Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
godotengine
GitHub Repository: godotengine/godot
 Path: blob/master/core/io/file_access_encrypted.cpp
9973 views
1
/**************************************************************************/

2
/*  file_access_encrypted.cpp                                             */

3
/**************************************************************************/

4
/*                         This file is part of:                          */

5
/*                             GODOT ENGINE                               */

6
/*                        https://godotengine.org                         */

7
/**************************************************************************/

8
/* Copyright (c) 2014-present Godot Engine contributors (see AUTHORS.md). */

9
/* Copyright (c) 2007-2014 Juan Linietsky, Ariel Manzur.                  */

10
/*                                                                        */

11
/* Permission is hereby granted, free of charge, to any person obtaining  */

12
/* a copy of this software and associated documentation files (the        */

13
/* "Software"), to deal in the Software without restriction, including    */

14
/* without limitation the rights to use, copy, modify, merge, publish,    */

15
/* distribute, sublicense, and/or sell copies of the Software, and to     */

16
/* permit persons to whom the Software is furnished to do so, subject to  */

17
/* the following conditions:                                              */

18
/*                                                                        */

19
/* The above copyright notice and this permission notice shall be         */

20
/* included in all copies or substantial portions of the Software.        */

21
/*                                                                        */

22
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,        */

23
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF     */

24
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. */

25
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY   */

26
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,   */

27
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE      */

28
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.                 */

29
/**************************************************************************/

30


31
#include "file_access_encrypted.h"

32


33
#include "core/variant/variant.h"

34


35
CryptoCore::RandomGenerator *FileAccessEncrypted::_fae_static_rng = nullptr;

36


37
void FileAccessEncrypted::deinitialize() {

38
	if (_fae_static_rng) {

39
		memdelete(_fae_static_rng);

40
		_fae_static_rng = nullptr;

41
	}

42
}

43


44
Error FileAccessEncrypted::open_and_parse(Ref<FileAccess> p_base, const Vector<uint8_t> &p_key, Mode p_mode, bool p_with_magic, const Vector<uint8_t> &p_iv) {

45
	ERR_FAIL_COND_V_MSG(file.is_valid(), ERR_ALREADY_IN_USE, vformat("Can't open file while another file from path '%s' is open.", file->get_path_absolute()));

46
	ERR_FAIL_COND_V(p_key.size() != 32, ERR_INVALID_PARAMETER);

47


48
	pos = 0;

49
	eofed = false;

50
	use_magic = p_with_magic;

51


52
	if (p_mode == MODE_WRITE_AES256) {

53
		data.clear();

54
		writing = true;

55
		file = p_base;

56
		key = p_key;

57
		if (p_iv.is_empty()) {

58
			iv.resize(16);

59
			if (unlikely(!_fae_static_rng)) {

60
				_fae_static_rng = memnew(CryptoCore::RandomGenerator);

61
				if (_fae_static_rng->init() != OK) {

62
					memdelete(_fae_static_rng);

63
					_fae_static_rng = nullptr;

64
					ERR_FAIL_V_MSG(FAILED, "Failed to initialize random number generator.");

65
				}

66
			}

67
			Error err = _fae_static_rng->get_random_bytes(iv.ptrw(), 16);

68
			ERR_FAIL_COND_V(err != OK, err);

69
		} else {

70
			ERR_FAIL_COND_V(p_iv.size() != 16, ERR_INVALID_PARAMETER);

71
			iv = p_iv;

72
		}

73


74
	} else if (p_mode == MODE_READ) {

75
		writing = false;

76
		key = p_key;

77


78
		if (use_magic) {

79
			uint32_t magic = p_base->get_32();

80
			ERR_FAIL_COND_V(magic != ENCRYPTED_HEADER_MAGIC, ERR_FILE_UNRECOGNIZED);

81
		}

82


83
		unsigned char md5d[16];

84
		p_base->get_buffer(md5d, 16);

85
		length = p_base->get_64();

86


87
		iv.resize(16);

88
		p_base->get_buffer(iv.ptrw(), 16);

89


90
		base = p_base->get_position();

91
		ERR_FAIL_COND_V(p_base->get_length() < base + length, ERR_FILE_CORRUPT);

92
		uint64_t ds = length;

93
		if (ds % 16) {

94
			ds += 16 - (ds % 16);

95
		}

96
		data.resize(ds);

97


98
		uint64_t blen = p_base->get_buffer(data.ptrw(), ds);

99
		ERR_FAIL_COND_V(blen != ds, ERR_FILE_CORRUPT);

100


101
		{

102
			CryptoCore::AESContext ctx;

103


104
			ctx.set_encode_key(key.ptrw(), 256); // Due to the nature of CFB, same key schedule is used for both encryption and decryption!

105
			ctx.decrypt_cfb(ds, iv.ptrw(), data.ptrw(), data.ptrw());

106
		}

107


108
		data.resize(length);

109


110
		unsigned char hash[16];

111
		ERR_FAIL_COND_V(CryptoCore::md5(data.ptr(), data.size(), hash) != OK, ERR_BUG);

112


113
		ERR_FAIL_COND_V_MSG(String::md5(hash) != String::md5(md5d), ERR_FILE_CORRUPT, "The MD5 sum of the decrypted file does not match the expected value. It could be that the file is corrupt, or that the provided decryption key is invalid.");

114


115
		file = p_base;

116
	}

117


118
	return OK;

119
}

120


121
Error FileAccessEncrypted::open_and_parse_password(Ref<FileAccess> p_base, const String &p_key, Mode p_mode) {

122
	String cs = p_key.md5_text();

123
	ERR_FAIL_COND_V(cs.length() != 32, ERR_INVALID_PARAMETER);

124
	Vector<uint8_t> key_md5;

125
	key_md5.resize(32);

126
	for (int i = 0; i < 32; i++) {

127
		key_md5.write[i] = cs[i];

128
	}

129


130
	return open_and_parse(p_base, key_md5, p_mode);

131
}

132


133
Error FileAccessEncrypted::open_internal(const String &p_path, int p_mode_flags) {

134
	return OK;

135
}

136


137
void FileAccessEncrypted::_close() {

138
	if (file.is_null()) {

139
		return;

140
	}

141


142
	if (writing) {

143
		Vector<uint8_t> compressed;

144
		uint64_t len = data.size();

145
		if (len % 16) {

146
			len += 16 - (len % 16);

147
		}

148


149
		unsigned char hash[16];

150
		ERR_FAIL_COND(CryptoCore::md5(data.ptr(), data.size(), hash) != OK); // Bug?

151


152
		compressed.resize(len);

153
		memset(compressed.ptrw(), 0, len);

154
		for (int i = 0; i < data.size(); i++) {

155
			compressed.write[i] = data[i];

156
		}

157


158
		CryptoCore::AESContext ctx;

159
		ctx.set_encode_key(key.ptrw(), 256);

160


161
		if (use_magic) {

162
			file->store_32(ENCRYPTED_HEADER_MAGIC);

163
		}

164


165
		file->store_buffer(hash, 16);

166
		file->store_64(data.size());

167
		file->store_buffer(iv.ptr(), 16);

168


169
		ctx.encrypt_cfb(len, iv.ptrw(), compressed.ptrw(), compressed.ptrw());

170


171
		file->store_buffer(compressed.ptr(), compressed.size());

172
		data.clear();

173
	}

174


175
	file.unref();

176
}

177


178
bool FileAccessEncrypted::is_open() const {

179
	return file.is_valid();

180
}

181


182
String FileAccessEncrypted::get_path() const {

183
	if (file.is_valid()) {

184
		return file->get_path();

185
	} else {

186
		return "";

187
	}

188
}

189


190
String FileAccessEncrypted::get_path_absolute() const {

191
	if (file.is_valid()) {

192
		return file->get_path_absolute();

193
	} else {

194
		return "";

195
	}

196
}

197


198
void FileAccessEncrypted::seek(uint64_t p_position) {

199
	if (p_position > get_length()) {

200
		p_position = get_length();

201
	}

202


203
	pos = p_position;

204
	eofed = false;

205
}

206


207
void FileAccessEncrypted::seek_end(int64_t p_position) {

208
	seek(get_length() + p_position);

209
}

210


211
uint64_t FileAccessEncrypted::get_position() const {

212
	return pos;

213
}

214


215
uint64_t FileAccessEncrypted::get_length() const {

216
	return data.size();

217
}

218


219
bool FileAccessEncrypted::eof_reached() const {

220
	return eofed;

221
}

222


223
uint64_t FileAccessEncrypted::get_buffer(uint8_t *p_dst, uint64_t p_length) const {

224
	ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode.");

225


226
	if (!p_length) {

227
		return 0;

228
	}

229


230
	ERR_FAIL_NULL_V(p_dst, -1);

231


232
	uint64_t to_copy = MIN(p_length, get_length() - pos);

233


234
	memcpy(p_dst, data.ptr() + pos, to_copy);

235
	pos += to_copy;

236


237
	if (to_copy < p_length) {

238
		eofed = true;

239
	}

240


241
	return to_copy;

242
}

243


244
Error FileAccessEncrypted::get_error() const {

245
	return eofed ? ERR_FILE_EOF : OK;

246
}

247


248
bool FileAccessEncrypted::store_buffer(const uint8_t *p_src, uint64_t p_length) {

249
	ERR_FAIL_COND_V_MSG(!writing, false, "File has not been opened in write mode.");

250


251
	if (!p_length) {

252
		return true;

253
	}

254


255
	ERR_FAIL_NULL_V(p_src, false);

256


257
	if (pos + p_length >= get_length()) {

258
		ERR_FAIL_COND_V(data.resize(pos + p_length) != OK, false);

259
	}

260


261
	memcpy(data.ptrw() + pos, p_src, p_length);

262
	pos += p_length;

263


264
	return true;

265
}

266


267
void FileAccessEncrypted::flush() {

268
	ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode.");

269


270
	// encrypted files keep data in memory till close()

271
}

272


273
bool FileAccessEncrypted::file_exists(const String &p_name) {

274
	Ref<FileAccess> fa = FileAccess::open(p_name, FileAccess::READ);

275
	if (fa.is_null()) {

276
		return false;

277
	}

278
	return true;

279
}

280


281
uint64_t FileAccessEncrypted::_get_modified_time(const String &p_file) {

282
	if (file.is_valid()) {

283
		return file->get_modified_time(p_file);

284
	} else {

285
		return 0;

286
	}

287
}

288


289
uint64_t FileAccessEncrypted::_get_access_time(const String &p_file) {

290
	if (file.is_valid()) {

291
		return file->get_access_time(p_file);

292
	} else {

293
		return 0;

294
	}

295
}

296


297
int64_t FileAccessEncrypted::_get_size(const String &p_file) {

298
	if (file.is_valid()) {

299
		return file->get_size(p_file);

300
	} else {

301
		return -1;

302
	}

303
}

304


305
BitField<FileAccess::UnixPermissionFlags> FileAccessEncrypted::_get_unix_permissions(const String &p_file) {

306
	if (file.is_valid()) {

307
		return file->_get_unix_permissions(p_file);

308
	}

309
	return 0;

310
}

311


312
Error FileAccessEncrypted::_set_unix_permissions(const String &p_file, BitField<FileAccess::UnixPermissionFlags> p_permissions) {

313
	if (file.is_valid()) {

314
		return file->_set_unix_permissions(p_file, p_permissions);

315
	}

316
	return FAILED;

317
}

318


319
bool FileAccessEncrypted::_get_hidden_attribute(const String &p_file) {

320
	if (file.is_valid()) {

321
		return file->_get_hidden_attribute(p_file);

322
	}

323
	return false;

324
}

325


326
Error FileAccessEncrypted::_set_hidden_attribute(const String &p_file, bool p_hidden) {

327
	if (file.is_valid()) {

328
		return file->_set_hidden_attribute(p_file, p_hidden);

329
	}

330
	return FAILED;

331
}

332


333
bool FileAccessEncrypted::_get_read_only_attribute(const String &p_file) {

334
	if (file.is_valid()) {

335
		return file->_get_read_only_attribute(p_file);

336
	}

337
	return false;

338
}

339


340
Error FileAccessEncrypted::_set_read_only_attribute(const String &p_file, bool p_ro) {

341
	if (file.is_valid()) {

342
		return file->_set_read_only_attribute(p_file, p_ro);

343
	}

344
	return FAILED;

345
}

346


347
void FileAccessEncrypted::close() {

348
	_close();

349
}

350


351
FileAccessEncrypted::~FileAccessEncrypted() {

352
	_close();

353
}

354


355