Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
godotengine
GitHub Repository: godotengine/godot
 Path: blob/master/core/io/file_access_encrypted.cpp
20873 views
1
/**************************************************************************/

2
/*  file_access_encrypted.cpp                                             */

3
/**************************************************************************/

4
/*                         This file is part of:                          */

5
/*                             GODOT ENGINE                               */

6
/*                        https://godotengine.org                         */

7
/**************************************************************************/

8
/* Copyright (c) 2014-present Godot Engine contributors (see AUTHORS.md). */

9
/* Copyright (c) 2007-2014 Juan Linietsky, Ariel Manzur.                  */

10
/*                                                                        */

11
/* Permission is hereby granted, free of charge, to any person obtaining  */

12
/* a copy of this software and associated documentation files (the        */

13
/* "Software"), to deal in the Software without restriction, including    */

14
/* without limitation the rights to use, copy, modify, merge, publish,    */

15
/* distribute, sublicense, and/or sell copies of the Software, and to     */

16
/* permit persons to whom the Software is furnished to do so, subject to  */

17
/* the following conditions:                                              */

18
/*                                                                        */

19
/* The above copyright notice and this permission notice shall be         */

20
/* included in all copies or substantial portions of the Software.        */

21
/*                                                                        */

22
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,        */

23
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF     */

24
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. */

25
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY   */

26
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,   */

27
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE      */

28
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.                 */

29
/**************************************************************************/

30


31
#include "file_access_encrypted.h"

32


33
#include "core/variant/variant.h"

34


35
CryptoCore::RandomGenerator *FileAccessEncrypted::_fae_static_rng = nullptr;

36


37
void FileAccessEncrypted::deinitialize() {

38
	if (_fae_static_rng) {

39
		memdelete(_fae_static_rng);

40
		_fae_static_rng = nullptr;

41
	}

42
}

43


44
Error FileAccessEncrypted::open_and_parse(Ref<FileAccess> p_base, const Vector<uint8_t> &p_key, Mode p_mode, bool p_with_magic, const Vector<uint8_t> &p_iv) {

45
	ERR_FAIL_COND_V_MSG(file.is_valid(), ERR_ALREADY_IN_USE, vformat("Can't open file while another file from path '%s' is open.", file->get_path_absolute()));

46
	ERR_FAIL_COND_V(p_key.size() != 32, ERR_INVALID_PARAMETER);

47


48
	pos = 0;

49
	eofed = false;

50
	use_magic = p_with_magic;

51


52
	if (p_mode == MODE_WRITE_AES256) {

53
		data.clear();

54
		writing = true;

55
		file = p_base;

56
		key = p_key;

57
		if (p_iv.is_empty()) {

58
			iv.resize(16);

59
			if (unlikely(!_fae_static_rng)) {

60
				_fae_static_rng = memnew(CryptoCore::RandomGenerator);

61
				if (_fae_static_rng->init() != OK) {

62
					memdelete(_fae_static_rng);

63
					_fae_static_rng = nullptr;

64
					ERR_FAIL_V_MSG(FAILED, "Failed to initialize random number generator.");

65
				}

66
			}

67
			Error err = _fae_static_rng->get_random_bytes(iv.ptrw(), 16);

68
			ERR_FAIL_COND_V(err != OK, err);

69
		} else {

70
			ERR_FAIL_COND_V(p_iv.size() != 16, ERR_INVALID_PARAMETER);

71
			iv = p_iv;

72
		}

73


74
	} else if (p_mode == MODE_READ) {

75
		writing = false;

76
		key = p_key;

77


78
		if (use_magic) {

79
			uint32_t magic = p_base->get_32();

80
			ERR_FAIL_COND_V(magic != ENCRYPTED_HEADER_MAGIC, ERR_FILE_UNRECOGNIZED);

81
		}

82


83
		unsigned char md5d[16];

84
		p_base->get_buffer(md5d, 16);

85
		length = p_base->get_64();

86


87
		iv.resize(16);

88
		p_base->get_buffer(iv.ptrw(), 16);

89


90
		base = p_base->get_position();

91
		ERR_FAIL_COND_V(p_base->get_length() < base + length, ERR_FILE_CORRUPT);

92
		uint64_t ds = length;

93
		if (ds % 16) {

94
			ds += 16 - (ds % 16);

95
		}

96
		data.resize(ds);

97


98
		uint64_t blen = p_base->get_buffer(data.ptrw(), ds);

99
		ERR_FAIL_COND_V(blen != ds, ERR_FILE_CORRUPT);

100


101
		{

102
			CryptoCore::AESContext ctx;

103


104
			ctx.set_encode_key(key.ptrw(), 256); // Due to the nature of CFB, same key schedule is used for both encryption and decryption!

105
			ctx.decrypt_cfb(ds, iv.ptrw(), data.ptrw(), data.ptrw());

106
		}

107


108
		data.resize(length);

109


110
		unsigned char hash[16];

111
		ERR_FAIL_COND_V(CryptoCore::md5(data.ptr(), data.size(), hash) != OK, ERR_BUG);

112


113
		ERR_FAIL_COND_V_MSG(String::md5(hash) != String::md5(md5d), ERR_FILE_CORRUPT, "The MD5 sum of the decrypted file does not match the expected value. It could be that the file is corrupt, or that the provided decryption key is invalid.");

114


115
		file = p_base;

116
	}

117


118
	return OK;

119
}

120


121
Error FileAccessEncrypted::open_and_parse_password(Ref<FileAccess> p_base, const String &p_key, Mode p_mode) {

122
	String cs = p_key.md5_text();

123
	ERR_FAIL_COND_V(cs.length() != 32, ERR_INVALID_PARAMETER);

124
	Vector<uint8_t> key_md5;

125
	key_md5.resize(32);

126
	for (int i = 0; i < 32; i++) {

127
		key_md5.write[i] = cs[i];

128
	}

129


130
	return open_and_parse(p_base, key_md5, p_mode);

131
}

132


133
Error FileAccessEncrypted::open_internal(const String &p_path, int p_mode_flags) {

134
	return OK;

135
}

136


137
void FileAccessEncrypted::_close() {

138
	if (file.is_null()) {

139
		return;

140
	}

141


142
	if (writing) {

143
		LocalVector<uint8_t> compressed;

144
		uint64_t len = data.size();

145
		if (len % 16) {

146
			len += 16 - (len % 16);

147
		}

148


149
		unsigned char hash[16];

150
		ERR_FAIL_COND(CryptoCore::md5(data.ptr(), data.size(), hash) != OK); // Bug?

151


152
		compressed.resize(len);

153
		memcpy(compressed.ptr(), data.ptr(), data.size());

154
		memset(compressed.ptr() + data.size(), 0, len - data.size());

155


156
		CryptoCore::AESContext ctx;

157
		ctx.set_encode_key(key.ptrw(), 256);

158


159
		if (use_magic) {

160
			file->store_32(ENCRYPTED_HEADER_MAGIC);

161
		}

162


163
		file->store_buffer(hash, 16);

164
		file->store_64(data.size());

165
		file->store_buffer(iv.ptr(), 16);

166


167
		ctx.encrypt_cfb(len, iv.ptrw(), compressed.ptr(), compressed.ptr());

168


169
		file->store_buffer(compressed.ptr(), compressed.size());

170
		data.clear();

171
	}

172


173
	file.unref();

174
}

175


176
bool FileAccessEncrypted::is_open() const {

177
	return file.is_valid();

178
}

179


180
String FileAccessEncrypted::get_path() const {

181
	if (file.is_valid()) {

182
		return file->get_path();

183
	} else {

184
		return "";

185
	}

186
}

187


188
String FileAccessEncrypted::get_path_absolute() const {

189
	if (file.is_valid()) {

190
		return file->get_path_absolute();

191
	} else {

192
		return "";

193
	}

194
}

195


196
void FileAccessEncrypted::seek(uint64_t p_position) {

197
	if (p_position > get_length()) {

198
		p_position = get_length();

199
	}

200


201
	pos = p_position;

202
	eofed = false;

203
}

204


205
void FileAccessEncrypted::seek_end(int64_t p_position) {

206
	seek(get_length() + p_position);

207
}

208


209
uint64_t FileAccessEncrypted::get_position() const {

210
	return pos;

211
}

212


213
uint64_t FileAccessEncrypted::get_length() const {

214
	return data.size();

215
}

216


217
bool FileAccessEncrypted::eof_reached() const {

218
	return eofed;

219
}

220


221
uint64_t FileAccessEncrypted::get_buffer(uint8_t *p_dst, uint64_t p_length) const {

222
	ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode.");

223


224
	if (!p_length) {

225
		return 0;

226
	}

227


228
	ERR_FAIL_NULL_V(p_dst, -1);

229


230
	uint64_t to_copy = MIN(p_length, get_length() - pos);

231


232
	memcpy(p_dst, data.ptr() + pos, to_copy);

233
	pos += to_copy;

234


235
	if (to_copy < p_length) {

236
		eofed = true;

237
	}

238


239
	return to_copy;

240
}

241


242
Error FileAccessEncrypted::get_error() const {

243
	return eofed ? ERR_FILE_EOF : OK;

244
}

245


246
bool FileAccessEncrypted::store_buffer(const uint8_t *p_src, uint64_t p_length) {

247
	ERR_FAIL_COND_V_MSG(!writing, false, "File has not been opened in write mode.");

248


249
	if (!p_length) {

250
		return true;

251
	}

252


253
	ERR_FAIL_NULL_V(p_src, false);

254


255
	if (pos + p_length >= get_length()) {

256
		ERR_FAIL_COND_V(data.resize(pos + p_length) != OK, false);

257
	}

258


259
	memcpy(data.ptrw() + pos, p_src, p_length);

260
	pos += p_length;

261


262
	return true;

263
}

264


265
void FileAccessEncrypted::flush() {

266
	ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode.");

267


268
	// encrypted files keep data in memory till close()

269
}

270


271
bool FileAccessEncrypted::file_exists(const String &p_name) {

272
	Ref<FileAccess> fa = FileAccess::open(p_name, FileAccess::READ);

273
	if (fa.is_null()) {

274
		return false;

275
	}

276
	return true;

277
}

278


279
uint64_t FileAccessEncrypted::_get_modified_time(const String &p_file) {

280
	if (file.is_valid()) {

281
		return file->get_modified_time(p_file);

282
	} else {

283
		return 0;

284
	}

285
}

286


287
uint64_t FileAccessEncrypted::_get_access_time(const String &p_file) {

288
	if (file.is_valid()) {

289
		return file->get_access_time(p_file);

290
	} else {

291
		return 0;

292
	}

293
}

294


295
int64_t FileAccessEncrypted::_get_size(const String &p_file) {

296
	if (file.is_valid()) {

297
		return file->get_size(p_file);

298
	} else {

299
		return -1;

300
	}

301
}

302


303
BitField<FileAccess::UnixPermissionFlags> FileAccessEncrypted::_get_unix_permissions(const String &p_file) {

304
	if (file.is_valid()) {

305
		return file->_get_unix_permissions(p_file);

306
	}

307
	return 0;

308
}

309


310
Error FileAccessEncrypted::_set_unix_permissions(const String &p_file, BitField<FileAccess::UnixPermissionFlags> p_permissions) {

311
	if (file.is_valid()) {

312
		return file->_set_unix_permissions(p_file, p_permissions);

313
	}

314
	return FAILED;

315
}

316


317
bool FileAccessEncrypted::_get_hidden_attribute(const String &p_file) {

318
	if (file.is_valid()) {

319
		return file->_get_hidden_attribute(p_file);

320
	}

321
	return false;

322
}

323


324
Error FileAccessEncrypted::_set_hidden_attribute(const String &p_file, bool p_hidden) {

325
	if (file.is_valid()) {

326
		return file->_set_hidden_attribute(p_file, p_hidden);

327
	}

328
	return FAILED;

329
}

330


331
bool FileAccessEncrypted::_get_read_only_attribute(const String &p_file) {

332
	if (file.is_valid()) {

333
		return file->_get_read_only_attribute(p_file);

334
	}

335
	return false;

336
}

337


338
Error FileAccessEncrypted::_set_read_only_attribute(const String &p_file, bool p_ro) {

339
	if (file.is_valid()) {

340
		return file->_set_read_only_attribute(p_file, p_ro);

341
	}

342
	return FAILED;

343
}

344


345
void FileAccessEncrypted::close() {

346
	_close();

347
}

348


349
FileAccessEncrypted::~FileAccessEncrypted() {

350
	_close();

351
}

352


353