SHS/pip
4
3
Fork 0
Code Issues 67 Pull Requests 1 Actions Releases Wiki Activity

refactoring PICrypt, add PIStreamPackerConfig, delete piclientserver_config

Browse Source
This commit is contained in:
Бычков Андрей
2024-10-18 18:59:20 +03:00
parent 28f3471036
commit 92a0a9356c
16 changed files with 220 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libs/client_server/piclientserver_client.cpp
View File

@@ -48,7 +48,6 @@ PIClientServer::Client::~Client() {
void PIClientServer::Client::connect(PINetworkAddress addr) {
if (!tcp || !own_tcp) return;
close();
config.apply(this);
tcp->connect(addr, true);
tcp->startThreadedRead();
}

50
libs/client_server/piclientserver_config.cpp
View File

@@ -1,50 +0,0 @@
/*
PIP - Platform Independent Primitives
Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "piclientserver_config.h"
#include "piclientserver_client_base.h"
void PIClientServer::Config::setPacketSign(ushort sign) {
packet_sign = sign;
}
void PIClientServer::Config::setPacketSize(int bytes) {
packet_size = bytes;
}
void PIClientServer::Config::enableSymmetricEncryption(const PIByteArray & key) {
crypt_key = key;
}
void PIClientServer::Config::apply(ClientBase * client) {
auto & s(client->stream);
s.setPacketSign(packet_sign);
s.setMaxPacketSize(packet_size);
if (crypt_key.isNotEmpty()) {
s.setCryptEnabled(true);
s.setCryptKey(crypt_key);
} else
s.setCryptEnabled(false);
}

3
libs/client_server/piclientserver_server.cpp
View File

@@ -20,7 +20,6 @@
#include "piclientserver_client.h"
#include "piethernet.h"
#include "piliterals_time.h"
PIClientServer::Server::Server() {
@@ -132,7 +131,7 @@ void PIClientServer::Server::stopServer() {
void PIClientServer::Server::newClient(ServerClient * c) {
clients << c;
config.apply(c);
c->setConfiguration(configuration());
c->tcp->startThreadedRead();
c->connected();
}

301
libs/crypt/picrypt.cpp
View File

@@ -18,30 +18,28 @@
*/
#include "picrypt.h"
#ifdef PIP_CRYPT
#include <sodium.h>
#endif
#define PICRYPT_DISABLED_WARNING \
piCout << "[PICrypt]" \
<< "Warning: PICrypt is disabled, to enable install sodium library and rebuild pip";
const char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0";
const int hash_def_key_size = 9;
namespace {
constexpr char hash_def_key[] = "_picrypt_\0\0\0\0\0\0\0";
constexpr int hash_def_key_size = 9;
} // namespace
PICrypt::PICrypt() {
#ifdef PIP_CRYPT
if (!init())
if (!init()) {
piCout << "[PICrypt]"
<< "Error while initialize sodium!";
}
nonce_.resize(crypto_secretbox_NONCEBYTES);
key_.resize(crypto_secretbox_KEYBYTES);
randombytes_buf(key_.data(), key_.size());
randombytes_buf(nonce_.data(), nonce_.size());
#else
PICRYPT_DISABLED_WARNING
#endif
}
PICrypt::~PICrypt() {
key_.fill(0);
nonce_.fill(0);
}
@@ -52,156 +50,144 @@ bool PICrypt::setKey(const PIByteArray & _key) {
}
PIByteArray PICrypt::setKey(const PIString & secret) {
bool PICrypt::setKey(const PIString & secret) {
PIByteArray hash;
#ifdef PIP_CRYPT
hash.resize(crypto_generichash_BYTES);
PIByteArray s(secret.data(), secret.size());
crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size);
hash.resize(key_.size());
setKey(hash);
#endif
return hash;
key_ = std::move(hash);
secret.deleteData();
return true;
}
PIByteArray PICrypt::crypt(const PIByteArray & data) {
PIByteArray ret;
#ifdef PIP_CRYPT
ret.resize(data.size() + crypto_secretbox_MACBYTES);
randombytes_buf(nonce_.data(), nonce_.size());
crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data());
if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()) != 0) {
ret.clear();
} else {
ret.append(nonce_);
#endif
}
return ret;
}
PIByteArray PICrypt::crypt(const PIByteArray & data, PIByteArray key) {
PIByteArray ret;
#ifdef PIP_CRYPT
if (!init()) {
key.fill(0);
return PIByteArray();
}
if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
// return PIByteArray();
if (!init()) return ret;
PIByteArray n;
ret.resize(data.size() + crypto_secretbox_MACBYTES);
n.resize(crypto_secretbox_NONCEBYTES);
PIByteArray ret;
ret.resize(data.size() + crypto_secretbox_MACBYTES);
randombytes_buf(n.data(), n.size());
crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data());
if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()) != 0) {
ret.clear();
} else {
ret.append(n);
#else
PICRYPT_DISABLED_WARNING
#endif
}
key.fill(0);
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool * ok) {
PIByteArray ret;
#ifdef PIP_CRYPT
if (crypt_data.size() < nonce_.size() + crypto_secretbox_MACBYTES) {
if (ok) *ok = false;
return PIByteArray();
}
ret.resize(crypt_data.size() - nonce_.size() - crypto_secretbox_MACBYTES);
memcpy(nonce_.data(), crypt_data.data(crypt_data.size() - nonce_.size()), nonce_.size());
if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - nonce_.size(), nonce_.data(), key_.data()) != 0) {
const ullong data_size = crypt_data.size() - nonce_.size();
PIByteArray ret;
ret.resize(data_size - crypto_secretbox_MACBYTES);
memcpy(nonce_.data(), crypt_data.data(data_size), nonce_.size());
if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, nonce_.data(), key_.data()) != 0) {
// Bad key
if (ok) *ok = false;
// piCout << "[PICrypt]" << "bad key_";
return PIByteArray();
ret.clear();
} else if (ok) {
*ok = true;
}
#endif
if (ok) *ok = true;
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bool * ok) {
PIByteArray ret;
#ifdef PIP_CRYPT
if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
/*if (ok) *ok = false;
return PIByteArray();
}*/
if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) {
if (ok) *ok = false;
if (!init()) {
key.fill(0);
return PIByteArray();
}
if (!init()) return ret;
if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) {
if (ok) *ok = false;
key.fill(0);
return PIByteArray();
}
if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
PIByteArray n;
n.resize(crypto_secretbox_NONCEBYTES);
ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) {
const ullong data_size = crypt_data.size() - n.size();
PIByteArray ret;
ret.resize(data_size - crypto_secretbox_MACBYTES);
memcpy(n.data(), crypt_data.data(data_size), n.size());
if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), key.data()) != 0) {
// Bad key
if (ok) *ok = false;
// piCout << "[PICrypt]" << "bad key_";
return PIByteArray();
} else if (ok)
ret.clear();
} else if (ok) {
*ok = true;
#else
PICRYPT_DISABLED_WARNING
#endif
}
key.fill(0);
return ret;
}
PIByteArray PICrypt::hash(const PIString & secret) {
PIByteArray hash;
#ifdef PIP_CRYPT
if (!init()) return hash;
hash.resize(crypto_generichash_BYTES);
PIByteArray s(secret.data(), secret.size());
crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar *)hash_def_key, hash_def_key_size);
#else
PICRYPT_DISABLED_WARNING
#endif
secret.deleteData();
return hash;
}
PIByteArray PICrypt::hash(const PIByteArray & data) {
PIByteArray hash;
#ifdef PIP_CRYPT
if (!init()) return hash;
hash.resize(crypto_generichash_BYTES);
crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size);
#else
PICRYPT_DISABLED_WARNING
#endif
return hash;
}
PIByteArray PICrypt::hash(const PIByteArray & data, const unsigned char * key, size_t keylen) {
PIByteArray hash;
#ifdef PIP_CRYPT
if (!init()) return hash;
hash.resize(crypto_generichash_BYTES);
crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), key, keylen);
#else
PICRYPT_DISABLED_WARNING
#endif
return hash;
}
size_t PICrypt::sizeHash() {
#ifdef PIP_CRYPT
return crypto_generichash_BYTES;
#else
PICRYPT_DISABLED_WARNING
#endif
return 0;
}
ullong PICrypt::shorthash(const PIString & s, PIByteArray key) {
ullong hash = 0;
#ifdef PIP_CRYPT
if (!init()) {
key.fill(0);
return hash;
}
if (crypto_shorthash_BYTES != sizeof(hash))
piCout << "[PICrypt]"
<< "internal error: bad hash size";
if (!init()) return hash;
if (key.size() != crypto_shorthash_KEYBYTES) {
piCout << "[PICrypt]"
<< "invalid key size" << key.size() << ", shoud be" << crypto_shorthash_KEYBYTES << ", filled zeros";
@@ -209,207 +195,154 @@ ullong PICrypt::shorthash(const PIString & s, PIByteArray key) {
}
PIByteArray in(s.data(), s.size());
crypto_shorthash((uchar *)&hash, in.data(), in.size(), key.data());
#else
PICRYPT_DISABLED_WARNING
#endif
key.fill(0);
return hash;
}
PIByteArray PICrypt::generateKey() {
PIByteArray hash;
#ifdef PIP_CRYPT
if (!init()) return hash;
hash.resize(crypto_secretbox_KEYBYTES);
randombytes_buf(hash.data(), hash.size());
#else
PICRYPT_DISABLED_WARNING
#endif
return hash;
return generateRandomBuff(sizeKey());
}
PIByteArray PICrypt::generateRandomBuff(int size) {
PIByteArray hash;
#ifdef PIP_CRYPT
if (!init() || size <= 0) return hash;
hash.resize(size);
randombytes_buf(hash.data(), hash.size());
#else
PICRYPT_DISABLED_WARNING
#endif
return hash;
}
size_t PICrypt::sizeKey() {
#ifdef PIP_CRYPT
return crypto_secretbox_KEYBYTES;
#else
PICRYPT_DISABLED_WARNING
#endif
return 0;
}
size_t PICrypt::sizeCrypt() {
#ifdef PIP_CRYPT
return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
#else
PICRYPT_DISABLED_WARNING
#endif
return 0;
}
void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
#ifdef PIP_CRYPT
if (!init()) return;
bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
if (!init()) return false;
public_key.resize(crypto_sign_PUBLICKEYBYTES);
secret_key.resize(crypto_sign_SECRETKEYBYTES);
crypto_sign_keypair(public_key.data(), secret_key.data());
#else
PICRYPT_DISABLED_WARNING
#endif
return crypto_sign_keypair(public_key.data(), secret_key.data()) == 0;
}
void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
#ifdef PIP_CRYPT
if (!init() || seed.isEmpty()) return;
bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
if (!init() || seed.isEmpty()) return false;
public_key.resize(crypto_sign_PUBLICKEYBYTES);
secret_key.resize(crypto_sign_SECRETKEYBYTES);
crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
#else
PICRYPT_DISABLED_WARNING
#endif
return crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}
PIByteArray PICrypt::extractSignPublicKey(const PIByteArray & secret_key) {
PIByteArray pk;
#ifdef PIP_CRYPT
if (!init() || secret_key.size() != crypto_sign_SECRETKEYBYTES) return pk;
pk.resize(crypto_sign_PUBLICKEYBYTES);
crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data());
#else
PICRYPT_DISABLED_WARNING
#endif
if (crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data()) != 0) {
pk.clear();
}
return pk;
}
PIByteArray PICrypt::signMessage(const PIByteArray & data, PIByteArray secret_key) {
PIByteArray PICrypt::signMessage(const PIByteArray & data, const PIByteArray & secret_key) {
PIByteArray sign;
#ifdef PIP_CRYPT
if (!init()) return sign;
sign.resize(crypto_sign_BYTES);
crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data());
#else
PICRYPT_DISABLED_WARNING
#endif
if (crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data()) != 0) {
sign.clear();
}
return sign;
}
bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key) {
#ifdef PIP_CRYPT
bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key) {
if (!init()) return false;
return (crypto_sign_verify_detached(signature.data(), data.data(), data.size(), public_key.data()) == 0);
#else
PICRYPT_DISABLED_WARNING
#endif
return false;
}
void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
#ifdef PIP_CRYPT
if (!init()) return;
bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
if (!init()) return false;
public_key.resize(crypto_box_PUBLICKEYBYTES);
secret_key.resize(crypto_box_SECRETKEYBYTES);
crypto_box_keypair(public_key.data(), secret_key.data());
#else
PICRYPT_DISABLED_WARNING
#endif
return crypto_box_keypair(public_key.data(), secret_key.data()) == 0;
}
void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
#ifdef PIP_CRYPT
if (!init()) return;
bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
if (!init()) return false;
public_key.resize(crypto_box_PUBLICKEYBYTES);
secret_key.resize(crypto_box_SECRETKEYBYTES);
crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
#else
PICRYPT_DISABLED_WARNING
#endif
return crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}
PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & public_key, const PIByteArray & secret_key) {
PIByteArray ret;
#ifdef PIP_CRYPT
if (!init()) return ret;
if (public_key.size() != crypto_box_PUBLICKEYBYTES) return ret;
if (secret_key.size() != crypto_box_SECRETKEYBYTES) return ret;
if (!init()) return PIByteArray();
if (public_key.size() != crypto_box_PUBLICKEYBYTES) return PIByteArray();
if (secret_key.size() != crypto_box_SECRETKEYBYTES) return PIByteArray();
PIByteArray n;
ret.resize(data.size() + crypto_box_MACBYTES);
n.resize(crypto_box_NONCEBYTES);
PIByteArray ret;
ret.resize(data.size() + crypto_box_MACBYTES);
randombytes_buf(n.data(), n.size());
if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) return PIByteArray();
if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) {
return PIByteArray();
}
ret.append(n);
#else
PICRYPT_DISABLED_WARNING
#endif
return ret;
}
PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & public_key, const PIByteArray & secret_key, bool * ok) {
PIByteArray ret;
#ifdef PIP_CRYPT
if (!init()) return ret;
if (!init()) {
if (ok) *ok = false;
return PIByteArray();
}
if (public_key.size() != crypto_box_PUBLICKEYBYTES) {
if (ok) *ok = false;
return ret;
return PIByteArray();
}
if (secret_key.size() != crypto_box_SECRETKEYBYTES) {
if (ok) *ok = false;
return ret;
return PIByteArray();
}
if (crypt_data.size() < crypto_box_NONCEBYTES + crypto_box_MACBYTES) {
if (ok) *ok = false;
return ret;
return PIByteArray();
}
PIByteArray n;
n.resize(crypto_secretbox_NONCEBYTES);
ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
if (crypto_box_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), public_key.data(), secret_key.data()) !=
0) {
const ullong data_size = crypt_data.size() - n.size();
PIByteArray ret;
ret.resize(data_size - crypto_secretbox_MACBYTES);
memcpy(n.data(), crypt_data.data(data_size), n.size());
if (crypto_box_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), public_key.data(), secret_key.data()) != 0) {
// Bad key
if (ok) *ok = false;
// piCout << "[PICrypt]" << "bad key_";
return PIByteArray();
} else if (ok)
ret.clear();
} else if (ok) {
*ok = true;
#else
PICRYPT_DISABLED_WARNING
#endif
}
return ret;
}
PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & seed) {
#ifdef crypto_pwhash_ALG_ARGON2I13
// char out[crypto_pwhash_STRBYTES];
PIByteArray pass = password.toUTF8();
PIByteArray n = hash(seed);
PIByteArray ph;
ph.resize(crypto_box_SEEDBYTES);
n.resize(crypto_pwhash_SALTBYTES);
// randombytes_buf(n.data(), n.size());
// crypto_shorthash(n.data(), seed.data(), seed.size(), PIByteArray(crypto_shorthash_KEYBYTES).data());
int r = crypto_pwhash(ph.data(),
ph.size(),
(const char *)pass.data(),
@@ -418,31 +351,23 @@ PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray &
crypto_pwhash_argon2i_opslimit_moderate(),
crypto_pwhash_argon2i_memlimit_moderate(),
crypto_pwhash_ALG_ARGON2I13);
// crypto_pwhash_str(out, (const char*)pass.data(), pass.size(), crypto_pwhash_argon2i_opslimit_moderate(),
// crypto_pwhash_argon2i_memlimit_moderate());
pass.fill(0);
password.deleteData();
if (r != 0) return PIByteArray();
return ph;
// PIByteArray ret;
// ret << ph << n << crypto_pwhash_argon2i_opslimit_moderate() << crypto_pwhash_argon2i_memlimit_moderate();
// return ret;
#else
piCout << "[PICrypt] Error, ALG_ARGON2I13 not availible!";
return PIByteArray();
#endif
}
PIString PICrypt::version() {
#ifdef PIP_CRYPT
return SODIUM_VERSION_STRING;
#else
return PIString();
#endif
}
bool PICrypt::init() {
#ifdef PIP_CRYPT
static bool inited = false;
if (inited) return true;
// piCout << "[PICrypt]" << "init ...";
@@ -450,8 +375,4 @@ bool PICrypt::init() {
if (!inited) inited = sodium_init();
// piCout << "[PICrypt]" << "init" << inited;
return inited;
#else
PICRYPT_DISABLED_WARNING
#endif
return false;
}

8
libs/io_utils/piethutilbase.cpp
View File

@@ -118,3 +118,11 @@ PIByteArray PIEthUtilBase::decryptData(const PIByteArray & data) {
return PIByteArray();
#endif
}
size_t PIEthUtilBase::cryptSizeAddition() {
#ifdef PIP_CRYPT
return PICrypt::sizeCrypt();
#else
return 0;
#endif
}

38
libs/io_utils/pistreampacker.cpp
View File

@@ -24,7 +24,6 @@
#include "pistreampacker.h"
#include "piiodevice.h"
#include "piliterals_bytes.h"
#ifdef __GNUC__
# pragma GCC diagnostic pop
#endif
@@ -49,28 +48,10 @@
PIStreamPacker::PIStreamPacker(PIIODevice * dev): PIObject() {
crypt_frag = crypt_size = false;
aggressive_optimization = true;
packet_size = -1;
size_crypted_size = sizeof(int);
crypt_frag_size = 1_MiB;
max_packet_size = 1400;
packet_sign = 0xAFBE;
assignDevice(dev);
if (dev) assignDevice(dev);
}
void PIStreamPacker::setCryptSizeEnabled(bool on) {
crypt_size = on;
if (crypt_size) {
PIByteArray ba;
ba << int(0);
size_crypted_size = cryptData(ba).size_s();
} else
size_crypted_size = sizeof(int);
}
void PIStreamPacker::clear() {
packet.clear();
packet_size = -1;
@@ -129,7 +110,7 @@ void PIStreamPacker::received(const PIByteArray & data) {
stream.append(data);
// piCout << "rec" << data.size();
while (!stream.isEmpty()) {
int hdr_size = sizeof(packet_sign) + size_crypted_size;
int hdr_size = sizeof(packet_sign) + sizeCryptedSize();
if (packet_size < 0) {
if (stream.size_s() < hdr_size) return;
ushort sign(0);
@@ -143,8 +124,8 @@ void PIStreamPacker::received(const PIByteArray & data) {
}
int sz = -1;
if (crypt_size) {
PIByteArray crsz((uint)size_crypted_size);
memcpy(crsz.data(), stream.data(2), size_crypted_size);
PIByteArray crsz(sizeCryptedSize());
memcpy(crsz.data(), stream.data(2), crsz.size());
crsz = decryptData(crsz);
if (crsz.size() < sizeof(sz)) {
if (aggressive_optimization)
@@ -155,7 +136,7 @@ void PIStreamPacker::received(const PIByteArray & data) {
}
crsz >> sz;
} else {
memcpy(&sz, stream.data(2), size_crypted_size);
memcpy(&sz, stream.data(2), sizeCryptedSize());
}
if (sz < 0) {
if (aggressive_optimization)
@@ -212,10 +193,17 @@ void PIStreamPacker::received(const PIByteArray & data) {
void PIStreamPacker::assignDevice(PIIODevice * dev) {
if (!dev) return;
if (!dev) {
piCoutObj << "Error! device is NULL";
return;
}
if (!dev->infoFlags()[PIIODevice::Reliable]) {
piCoutObj << "Warning! Not recommended to use with non-reliable" << dev;
}
CONNECT2(void, const uchar *, ssize_t, dev, threadedReadEvent, this, received);
CONNECT1(void, PIByteArray, this, sendRequest, dev, write);
}
uint PIStreamPacker::sizeCryptedSize() {
return sizeof(int) + (crypt_size ? cryptSizeAddition() : 0);
}

10
libs/main/client_server/piclientserver_client_base.h
View File

@@ -25,7 +25,6 @@
#ifndef piclientserver_client_base_H
#define piclientserver_client_base_H
#include "piclientserver_config.h"
#include "pidiagnostics.h"
#include "pip_client_server_export.h"
#include "pistreampacker.h"
@@ -36,8 +35,10 @@ namespace PIClientServer {
class Server;
class ClientInterface {};
// template<bool EnableDiagnostics = false>
class PIP_CLIENT_SERVER_EXPORT ClientBase {
friend class Config;
friend class Server;
NO_COPY_CLASS(ClientBase);
@@ -57,7 +58,9 @@ public:
PIDiagnostics::State diagnostics() const;
int receivePacketProgress() const;
Config & configuration() { return config; }
const PIStreamPackerConfig & configuration() const { return stream.configuration(); }
PIStreamPackerConfig & configuration() { return stream.configuration(); }
void setConfiguration(const PIStreamPackerConfig & config) { stream.setConfiguration(config); }
protected:
virtual void readed(PIByteArray data) {}
@@ -71,7 +74,6 @@ protected:
bool own_tcp = false;
std::atomic_bool can_write = {true};
PIEthernet * tcp = nullptr;
Config config;
private:
void destroy();

60
libs/main/client_server/piclientserver_config.h
View File

@@ -1,60 +0,0 @@
/*! \file piclientserver_config.h
* \ingroup ClientServer
* \~\brief
* \~english
* \~russian
*/
/*
PIP - Platform Independent Primitives
Ivan Pelipenko peri4ko@yandex.ru
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef piclientserver_config_H
#define piclientserver_config_H
#include "pibytearray.h"
#include "pip_client_server_export.h"
namespace PIClientServer {
class Server;
class Client;
class ClientBase;
class PIP_CLIENT_SERVER_EXPORT Config {
friend class Server;
friend class Client;
public:
void setPacketSign(ushort sign);
void setPacketSize(int bytes);
void enableSymmetricEncryption(const PIByteArray & key);
protected:
void apply(ClientBase * client);
PIByteArray crypt_key;
ushort packet_sign = 0xAFBE;
int packet_size = 1400;
private:
};
} // namespace PIClientServer
#endif

7
libs/main/client_server/piclientserver_server.h
View File

@@ -25,10 +25,10 @@
#ifndef piclientserver_server_H
#define piclientserver_server_H
#include "piclientserver_config.h"
#include "pimutex.h"
#include "pinetworkaddress.h"
#include "pip_client_server_export.h"
#include "pistreampacker.h"
#include "pithreadnotifier.h"
class PIEthernet;
@@ -38,7 +38,7 @@ namespace PIClientServer {
class ServerClient;
class PIP_CLIENT_SERVER_EXPORT Server {
class PIP_CLIENT_SERVER_EXPORT Server: public PIStreamPackerConfig {
friend class ServerClient;
NO_COPY_CLASS(Server);
@@ -58,8 +58,6 @@ public:
void setClientFactory(std::function<ServerClient *()> f) { client_factory = f; }
Config & configuration() { return config; }
private:
void stopServer();
void newClient(ServerClient * c);
@@ -70,7 +68,6 @@ private:
PIEthernet * tcp_server = nullptr;
PIThread * clean_thread = nullptr;
PIThreadNotifier clean_notifier;
Config config;
PIVector<ServerClient *> clients;
mutable PIMutex clients_mutex;

16
libs/main/crypt/picrypt.h
View File

@@ -40,6 +40,8 @@ public:
//! \~russian Конструктор, генерирующий случайный ключ
PICrypt();
~PICrypt();
//! \~\brief
//! \~english Set key to "key", key size must be a \a sizeKey()
//! \~russian Установить ключ "key", размер ключа должен быть равен \a sizeKey()
@@ -48,7 +50,7 @@ public:
//! \~\brief
//! \~english Generate and set key from keyphrase "secret"
//! \~russian Генерировать и установить ключ из ключевой фразы "secret"
PIByteArray setKey(const PIString & secret);
bool setKey(const PIString & secret);
//! \~\brief
//! \~english Returns current key
@@ -123,12 +125,12 @@ public:
//! \~\brief
//! \~english Function randomly generates a secret key and a corresponding public key for digital signature
//! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для цифровой подписи
static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key);
static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key);
//! \~\brief
//! \~english Function generates a secret key from input data and a corresponding public key for digital signature
//! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для цифровой подписи
static void generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
static bool generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
//! \~\brief
//! \~english Function extract sign public key from sing secret key
@@ -138,24 +140,24 @@ public:
//! \~\brief
//! \~english Calculate digital signature for data
//! \~russian Вычислить цифровую подпись для данных
PIByteArray signMessage(const PIByteArray & data, PIByteArray secret_key);
PIByteArray signMessage(const PIByteArray & data, const PIByteArray & secret_key);
//! \~\brief
//! \~english Verify digital signature of signed message
//! \~russian Проверить цифровую подпись подписанного сообщения
bool verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key);
bool verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key);
//! \~\brief
//! \~english Function randomly generates a secret key and a corresponding public key for authenticated encryption
//! \~russian Функция случайным образом генерирует секретный ключ и соответствующий ему открытый ключ для аутентифицированного
//! шифрования
static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key);
static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key);
//! \~\brief
//! \~english Function generates a secret key from input data and a corresponding public key for authenticated encryption
//! \~russian Функция генерирует секретный ключ из входных данных и соответствующий ему открытый ключ для аутентифицированного
//! шифрования
static void generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
static bool generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed);
//! \~\brief
//! \~english Encrypt given data "data"

3
libs/main/io_utils/piethutilbase.h
View File

@@ -57,6 +57,9 @@ public:
//! Returns crypt layer key
PIByteArray cryptKey() const;
//! \brief Returns addition size for crypted data.
static size_t cryptSizeAddition();
protected:
/*! \brief Returns encrypted data if layer enabled,
* otherwise returns unchanged \"data\" */

59
libs/main/io_utils/pistreampacker.h
View File

@@ -33,15 +33,17 @@
class PIIODevice;
class PIP_IO_UTILS_EXPORT PIStreamPacker
: public PIObject
, public PIEthUtilBase {
PIOBJECT(PIStreamPacker)
class PIStreamPackerConfig: public PIEthUtilBase {
friend class PIStreamPacker;
public:
//! Contructs packer and try to assign \"dev\"
PIStreamPacker(PIIODevice * dev = 0);
PIStreamPackerConfig() {
crypt_frag = crypt_size = false;
aggressive_optimization = true;
crypt_frag_size = 1 * 1024 * 1024;
max_packet_size = 1400;
packet_sign = 0xAFBE;
}
//! Set maximum size of single packet
void setMaxPacketSize(int max_size) { max_packet_size = max_size; }
@@ -49,17 +51,12 @@ public:
//! Returns maximum size of single packet, default 1400 bytes
int maxPacketSize() const { return max_packet_size; }
//! Set packet sinature
void setPacketSign(ushort sign_) { packet_sign = sign_; }
//! Returns packet sinature, default 0xAFBE
ushort packetSign() const { return packet_sign; }
//! Returns progress of current packet receive in bytes
int receivePacketProgress() const { return packet.size_s(); }
//! Set receive aggressive optimization. If yes then %PIStreamPacker doesn`t
//! check every byte in incoming stream but check only begin of each read()
//! result. Default is \b true.
@@ -68,17 +65,42 @@ public:
//! Returns aggressive optimization
bool aggressiveOptimization() const { return aggressive_optimization; }
bool cryptFragmentationEnabled() const { return crypt_frag; }
void setCryptFragmentationEnabled(bool on) { crypt_frag = on; }
int cryptFragmentationSize() const { return crypt_frag_size; }
void setCryptFragmentationSize(int size_) { crypt_frag_size = size_; }
bool cryptSizeEnabled() const { return crypt_size; }
void setCryptSizeEnabled(bool on);
void setCryptSizeEnabled(bool on) { crypt_size = on; }
//! Get configuration
const PIStreamPackerConfig & configuration() const { return *this; }
PIStreamPackerConfig & configuration() { return *this; }
//! Apply configuration
void setConfiguration(const PIStreamPackerConfig & config) { *this = config; }
private:
bool crypt_frag, crypt_size, aggressive_optimization;
int crypt_frag_size;
ushort packet_sign;
int max_packet_size;
};
class PIP_IO_UTILS_EXPORT PIStreamPacker
: public PIObject
, public PIStreamPackerConfig {
PIOBJECT(PIStreamPacker)
public:
//! Contructs packer and try to assign \"dev\"
PIStreamPacker(PIIODevice * dev = nullptr);
//! Returns progress of current packet receive in bytes
int receivePacketProgress() const { return packet.size_s(); }
void clear();
//! Prepare data for send and raise \a sendRequest() events
void send(const PIByteArray & data);
@@ -130,11 +152,10 @@ protected:
virtual void packetReceived(PIByteArray data) {}
private:
uint sizeCryptedSize();
PIByteArray stream, packet;
bool crypt_frag, crypt_size, aggressive_optimization;
int packet_size, crypt_frag_size;
ushort packet_sign;
int max_packet_size, size_crypted_size;
int packet_size;
mutable PIMutex prog_s_mutex, prog_r_mutex;
};

1
libs/main/text/pistring.h
View File

@@ -40,6 +40,7 @@ class PIStringList;
//! \~russian Класс строки.
class PIP_EXPORT PIString {
BINARY_STREAM_FRIEND(PIString);
friend class PICrypt;
public:
typedef PIDeque<PIChar>::iterator iterator;

6
main.cpp
View File

@@ -142,7 +142,8 @@ int main(int argc, char * argv[]) {
piCout << "Server";
s = new PIClientServer::Server();
s->setClientFactory([] { return new MyServerClient(); });
s->configuration().enableSymmetricEncryption("1122334455667788"_hex);
s->setCryptEnabled(true);;
s->setCryptKey("1122334455667788"_hex);
s->listenAll(12345);
s_thread->start(
[s] {
@@ -161,7 +162,8 @@ int main(int argc, char * argv[]) {
piForTimes(2) {
piMSleep(25);
auto c = new MyClient();
c->configuration().enableSymmetricEncryption("1122334455667788"_hex);
c->configuration().setCryptEnabled(true);
c->configuration().setCryptKey("1122334455667788"_hex);
c->connect(PINetworkAddress::resolve("127.0.0.1", 12345));
cv << c;
}