godot/core/io/file_access_encrypted.cpp

311 lines
9.1 KiB
C++

/**************************************************************************/
/* file_access_encrypted.cpp */
/**************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* https://godotengine.org */
/**************************************************************************/
/* Copyright (c) 2014-present Godot Engine contributors (see AUTHORS.md). */
/* Copyright (c) 2007-2014 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. */
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/**************************************************************************/
#include "file_access_encrypted.h"
#include "core/crypto/crypto_core.h"
#include "core/string/print_string.h"
#include "core/variant/variant.h"
#include <stdio.h>
Error FileAccessEncrypted::open_and_parse(Ref<FileAccess> p_base, const Vector<uint8_t> &p_key, Mode p_mode, bool p_with_magic, const Vector<uint8_t> &p_iv) {
ERR_FAIL_COND_V_MSG(file.is_valid(), ERR_ALREADY_IN_USE, vformat("Can't open file while another file from path '%s' is open.", file->get_path_absolute()));
ERR_FAIL_COND_V(p_key.size() != 32, ERR_INVALID_PARAMETER);
pos = 0;
eofed = false;
use_magic = p_with_magic;
if (p_mode == MODE_WRITE_AES256) {
data.clear();
writing = true;
file = p_base;
key = p_key;
if (p_iv.is_empty()) {
iv.resize(16);
CryptoCore::RandomGenerator rng;
ERR_FAIL_COND_V_MSG(rng.init(), FAILED, "Failed to initialize random number generator.");
Error err = rng.get_random_bytes(iv.ptrw(), 16);
ERR_FAIL_COND_V(err != OK, err);
} else {
ERR_FAIL_COND_V(p_iv.size() != 16, ERR_INVALID_PARAMETER);
iv = p_iv;
}
} else if (p_mode == MODE_READ) {
writing = false;
key = p_key;
if (use_magic) {
uint32_t magic = p_base->get_32();
ERR_FAIL_COND_V(magic != ENCRYPTED_HEADER_MAGIC, ERR_FILE_UNRECOGNIZED);
}
unsigned char md5d[16];
p_base->get_buffer(md5d, 16);
length = p_base->get_64();
iv.resize(16);
p_base->get_buffer(iv.ptrw(), 16);
base = p_base->get_position();
ERR_FAIL_COND_V(p_base->get_length() < base + length, ERR_FILE_CORRUPT);
uint64_t ds = length;
if (ds % 16) {
ds += 16 - (ds % 16);
}
data.resize(ds);
uint64_t blen = p_base->get_buffer(data.ptrw(), ds);
ERR_FAIL_COND_V(blen != ds, ERR_FILE_CORRUPT);
{
CryptoCore::AESContext ctx;
ctx.set_encode_key(key.ptrw(), 256); // Due to the nature of CFB, same key schedule is used for both encryption and decryption!
ctx.decrypt_cfb(ds, iv.ptrw(), data.ptrw(), data.ptrw());
}
data.resize(length);
unsigned char hash[16];
ERR_FAIL_COND_V(CryptoCore::md5(data.ptr(), data.size(), hash) != OK, ERR_BUG);
ERR_FAIL_COND_V_MSG(String::md5(hash) != String::md5(md5d), ERR_FILE_CORRUPT, "The MD5 sum of the decrypted file does not match the expected value. It could be that the file is corrupt, or that the provided decryption key is invalid.");
file = p_base;
}
return OK;
}
Error FileAccessEncrypted::open_and_parse_password(Ref<FileAccess> p_base, const String &p_key, Mode p_mode) {
String cs = p_key.md5_text();
ERR_FAIL_COND_V(cs.length() != 32, ERR_INVALID_PARAMETER);
Vector<uint8_t> key_md5;
key_md5.resize(32);
for (int i = 0; i < 32; i++) {
key_md5.write[i] = cs[i];
}
return open_and_parse(p_base, key_md5, p_mode);
}
Error FileAccessEncrypted::open_internal(const String &p_path, int p_mode_flags) {
return OK;
}
void FileAccessEncrypted::_close() {
if (file.is_null()) {
return;
}
if (writing) {
Vector<uint8_t> compressed;
uint64_t len = data.size();
if (len % 16) {
len += 16 - (len % 16);
}
unsigned char hash[16];
ERR_FAIL_COND(CryptoCore::md5(data.ptr(), data.size(), hash) != OK); // Bug?
compressed.resize(len);
memset(compressed.ptrw(), 0, len);
for (int i = 0; i < data.size(); i++) {
compressed.write[i] = data[i];
}
CryptoCore::AESContext ctx;
ctx.set_encode_key(key.ptrw(), 256);
if (use_magic) {
file->store_32(ENCRYPTED_HEADER_MAGIC);
}
file->store_buffer(hash, 16);
file->store_64(data.size());
file->store_buffer(iv.ptr(), 16);
ctx.encrypt_cfb(len, iv.ptrw(), compressed.ptrw(), compressed.ptrw());
file->store_buffer(compressed.ptr(), compressed.size());
data.clear();
}
file.unref();
}
bool FileAccessEncrypted::is_open() const {
return file.is_valid();
}
String FileAccessEncrypted::get_path() const {
if (file.is_valid()) {
return file->get_path();
} else {
return "";
}
}
String FileAccessEncrypted::get_path_absolute() const {
if (file.is_valid()) {
return file->get_path_absolute();
} else {
return "";
}
}
void FileAccessEncrypted::seek(uint64_t p_position) {
if (p_position > get_length()) {
p_position = get_length();
}
pos = p_position;
eofed = false;
}
void FileAccessEncrypted::seek_end(int64_t p_position) {
seek(get_length() + p_position);
}
uint64_t FileAccessEncrypted::get_position() const {
return pos;
}
uint64_t FileAccessEncrypted::get_length() const {
return data.size();
}
bool FileAccessEncrypted::eof_reached() const {
return eofed;
}
uint64_t FileAccessEncrypted::get_buffer(uint8_t *p_dst, uint64_t p_length) const {
ERR_FAIL_COND_V(!p_dst && p_length > 0, -1);
ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode.");
uint64_t to_copy = MIN(p_length, get_length() - pos);
memcpy(p_dst, data.ptr() + pos, to_copy);
pos += to_copy;
if (to_copy < p_length) {
eofed = true;
}
return to_copy;
}
Error FileAccessEncrypted::get_error() const {
return eofed ? ERR_FILE_EOF : OK;
}
bool FileAccessEncrypted::store_buffer(const uint8_t *p_src, uint64_t p_length) {
ERR_FAIL_COND_V_MSG(!writing, false, "File has not been opened in write mode.");
ERR_FAIL_COND_V(!p_src && p_length > 0, false);
if (pos + p_length >= get_length()) {
ERR_FAIL_COND_V(data.resize(pos + p_length) != OK, false);
}
memcpy(data.ptrw() + pos, p_src, p_length);
pos += p_length;
return true;
}
void FileAccessEncrypted::flush() {
ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode.");
// encrypted files keep data in memory till close()
}
bool FileAccessEncrypted::file_exists(const String &p_name) {
Ref<FileAccess> fa = FileAccess::open(p_name, FileAccess::READ);
if (fa.is_null()) {
return false;
}
return true;
}
uint64_t FileAccessEncrypted::_get_modified_time(const String &p_file) {
return 0;
}
BitField<FileAccess::UnixPermissionFlags> FileAccessEncrypted::_get_unix_permissions(const String &p_file) {
if (file.is_valid()) {
return file->_get_unix_permissions(p_file);
}
return 0;
}
Error FileAccessEncrypted::_set_unix_permissions(const String &p_file, BitField<FileAccess::UnixPermissionFlags> p_permissions) {
if (file.is_valid()) {
return file->_set_unix_permissions(p_file, p_permissions);
}
return FAILED;
}
bool FileAccessEncrypted::_get_hidden_attribute(const String &p_file) {
if (file.is_valid()) {
return file->_get_hidden_attribute(p_file);
}
return false;
}
Error FileAccessEncrypted::_set_hidden_attribute(const String &p_file, bool p_hidden) {
if (file.is_valid()) {
return file->_set_hidden_attribute(p_file, p_hidden);
}
return FAILED;
}
bool FileAccessEncrypted::_get_read_only_attribute(const String &p_file) {
if (file.is_valid()) {
return file->_get_read_only_attribute(p_file);
}
return false;
}
Error FileAccessEncrypted::_set_read_only_attribute(const String &p_file, bool p_ro) {
if (file.is_valid()) {
return file->_set_read_only_attribute(p_file, p_ro);
}
return FAILED;
}
void FileAccessEncrypted::close() {
_close();
}
FileAccessEncrypted::~FileAccessEncrypted() {
_close();
}