByteArray, this, sendRequest, dev, write); } + +uint PIStreamPacker::sizeCryptedSize() { + return sizeof(int) + (crypt_size ? cryptSizeAddition() : 0); +} diff --git a/libs/main/client_server/piclientserver_client.h b/libs/main/client_server/piclientserver_client.h index 556f3a6c..20ebe99f 100644 --- a/libs/main/client_server/piclientserver_client.h +++ b/libs/main/client_server/piclientserver_client.h @@ -6,7 +6,7 @@ */ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/libs/main/client_server/piclientserver_client_base.h b/libs/main/client_server/piclientserver_client_base.h index 1ee07290..2f0d7560 100644 --- a/libs/main/client_server/piclientserver_client_base.h +++ b/libs/main/client_server/piclientserver_client_base.h @@ -6,7 +6,7 @@ */ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -25,7 +25,6 @@ #ifndef piclientserver_client_base_H #define piclientserver_client_base_H -#include "piclientserver_config.h" #include "pidiagnostics.h" #include "pip_client_server_export.h" #include "pistreampacker.h" @@ -36,8 +35,10 @@ namespace PIClientServer { class Server; +class ClientInterface {}; + +// template class PIP_CLIENT_SERVER_EXPORT ClientBase { - friend class Config; friend class Server; NO_COPY_CLASS(ClientBase); @@ -57,7 +58,9 @@ public: PIDiagnostics::State diagnostics() const; int receivePacketProgress() const; - Config & configuration() { return config; } + const PIStreamPackerConfig & configuration() const { return stream.configuration(); } + PIStreamPackerConfig & configuration() { return stream.configuration(); } + void setConfiguration(const PIStreamPackerConfig & config) { stream.setConfiguration(config); } protected: virtual void readed(PIByteArray data) {} @@ -71,7 +74,6 @@ protected: bool own_tcp = false; std::atomic_bool can_write = {true}; PIEthernet * tcp = nullptr; - Config config; private: void destroy(); diff --git a/libs/main/client_server/piclientserver_config.h b/libs/main/client_server/piclientserver_config.h deleted file mode 100644 index 6ed6b5f4..00000000 --- a/libs/main/client_server/piclientserver_config.h +++ /dev/null @@ -1,60 +0,0 @@ -/*! \file piclientserver_config.h - * \ingroup ClientServer - * \~\brief - * \~english - * \~russian - */ -/* - PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with this program. If not, see . -*/ - -#ifndef piclientserver_config_H -#define piclientserver_config_H - -#include "pibytearray.h" -#include "pip_client_server_export.h" - - -namespace PIClientServer { - -class Server; -class Client; -class ClientBase; - -class PIP_CLIENT_SERVER_EXPORT Config { - friend class Server; - friend class Client; - -public: - void setPacketSign(ushort sign); - void setPacketSize(int bytes); - - void enableSymmetricEncryption(const PIByteArray & key); - -protected: - void apply(ClientBase * client); - - PIByteArray crypt_key; - ushort packet_sign = 0xAFBE; - int packet_size = 1400; - -private: -}; - -} // namespace PIClientServer - -#endif diff --git a/libs/main/client_server/piclientserver_server.h b/libs/main/client_server/piclientserver_server.h index 784fa125..e54978a4 100644 --- a/libs/main/client_server/piclientserver_server.h +++ b/libs/main/client_server/piclientserver_server.h @@ -6,7 +6,7 @@ */ /* PIP - Platform Independent Primitives - Ivan Pelipenko peri4ko@yandex.ru + Ivan Pelipenko peri4ko@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -25,10 +25,10 @@ #ifndef piclientserver_server_H #define piclientserver_server_H -#include "piclientserver_config.h" #include "pimutex.h" #include "pinetworkaddress.h" #include "pip_client_server_export.h" +#include "pistreampacker.h" #include "pithreadnotifier.h" class PIEthernet; @@ -38,7 +38,7 @@ namespace PIClientServer { class ServerClient; -class PIP_CLIENT_SERVER_EXPORT Server { +class PIP_CLIENT_SERVER_EXPORT Server: public PIStreamPackerConfig { friend class ServerClient; NO_COPY_CLASS(Server); @@ -58,8 +58,6 @@ public: void setClientFactory(std::function f) { client_factory = f; } - Config & configuration() { return config; } - private: void stopServer(); void newClient(ServerClient * c); @@ -70,7 +68,6 @@ private: PIEthernet * tcp_server = nullptr; PIThread * clean_thread = nullptr; PIThreadNotifier clean_notifier; - Config config; PIVector clients; mutable PIMutex clients_mutex; diff --git a/libs/main/crypt/picrypt.h b/libs/main/crypt/picrypt.h index 79a319c5..5fa2f098 100644 --- a/libs/main/crypt/picrypt.h +++ b/libs/main/crypt/picrypt.h @@ -5,22 +5,22 @@ * \~russian Шифрование с помощью libsodium */ /* - PIP - Platform Independent Primitives - Cryptographic class using lib Sodium - Andrey Bychkov work.a.b@yandex.ru + PIP - Platform Independent Primitives + Cryptographic class using lib Sodium + Andrey Bychkov work.a.b@yandex.ru - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. - You should have received a copy of the GNU Lesser General Public License - along with this program. If not, see . + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ #ifndef PICRYPT_H @@ -40,6 +40,8 @@ public: //! \~russian Конструктор, генерирующий случайный ключ PICrypt(); + ~PICrypt(); + //! \~\brief //! \~english Set key to "key", key size must be a \a sizeKey() //! \~russian Установить ключ "key", размер ключа должен быть равен \a sizeKey() @@ -48,7 +50,7 @@ public: //! \~\brief //! \~english Generate and set key from keyphrase "secret" //! \~russian Генерировать и установить ключ из ключевой фразы "secret" - PIByteArray setKey(const PIString & secret); + bool setKey(const PIString & secret); //! \~\brief //! \~english Returns current key @@ -123,12 +125,12 @@ public: //! \~\brief //! \~english Function randomly generates a secret key and a corresponding public key for digital signature //! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для цифровой подписи - static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key); + static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key); //! \~\brief //! \~english Function generates a secret key from input data and a corresponding public key for digital signature //! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для цифровой подписи - static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed); + static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed); //! \~\brief //! \~english Function extract sign public key from sing secret key @@ -138,24 +140,24 @@ public: //! \~\brief //! \~english Calculate digital signature for data //! \~russian Вычислить цифровую подпись для данных - PIByteArray signMessage(const PIByteArray & data, PIByteArray secret_key); + PIByteArray signMessage(const PIByteArray & data, const PIByteArray & secret_key); //! \~\brief //! \~english Verify digital signature of signed message //! \~russian Проверить цифровую подпись подписанного сообщения - bool verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key); + bool verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key); //! \~\brief //! \~english Function randomly generates a secret key and a corresponding public key for authenticated encryption //! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для аутентифицированного //! шифрования - static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key); + static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key); //! \~\brief //! \~english Function generates a secret key from input data and a corresponding public key for authenticated encryption //! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для аутентифицированного //! шифрования - static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed); + static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed); //! \~\brief //! \~english Encrypt given data "data" diff --git a/libs/main/io_utils/piethutilbase.h b/libs/main/io_utils/piethutilbase.h index 160feee0..c763d47d 100644 --- a/libs/main/io_utils/piethutilbase.h +++ b/libs/main/io_utils/piethutilbase.h @@ -57,6 +57,9 @@ public: //! Returns crypt layer key PIByteArray cryptKey() const; + //! \brief Returns addition size for crypted data. + static size_t cryptSizeAddition(); + protected: /*! \brief Returns encrypted data if layer enabled, * otherwise returns unchanged \"data\" */ diff --git a/libs/main/io_utils/pistreampacker.h b/libs/main/io_utils/pistreampacker.h index 88a8c35a..9a9b6512 100644 --- a/libs/main/io_utils/pistreampacker.h +++ b/libs/main/io_utils/pistreampacker.h @@ -33,15 +33,17 @@ class PIIODevice; -class PIP_IO_UTILS_EXPORT PIStreamPacker - : public PIObject - , public PIEthUtilBase { - PIOBJECT(PIStreamPacker) +class PIStreamPackerConfig: public PIEthUtilBase { + friend class PIStreamPacker; public: - //! Contructs packer and try to assign \"dev\" - PIStreamPacker(PIIODevice * dev = 0); - + PIStreamPackerConfig() { + crypt_frag = crypt_size = false; + aggressive_optimization = true; + crypt_frag_size = 1 * 1024 * 1024; + max_packet_size = 1400; + packet_sign = 0xAFBE; + } //! Set maximum size of single packet void setMaxPacketSize(int max_size) { max_packet_size = max_size; } @@ -49,17 +51,12 @@ public: //! Returns maximum size of single packet, default 1400 bytes int maxPacketSize() const { return max_packet_size; } - //! Set packet sinature void setPacketSign(ushort sign_) { packet_sign = sign_; } //! Returns packet sinature, default 0xAFBE ushort packetSign() const { return packet_sign; } - //! Returns progress of current packet receive in bytes - int receivePacketProgress() const { return packet.size_s(); } - - //! Set receive aggressive optimization. If yes then %PIStreamPacker doesn`t //! check every byte in incoming stream but check only begin of each read() //! result. Default is \b true. @@ -68,17 +65,42 @@ public: //! Returns aggressive optimization bool aggressiveOptimization() const { return aggressive_optimization; } - bool cryptFragmentationEnabled() const { return crypt_frag; } void setCryptFragmentationEnabled(bool on) { crypt_frag = on; } int cryptFragmentationSize() const { return crypt_frag_size; } void setCryptFragmentationSize(int size_) { crypt_frag_size = size_; } bool cryptSizeEnabled() const { return crypt_size; } - void setCryptSizeEnabled(bool on); + void setCryptSizeEnabled(bool on) { crypt_size = on; } + + //! Get configuration + const PIStreamPackerConfig & configuration() const { return *this; } + PIStreamPackerConfig & configuration() { return *this; } + + //! Apply configuration + void setConfiguration(const PIStreamPackerConfig & config) { *this = config; } + +private: + bool crypt_frag, crypt_size, aggressive_optimization; + int crypt_frag_size; + ushort packet_sign; + int max_packet_size; +}; + + +class PIP_IO_UTILS_EXPORT PIStreamPacker + : public PIObject + , public PIStreamPackerConfig { + PIOBJECT(PIStreamPacker) + +public: + //! Contructs packer and try to assign \"dev\" + PIStreamPacker(PIIODevice * dev = nullptr); + + //! Returns progress of current packet receive in bytes + int receivePacketProgress() const { return packet.size_s(); } void clear(); - //! Prepare data for send and raise \a sendRequest() events void send(const PIByteArray & data); @@ -130,11 +152,10 @@ protected: virtual void packetReceived(PIByteArray data) {} private: + uint sizeCryptedSize(); + PIByteArray stream, packet; - bool crypt_frag, crypt_size, aggressive_optimization; - int packet_size, crypt_frag_size; - ushort packet_sign; - int max_packet_size, size_crypted_size; + int packet_size; mutable PIMutex prog_s_mutex, prog_r_mutex; }; diff --git a/libs/main/text/pistring.h b/libs/main/text/pistring.h index b4f5767f..7c014adf 100644 --- a/libs/main/text/pistring.h +++ b/libs/main/text/pistring.h @@ -40,6 +40,7 @@ class PIStringList; //! \~russian Класс строки. class PIP_EXPORT PIString { BINARY_STREAM_FRIEND(PIString); + friend class PICrypt; public: typedef PIDeque::iterator iterator; diff --git a/main.cpp b/main.cpp index 21450986..3620320c 100644 --- a/main.cpp +++ b/main.cpp @@ -142,7 +142,8 @@ int main(int argc, char * argv[]) { piCout << "Server"; s = new PIClientServer::Server(); s->setClientFactory([] { return new MyServerClient(); }); - s->configuration().enableSymmetricEncryption("1122334455667788"_hex); + s->setCryptEnabled(true);; + s->setCryptKey("1122334455667788"_hex); s->listenAll(12345); s_thread->start( [s] { @@ -161,7 +162,8 @@ int main(int argc, char * argv[]) { piForTimes(2) { piMSleep(25); auto c = new MyClient(); - c->configuration().enableSymmetricEncryption("1122334455667788"_hex); + c->configuration().setCryptEnabled(true); + c->configuration().setCryptKey("1122334455667788"_hex); c->connect(PINetworkAddress::resolve("127.0.0.1", 12345)); cv << c; } From ac8efc9f88f7eacc17a255f3a6e347603669d2fe Mon Sep 17 00:00:00 2001 From: Andrey Bychkov Date: Fri, 18 Oct 2024 19:00:39 +0300 Subject: [PATCH 2/4] need fix PIPackedTCP --- libs/io_utils/pipackedtcp.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/io_utils/pipackedtcp.cpp b/libs/io_utils/pipackedtcp.cpp index d9efac7b..9d0dcab0 100644 --- a/libs/io_utils/pipackedtcp.cpp +++ b/libs/io_utils/pipackedtcp.cpp @@ -108,7 +108,7 @@ void PIPackedTCP::init() { // piCout << "Server connected" << client; packer.assignDevice(client); CONNECTL(client, disconnected, [this](bool) { - packer.assignDevice(nullptr); + // packer.assignDevice(nullptr); WTF? packer.clear(); disconnected(); }); @@ -193,7 +193,7 @@ bool PIPackedTCP::closeDevice() { client->close(); client->stopAndWait(); piDeleteSafety(client); - packer.assignDevice(nullptr); + // packer.assignDevice(nullptr); WTF? } return eth->close(); } From 315966504e6d3dae16a3853d0edc01a67e78d749 Mon Sep 17 00:00:00 2001 From: Andrey Bychkov Date: Sun, 20 Oct 2024 18:03:25 +0300 Subject: [PATCH 3/4] fix picrypt and remove crypt_frag from PIStreamPacker --- libs/crypt/picrypt.cpp | 43 +++++++++++++---------------- libs/io_utils/pistreampacker.cpp | 38 ++----------------------- libs/main/crypt/picrypt.h | 4 +-- libs/main/io_utils/pistreampacker.h | 10 ++----- libs/main/text/pistring.h | 1 - 5 files changed, 25 insertions(+), 71 deletions(-) diff --git a/libs/crypt/picrypt.cpp b/libs/crypt/picrypt.cpp index 49fbfb12..cabea37d 100644 --- a/libs/crypt/picrypt.cpp +++ b/libs/crypt/picrypt.cpp @@ -50,15 +50,9 @@ bool PICrypt::setKey(const PIByteArray & _key) { } -bool PICrypt::setKey(const PIString & secret) { - PIByteArray hash; - hash.resize(crypto_generichash_BYTES); - PIByteArray s(secret.data(), secret.size()); - crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size); - hash.resize(key_.size()); - key_ = std::move(hash); - secret.deleteData(); - return true; +bool PICrypt::setKey(const PIString & secret) {; + key_ = hash(secret); + return key_.isNotEmpty(); } @@ -145,23 +139,23 @@ PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bo } -PIByteArray PICrypt::hash(const PIString & secret) { - PIByteArray hash; - if (!init()) return hash; - hash.resize(crypto_generichash_BYTES); - PIByteArray s(secret.data(), secret.size()); - crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size); - secret.deleteData(); - return hash; +PIByteArray PICrypt::hash(PIString secret) { + if (!init()) return {}; + PIByteArray s = secret.toUTF8(); + PIByteArray h = hash(s); + memset(const_cast(secret.data()), 0, s.size()); + secret.fill('\0'); + s.fill(0); + return h; } PIByteArray PICrypt::hash(const PIByteArray & data) { - PIByteArray hash; - if (!init()) return hash; - hash.resize(crypto_generichash_BYTES); - crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size); - return hash; + if (!init()) return {}; + PIByteArray h; + h.resize(crypto_generichash_BYTES); + crypto_generichash(h.data(), h.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size); + return h; } @@ -336,7 +330,7 @@ PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & } -PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & seed) { +PIByteArray PICrypt::passwordHash(PIString password, const PIByteArray & seed) { #ifdef crypto_pwhash_ALG_ARGON2I13 PIByteArray pass = password.toUTF8(); PIByteArray n = hash(seed); @@ -352,7 +346,8 @@ PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & crypto_pwhash_argon2i_memlimit_moderate(), crypto_pwhash_ALG_ARGON2I13); pass.fill(0); - password.deleteData(); + memset(const_cast(password.data()), 0, pass.size()); + password.fill('\0'); if (r != 0) return PIByteArray(); return ph; #else diff --git a/libs/io_utils/pistreampacker.cpp b/libs/io_utils/pistreampacker.cpp index 85424617..855c9445 100644 --- a/libs/io_utils/pistreampacker.cpp +++ b/libs/io_utils/pistreampacker.cpp @@ -61,22 +61,7 @@ void PIStreamPacker::clear() { void PIStreamPacker::send(const PIByteArray & data) { if (data.isEmpty()) return; - PIByteArray cd; - if (crypt_frag) { - int fcnt = (data.size_s() - 1) / crypt_frag_size + 1, fst = 0; - // piCout << "crypt_frag send" << fcnt << "frags"; - PIByteArray frag; - for (int i = 0; i < fcnt; ++i) { - if (i == fcnt - 1) - frag = PIByteArray(data.data(fst), data.size_s() - fst); - else - frag = PIByteArray(data.data(fst), crypt_frag_size); - fst += crypt_frag_size; - cd << cryptData(frag); - } - } else { - cd = cryptData(data); - } + PIByteArray cd = cryptData(data); // piCout << "crypt" << data.size() << "->" << cd.size() << key().size(); PIByteArray hdr, part; hdr << packet_sign; @@ -158,26 +143,7 @@ void PIStreamPacker::received(const PIByteArray & data) { packet.append(stream.data(), ps); stream.remove(0, ps); if (packet.size_s() == packet_size) { - PIByteArray cd; - if (crypt_frag) { - // piCout << "decrypt frags ..." << packet_size; - while (packet.size_s() >= 4) { - // piCout << "decrypt frags take data ..."; - PIByteArray frag; - // piCout << "decrypt frags take data done" << frag.size_s(); - packet >> frag; - if (frag.isEmpty()) { - // piCout << "decrypt frags corrupt, break"; - cd.clear(); - break; - } - cd.append(decryptData(frag)); - // piCout << "decrypt frags add" << frag.size_s(); - } - // piCout << "decrypt frags done" << cd.size(); - } else { - cd = decryptData(packet); - } + PIByteArray cd = decryptData(packet); // piCout << "decrypt" << packet.size() << "->" << cd.size() << key().size(); if (!cd.isEmpty()) { endPacketReceive(); diff --git a/libs/main/crypt/picrypt.h b/libs/main/crypt/picrypt.h index 5fa2f098..51780b7c 100644 --- a/libs/main/crypt/picrypt.h +++ b/libs/main/crypt/picrypt.h @@ -80,7 +80,7 @@ public: //! \~\brief //! \~english Generate hash from keyphrase "secret", may be used as a key for encryption //! \~russian Генерировать хэш из ключевой фразы "secret", может использоваться в качестве ключа для шифрования - static PIByteArray hash(const PIString & secret); + static PIByteArray hash(PIString secret); //! \~\brief //! \~english Generate hash from bytearray @@ -172,7 +172,7 @@ public: //! \~\brief //! \~english Generate password hash from "password" //! \~russian Генерировать хэш пароля из "password" - static PIByteArray passwordHash(const PIString & password, const PIByteArray & seed); + static PIByteArray passwordHash(PIString password, const PIByteArray & seed); //! \~\brief //! \~english Returns libsodium version diff --git a/libs/main/io_utils/pistreampacker.h b/libs/main/io_utils/pistreampacker.h index 9a9b6512..ce49919a 100644 --- a/libs/main/io_utils/pistreampacker.h +++ b/libs/main/io_utils/pistreampacker.h @@ -38,9 +38,8 @@ class PIStreamPackerConfig: public PIEthUtilBase { public: PIStreamPackerConfig() { - crypt_frag = crypt_size = false; + crypt_size = false; aggressive_optimization = true; - crypt_frag_size = 1 * 1024 * 1024; max_packet_size = 1400; packet_sign = 0xAFBE; } @@ -65,10 +64,6 @@ public: //! Returns aggressive optimization bool aggressiveOptimization() const { return aggressive_optimization; } - bool cryptFragmentationEnabled() const { return crypt_frag; } - void setCryptFragmentationEnabled(bool on) { crypt_frag = on; } - int cryptFragmentationSize() const { return crypt_frag_size; } - void setCryptFragmentationSize(int size_) { crypt_frag_size = size_; } bool cryptSizeEnabled() const { return crypt_size; } void setCryptSizeEnabled(bool on) { crypt_size = on; } @@ -80,8 +75,7 @@ public: void setConfiguration(const PIStreamPackerConfig & config) { *this = config; } private: - bool crypt_frag, crypt_size, aggressive_optimization; - int crypt_frag_size; + bool crypt_size, aggressive_optimization; ushort packet_sign; int max_packet_size; }; diff --git a/libs/main/text/pistring.h b/libs/main/text/pistring.h index 7c014adf..b4f5767f 100644 --- a/libs/main/text/pistring.h +++ b/libs/main/text/pistring.h @@ -40,7 +40,6 @@ class PIStringList; //! \~russian Класс строки. class PIP_EXPORT PIString { BINARY_STREAM_FRIEND(PIString); - friend class PICrypt; public: typedef PIDeque::iterator iterator; From fe82c12d5bb0940017d7a246a7c1fa308dd78419 Mon Sep 17 00:00:00 2001 From: Andrey Bychkov Date: Sat, 16 Nov 2024 14:53:04 +0300 Subject: [PATCH 4/4] fix build --- libs/crypt/picrypt.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libs/crypt/picrypt.cpp b/libs/crypt/picrypt.cpp index 37e17a19..bee924d9 100644 --- a/libs/crypt/picrypt.cpp +++ b/libs/crypt/picrypt.cpp @@ -20,17 +20,15 @@ #include "picrypt.h" #include "pitranslator.h" -#ifdef PIP_CRYPT #include -#define PICRYPT_DISABLED_WARNING \ - piCout << "[PICrypt]" \ - << "Warning: PICrypt is disabled, to enable install sodium library and rebuild pip"_tr("PICrypt"); + namespace { constexpr char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0"; constexpr int hash_def_key_size = 9; } // namespace + PICrypt::PICrypt() { if (!init()) { piCout << "[PICrypt]"