ProtoProxy: Modified to use PolarSSL.

Tools/ProtoProxy/CMakeLists.txt

@@ -63,9 +63,11 @@ endif()
 
 # Set include paths to the used libraries:
 include_directories("../../lib")
+include_directories("../../lib/polarssl/include")
 include_directories("../../src")
 
 
+
 function(flatten_files arg1)
 	set(res "")
 	foreach(f ${${arg1}})
@@ -77,11 +79,11 @@ endfunction()
 
 
 # Include the libraries:
-file(GLOB CRYPTOPP_SRC "../../lib/cryptopp/*.cpp")
-file(GLOB CRYPTOPP_HDR "../../lib/cryptopp/*.h")
-flatten_files(CRYPTOPP_SRC)
-flatten_files(CRYPTOPP_HDR)
-source_group("CryptoPP" FILES ${CRYPTOPP_SRC} ${CRYPTOPP_HDR})
+file(GLOB POLARSSL_SRC "../../lib/polarssl/library/*.c")
+file(GLOB POLARSSL_HDR "../../lib/polarssl/include/polarssl/*.h")
+flatten_files(POLARSSL_SRC)
+flatten_files(POLARSSL_HDR)
+source_group("PolarSSL" FILES ${POLARSSL_SRC} ${POLARSSL_HDR})
 
 file(GLOB ZLIB_SRC "../../lib/zlib/*.c")
 file(GLOB ZLIB_HDR "../../lib/zlib/*.h")
@@ -96,12 +98,14 @@ set(SHARED_SRC
 	../../src/StringUtils.cpp
 	../../src/Log.cpp
 	../../src/MCLogger.cpp
+	../../src/Crypto.cpp
 )
 set(SHARED_HDR
 	../../src/ByteBuffer.h
 	../../src/StringUtils.h
 	../../src/Log.h
 	../../src/MCLogger.h
+	../../src/Crypto.h
 )
 set(SHARED_OSS_SRC
 	../../src/OSSupport/CriticalSection.cpp
@@ -145,8 +149,8 @@ add_executable(ProtoProxy
 	${SHARED_HDR}
 	${SHARED_OSS_SRC}
 	${SHARED_OSS_HDR}
-	${CRYPTOPP_SRC}
-	${CRYPTOPP_HDR}
+	${POLARSSL_SRC}
+	${POLARSSL_HDR}
 	${ZLIB_SRC}
 	${ZLIB_HDR}
 )

Tools/ProtoProxy/Connection.cpp

@@ -378,13 +378,13 @@ bool cConnection::RelayFromServer(void)
 		}
 		case csEncryptedUnderstood:
 		{
-			m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+			m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
 			DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
 			return DecodeServersPackets(Buffer, res);
 		}
 		case csEncryptedUnknown:
 		{
-			m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+			m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
 			DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
 			return CLIENTSEND(Buffer, res);
 		}
@@ -423,7 +423,7 @@ bool cConnection::RelayFromClient(void)
 		case csEncryptedUnknown:
 		{
 			DataLog(Buffer, res, "Decrypted %d bytes from the CLIENT", res);
-			m_ServerEncryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+			m_ServerEncryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
 			return SERVERSEND(Buffer, res);
 		}
 	}
@@ -473,13 +473,13 @@ bool cConnection::SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a
 
 
 
-bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
 {
 	DataLog(a_Data, a_Size, "Encrypting %d bytes to %s", a_Size, a_Peer);
-	const byte * Data = (const byte *)a_Data;
+	const Byte * Data = (const Byte *)a_Data;
 	while (a_Size > 0)
 	{
-		byte Buffer[64 KiB];
+		Byte Buffer[64 KiB];
 		int NumBytes = (a_Size > sizeof(Buffer)) ? sizeof(Buffer) : a_Size;
 		a_Encryptor.ProcessData(Buffer, Data, NumBytes);
 		bool res = SendData(a_Socket, (const char *)Buffer, NumBytes, a_Peer);
@@ -497,7 +497,7 @@ bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, co
 
 
 
-bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
 {
 	AString All;
 	a_Data.ReadAll(All);
@@ -2701,7 +2701,7 @@ bool cConnection::ParseMetadata(cByteBuffer & a_Buffer, AString & a_Metadata)
 		int Length = 0;
 		switch (Type)
 		{
-			case 0: Length = 1; break;  // byte
+			case 0: Length = 1; break;  // Byte
 			case 1: Length = 2; break;  // short
 			case 2: Length = 4; break;  // int
 			case 3: Length = 4; break;  // float
@@ -2860,37 +2860,26 @@ void cConnection::LogMetadata(const AString & a_Metadata, size_t a_IndentCount)
 void cConnection::SendEncryptionKeyResponse(const AString & a_ServerPublicKey, const AString & a_Nonce)
 {
 	// Generate the shared secret and encrypt using the server's public key
-	byte SharedSecret[16];
-	byte EncryptedSecret[128];
+	Byte SharedSecret[16];
+	Byte EncryptedSecret[128];
 	memset(SharedSecret, 0, sizeof(SharedSecret));  // Use all zeroes for the initial secret
-	RSA::PublicKey pk;
-	CryptoPP::StringSource src(a_ServerPublicKey, true);
-	ByteQueue bq;
-	src.TransferTo(bq);
-	bq.MessageEnd();
-	pk.Load(bq);
-	RSAES<PKCS1v15>::Encryptor rsaEncryptor(pk);
-	RandomPool rng;
-	time_t CurTime = time(NULL);
-	rng.Put((const byte *)&CurTime, sizeof(CurTime));
-	int EncryptedLength = rsaEncryptor.FixedCiphertextLength();
-	ASSERT(EncryptedLength <= sizeof(EncryptedSecret));
-	rsaEncryptor.Encrypt(rng, SharedSecret, sizeof(SharedSecret), EncryptedSecret);
-	m_ServerEncryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
-	m_ServerDecryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
+	m_Server.GetPrivateKey().Encrypt(SharedSecret, sizeof(SharedSecret), EncryptedSecret, sizeof(EncryptedSecret));
+
+	m_ServerEncryptor.Init(SharedSecret, SharedSecret);
+	m_ServerDecryptor.Init(SharedSecret, SharedSecret);
 	
 	// Encrypt the nonce:
-	byte EncryptedNonce[128];
-	rsaEncryptor.Encrypt(rng, (const byte *)(a_Nonce.data()), a_Nonce.size(), EncryptedNonce);
+	Byte EncryptedNonce[128];
+	m_Server.GetPrivateKey().Encrypt((const Byte *)a_Nonce.data(), a_Nonce.size(), EncryptedNonce, sizeof(EncryptedNonce));
 	
 	// Send the packet to the server:
 	Log("Sending PACKET_ENCRYPTION_KEY_RESPONSE to the SERVER");
 	cByteBuffer ToServer(1024);
 	ToServer.WriteByte(0x01);  // To server: Encryption key response
-	ToServer.WriteBEShort(EncryptedLength);
-	ToServer.WriteBuf(EncryptedSecret, EncryptedLength);
-	ToServer.WriteBEShort(EncryptedLength);
-	ToServer.WriteBuf(EncryptedNonce, EncryptedLength);
+	ToServer.WriteBEShort((short)sizeof(EncryptedSecret));
+	ToServer.WriteBuf(EncryptedSecret, sizeof(EncryptedSecret));
+	ToServer.WriteBEShort((short)sizeof(EncryptedNonce));
+	ToServer.WriteBuf(EncryptedNonce, sizeof(EncryptedNonce));
 	SERVERSEND(ToServer);
 	m_ServerState = csEncryptedUnderstood;
 	m_IsServerEncrypted = true;

Tools/ProtoProxy/Connection.h

@@ -62,14 +62,12 @@ public:
 	void LogFlush(void);
 	
 protected:
-	typedef CFB_Mode<AES>::Encryption Encryptor;
-	typedef CFB_Mode<AES>::Decryption Decryptor;
-	
+
 	cByteBuffer m_ClientBuffer;
 	cByteBuffer m_ServerBuffer;
 	
-	Decryptor m_ServerDecryptor;
-	Encryptor m_ServerEncryptor;
+	cAESCFBDecryptor m_ServerDecryptor;
+	cAESCFBEncryptor m_ServerEncryptor;
 
 	AString m_ServerEncryptionBuffer;  // Buffer for the data to be sent to the server once encryption is established
 	
@@ -111,10 +109,10 @@ protected:
 	bool SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a_Peer);
 	
 	/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
-	bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
+	bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
 	
 	/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
-	bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
+	bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
 	
 	/// Decodes packets coming from the client, sends appropriate counterparts to the server; returns false if the connection is to be dropped
 	bool DecodeClientsPackets(const char * a_Data, int a_Size);

Tools/ProtoProxy/Globals.h

@@ -74,6 +74,8 @@ typedef unsigned long long UInt64;
 typedef unsigned int       UInt32;
 typedef unsigned short     UInt16;
 
+typedef unsigned char Byte;
+
 
 
 
@@ -223,12 +225,8 @@ public:
 
 
 
-#include "cryptopp/randpool.h"
-#include "cryptopp/aes.h"
-#include "cryptopp/rsa.h"
-#include "cryptopp/modes.h"
+#include "../../src/Crypto.h"
 
-using namespace CryptoPP;
 
 
 

Tools/ProtoProxy/Server.cpp

@@ -34,12 +34,8 @@ int cServer::Init(short a_ListenPort, short a_ConnectPort)
 	#endif  // _WIN32
 	
 	printf("Generating protocol encryption keypair...\n");
-	time_t CurTime = time(NULL);
-	RandomPool rng;
-	rng.Put((const byte *)&CurTime, sizeof(CurTime));
-	m_PrivateKey.GenerateRandomWithKeySize(rng, 1024);
-	RSA::PublicKey pk(m_PrivateKey);
-	m_PublicKey = pk;
+	m_PrivateKey.Generate();
+	m_PublicKeyDER = m_PrivateKey.GetPubKeyDER();
 
 	m_ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	sockaddr_in local;

Tools/ProtoProxy/Server.h

@@ -17,8 +17,8 @@
 class cServer
 {
 	SOCKET m_ListenSocket;
-	RSA::PrivateKey m_PrivateKey;
-	RSA::PublicKey  m_PublicKey;
+	cRSAPrivateKey m_PrivateKey;
+	AString m_PublicKeyDER;
 	short m_ConnectPort;
 	
 public:
@@ -27,8 +27,8 @@ public:
 	int  Init(short a_ListenPort, short a_ConnectPort);
 	void Run(void);
 	
-	RSA::PrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
-	RSA::PublicKey  & GetPublicKey (void) { return m_PublicKey; }
+	cRSAPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
+	const AString & GetPublicKeyDER (void) { return m_PublicKeyDER; }
 	
 	short GetConnectPort(void) const { return m_ConnectPort; }
 } ;