Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto enhancements, AESContext, RSA public key, signature, verification. #39755

Merged
merged 6 commits into from
Jun 22, 2020
Merged

Crypto enhancements, AESContext, RSA public key, signature, verification. #39755

merged 6 commits into from
Jun 22, 2020

Conversation

Faless
Copy link
Collaborator

@Faless Faless commented Jun 22, 2020

In this PR:

  • Add AESContext to provide scripting interface to AES-ECB and AES-CBC encryption/decryption (provided by CryptoCore, i.e., even without mbedtls enabled).
  • Crypto now support saving/loading *.pub "public only" keys.
  • Add sign and verify Crypto methods to sign/verify the given hash using an RSA key.
  • Add encrypt and decrypt Crypto methods for RSA key encryption/decryption.

AESContext demo code:

extends Node

var aes = AESContext.new()

func _ready():
	var key = "My secret key!!!" # Key must be either 16 or 32 bytes.
	var data = "My secret text!!" # Data size must be multiple of 16 bytes, apply padding if needed.
	# Encrypt ECB
	aes.start(AESContext.MODE_ECB_ENCRYPT, key.to_utf8())
	var encrypted = aes.update(data.to_utf8())
	aes.finish()
	# Decrypt ECB
	aes.start(AESContext.MODE_ECB_DECRYPT, key.to_utf8())
	var decrypted = aes.update(encrypted)
	aes.finish()
	# Check ECB
	assert(decrypted == data.to_utf8())

	var iv = "My secret iv!!!!" # IV must be of exactly 16 bytes.
	# Encrypt CBC
	aes.start(AESContext.MODE_CBC_ENCRYPT, key.to_utf8(), iv.to_utf8())
	encrypted = aes.update(data.to_utf8())
	aes.finish()
	# Decrypt CBC
	aes.start(AESContext.MODE_CBC_DECRYPT, key.to_utf8(), iv.to_utf8())
	decrypted = aes.update(encrypted)
	aes.finish()
	# Check CBC
	assert(decrypted == data.to_utf8())

New Crypto methods demo code:

extends Node

var crypto = Crypto.new()

func _ready():
	# Generate new RSA key.
	var key = crypto.generate_rsa(4096)
	# Save key and certificate in the user folder.
	key.save("user://key.key") # Save private key
	key.save("user://key.pub", true) # Save public key only.
	_load_and_test()

func _load_and_test():
	var priv = load("user://key.key")
	var pub = load("user://key.pub")
	assert(pub.is_public_only())
	# Encryption
	var data = "Some data"
	var encrypted = crypto.encrypt(pub, data.to_utf8())
	# Decryption
	var decrypted = crypto.decrypt(priv, encrypted)
	# Signing
	var signature = crypto.sign(HashingContext.HASH_SHA256, data.sha256_buffer(), priv)
	# Verifying
	var verified = crypto.verify(HashingContext.HASH_SHA256, data.sha256_buffer(), signature, pub)
	# Checks
	assert(verified)
	assert(data.to_utf8() == decrypted)

This work was sponsored by Maffle LLC.

@Faless
Better zeroizing in CryptoKey.
f03b7f3 
Small code clenup (after PoolByteArray change).
@Faless
Add AESContext.
9a462e0 
GDScript interface to CryptoCore::AESContext.
Also add CBC mode in CryptoCore::AESContext and expose it.
@Faless
CryptoKey supports public keys.
788f180
@Faless
Implement sign and verify in crypto.
dfcc11f
@Faless
Implement RSA encryption/decryption.
8e3f9aa
@Faless
Document AES and new Crypto/CryptoKey functions.
f055b86
@Faless Faless added this to the 4.0 milestone Jun 22, 2020
@Faless Faless requested review from a team as code owners June 22, 2020 13:19
@akien-mga akien-mga changed the title Crypto enanchements, AESContext, RSA public key, signature, verification. Crypto enhancements, AESContext, RSA public key, signature, verification. Jun 22, 2020
@akien-mga akien-mga merged commit 42c4a70 into godotengine:master Jun 22, 2020
@akien-mga
Copy link
Member

Thanks!

@Faless Faless mentioned this pull request Jun 30, 2020
Closed
@fire fire mentioned this pull request Nov 6, 2020
Open
@tx350z
Copy link

tx350z commented Mar 12, 2021
edited
Loading

Will this generate PKCS1 compatible signatures? If so, which version? In anticipation of this coming in Godot 4 I've built a C# class based upon this https://docs.microsoft.com/en-us/dotnet/standard/security/cryptographic-signatures. The .NET RSAPKCS1SignatureFormatter docs indicate it creates PKCS1 v1.5 signatures.

Just wondering if the signatures generated by my C# class will be compatible with these new features.

EDIT: I think I've answered the question for myself. What digital signature standard is being used? Would like to know so I can build something compatible in C# until 4.0 is released. Thanks.

@Faless
Copy link
Collaborator Author

Faless commented Mar 12, 2021

@tx350z PKCS#1 v1.5, with MD5, SHA1, SHA256.

Next time, please use our one of our community channels to ask support questions, I would recommend joining the Godot Contributors Chat for engine development questions, since it's quite active.

@Faless Faless mentioned this pull request Apr 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement topic:core topic:network
Projects
None yet
Milestone
4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Faless @akien-mga @tx350z