├── README.md ├── icons ├── cripter.png └── cripter_white.png ├── config.py ├── register_types.h ├── register_types.cpp ├── config_2.h ├── .gitignore ├── SCsub ├── LICENSE ├── mbedtls_cripter_config.h ├── cripter.h └── cripter.cpp /README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /icons/cripter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Malkverbena/cripter/HEAD/icons/cripter.png -------------------------------------------------------------------------------- /icons/cripter_white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Malkverbena/cripter/HEAD/icons/cripter_white.png -------------------------------------------------------------------------------- /config.py: -------------------------------------------------------------------------------- 1 | def can_build(env, platform): 2 | return True 3 | 4 | def configure(env): 5 | pass 6 | 7 | def get_doc_classes(): 8 | return [ 9 | "cripter" 10 | ] 11 | 12 | def get_doc_path(): 13 | return "doc_classes" 14 | 15 | 16 | def get_icons_path(): 17 | return "icons" 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /register_types.h: -------------------------------------------------------------------------------- 1 | /* register_types.h */ 2 | 3 | 4 | #ifndef CRIPTER_REGISTER_TYPES_H 5 | #define CRIPTER_REGISTER_TYPES_H 6 | 7 | #define MBEDTLS_ERROR_C 8 | 9 | #include "modules/register_module_types.h" 10 | 11 | void initialize_cripter_module(ModuleInitializationLevel p_level); 12 | void uninitialize_cripter_module(ModuleInitializationLevel p_level); 13 | 14 | 15 | #endif // CRIPTER_REGISTER_TYPES_H -------------------------------------------------------------------------------- /register_types.cpp: -------------------------------------------------------------------------------- 1 | /* register_types.cpp */ 2 | 3 | #include "register_types.h" 4 | 5 | #include "core/object/class_db.h" 6 | 7 | #include "cripter.h" 8 | 9 | 10 | 11 | void initialize_cripter_module(ModuleInitializationLevel p_level) { 12 | if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) { 13 | return; 14 | } 15 | GDREGISTER_CLASS(Cripter); 16 | } 17 | 18 | void uninitialize_cripter_module(ModuleInitializationLevel p_level) { 19 | if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) { 20 | return; 21 | } 22 | 23 | } 24 | 25 | -------------------------------------------------------------------------------- /config_2.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #ifndef CONFIG_2_H 4 | #define CONFIG_2_H 5 | 6 | 7 | #include "platform_config.h" 8 | 9 | #include 10 | 11 | #include "mbedtls/build_info.h" 12 | 13 | #include 14 | 15 | 16 | // Disable weak cryptography. 17 | #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 18 | #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 19 | #undef MBEDTLS_DES_C 20 | #undef MBEDTLS_DHM_C 21 | 22 | 23 | #if !(defined(__linux__) && defined(__aarch64__)) 24 | #undef MBEDTLS_AESCE_C 25 | #endif 26 | 27 | 28 | #if defined(__MINGW32__) 29 | #define MBEDTLS_PLATFORM_C 30 | #endif 31 | 32 | 33 | #endif // CONFIG_2_H 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | 34 | 35 | # C/C++ generated 36 | *.a 37 | *.ax 38 | *.d 39 | *.dll 40 | *.lib 41 | *.lo 42 | *.o 43 | *.os 44 | *.ox 45 | *.Plo 46 | *.so 47 | 48 | # Local editor & project files. 49 | *.*[~] 50 | __pycache__/ 51 | .vscode/ 52 | /.godot 53 | -------------------------------------------------------------------------------- /SCsub: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #SCsub 3 | 4 | import os 5 | 6 | 7 | Import("env") 8 | Import("env_modules") 9 | 10 | env_cripter = env_modules.Clone() 11 | 12 | 13 | env_cripter.Prepend(CPPPATH=["#thirdparty/mbedtls/include/"]) 14 | 15 | 16 | cripter_dir = os.path.abspath(str(Dir('.'))) 17 | env_cripter.Append(CPPPATH=[cripter_dir]) 18 | 19 | 20 | #config_path = "mbedtls_cripter_config.h" 21 | 22 | config_path = "config_2.h" 23 | 24 | config_path = f"<{config_path}>" if env_cripter["ninja"] and env_cripter.msvc else f'\\"{config_path}\\"' 25 | env_cripter.Append(CPPDEFINES=[("MBEDTLS_CONFIG_FILE", config_path)]) 26 | 27 | 28 | env_cripter.add_source_files(env.modules_sources, "*.cpp") -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Cleber Alves 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /mbedtls_cripter_config.h: -------------------------------------------------------------------------------- 1 | /* mbedtls_cripter_config.h */ 2 | 3 | 4 | #ifndef MBEDTLS_CRIPTER_CONFIG_H 5 | #define MBEDTLS_CRIPTER_CONFIG_H 6 | 7 | #include 8 | 9 | #include "platform_config.h" 10 | 11 | 12 | // Enable mbedtls_strerror() 13 | #define MBEDTLS_ERROR_C 14 | 15 | 16 | // For AES 17 | #define MBEDTLS_CIPHER_MODE_CBC 18 | #define MBEDTLS_CIPHER_MODE_CFB 19 | #define MBEDTLS_CIPHER_MODE_CTR 20 | #define MBEDTLS_CIPHER_MODE_OFB 21 | #define MBEDTLS_CIPHER_MODE_XTS 22 | 23 | 24 | // GENERAL 25 | #define MBEDTLS_AES_C 26 | #define MBEDTLS_BASE64_C 27 | #define MBEDTLS_CTR_DRBG_C 28 | #define MBEDTLS_ENTROPY_C 29 | #define MBEDTLS_MD5_C 30 | #define MBEDTLS_SHA1_C 31 | #define MBEDTLS_SHA256_C 32 | #define MBEDTLS_PLATFORM_ZEROIZE_ALT 33 | #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 34 | 35 | 36 | // RSA 37 | #define MBEDTLS_OID_C 38 | #define MBEDTLS_RSA_C 39 | #define MBEDTLS_PKCS1_V15 40 | #define MBEDTLS_PK_C 41 | #define MBEDTLS_ECP_C 42 | #define MBEDTLS_ECP_DP_SECP256R1_ENABLED // Habilitar as curvas que você deseja usar 43 | #define MBEDTLS_BIGNUM_C 44 | #define MBEDTLS_ASN1_PARSE_C 45 | #define MBEDTLS_ASN1_WRITE_C 46 | #define MBEDTLS_X509_USE_C 47 | #define MBEDTLS_PK_WRITE_C 48 | #define MBEDTLS_PEM_WRITE_C 49 | #define MBEDTLS_CIPHER_C 50 | #define MBEDTLS_MD_C 51 | 52 | 53 | // Disable deprecated 54 | #define MBEDTLS_DEPRECATED_REMOVED 55 | 56 | 57 | // Disable weak cryptography. 58 | #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 59 | #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 60 | #undef MBEDTLS_DES_C 61 | #undef MBEDTLS_DHM_C 62 | 63 | 64 | #if !(defined(__linux__) && defined(__aarch64__)) 65 | #undef MBEDTLS_AESCE_C 66 | #endif 67 | 68 | 69 | #if defined(__MINGW32__) 70 | #define MBEDTLS_PLATFORM_C 71 | #endif 72 | 73 | 74 | 75 | #endif // MBEDTLS_CRIPTER_CONFIG_H -------------------------------------------------------------------------------- /cripter.h: -------------------------------------------------------------------------------- 1 | /*cripter.h*/ 2 | 3 | 4 | 5 | // DEPENDENCIES 6 | /* // RSA 7 | #if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ 8 | !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ 9 | !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) 10 | 11 | #endif // RSA 12 | 13 | */ 14 | 15 | 16 | 17 | 18 | 19 | #ifndef CRIPTER_H 20 | #define CRIPTER_H 21 | 22 | 23 | #define MBEDTLS_ERROR_C 24 | #define MBEDTLS_ERROR_BUFFER_LENGTH 255 25 | 26 | #define GCM_TAG_SIZE 16 27 | #define AES_GCM_BLOCK_SIZE 16 28 | #define HASH_SIZE_SHA_256 32 29 | #define EXPONENT 65537 30 | 31 | 32 | 33 | #include "core/config/project_settings.h" 34 | #include "core/object/ref_counted.h" 35 | #include "core/core_bind.h" 36 | 37 | 38 | #include "mbedtls/error.h" 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include "mbedtls/rsa.h" 46 | #include 47 | 48 | 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | 56 | 57 | 58 | 59 | class Cripter : public RefCounted{ 60 | GDCLASS(Cripter, RefCounted); 61 | 62 | 63 | public: 64 | 65 | enum CryptMode { 66 | DECRYPT = 0, 67 | ENCRYPT = 1 68 | }; 69 | 70 | enum KeySize { // - Standard sizes for keys. 71 | BITS_128 = 128, 72 | BITS_192 = 192, 73 | BITS_256 = 256, 74 | BITS_512 = 512, 75 | BITS_1024 = 1024, 76 | BITS_2048 = 2048, 77 | BITS_3072 = 3072, 78 | BITS_4096 = 4096, 79 | BITS_7680 = 7680, 80 | BITS_8192 = 8192, 81 | }; 82 | 83 | enum Algorithm { 84 | EBC, 85 | CBC, 86 | CFB128, 87 | CFB8, 88 | OFB, 89 | CTR 90 | }; 91 | 92 | enum FileFormat { 93 | PEM, 94 | DER 95 | }; 96 | 97 | using PK_TYPE = mbedtls_pk_type_t; 98 | using CURVE_TYPE = mbedtls_ecp_curve_type; 99 | using ECP_GROUP_ID = mbedtls_ecp_group_id; 100 | 101 | 102 | 103 | private: 104 | 105 | static constexpr int TYPE_RSA = 0; 106 | static constexpr int TYPE_ECC = 1; 107 | 108 | static size_t get_max_rsa_input_size(const mbedtls_pk_context *pk); 109 | 110 | static String ensure_global_path(String p_path); 111 | 112 | static std::vector GDstring_to_STDvector(const String p_string); 113 | 114 | static std::vector byteArray_to_vector(const PackedByteArray &p_packed_array); 115 | 116 | static String mbed_error_msn(int mbedtls_erro, const char* p_function); 117 | 118 | static Error add_pkcs7_padding(const std::vector& data, std::vector& padded_data, const size_t block_size); 119 | static PackedByteArray add_pkcs7_padding(const PackedByteArray data, const size_t block_size); 120 | 121 | static Error remove_pkcs7_padding(const std::vector& padded_data, std::vector& data, const size_t block_size); 122 | static PackedByteArray remove_pkcs7_padding(PackedByteArray padded_data, const size_t block_size); 123 | 124 | 125 | static Variant _gcm_crypt( 126 | std::vector input, 127 | std::vector password, 128 | std::vector iv, 129 | std::vector aad, 130 | std::vector tag, 131 | Cripter::KeySize keybits, 132 | int mode 133 | ); 134 | 135 | /* 136 | static std::vector _aes_crypt( 137 | std::vector input, 138 | std::vector password, 139 | std::vector iv, 140 | Algorithm algorith, 141 | Cripter::KeySize keybits, 142 | int mode 143 | ); 144 | */ 145 | 146 | static PackedByteArray _aes_crypt( 147 | PackedByteArray input, 148 | String password, 149 | PackedByteArray iv, 150 | Algorithm algorith, 151 | Cripter::KeySize keybits, 152 | int mode 153 | ); 154 | 155 | 156 | 157 | 158 | 159 | struct aes_streamer { 160 | mbedtls_aes_xts_context aes; 161 | }; 162 | 163 | 164 | struct gcm_streamer { 165 | mbedtls_gcm_context gcm_ctx; 166 | }; 167 | 168 | aes_streamer *aes_stream = nullptr; 169 | 170 | gcm_streamer *gcm_stream = nullptr; 171 | 172 | 173 | 174 | protected: 175 | 176 | static void _bind_methods(); 177 | 178 | 179 | 180 | public: 181 | // Streamming ======================= 182 | 183 | // Error aes_start_stream(const String password); 184 | // Error aes_update_stream(const PackedByteArray data); 185 | // Error aes_stop_stream(); 186 | 187 | Error gcm_start_stream(const String password, const PackedByteArray iv, const CryptMode mode, Cripter::KeySize keybits = BITS_256); 188 | PackedByteArray gcm_update_stream(const PackedByteArray data, const bool in_chunk = false); 189 | PackedByteArray gcm_stop_stream(PackedByteArray data); // return the tag 190 | 191 | 192 | 193 | // Utilities ======================== 194 | 195 | static PackedByteArray generate_iv(const int iv_length, const String p_personalization); 196 | 197 | static String derive_key_pbkdf2(const String p_password, const String p_salt, const int iterations = 500, const int key_length = 16); 198 | 199 | static PackedStringArray get_available_curves(); 200 | 201 | 202 | 203 | //AES ======================== 204 | //TODO Finish XTS 205 | static PackedByteArray aes_encrypt( 206 | const PackedByteArray plaintext, 207 | const String p_password, // A chave precisa ter um tamanho especifico. Use "derive_key_pbkdf2" para derivar a chave para 32 bytes / 256 bits. 208 | PackedByteArray p_iv, // CBC=128 bits (16 bytes) 209 | Algorithm algorith = CBC, 210 | KeySize keybits = BITS_256 211 | ); 212 | 213 | static PackedByteArray aes_decrypt( 214 | const PackedByteArray ciphertext, 215 | const String p_password, 216 | PackedByteArray p_iv, 217 | Algorithm algorith = CBC, 218 | KeySize keybits = BITS_256 219 | ); 220 | 221 | 222 | 223 | // GCM ======================== 224 | 225 | static Dictionary gcm_encrypt( 226 | const PackedByteArray plaintext, 227 | const String p_password, 228 | const PackedByteArray p_iv, 229 | String p_aad = "", 230 | Cripter::KeySize keybits = BITS_256 231 | ); 232 | 233 | static PackedByteArray gcm_decrypt( 234 | const PackedByteArray ciphertext, 235 | const String p_password, 236 | const PackedByteArray p_iv, 237 | const PackedByteArray p_tag, 238 | const String p_aad, 239 | Cripter::KeySize keybits = BITS_256 240 | ); 241 | 242 | // TODO =============== 243 | // Stream Start-Update-Stop 244 | 245 | 246 | // PK ======================== 247 | 248 | static Dictionary pk_analyze_key(const String p_key_path); 249 | 250 | static Error pk_generate_keys( 251 | PK_TYPE algorithm_type, // RSA or ECC 252 | KeySize key_size, // Key size in bits (for RSA) 253 | const ECP_GROUP_ID curve, // Curve (for ECC) 254 | FileFormat storage_format, // PEM or DER 255 | const String password, // Password for encryption (optional) 256 | const String p_private_key_filename, // Output private key filename 257 | const String p_public_key_filename, // Output public key filename 258 | const String personalization = "key_generation" // Personalization 259 | ); 260 | 261 | 262 | static Variant pk_match_keys(const String p_private_key_path, const String p_public_key_path, const String password); 263 | 264 | 265 | static PackedByteArray pk_encrypt( 266 | const PackedByteArray plaintext, // The data to beencrypted. 267 | const String p_public_key_path // The path to the key. 268 | ); 269 | 270 | 271 | // Decrypt using RSA or EC. 272 | static PackedByteArray pk_decrypt( 273 | const PackedByteArray ciphertext, // Buffer to decrypt. 274 | const String p_private_key_path, // The path to the key. 275 | const String password = "" // The data to beencrypted. 276 | ); 277 | 278 | 279 | 280 | 281 | static PackedByteArray pk_sign(const String private_key_path, const PackedByteArray data, const String password = ""); 282 | 283 | static Variant pk_verify_signature(const String public_key_path, const PackedByteArray data, const String password = ""); 284 | 285 | 286 | Cripter(); 287 | ~Cripter(); 288 | 289 | }; 290 | 291 | 292 | 293 | 294 | // ENUMS CASTS ======================== 295 | 296 | 297 | 298 | VARIANT_ENUM_CAST(Cripter::ECP_GROUP_ID); 299 | VARIANT_ENUM_CAST(Cripter::CURVE_TYPE); 300 | VARIANT_ENUM_CAST(Cripter::FileFormat); 301 | VARIANT_ENUM_CAST(Cripter::Algorithm); 302 | VARIANT_ENUM_CAST(Cripter::CryptMode); 303 | VARIANT_ENUM_CAST(Cripter::KeySize); 304 | VARIANT_ENUM_CAST(Cripter::PK_TYPE); 305 | 306 | 307 | #endif // CRIPTER_H 308 | 309 | 310 | /*cripter.h*/ 311 | -------------------------------------------------------------------------------- /cripter.cpp: -------------------------------------------------------------------------------- 1 | /*cripter.cpp*/ 2 | 3 | #include "cripter.h" 4 | 5 | 6 | 7 | 8 | // =============== AES FUNCTION =============== 9 | 10 | 11 | PackedByteArray Cripter::aes_encrypt(const PackedByteArray plaintext, const String p_password, PackedByteArray p_iv, Algorithm algorith, KeySize keybits){ 12 | 13 | 14 | PackedByteArray result = _aes_crypt(plaintext, p_password, p_iv, algorith, keybits, MBEDTLS_AES_ENCRYPT); 15 | return result; 16 | 17 | /* 18 | std::vector password = GDstring_to_STDvector(p_password); 19 | std::vector input = byteArray_to_vector(plaintext); 20 | std::vector iv = byteArray_to_vector(p_iv); 21 | 22 | std::vector result = _aes_crypt(input, password, iv, algorith, keybits, MBEDTLS_AES_ENCRYPT); 23 | 24 | PackedByteArray ret; 25 | ret.resize(result.size()); 26 | memcpy(ret.ptrw(), result.data(), result.size()); 27 | 28 | return ret; 29 | */ 30 | } 31 | 32 | 33 | PackedByteArray Cripter::aes_decrypt(const PackedByteArray ciphertext, const String p_password, PackedByteArray p_iv, Algorithm algorith, KeySize keybits){ 34 | PackedByteArray result = _aes_crypt(ciphertext, p_password, p_iv, algorith, keybits, MBEDTLS_AES_DECRYPT); 35 | return result; 36 | /* 37 | std::vector password = GDstring_to_STDvector(p_password); 38 | std::vector input = byteArray_to_vector(ciphertext); 39 | std::vector iv = byteArray_to_vector(p_iv); 40 | 41 | std::vector result = _aes_crypt(input, password, iv, algorith, keybits, MBEDTLS_AES_DECRYPT); 42 | 43 | PackedByteArray ret; 44 | ret.resize(result.size()); 45 | memcpy(ret.ptrw(), result.data(), result.size()); 46 | 47 | return ret; 48 | */ 49 | } 50 | 51 | 52 | 53 | PackedByteArray Cripter::_aes_crypt(PackedByteArray input, String password, PackedByteArray iv, Algorithm algorith, Cripter::KeySize keybits, int mode){ 54 | //std::vector Cripter::_aes_crypt(std::vector input, std::vector password, std::vector iv, Algorithm algorith, Cripter::KeySize keybits, int mode){ 55 | 56 | 57 | if ((keybits < BITS_128)){ 58 | WARN_PRINT("Most AES algorithms support 128,192 and 256 bits keys, with the exception of XTS, which only supports 256 and 512 bits keys. - Using 128 Bits key size"); 59 | keybits = BITS_128; 60 | } 61 | else if (keybits > BITS_256){ 62 | WARN_PRINT("Most AES algorithms support 128,192 and 256 bits keys, with the exception of XTS, which only supports 256 and 512 bits keys. - Using 256 Bits key size"); 63 | keybits = BITS_256; 64 | } 65 | 66 | /* 67 | if ((algorith != XTS) and (keybits < BITS_128)){ 68 | WARN_PRINT("Most AES algorithms support 128,192 and 256 bits keys, with the exception of XTS, which only supports 256 and 512 bits keys. - Using 128 Bits key size"); 69 | keybits = BITS_128; 70 | } 71 | else if (algorith != XTS and keybits > BITS_256){ 72 | WARN_PRINT("Most AES algorithms support 128,192 and 256 bits keys, with the exception of XTS, which only supports 256 and 512 bits keys. - Using 256 Bits key size"); 73 | keybits = BITS_256; 74 | } 75 | 76 | else if (algorith == XTS and keybits < BITS_256){ 77 | WARN_PRINT("XTS algorithm support only supports 256 and 512 bits keys. - Using 256 Bits key size"); 78 | keybits = BITS_256; 79 | } 80 | else if (algorith == XTS and keybits > BITS_512){ 81 | WARN_PRINT("XTS algorithm support only supports 256 and 512 bits keys. - Using 512 Bits key size"); 82 | keybits = BITS_512; 83 | } 84 | */ 85 | 86 | // std::vector output; 87 | PackedByteArray output; 88 | 89 | if (iv.size() != AES_GCM_BLOCK_SIZE){ 90 | WARN_PRINT("The IV size must be AES_BLOCK_SIZE for AES encryption."); 91 | return output; 92 | } 93 | 94 | int mbedtls_erro; 95 | mbedtls_aes_context aes_ctx; 96 | mbedtls_aes_init(&aes_ctx); 97 | output.resize(input.size()); 98 | 99 | // mbedtls_erro = mbedtls_aes_setkey_enc(&aes_ctx, password.data(), keybits); 100 | mbedtls_erro = mbedtls_aes_setkey_enc(&aes_ctx, reinterpret_cast(password.utf8().get_data()), keybits); 101 | if (mbedtls_erro != OK){ 102 | mbedtls_aes_free(&aes_ctx); 103 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_setkey_enc"); 104 | WARN_PRINT(String("Failed to configure AES key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 105 | return output; 106 | }; 107 | 108 | 109 | switch (algorith) { 110 | 111 | case EBC: { 112 | //mbedtls_erro = mbedtls_aes_crypt_ecb(&aes_ctx, mode, input.data(), output.data()); 113 | mbedtls_erro = mbedtls_aes_crypt_ecb(&aes_ctx, mode, input.ptr(), output.ptrw()); 114 | mbedtls_aes_free(&aes_ctx); 115 | if (mbedtls_erro != OK){ 116 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_ecb"); 117 | WARN_PRINT(String("EBC Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 118 | } 119 | return output; 120 | } 121 | break; 122 | 123 | 124 | case CBC: { 125 | if (mode == MBEDTLS_AES_ENCRYPT){ 126 | /* 127 | if (add_pkcs7_padding(input, input, AES_GCM_BLOCK_SIZE) != OK){ 128 | WARN_PRINT(String("Invalid parameter. AES block must be 16 Bytes.")); 129 | mbedtls_aes_free(&aes_ctx); 130 | return output; 131 | } 132 | */ 133 | input = add_pkcs7_padding(input, AES_GCM_BLOCK_SIZE); 134 | } 135 | 136 | // unsigned char iv_copy[16]; 137 | // memcpy(iv_copy, iv.data(), 16); 138 | 139 | PackedByteArray iv_copy = iv.duplicate(); 140 | 141 | //mbedtls_erro = mbedtls_aes_crypt_cbc(&aes_ctx, mode, input.size(), iv_copy, input.data(), output.data()); 142 | mbedtls_erro = mbedtls_aes_crypt_cbc(&aes_ctx, mode, input.size(), iv_copy.ptrw(), input.ptr(), output.ptrw()); 143 | if (mbedtls_erro != OK){ 144 | mbedtls_aes_free(&aes_ctx); 145 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_cbc"); 146 | WARN_PRINT(String("CBC Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 147 | return output; 148 | } 149 | 150 | if (mode == MBEDTLS_AES_DECRYPT){ 151 | /* 152 | Error _err = remove_pkcs7_padding(output, output, AES_GCM_BLOCK_SIZE); 153 | if ( _err == ERR_INVALID_PARAMETER){ 154 | WARN_PRINT("Block size out of parameter."); 155 | } 156 | else if(_err == ERR_INVALID_DATA){ 157 | WARN_PRINT(String("Input buffer contains invalid Padding.")); 158 | } 159 | */ 160 | output = remove_pkcs7_padding(output, AES_GCM_BLOCK_SIZE); 161 | } 162 | return output; 163 | } 164 | break; 165 | 166 | 167 | case CFB128:{ 168 | // unsigned char iv_copy[16]; 169 | // memcpy(iv_copy, iv.data(), 16); 170 | size_t iv_off = 0; 171 | 172 | PackedByteArray iv_copy = iv.duplicate(); 173 | 174 | // mbedtls_erro = mbedtls_aes_crypt_cfb128(&aes_ctx, mode, input.size(), &iv_off, iv_copy, input.data(), output.data()); 175 | mbedtls_erro = mbedtls_aes_crypt_cfb128(&aes_ctx, mode, input.size(), &iv_off, iv_copy.ptrw(), input.ptr(), output.ptrw()); 176 | mbedtls_aes_free(&aes_ctx); 177 | if (mbedtls_erro != OK){ 178 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_cfb128"); 179 | WARN_PRINT(String("CFB128 Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 180 | } 181 | return output; 182 | } 183 | break; 184 | 185 | 186 | case CFB8:{ 187 | // unsigned char iv_copy[16]; 188 | // memcpy(iv_copy, iv.data(), 16); 189 | PackedByteArray iv_copy = iv.duplicate(); 190 | 191 | mbedtls_erro = mbedtls_aes_crypt_cfb8(&aes_ctx, mode, input.size(), iv_copy.ptrw(), input.ptr(), output.ptrw()); 192 | mbedtls_aes_free(&aes_ctx); 193 | if (mbedtls_erro != OK){ 194 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_cfb8"); 195 | WARN_PRINT(String("CFB8 Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 196 | } 197 | return output; 198 | } 199 | break; 200 | 201 | 202 | case OFB:{ 203 | // unsigned char iv_copy[16]; 204 | // memcpy(iv_copy, iv.data(), 16); 205 | 206 | PackedByteArray iv_copy = iv.duplicate(); 207 | size_t iv_off = 0; 208 | 209 | mbedtls_erro = mbedtls_aes_crypt_ofb(&aes_ctx, input.size(), &iv_off, iv_copy.ptrw(), input.ptr(), output.ptrw()); 210 | mbedtls_aes_free(&aes_ctx); 211 | if (mbedtls_erro != OK){ 212 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_ofb"); 213 | WARN_PRINT(String("OFB Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 214 | } 215 | return output; 216 | 217 | } 218 | break; 219 | 220 | case CTR: { 221 | size_t nc_off = 0; 222 | PackedByteArray nonce_counter = iv.duplicate(); 223 | PackedByteArray stream_block; 224 | stream_block.resize(AES_GCM_BLOCK_SIZE); 225 | stream_block.fill(0); 226 | 227 | mbedtls_erro = mbedtls_aes_crypt_ctr(&aes_ctx, input.size(), &nc_off, nonce_counter.ptrw(), stream_block.ptrw(), input.ptr(), output.ptrw()); 228 | mbedtls_aes_free(&aes_ctx); 229 | if (mbedtls_erro != OK){ 230 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_ctr"); 231 | WARN_PRINT(String("CTR Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 232 | } 233 | return output; 234 | } 235 | break; 236 | 237 | /* 238 | case CTR: { 239 | // unsigned char nonce_counter[16]; 240 | // memcpy(nonce_counter, iv.data(), 16); 241 | // unsigned char stream_block[16]; 242 | // memset(stream_block, 0, 16); 243 | size_t nc_off = 0; 244 | 245 | PackedByteArray nonce_counter = iv.duplicate(); 246 | PackedByteArray stream_block; 247 | stream_block.resize(AES_GCM_BLOCK_SIZE); 248 | stream_block.fill(0); 249 | 250 | mbedtls_erro = mbedtls_aes_crypt_ctr(&aes_ctx, input.size(), &nc_off, nonce_counter.ptrw(), stream_block.ptrw(), input.ptr(), output.ptrw()); 251 | mbedtls_aes_free(&aes_ctx); 252 | if (mbedtls_erro != OK){ 253 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_aes_crypt_ctr"); 254 | WARN_PRINT(String("CTR Encryption error: -0x%04x\n") + String::num_int64(-mbedtls_erro, 16) + _err); 255 | } 256 | return output; 257 | } 258 | break; 259 | */ 260 | 261 | 262 | 263 | 264 | }; // switch case 265 | 266 | return output; 267 | 268 | } 269 | 270 | 271 | // Error Cripter::aes_start_stream(const String password){} 272 | // Error Cripter::aes_update_stream(const PackedByteArray data){} 273 | // Error Cripter::aes_stop_stream(){} 274 | 275 | 276 | 277 | // =============== GCM FUNCTION =============== 278 | 279 | 280 | Dictionary Cripter::gcm_encrypt(const PackedByteArray plaintext, const String p_password, const PackedByteArray p_iv, String p_aad, Cripter::KeySize keybits){ 281 | std::vector password = GDstring_to_STDvector(p_password); 282 | std::vector input = byteArray_to_vector(plaintext); 283 | std::vector aad = GDstring_to_STDvector(p_aad); 284 | std::vector iv = byteArray_to_vector(p_iv); 285 | std::vector tag(GCM_TAG_SIZE); 286 | Dictionary ret = _gcm_crypt(input, password, iv, aad, tag, keybits, MBEDTLS_GCM_ENCRYPT); 287 | return ret; 288 | } 289 | 290 | 291 | 292 | PackedByteArray Cripter::gcm_decrypt(const PackedByteArray ciphertext, const String p_password, const PackedByteArray p_iv, const PackedByteArray p_tag, String p_aad, Cripter::KeySize keybits){ 293 | ERR_FAIL_COND_V_MSG(p_tag.size() != 16, PackedByteArray(), "Tags for GCM encryption must have the default value of 16."); 294 | std::vector password = GDstring_to_STDvector(p_password); 295 | std::vector input = byteArray_to_vector(ciphertext); 296 | std::vector aad = GDstring_to_STDvector(p_aad); 297 | std::vector tag = byteArray_to_vector(p_tag); 298 | std::vector iv = byteArray_to_vector(p_iv); 299 | PackedByteArray ret = _gcm_crypt(input, password, iv, aad, tag, keybits, MBEDTLS_GCM_DECRYPT); 300 | return ret; 301 | } 302 | 303 | Variant Cripter::_gcm_crypt( 304 | std::vector input, 305 | std::vector password, 306 | std::vector iv, 307 | std::vector aad, 308 | std::vector tag, 309 | Cripter::KeySize keybits, 310 | int mode 311 | ){ 312 | 313 | if (keybits < BITS_128){ 314 | WARN_PRINT("GCM Algorithm only accepts key with 128, 192, or 256 bits"); 315 | keybits = BITS_128; 316 | } 317 | if (keybits > BITS_256){ 318 | WARN_PRINT("GCM Algorithm only accepts key with 128, 192, or 256 bits"); 319 | keybits = BITS_256; 320 | } 321 | 322 | mbedtls_gcm_context gcm_ctx; 323 | mbedtls_gcm_init(&gcm_ctx); 324 | 325 | PackedByteArray output; 326 | output.resize(input.size()); 327 | 328 | int mbedtls_erro = mbedtls_gcm_setkey(&gcm_ctx, MBEDTLS_CIPHER_ID_AES, password.data(), keybits); 329 | if (mbedtls_erro != OK) { 330 | mbedtls_gcm_free(&gcm_ctx); 331 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_setkey"); 332 | ERR_FAIL_V_EDMSG(Dictionary(), String("Failed to configure GCM key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 333 | } 334 | 335 | mbedtls_erro = mbedtls_gcm_crypt_and_tag( 336 | &gcm_ctx, mode, input.size(), 337 | iv.data(), iv.size(), 338 | aad.data(), aad.size(), 339 | input.data(), output.ptrw(), 340 | GCM_TAG_SIZE, tag.data() 341 | ); 342 | 343 | mbedtls_gcm_free(&gcm_ctx); 344 | 345 | if (mbedtls_erro != OK) { 346 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_crypt_and_tag"); 347 | ERR_FAIL_V_EDMSG(Dictionary(), String("Encryption error. : -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 348 | } 349 | 350 | PackedByteArray tag_array; 351 | tag_array.resize(GCM_TAG_SIZE); 352 | memcpy(tag_array.ptrw(), tag.data(), GCM_TAG_SIZE); 353 | 354 | Dictionary ret; 355 | ret["Tag"] = tag_array; 356 | ret["Ciphertext"] = output; 357 | return ret; 358 | 359 | } 360 | 361 | 362 | // Stream 363 | 364 | 365 | Error Cripter::gcm_start_stream(const String password, const PackedByteArray iv, const CryptMode mode, Cripter::KeySize keybits){ 366 | 367 | if (gcm_stream != nullptr){ 368 | mbedtls_gcm_free(&gcm_stream->gcm_ctx); 369 | delete gcm_stream; 370 | gcm_stream = nullptr; 371 | } 372 | 373 | gcm_stream = new gcm_streamer(); 374 | mbedtls_gcm_init(&gcm_stream->gcm_ctx); 375 | int mbedtls_erro; 376 | const unsigned char *key = reinterpret_cast(password.utf8().get_data()); 377 | 378 | if (keybits < BITS_128){ 379 | WARN_PRINT("GCM Algorithm only accepts key with 128, 192, or 256 bits"); 380 | keybits = BITS_128; 381 | } 382 | if (keybits > BITS_256){ 383 | WARN_PRINT("GCM Algorithm only accepts key with 128, 192, or 256 bits"); 384 | keybits = BITS_256; 385 | } 386 | 387 | mbedtls_erro = mbedtls_gcm_setkey(&gcm_stream->gcm_ctx, MBEDTLS_CIPHER_ID_AES, key, keybits); 388 | if (mbedtls_erro != OK) { 389 | mbedtls_gcm_free(&gcm_stream->gcm_ctx); 390 | delete gcm_stream; 391 | gcm_stream = nullptr; 392 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_setkey"); 393 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to configure GCM key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 394 | } 395 | 396 | mbedtls_erro = mbedtls_gcm_starts(&gcm_stream->gcm_ctx, (int)mode, iv.ptr(), iv.size()); 397 | if (mbedtls_erro != OK) { 398 | mbedtls_gcm_free(&gcm_stream->gcm_ctx); 399 | delete gcm_stream; 400 | gcm_stream = nullptr; 401 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_starts"); 402 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to set the streamer.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 403 | } 404 | 405 | return OK; 406 | } 407 | 408 | 409 | PackedByteArray Cripter::gcm_update_stream(const PackedByteArray data, const bool in_chunk){ 410 | 411 | PackedByteArray output; 412 | int mbedtls_erro; 413 | size_t plaintext_len = data.size(); 414 | output.resize(plaintext_len + AES_GCM_BLOCK_SIZE); 415 | size_t output_len = 0; 416 | 417 | if (in_chunk){ 418 | 419 | 420 | size_t chunk_size = AES_GCM_BLOCK_SIZE; 421 | size_t offset = 0; 422 | 423 | while (offset < plaintext_len) { 424 | size_t len = (plaintext_len - offset > chunk_size) ? chunk_size : (plaintext_len - offset); 425 | 426 | mbedtls_erro = mbedtls_gcm_update( 427 | &gcm_stream->gcm_ctx, 428 | data.ptr() + offset, len, 429 | output.ptrw() + offset, 430 | offset, 431 | &output_len 432 | ); 433 | 434 | if (mbedtls_erro != OK) { 435 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_update"); 436 | ERR_FAIL_V_EDMSG(PackedByteArray(), String("Failed to perform GCM stream operation.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 437 | } 438 | offset += len; 439 | } 440 | 441 | }else{ 442 | 443 | mbedtls_erro = mbedtls_gcm_update(&gcm_stream->gcm_ctx, data.ptr(), plaintext_len, output.ptrw(), plaintext_len, &plaintext_len); 444 | if (mbedtls_erro != OK) { 445 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_update"); 446 | ERR_FAIL_V_EDMSG(PackedByteArray(), String("Failed to perform GCM stream operation.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 447 | } 448 | } 449 | 450 | return output; 451 | } 452 | 453 | 454 | PackedByteArray Cripter::gcm_stop_stream(PackedByteArray data){ 455 | 456 | PackedByteArray tag; 457 | tag.resize(GCM_TAG_SIZE); 458 | size_t tag_size = GCM_TAG_SIZE; 459 | 460 | int mbedtls_erro = mbedtls_gcm_finish(&gcm_stream->gcm_ctx, data.ptrw(), (size_t)data.size(), &tag_size, tag.ptrw(), tag.size()); 461 | if(mbedtls_erro != OK){ 462 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_gcm_update"); 463 | String err_msn = String("Failed to perform GCM stream operation.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err; 464 | WARN_PRINT(err_msn); 465 | } 466 | 467 | mbedtls_gcm_free(&gcm_stream->gcm_ctx); 468 | delete gcm_stream; 469 | gcm_stream = nullptr; 470 | return tag; 471 | } 472 | 473 | 474 | 475 | 476 | 477 | 478 | 479 | 480 | 481 | 482 | // =============== ASYMMETRIC =============== 483 | //TODO criptografar a chave 484 | PackedStringArray Cripter::get_available_curves() { 485 | PackedStringArray curve_names; 486 | const mbedtls_ecp_curve_info* curve_info = mbedtls_ecp_curve_list(); 487 | while (curve_info != NULL && curve_info->name != NULL) { 488 | curve_names.append(String(curve_info->name)); 489 | curve_info++; 490 | } 491 | return curve_names; 492 | } 493 | 494 | Error Cripter::pk_generate_keys( 495 | PK_TYPE algorithm_type, 496 | Cripter::KeySize key_size, 497 | const ECP_GROUP_ID curve, 498 | FileFormat storage_format, 499 | const String password, 500 | const String p_private_key_filename, 501 | const String p_public_key_filename, 502 | const String personalization 503 | ) { 504 | 505 | 506 | // Create Variables 507 | //unsigned char pri_output_buf[16000]; 508 | //unsigned char pub_output_buf[16000]; 509 | 510 | //std::vector pri_output_buf(16000, 0); 511 | //std::vector pub_output_buf(16000, 0); 512 | 513 | PackedByteArray pri_output_buf; 514 | PackedByteArray pub_output_buf; 515 | pri_output_buf.resize(16000); 516 | pub_output_buf.resize(16000); 517 | 518 | int pk_key_type; 519 | int mbedtls_erro = 0; 520 | const char* pers = personalization.utf8().get_data(); 521 | 522 | mbedtls_pk_type_t algorithm = static_cast(algorithm_type); 523 | mbedtls_pk_context pk_key; 524 | mbedtls_entropy_context entropy; 525 | mbedtls_ctr_drbg_context ctr_drbg; 526 | 527 | 528 | // Init Variables 529 | //memset(pri_output_buf, 0, sizeof(pri_output_buf)); 530 | //memset(pub_output_buf, 0, sizeof(pub_output_buf)); 531 | mbedtls_pk_init(&pk_key); 532 | mbedtls_entropy_init(&entropy); 533 | mbedtls_ctr_drbg_init(&ctr_drbg); 534 | 535 | String private_key_filename = ensure_global_path(p_private_key_filename); 536 | String public_key_filename = ensure_global_path(p_public_key_filename); 537 | 538 | if (algorithm == MBEDTLS_PK_ECKEY || algorithm == MBEDTLS_PK_ECKEY_DH || algorithm == MBEDTLS_PK_ECDSA) { 539 | pk_key_type = TYPE_ECC; 540 | } 541 | else if (algorithm == MBEDTLS_PK_RSA || algorithm == MBEDTLS_PK_RSA_ALT || algorithm == MBEDTLS_PK_RSASSA_PSS){ 542 | pk_key_type = TYPE_RSA; 543 | } 544 | 545 | if (key_size < BITS_1024){ 546 | WARN_PRINT("RSA keys support sizes from 1024 to 8192 bits. - Using 1024 Bits key size"); 547 | key_size = BITS_1024; 548 | } 549 | else if (key_size > BITS_8192){ 550 | WARN_PRINT("RSA keys support sizes from 1024 to 8192 bits. - Using 8192 Bits key size"); 551 | key_size = BITS_8192; 552 | } 553 | 554 | // ENTROPY SEED 555 | mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, reinterpret_cast(pers), strlen(pers)); 556 | if (mbedtls_erro != OK) { 557 | mbedtls_pk_free(&pk_key); 558 | mbedtls_entropy_free(&entropy); 559 | mbedtls_ctr_drbg_free(&ctr_drbg); 560 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 561 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to seed the random generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 562 | } 563 | 564 | const mbedtls_pk_info_t *pk_type = mbedtls_pk_info_from_type((mbedtls_pk_type_t) algorithm); 565 | if (pk_type == NULL) { 566 | mbedtls_pk_free(&pk_key); 567 | mbedtls_entropy_free(&entropy); 568 | mbedtls_ctr_drbg_free(&ctr_drbg); 569 | ERR_FAIL_V_EDMSG(FAILED, "Invalid PK type info."); 570 | } 571 | 572 | 573 | mbedtls_erro = mbedtls_pk_setup(&pk_key, pk_type); 574 | if (mbedtls_erro != OK) { 575 | mbedtls_pk_free(&pk_key); 576 | mbedtls_entropy_free(&entropy); 577 | mbedtls_ctr_drbg_free(&ctr_drbg); 578 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_setup"); 579 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to Initialize a PK context: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 580 | } 581 | 582 | // ===================================== RSA ===================================== 583 | if (pk_key_type == TYPE_RSA){ 584 | mbedtls_erro = mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk_key), mbedtls_ctr_drbg_random, &ctr_drbg, (unsigned int)key_size, EXPONENT); 585 | if (mbedtls_erro != OK) { 586 | mbedtls_pk_free(&pk_key); 587 | mbedtls_entropy_free(&entropy); 588 | mbedtls_ctr_drbg_free(&ctr_drbg); 589 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_rsa_gen_key"); 590 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to create RSA key pair.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 591 | } 592 | } 593 | // ===================================== ECC ===================================== 594 | else if (pk_key_type == TYPE_ECC){ 595 | mbedtls_erro = mbedtls_ecp_gen_key((mbedtls_ecp_group_id)algorithm, mbedtls_pk_ec(pk_key), mbedtls_ctr_drbg_random, &ctr_drbg); 596 | if (mbedtls_erro != OK) { 597 | mbedtls_pk_free(&pk_key); 598 | mbedtls_entropy_free(&entropy); 599 | mbedtls_ctr_drbg_free(&ctr_drbg); 600 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ecp_gen_key"); 601 | ERR_FAIL_V_EDMSG(FAILED, String("Failed to create ECP key pair.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 602 | } 603 | } 604 | // =================================== INVALID ==================================== 605 | else { 606 | WARN_PRINT("Unsupported key type"); 607 | return ERR_INVALID_PARAMETER; 608 | } 609 | 610 | // Export keys ==== 611 | 612 | // PEM 613 | if (storage_format == PEM){ 614 | mbedtls_erro = mbedtls_pk_write_key_pem(&pk_key, pri_output_buf.ptrw(), pri_output_buf.size()); 615 | if (mbedtls_erro != OK){ 616 | mbedtls_pk_free(&pk_key); 617 | mbedtls_ctr_drbg_free(&ctr_drbg); 618 | mbedtls_entropy_free(&entropy); 619 | ERR_FAIL_V_MSG(FAILED, mbed_error_msn(mbedtls_erro, "mbedtls_pk_write_key_pem")); 620 | } 621 | 622 | mbedtls_erro = mbedtls_pk_write_pubkey_pem(&pk_key, pub_output_buf.ptrw(), pub_output_buf.size()); 623 | if (mbedtls_erro != OK){ 624 | mbedtls_pk_free(&pk_key); 625 | mbedtls_ctr_drbg_free(&ctr_drbg); 626 | mbedtls_entropy_free(&entropy); 627 | ERR_FAIL_V_MSG(FAILED, mbed_error_msn(mbedtls_erro, "mbedtls_pk_write_pubkey_pem")); 628 | } 629 | } 630 | 631 | // DER 632 | else if (storage_format == DER){ 633 | mbedtls_erro = mbedtls_pk_write_key_der(&pk_key, pri_output_buf.ptrw(), pri_output_buf.size()); 634 | if (mbedtls_erro != OK){ 635 | mbedtls_pk_free(&pk_key); 636 | mbedtls_ctr_drbg_free(&ctr_drbg); 637 | mbedtls_entropy_free(&entropy); 638 | ERR_FAIL_V_MSG(FAILED, mbed_error_msn(mbedtls_erro, "mbedtls_pk_write_key_pem")); 639 | } 640 | 641 | mbedtls_erro = mbedtls_pk_write_pubkey_der(&pk_key, pub_output_buf.ptrw(), pub_output_buf.size()); 642 | if (mbedtls_erro != OK){ 643 | mbedtls_pk_free(&pk_key); 644 | mbedtls_ctr_drbg_free(&ctr_drbg); 645 | mbedtls_entropy_free(&entropy); 646 | ERR_FAIL_V_MSG(FAILED, mbed_error_msn(mbedtls_erro, "mbedtls_pk_write_pubkey_pem")); 647 | } 648 | } 649 | 650 | 651 | // Encrypt key 652 | if (not password.is_empty()){ 653 | PackedByteArray iv = generate_iv(AES_GCM_BLOCK_SIZE, String("Encrypt PKey")); 654 | String derivated_key = derive_key_pbkdf2(password, password.sha256_text()); 655 | pri_output_buf = _aes_crypt(pri_output_buf, derivated_key, iv, CBC, BITS_256, MBEDTLS_AES_ENCRYPT); 656 | } 657 | 658 | 659 | // WRITE FILES 660 | 661 | // Private 662 | Ref f_private = FileAccess::open(private_key_filename, FileAccess::WRITE); 663 | ERR_FAIL_COND_V_MSG(f_private.is_null(), ERR_INVALID_PARAMETER, "Cannot save private RSA key to file: '" + private_key_filename + "'."); 664 | // size_t pri_len = strlen((char *)pri_output_buf); 665 | // f_private->store_buffer(pri_output_buf, pri_len); 666 | // mbedtls_platform_zeroize(pri_output_buf, sizeof(pri_output_buf)); 667 | f_private->store_buffer(pri_output_buf); 668 | pri_output_buf.fill(0); //zeroize 669 | 670 | 671 | // Public 672 | Ref f_public = FileAccess::open(public_key_filename, FileAccess::WRITE); 673 | ERR_FAIL_COND_V_MSG(f_public.is_null(), ERR_INVALID_PARAMETER, "Cannot save public RSA key to file: '" + public_key_filename + "'."); 674 | // size_t pub_len = strlen((char *)pub_output_buf); 675 | // f_public->store_buffer(pub_output_buf, pub_len); 676 | // mbedtls_platform_zeroize(pub_output_buf, sizeof(pub_output_buf)); 677 | f_private->store_buffer(pub_output_buf); 678 | pub_output_buf.fill(0); //zeroize 679 | 680 | 681 | // Clean up 682 | mbedtls_pk_free(&pk_key); 683 | mbedtls_ctr_drbg_free(&ctr_drbg); 684 | mbedtls_entropy_free(&entropy); 685 | 686 | return OK; 687 | 688 | } 689 | 690 | 691 | 692 | Variant Cripter::pk_match_keys(const String p_private_key_path, const String p_public_key_path, const String password){ 693 | 694 | const String private_key_path = ensure_global_path(p_private_key_path); 695 | const String public_key_path = ensure_global_path(p_public_key_path); 696 | int mbedtls_erro; 697 | const char *pers = "pk_match_keys"; 698 | 699 | mbedtls_entropy_context entropy; 700 | mbedtls_ctr_drbg_context ctr_drbg; 701 | mbedtls_pk_context private_ctx, public_ctx; 702 | 703 | mbedtls_pk_init(&private_ctx); 704 | mbedtls_pk_init(&public_ctx); 705 | mbedtls_entropy_init(&entropy); 706 | mbedtls_ctr_drbg_init(&ctr_drbg); 707 | 708 | 709 | mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, reinterpret_cast(pers), strlen(pers)); 710 | if (mbedtls_erro != OK) { 711 | mbedtls_pk_free(&private_ctx); 712 | mbedtls_pk_free(&public_ctx); 713 | mbedtls_ctr_drbg_free(&ctr_drbg); 714 | mbedtls_entropy_free(&entropy); 715 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 716 | ERR_FAIL_V_EDMSG(mbedtls_erro, String("Failed to seed random number generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 717 | } 718 | 719 | 720 | if (password.is_empty()){ 721 | mbedtls_erro = mbedtls_pk_parse_keyfile(&private_ctx, private_key_path.utf8().get_data(), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg); 722 | }else{ 723 | mbedtls_erro = mbedtls_pk_parse_keyfile(&private_ctx, private_key_path.utf8().get_data(), password.utf8().get_data(), mbedtls_ctr_drbg_random, &ctr_drbg); 724 | } 725 | if (mbedtls_erro != OK) { 726 | mbedtls_pk_free(&private_ctx); 727 | mbedtls_pk_free(&public_ctx); 728 | mbedtls_ctr_drbg_free(&ctr_drbg); 729 | mbedtls_entropy_free(&entropy); 730 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_keyfile"); 731 | ERR_FAIL_V_EDMSG(mbedtls_erro, String("Error parsing private key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 732 | } 733 | 734 | 735 | mbedtls_erro = mbedtls_pk_parse_public_keyfile(&public_ctx, public_key_path.utf8().get_data()); 736 | if (mbedtls_erro != OK) { 737 | mbedtls_pk_free(&private_ctx); 738 | mbedtls_pk_free(&public_ctx); 739 | mbedtls_ctr_drbg_free(&ctr_drbg); 740 | mbedtls_entropy_free(&entropy); 741 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_public_keyfile"); 742 | ERR_FAIL_V_EDMSG(mbedtls_erro, String("Error parsing public key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 743 | } 744 | 745 | 746 | mbedtls_erro = mbedtls_pk_check_pair(&public_ctx, &private_ctx, mbedtls_ctr_drbg_random, &ctr_drbg); 747 | mbedtls_pk_free(&private_ctx); 748 | mbedtls_pk_free(&public_ctx); 749 | mbedtls_ctr_drbg_free(&ctr_drbg); 750 | mbedtls_entropy_free(&entropy); 751 | if (mbedtls_erro != OK) { 752 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_public_keyfile"); 753 | ERR_FAIL_V_EDMSG(mbedtls_erro, String("Error parsing public key.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 754 | } 755 | 756 | 757 | if (mbedtls_erro == OK){ 758 | return true; 759 | } 760 | 761 | return mbedtls_erro; 762 | 763 | } 764 | 765 | 766 | 767 | 768 | 769 | 770 | Dictionary Cripter::pk_analyze_key(const String p_key_path) { 771 | 772 | Dictionary ret; 773 | int mbedtls_error = 0; 774 | const char *pers = "pk_parse_key"; 775 | String key_path = ensure_global_path(p_key_path); 776 | 777 | 778 | mbedtls_pk_context pk; 779 | mbedtls_entropy_context entropy; 780 | mbedtls_ctr_drbg_context ctr_drbg; 781 | 782 | mbedtls_pk_init(&pk); 783 | mbedtls_entropy_init(&entropy); 784 | mbedtls_ctr_drbg_init(&ctr_drbg); 785 | 786 | 787 | mbedtls_error = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, reinterpret_cast(pers), strlen(pers)); 788 | if (mbedtls_error != OK) { 789 | mbedtls_pk_free(&pk); 790 | mbedtls_entropy_free(&entropy); 791 | mbedtls_ctr_drbg_free(&ctr_drbg); 792 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_ctr_drbg_seed"); 793 | ERR_FAIL_V_EDMSG(ret, String("Failed to seed random number generator: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 794 | } 795 | 796 | // Try to load as private key 797 | //const char *key_path = p_key_path.utf8().get_data(); 798 | mbedtls_error = mbedtls_pk_parse_keyfile(&pk, key_path.utf8().get_data(), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg); 799 | bool is_private = false; 800 | 801 | // Determines whether it is a public or private key. 802 | if (mbedtls_error != OK) { 803 | // Try to load as public key 804 | mbedtls_error = mbedtls_pk_parse_public_keyfile(&pk, key_path.utf8().get_data()); 805 | if (mbedtls_error != OK) { 806 | mbedtls_pk_free(&pk); 807 | mbedtls_entropy_free(&entropy); 808 | mbedtls_ctr_drbg_free(&ctr_drbg); 809 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_pk_parse_public_keyfile"); 810 | ERR_FAIL_V_EDMSG(ret, String("Failed to parse public keyfile.: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 811 | } 812 | ret["CATEGORY"] = "PUBLIC"; 813 | } else { 814 | ret["CATEGORY"] = "PRIVATE"; 815 | is_private = true; 816 | } 817 | 818 | // Get the key type and name 819 | mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(&pk); 820 | const char *pk_name = mbedtls_pk_get_name(&pk); 821 | ret["NAME"] = String(pk_name); 822 | 823 | // Get the key size in bytes and bits 824 | ret["LENGTH"] = (int)mbedtls_pk_get_len(&pk); 825 | ret["BITS_LENGTH"] = (int)mbedtls_pk_get_bitlen(&pk); 826 | 827 | // Key Type 828 | mbedtls_pk_type_t key_type = mbedtls_pk_get_type(&pk); 829 | ret["TYPE"] = static_cast(key_type); 830 | 831 | 832 | //====================================== ECP ==================================================== 833 | if ( 834 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_ECKEY || 835 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_ECKEY_DH || 836 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_ECDSA 837 | ){ 838 | 839 | // Get EC Context 840 | mbedtls_ecp_keypair *ec_key = mbedtls_pk_ec(pk); 841 | if (ec_key == NULL) { 842 | mbedtls_pk_free(&pk); 843 | mbedtls_entropy_free(&entropy); 844 | mbedtls_ctr_drbg_free(&ctr_drbg); 845 | mbedtls_ecp_keypair_free(ec_key); 846 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_pk_ec"); 847 | ERR_FAIL_V_EDMSG(ret, String("Invalid ECP Context: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 848 | } 849 | 850 | // Get courve Info 851 | mbedtls_ecp_group *ecp_group = &ec_key->private_grp; 852 | mbedtls_ecp_curve_type curve_type = mbedtls_ecp_get_type(ecp_group); 853 | ret["CURVE_TYPE"] = curve_type; 854 | 855 | mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ec_key); 856 | const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); 857 | if (curve_info != NULL) { 858 | ret["CURVE"] = String(curve_info->name); 859 | } else { 860 | ret["CURVE"] = "Unknown"; 861 | } 862 | 863 | if (is_private){ 864 | mbedtls_error = mbedtls_ecp_check_privkey(&ec_key->private_grp, &ec_key->private_d); 865 | if (mbedtls_error != OK) { 866 | mbedtls_pk_free(&pk); 867 | mbedtls_entropy_free(&entropy); 868 | mbedtls_ctr_drbg_free(&ctr_drbg); 869 | mbedtls_ecp_keypair_free(ec_key); 870 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_ecp_check_pubkey"); 871 | ERR_FAIL_V_EDMSG(ret, String("Invalid EC private point: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 872 | } 873 | } 874 | else{ 875 | mbedtls_error = mbedtls_ecp_check_pubkey(&ec_key->private_grp, &ec_key->private_Q); 876 | if (mbedtls_error != OK) { 877 | mbedtls_pk_free(&pk); 878 | mbedtls_entropy_free(&entropy); 879 | mbedtls_ctr_drbg_free(&ctr_drbg); 880 | mbedtls_ecp_keypair_free(ec_key); 881 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_ecp_check_pubkey"); 882 | ERR_FAIL_V_EDMSG(ret, String("Invalid EC public point: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 883 | } 884 | } 885 | 886 | // Get the X and Y coordinates 887 | mbedtls_mpi X, Y; 888 | mbedtls_mpi_init(&X); 889 | mbedtls_mpi_init(&Y); 890 | mbedtls_mpi_copy(&X, &ec_key->private_Q.private_X); 891 | mbedtls_mpi_copy(&Y, &ec_key->private_Q.private_Y); 892 | 893 | // Convert X and Y to hexadecimal strings 894 | char buffer[8192]; 895 | size_t n; 896 | 897 | mbedtls_mpi_write_string(&X, 16, buffer, sizeof(buffer), &n); 898 | ret["X"] = String(buffer); 899 | 900 | mbedtls_mpi_write_string(&Y, 16, buffer, sizeof(buffer), &n); 901 | ret["Y"] = String(buffer); 902 | 903 | if (is_private) { 904 | // Get the private key 'd' 905 | mbedtls_mpi_write_string(&ec_key->private_d, 16, buffer, sizeof(buffer), &n); 906 | ret["d"] = String(buffer); 907 | } 908 | 909 | // Cleaning 910 | mbedtls_mpi_free(&X); 911 | mbedtls_mpi_free(&Y); 912 | mbedtls_ecp_keypair_free(ec_key); 913 | 914 | 915 | //====================================== RSA ==================================================== 916 | } else if ( 917 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_RSA || 918 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_RSA_ALT || 919 | static_cast(pk_type) == mbedtls_pk_type_t::MBEDTLS_PK_RSASSA_PSS 920 | ) { 921 | 922 | // Get RSA Context 923 | mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); 924 | if (rsa == NULL) { 925 | mbedtls_pk_free(&pk); 926 | mbedtls_entropy_free(&entropy); 927 | mbedtls_ctr_drbg_free(&ctr_drbg); 928 | mbedtls_rsa_free(rsa); 929 | String _err = mbed_error_msn(mbedtls_error, "mbedtls_pk_rsa"); 930 | ERR_FAIL_V_EDMSG(ret, String("Invalid RSA Context: -0x") + String::num_int64(-mbedtls_error, 16) + _err); 931 | } 932 | 933 | 934 | mbedtls_rsa_free(rsa); 935 | 936 | //========================================================================================== 937 | 938 | 939 | } else { 940 | WARN_PRINT("Unsupported key type"); 941 | } 942 | 943 | // Frees up resources. 944 | mbedtls_pk_free(&pk); 945 | mbedtls_entropy_free(&entropy); 946 | mbedtls_ctr_drbg_free(&ctr_drbg); 947 | return ret; 948 | } 949 | 950 | 951 | 952 | 953 | 954 | 955 | 956 | PackedByteArray Cripter::pk_sign(const String private_key_path, const PackedByteArray data, const String password){ 957 | 958 | int mbedtls_erro; 959 | const char *pers = "pk_sign"; 960 | PackedByteArray hash; 961 | PackedByteArray signature; 962 | const String key_path = ensure_global_path(private_key_path); 963 | 964 | hash.resize(HASH_SIZE_SHA_256); 965 | signature.resize(MBEDTLS_PK_SIGNATURE_MAX_SIZE); 966 | 967 | mbedtls_pk_context pk_key; 968 | mbedtls_md_context_t md_ctx; 969 | mbedtls_entropy_context entropy; 970 | mbedtls_ctr_drbg_context ctr_drbg; 971 | 972 | mbedtls_pk_init(&pk_key); 973 | mbedtls_md_init(&md_ctx); 974 | mbedtls_entropy_init(&entropy); 975 | mbedtls_ctr_drbg_init(&ctr_drbg); 976 | 977 | 978 | mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers)) ; 979 | if (mbedtls_erro != OK) { 980 | mbedtls_pk_free(&pk_key); 981 | mbedtls_md_free(&md_ctx); 982 | mbedtls_entropy_free(&entropy); 983 | mbedtls_ctr_drbg_free(&ctr_drbg); 984 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 985 | ERR_FAIL_V_EDMSG(signature, String("Failed to seed the random generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 986 | } 987 | 988 | 989 | if (password.is_empty()){ 990 | mbedtls_erro = mbedtls_pk_parse_keyfile( &pk_key, key_path.utf8().get_data(), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg); 991 | }else{ 992 | mbedtls_erro = mbedtls_pk_parse_keyfile(&pk_key, key_path.utf8().get_data(), password.utf8().get_data(), mbedtls_ctr_drbg_random, &ctr_drbg); 993 | } 994 | if (mbedtls_erro != OK) { 995 | mbedtls_pk_free(&pk_key); 996 | mbedtls_md_free(&md_ctx); 997 | mbedtls_entropy_free(&entropy); 998 | mbedtls_ctr_drbg_free(&ctr_drbg); 999 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_keyfile"); 1000 | ERR_FAIL_V_EDMSG(signature, String("Failed to parse key file.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1001 | } 1002 | 1003 | 1004 | mbedtls_erro = mbedtls_md_setup(&md_ctx, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); 1005 | if (mbedtls_erro != OK) { 1006 | mbedtls_pk_free(&pk_key); 1007 | mbedtls_md_free(&md_ctx); 1008 | mbedtls_entropy_free(&entropy); 1009 | mbedtls_ctr_drbg_free(&ctr_drbg); 1010 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_setup"); 1011 | ERR_FAIL_V_EDMSG(signature, String("Failed to selects the message digest algorithm.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1012 | } 1013 | 1014 | mbedtls_erro = mbedtls_md_starts(&md_ctx); 1015 | if (mbedtls_erro != OK) { 1016 | mbedtls_pk_free(&pk_key); 1017 | mbedtls_md_free(&md_ctx); 1018 | mbedtls_entropy_free(&entropy); 1019 | mbedtls_ctr_drbg_free(&ctr_drbg); 1020 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_starts"); 1021 | ERR_FAIL_V_EDMSG(signature, String("Failed to starts a message-digest computation..: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1022 | } 1023 | 1024 | mbedtls_erro = mbedtls_md_update(&md_ctx, data.ptr(), data.size()); 1025 | if (mbedtls_erro != OK) { 1026 | mbedtls_pk_free(&pk_key); 1027 | mbedtls_md_free(&md_ctx); 1028 | mbedtls_entropy_free(&entropy); 1029 | mbedtls_ctr_drbg_free(&ctr_drbg); 1030 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_update"); 1031 | ERR_FAIL_V_EDMSG(signature, String("Failed to feeds an input buffer.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1032 | } 1033 | 1034 | mbedtls_erro = mbedtls_md_finish(&md_ctx, hash.ptrw()); 1035 | if (mbedtls_erro != OK) { 1036 | mbedtls_pk_free(&pk_key); 1037 | mbedtls_md_free(&md_ctx); 1038 | mbedtls_entropy_free(&entropy); 1039 | mbedtls_ctr_drbg_free(&ctr_drbg); 1040 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_finish"); 1041 | ERR_FAIL_V_EDMSG(signature, String("Failed to finishes the digest operation.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1042 | } 1043 | 1044 | size_t sig_len = signature.size(); 1045 | mbedtls_erro = mbedtls_pk_sign(&pk_key, MBEDTLS_MD_SHA256, hash.ptrw(), hash.size(), signature.ptrw(), signature.size(), &sig_len, mbedtls_ctr_drbg_random, &ctr_drbg); 1046 | if (mbedtls_erro != OK) { 1047 | mbedtls_pk_free(&pk_key); 1048 | mbedtls_md_free(&md_ctx); 1049 | mbedtls_entropy_free(&entropy); 1050 | mbedtls_ctr_drbg_free(&ctr_drbg); 1051 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_sign"); 1052 | ERR_FAIL_V_EDMSG(signature, String("Failed to make signature.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1053 | } 1054 | 1055 | mbedtls_pk_free(&pk_key); 1056 | mbedtls_md_free(&md_ctx); 1057 | mbedtls_entropy_free(&entropy); 1058 | mbedtls_ctr_drbg_free(&ctr_drbg); 1059 | 1060 | return signature; 1061 | 1062 | } 1063 | 1064 | 1065 | 1066 | Variant Cripter::pk_verify_signature(const String public_key_path, const PackedByteArray data, const String password){ 1067 | 1068 | int mbedtls_erro; 1069 | PackedByteArray signature; 1070 | PackedByteArray hash; 1071 | hash.resize(HASH_SIZE_SHA_256); 1072 | 1073 | mbedtls_pk_context pk_key; 1074 | mbedtls_md_context_t md_ctx; 1075 | 1076 | mbedtls_md_init(&md_ctx); 1077 | mbedtls_pk_init(&pk_key); 1078 | 1079 | const String key_path = ensure_global_path(public_key_path); 1080 | 1081 | mbedtls_erro = mbedtls_pk_parse_public_keyfile(&pk_key, key_path.utf8().get_data()); 1082 | if (mbedtls_erro != OK) { 1083 | mbedtls_pk_free(&pk_key); 1084 | mbedtls_md_free(&md_ctx); 1085 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_public_keyfile"); 1086 | ERR_FAIL_V_EDMSG(signature, String("Failed to parse public keyfile.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1087 | } 1088 | 1089 | mbedtls_erro = mbedtls_md_setup(&md_ctx, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); 1090 | if (mbedtls_erro != OK) { 1091 | mbedtls_pk_free(&pk_key); 1092 | mbedtls_md_free(&md_ctx); 1093 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_setup"); 1094 | ERR_FAIL_V_EDMSG(signature, String("Failed to selects the message digest algorithm.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1095 | } 1096 | 1097 | mbedtls_erro = mbedtls_md_starts(&md_ctx); 1098 | if (mbedtls_erro != OK) { 1099 | mbedtls_pk_free(&pk_key); 1100 | mbedtls_md_free(&md_ctx); 1101 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_starts"); 1102 | ERR_FAIL_V_EDMSG(signature, String("Failed to starts a message-digest computation..: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1103 | } 1104 | 1105 | mbedtls_erro = mbedtls_md_update(&md_ctx, data.ptr(), data.size()); 1106 | if (mbedtls_erro != OK) { 1107 | mbedtls_pk_free(&pk_key); 1108 | mbedtls_md_free(&md_ctx); 1109 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_update"); 1110 | ERR_FAIL_V_EDMSG(signature, String("Failed to feeds an input buffer.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1111 | } 1112 | 1113 | mbedtls_erro = mbedtls_md_finish(&md_ctx, hash.ptrw()); 1114 | if (mbedtls_erro != OK) { 1115 | mbedtls_pk_free(&pk_key); 1116 | mbedtls_md_free(&md_ctx); 1117 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_md_finish"); 1118 | ERR_FAIL_V_EDMSG(signature, String("Failed to finishes the digest operation.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1119 | } 1120 | 1121 | mbedtls_erro = mbedtls_pk_verify(&pk_key, MBEDTLS_MD_SHA256, hash.ptr(), hash.size(), signature.ptr(), signature.size()); 1122 | mbedtls_pk_free(&pk_key); 1123 | mbedtls_md_free(&md_ctx); 1124 | 1125 | if (mbedtls_erro == OK){ 1126 | return true; 1127 | } 1128 | 1129 | return mbedtls_erro; 1130 | 1131 | } 1132 | 1133 | 1134 | 1135 | PackedByteArray Cripter::pk_encrypt(const PackedByteArray plaintext, const String p_public_key_path){ 1136 | 1137 | size_t olen = plaintext.size(); 1138 | PackedByteArray output; 1139 | output.resize(olen); 1140 | int mbedtls_erro; 1141 | const char *pers = "pk_encrypt"; 1142 | const String key_path = ensure_global_path(p_public_key_path); 1143 | 1144 | // Init Context 1145 | mbedtls_pk_context pk_key; 1146 | mbedtls_entropy_context entropy; 1147 | mbedtls_ctr_drbg_context ctr_drbg; 1148 | 1149 | mbedtls_pk_init(&pk_key); 1150 | mbedtls_entropy_init(&entropy); 1151 | mbedtls_ctr_drbg_init(&ctr_drbg); 1152 | 1153 | mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers)) ; 1154 | if (mbedtls_erro != OK) { 1155 | mbedtls_pk_free(&pk_key); 1156 | mbedtls_entropy_free(&entropy); 1157 | mbedtls_ctr_drbg_free(&ctr_drbg); 1158 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 1159 | ERR_FAIL_V_EDMSG(output, String("Failed to seed the random generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1160 | } 1161 | 1162 | mbedtls_erro = mbedtls_pk_parse_public_keyfile(&pk_key, key_path.utf8().get_data()); 1163 | if (mbedtls_erro != OK) { 1164 | mbedtls_pk_free(&pk_key); 1165 | mbedtls_entropy_free(&entropy); 1166 | mbedtls_ctr_drbg_free(&ctr_drbg); 1167 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_public_keyfile"); 1168 | ERR_FAIL_V_EDMSG(output, String("Failed to parse public keyfile.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1169 | } 1170 | 1171 | const size_t max_rsa_input_size = get_max_rsa_input_size(&pk_key); 1172 | if (olen >= max_rsa_input_size){ 1173 | mbedtls_pk_free(&pk_key); 1174 | mbedtls_entropy_free(&entropy); 1175 | mbedtls_ctr_drbg_free(&ctr_drbg); 1176 | ERR_FAIL_V_EDMSG(output, "The input data compliance exceeds the key capacity."); 1177 | } 1178 | 1179 | mbedtls_erro = mbedtls_pk_encrypt(&pk_key, plaintext.ptr(), plaintext.size(), output.ptrw(), &olen, olen, mbedtls_ctr_drbg_random, &ctr_drbg); 1180 | if (mbedtls_erro != OK) { 1181 | mbedtls_pk_free(&pk_key); 1182 | mbedtls_entropy_free(&entropy); 1183 | mbedtls_ctr_drbg_free(&ctr_drbg); 1184 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_encrypt"); 1185 | ERR_FAIL_V_EDMSG(output, String("Failed to encrypt data.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1186 | } 1187 | 1188 | mbedtls_pk_free( &pk_key); 1189 | mbedtls_ctr_drbg_free(&ctr_drbg); 1190 | mbedtls_entropy_free(&entropy); 1191 | 1192 | return output; 1193 | } 1194 | 1195 | 1196 | PackedByteArray Cripter::pk_decrypt(const PackedByteArray ciphertext, const String p_private_key_path, const String password){ 1197 | 1198 | const String key_path = ensure_global_path(p_private_key_path); 1199 | int mbedtls_erro; 1200 | 1201 | size_t olen = ciphertext.size(); 1202 | PackedByteArray output; 1203 | output.resize(olen); 1204 | const char *pers = "pk_decrypt"; 1205 | 1206 | 1207 | // Init Context 1208 | mbedtls_pk_context pk_key; 1209 | mbedtls_entropy_context entropy; 1210 | mbedtls_ctr_drbg_context ctr_drbg; 1211 | 1212 | mbedtls_pk_init(&pk_key); 1213 | mbedtls_entropy_init(&entropy); 1214 | mbedtls_ctr_drbg_init(&ctr_drbg); 1215 | 1216 | 1217 | if (password.is_empty()){ 1218 | mbedtls_erro = mbedtls_pk_parse_keyfile(&pk_key, key_path.utf8().get_data(), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg); 1219 | }else{ 1220 | mbedtls_erro = mbedtls_pk_parse_keyfile(&pk_key, key_path.utf8().get_data(), password.utf8().get_data(), mbedtls_ctr_drbg_random, &ctr_drbg); 1221 | } 1222 | if (mbedtls_erro != OK) { 1223 | mbedtls_pk_free(&pk_key); 1224 | mbedtls_entropy_free(&entropy); 1225 | mbedtls_ctr_drbg_free(&ctr_drbg); 1226 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_parse_keyfile"); 1227 | ERR_FAIL_V_EDMSG(output, String("Failed to parse key file.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1228 | } 1229 | 1230 | 1231 | mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers)) ; 1232 | if (mbedtls_erro != OK) { 1233 | mbedtls_pk_free(&pk_key); 1234 | mbedtls_entropy_free(&entropy); 1235 | mbedtls_ctr_drbg_free(&ctr_drbg); 1236 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 1237 | ERR_FAIL_V_EDMSG(output, String("Failed to seed the random generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1238 | } 1239 | 1240 | mbedtls_erro = mbedtls_pk_decrypt(&pk_key, ciphertext.ptr(), ciphertext.size(), output.ptrw(), &olen, olen, mbedtls_ctr_drbg_random, &ctr_drbg); 1241 | if (mbedtls_erro != OK) { 1242 | mbedtls_pk_free(&pk_key); 1243 | mbedtls_entropy_free(&entropy); 1244 | mbedtls_ctr_drbg_free(&ctr_drbg); 1245 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_pk_decrypt"); 1246 | ERR_FAIL_V_EDMSG(output, String("Failed to decrypt data.: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1247 | } 1248 | 1249 | mbedtls_pk_free(&pk_key); 1250 | mbedtls_ctr_drbg_free(&ctr_drbg); 1251 | mbedtls_entropy_free(&entropy); 1252 | 1253 | return output; 1254 | } 1255 | 1256 | 1257 | 1258 | 1259 | 1260 | 1261 | 1262 | 1263 | 1264 | // =============== UTILITIES =============== 1265 | 1266 | 1267 | PackedByteArray Cripter::generate_iv(const int iv_length, const String p_personalization) { 1268 | 1269 | ERR_FAIL_COND_V_MSG(iv_length <= 0, PackedByteArray(), "Invalid IV length."); 1270 | ERR_FAIL_COND_V_MSG(p_personalization.is_empty(), PackedByteArray(), "The IV personalization string cannot be empty."); 1271 | 1272 | PackedByteArray iv; 1273 | iv.resize(iv_length); 1274 | const char *personalization = p_personalization.utf8().get_data(); 1275 | 1276 | mbedtls_entropy_context entropy; 1277 | mbedtls_ctr_drbg_context ctr_drbg; 1278 | 1279 | mbedtls_entropy_init(&entropy); 1280 | mbedtls_ctr_drbg_init(&ctr_drbg); 1281 | 1282 | int mbedtls_erro = mbedtls_ctr_drbg_seed(&ctr_drbg,mbedtls_entropy_func, &entropy,(const unsigned char *)personalization, strlen(personalization)); 1283 | if (mbedtls_erro != OK) { 1284 | mbedtls_entropy_free(&entropy); 1285 | mbedtls_ctr_drbg_free(&ctr_drbg); 1286 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_seed"); 1287 | ERR_FAIL_V_EDMSG(PackedByteArray(), String("Failed to seed the random generator: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1288 | } 1289 | 1290 | mbedtls_erro = mbedtls_ctr_drbg_random(&ctr_drbg, iv.ptrw(), iv.size()); 1291 | 1292 | mbedtls_entropy_free(&entropy); 1293 | mbedtls_ctr_drbg_free(&ctr_drbg); 1294 | 1295 | if (mbedtls_erro != OK) { 1296 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_random"); 1297 | ERR_FAIL_V_EDMSG(PackedByteArray(), String("Failed to generate IV: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1298 | } 1299 | 1300 | return iv; 1301 | } 1302 | 1303 | 1304 | String Cripter::derive_key_pbkdf2(const String p_password, const String p_salt, const int iterations, const int key_length) { 1305 | ERR_FAIL_COND_V_MSG(iterations <= 0, String(""), "Number of iterations must be positive."); 1306 | ERR_FAIL_COND_V_MSG(key_length <= 0, String(""), "Key size must be positive."); 1307 | 1308 | const unsigned char *password = (const unsigned char *)(p_password.utf8().get_data()); 1309 | const unsigned char *salt = (const unsigned char *)(p_salt.utf8().get_data()); 1310 | unsigned char* derived_key = (unsigned char*)malloc(key_length); 1311 | size_t password_len = p_password.utf8().size(); 1312 | size_t salt_len = p_salt.utf8().size(); 1313 | 1314 | int mbedtls_erro = mbedtls_pkcs5_pbkdf2_hmac_ext(MBEDTLS_MD_SHA256, password, password_len, salt, salt_len, iterations, key_length, derived_key); 1315 | if (mbedtls_erro != OK) { 1316 | String _err = mbed_error_msn(mbedtls_erro, "mbedtls_ctr_drbg_random"); 1317 | ERR_FAIL_V_EDMSG(String(""), String("Failed to generate IV: -0x") + String::num_int64(-mbedtls_erro, 16) + _err); 1318 | } 1319 | 1320 | String ret_derived_key = String((const char *)derived_key); 1321 | free(derived_key); 1322 | return ret_derived_key; 1323 | } 1324 | 1325 | 1326 | 1327 | // =============== HELPERS =============== 1328 | 1329 | String Cripter::ensure_global_path(String p_path){ 1330 | if (p_path.is_absolute_path()){ 1331 | return p_path; 1332 | } 1333 | else if (p_path.is_relative_path()){ 1334 | ProjectSettings &ps = *ProjectSettings::get_singleton(); 1335 | return ps.globalize_path(p_path); 1336 | } 1337 | else { 1338 | return String(); 1339 | } 1340 | } 1341 | 1342 | 1343 | String Cripter::mbed_error_msn(int mbedtls_erro, const char* p_function){ 1344 | char mbedtls_erro_text[MBEDTLS_ERROR_BUFFER_LENGTH]; 1345 | mbedtls_strerror(mbedtls_erro, mbedtls_erro_text, MBEDTLS_ERROR_BUFFER_LENGTH); 1346 | std::string s = std::to_string(mbedtls_erro); 1347 | String ret = String::utf8("failed! mbedtls returned the error: ") + String::utf8(s.c_str()) + \ 1348 | String::utf8("\n - Function: ") + String::utf8(p_function) + String::utf8(" - Description: ") + String::utf8(mbedtls_erro_text); 1349 | return ret; 1350 | } 1351 | 1352 | 1353 | std::vector Cripter::byteArray_to_vector(const PackedByteArray &p_packed_array) { 1354 | if (p_packed_array.is_empty()) { 1355 | return std::vector(); 1356 | } 1357 | const unsigned char* data_ptr = p_packed_array.ptr(); 1358 | size_t data_size = p_packed_array.size(); 1359 | std::vector byte_vector(data_ptr, data_ptr + data_size); 1360 | return byte_vector; 1361 | } 1362 | 1363 | 1364 | std::vector Cripter::GDstring_to_STDvector(const String p_string) { 1365 | if (p_string.is_empty()) { 1366 | return std::vector(); 1367 | } 1368 | const char* data = p_string.utf8().get_data(); 1369 | size_t size = p_string.size(); 1370 | const unsigned char* unsigned_data = reinterpret_cast(data); 1371 | std::vector byte_vector(unsigned_data, unsigned_data + size); 1372 | 1373 | return byte_vector; 1374 | } 1375 | 1376 | 1377 | Error Cripter::add_pkcs7_padding(const std::vector& data, std::vector& padded_data, const size_t block_size) { 1378 | if (block_size == 4 || block_size > 255) { 1379 | return ERR_INVALID_PARAMETER; 1380 | } 1381 | 1382 | size_t data_length = data.size(); 1383 | size_t padding_length = block_size - (data_length % block_size); 1384 | if (padding_length == 0) { 1385 | padding_length = block_size; 1386 | } 1387 | 1388 | padded_data = data; 1389 | padded_data.resize(data_length + padding_length, static_cast(padding_length)); 1390 | 1391 | return OK; 1392 | } 1393 | 1394 | 1395 | PackedByteArray Cripter::add_pkcs7_padding(PackedByteArray data, const size_t block_size) { 1396 | PackedByteArray padded_data; 1397 | 1398 | if (block_size == 4 || block_size > 255) { 1399 | WARN_PRINT("Invalid Padding"); 1400 | return padded_data; 1401 | } 1402 | 1403 | size_t data_length = data.size(); 1404 | size_t padding_length = block_size - (data_length % block_size); 1405 | if (padding_length == 0) { 1406 | padding_length = block_size; 1407 | } 1408 | 1409 | padded_data = data.duplicate(); 1410 | PackedByteArray padd; 1411 | padd.resize(padding_length); 1412 | padd.fill(padding_length); 1413 | padded_data.append_array(padd); 1414 | return padded_data; 1415 | } 1416 | 1417 | 1418 | Error Cripter::remove_pkcs7_padding(const std::vector& padded_data, std::vector& data, const size_t block_size) { 1419 | if (padded_data.empty() || padded_data.size() % block_size != 0) { 1420 | return ERR_INVALID_PARAMETER; 1421 | } 1422 | 1423 | unsigned char padding_length = padded_data.back(); 1424 | 1425 | if (padding_length == 0 || padding_length > block_size || padding_length > padded_data.size()) { 1426 | return ERR_INVALID_DATA; 1427 | } 1428 | for (size_t i = padded_data.size() - padding_length; i < padded_data.size(); ++i) { 1429 | if (padded_data[i] != padding_length) { 1430 | return ERR_INVALID_DATA; 1431 | } 1432 | } 1433 | 1434 | data.assign(padded_data.begin(), padded_data.end() - padding_length); 1435 | 1436 | return OK; 1437 | } 1438 | 1439 | 1440 | 1441 | PackedByteArray Cripter::remove_pkcs7_padding(PackedByteArray padded_data, const size_t block_size) { 1442 | PackedByteArray data; 1443 | 1444 | if (padded_data.is_empty() || padded_data.size() % block_size != 0) { 1445 | WARN_PRINT("Invalid Padding"); 1446 | return data; 1447 | } 1448 | 1449 | const size_t padding_length = padded_data[padded_data.size() - 1]; 1450 | 1451 | if (padding_length == 0 || padding_length > block_size || padding_length > (const size_t)padded_data.size()) { 1452 | WARN_PRINT("Invalid Padding"); 1453 | return data; 1454 | } 1455 | 1456 | data = padded_data.duplicate(); 1457 | data.resize(data.size() - padding_length); 1458 | return data; 1459 | } 1460 | 1461 | 1462 | size_t Cripter::get_max_rsa_input_size(const mbedtls_pk_context *pk) { 1463 | 1464 | const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); 1465 | size_t key_size_bytes = mbedtls_rsa_get_len(rsa); 1466 | const int *padding = &rsa->MBEDTLS_PRIVATE(padding); 1467 | const int *hash_id = &rsa->MBEDTLS_PRIVATE(hash_id); 1468 | 1469 | size_t hash_len = 0; 1470 | switch (*hash_id) { 1471 | case MBEDTLS_MD_NONE: hash_len = 0; break; 1472 | case MBEDTLS_MD_MD5: hash_len = 16; break; 1473 | case MBEDTLS_MD_SHA1: hash_len = 20; break; 1474 | case MBEDTLS_MD_SHA224: hash_len = 28; break; 1475 | case MBEDTLS_MD_SHA256: hash_len = 32; break; 1476 | case MBEDTLS_MD_SHA384: hash_len = 48; break; 1477 | case MBEDTLS_MD_SHA512: hash_len = 64; break; 1478 | case MBEDTLS_MD_RIPEMD160: hash_len = 20; break; 1479 | default: 1480 | hash_len = (size_t)-1; break; 1481 | } 1482 | 1483 | size_t max_data_size = 0; 1484 | if (*padding == MBEDTLS_RSA_PKCS_V15) { 1485 | max_data_size = key_size_bytes - 11; // PKCS#1 v1.5 1486 | } else if (*padding == MBEDTLS_RSA_PKCS_V21) { 1487 | max_data_size = key_size_bytes - 2 * hash_len - 2; // OAEP 1488 | } else { 1489 | return 0; 1490 | } 1491 | return max_data_size; 1492 | } 1493 | 1494 | 1495 | 1496 | // =============== GODOT CLASS =============== 1497 | 1498 | void Cripter::_bind_methods(){ 1499 | 1500 | // Utilities 1501 | ClassDB::bind_static_method("Cripter", D_METHOD("generate_iv", "iv length", "personalization"), &Cripter::generate_iv); 1502 | ClassDB::bind_static_method("Cripter", D_METHOD("derive_key_pbkdf2", "password", "salt", "iterations", "key_length"), &Cripter::derive_key_pbkdf2, DEFVAL(500), DEFVAL(16)); 1503 | ClassDB::bind_static_method("Cripter", D_METHOD("get_available_curves"), &Cripter::get_available_curves); 1504 | 1505 | 1506 | // GCM 1507 | ClassDB::bind_static_method("Cripter", D_METHOD("gcm_encrypt", "plaintext", "password", "iv", "aad", "key_length"), &Cripter::gcm_encrypt, DEFVAL(String()), DEFVAL(BITS_256)); 1508 | ClassDB::bind_static_method("Cripter", D_METHOD("gcm_decrypt", "ciphertext", "password", "iv", "tag", "aad", "key_length"), &Cripter::gcm_decrypt, DEFVAL(BITS_256)); 1509 | 1510 | ClassDB::bind_method(D_METHOD("gcm_start_stream", "password", "iv", "mode", "keybits"), &Cripter::gcm_start_stream, DEFVAL(BITS_256)); 1511 | ClassDB::bind_method(D_METHOD("gcm_update_stream", "data", "in_chunk"), &Cripter::gcm_update_stream); 1512 | ClassDB::bind_method(D_METHOD("gcm_stop_stream", "final_data"), &Cripter::gcm_stop_stream); 1513 | 1514 | 1515 | // AES 1516 | ClassDB::bind_static_method("Cripter", D_METHOD("aes_encrypt", "plaintext", "password", "iv_nonce", "algorith", "key_length"), &Cripter::aes_encrypt, DEFVAL(PackedByteArray()), DEFVAL(CBC), DEFVAL(BITS_256)); 1517 | ClassDB::bind_static_method("Cripter", D_METHOD("aes_decrypt", "ciphertext", "password", "iv_nonce", "algorith", "key_length"), &Cripter::aes_decrypt, DEFVAL(PackedByteArray()), DEFVAL(CBC), DEFVAL(BITS_256)); 1518 | 1519 | // ClassDB::bind_method(D_METHOD("aes_start_stream"), &Cripter::aes_start_stream); 1520 | // ClassDB::bind_method(D_METHOD("aes_update_stream"), &Cripter::aes_update_stream); 1521 | // ClassDB::bind_method(D_METHOD("aes_stop_stream"), &Cripter::aes_stop_stream); 1522 | 1523 | // PK 1524 | ClassDB::bind_static_method("Cripter",D_METHOD("pk_generate_keys", "algorithm_type", "key_size", "curve_name", "storage_format", "password", "private_key_filename", "public_key_filename", "personalization"), &Cripter::pk_generate_keys, DEFVAL("key_generation")); 1525 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_analyze_key", "key_path"), &Cripter::pk_analyze_key); 1526 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_match_keys", "private_key_path", "public_key_path", "password"), &Cripter::pk_match_keys, DEFVAL("")); 1527 | 1528 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_encrypt", "plaintext", "key_path"), &Cripter::pk_encrypt); 1529 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_decrypt", "ciphertext", "key_path", "password"), &Cripter::pk_decrypt, DEFVAL("")); 1530 | 1531 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_verify_signature", "private_key_path","data", "password"), &Cripter::pk_verify_signature, DEFVAL("")); 1532 | ClassDB::bind_static_method("Cripter", D_METHOD("pk_sign", "public_key_path","data", "password"), &Cripter::pk_sign, DEFVAL("")); 1533 | 1534 | 1535 | // Constants 1536 | BIND_CONSTANT(GCM_TAG_SIZE); 1537 | BIND_CONSTANT(AES_GCM_BLOCK_SIZE); 1538 | 1539 | // CryptMode 1540 | BIND_ENUM_CONSTANT(DECRYPT); 1541 | BIND_ENUM_CONSTANT(ENCRYPT); 1542 | 1543 | // FileFormat 1544 | BIND_ENUM_CONSTANT(PEM); 1545 | BIND_ENUM_CONSTANT(DER); 1546 | 1547 | // PK_TYPE 1548 | BIND_ENUM_CONSTANT(MBEDTLS_PK_NONE); 1549 | BIND_ENUM_CONSTANT(MBEDTLS_PK_RSA); 1550 | BIND_ENUM_CONSTANT(MBEDTLS_PK_ECKEY); 1551 | BIND_ENUM_CONSTANT(MBEDTLS_PK_ECKEY_DH); 1552 | BIND_ENUM_CONSTANT(MBEDTLS_PK_ECDSA); 1553 | BIND_ENUM_CONSTANT(MBEDTLS_PK_RSA_ALT); 1554 | BIND_ENUM_CONSTANT(MBEDTLS_PK_RSASSA_PSS); 1555 | 1556 | // CURVE_TYPE 1557 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_TYPE_NONE); 1558 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS); 1559 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_TYPE_MONTGOMERY); 1560 | 1561 | // ECP_GROUP_ID 1562 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_NONE); 1563 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP192R1); 1564 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP224R1); 1565 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP256R1); 1566 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP384R1); 1567 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP521R1); 1568 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_BP256R1); 1569 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_BP384R1); 1570 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_BP512R1); 1571 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_CURVE25519); 1572 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP192K1); 1573 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP224K1); 1574 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_SECP256K1); 1575 | BIND_ENUM_CONSTANT(MBEDTLS_ECP_DP_CURVE448); 1576 | 1577 | // Algorithm 1578 | BIND_ENUM_CONSTANT(EBC); 1579 | BIND_ENUM_CONSTANT(CBC); 1580 | BIND_ENUM_CONSTANT(CFB128); 1581 | BIND_ENUM_CONSTANT(CFB8); 1582 | BIND_ENUM_CONSTANT(OFB); 1583 | BIND_ENUM_CONSTANT(CTR); 1584 | 1585 | // KeySize 1586 | BIND_ENUM_CONSTANT(BITS_128); 1587 | BIND_ENUM_CONSTANT(BITS_192); 1588 | BIND_ENUM_CONSTANT(BITS_256); 1589 | BIND_ENUM_CONSTANT(BITS_512); 1590 | BIND_ENUM_CONSTANT(BITS_1024); 1591 | BIND_ENUM_CONSTANT(BITS_2048); 1592 | BIND_ENUM_CONSTANT(BITS_3072); 1593 | BIND_ENUM_CONSTANT(BITS_4096); 1594 | BIND_ENUM_CONSTANT(BITS_7680); 1595 | BIND_ENUM_CONSTANT(BITS_8192); 1596 | 1597 | 1598 | } 1599 | 1600 | 1601 | 1602 | Cripter::Cripter(){ 1603 | } 1604 | 1605 | Cripter::~Cripter(){ 1606 | } 1607 | 1608 | /*cripter.cpp*/ 1609 | --------------------------------------------------------------------------------