Commit Graph

51 Commits

Author SHA1 Message Date
Jon Bonazza d5925fd522 feat: HMAC support in Crypto APIs 2020-11-26 18:39:56 -08:00
reduz 127458ed17 Reorganized core/ directory, it was too fatty already
-Removed FuncRef, since Callable makes it obsolete
-Removed int_types.h as its obsolete in c++11+
-Changed color names code
2020-11-07 20:17:12 -03:00
Fabio Alessandrelli 60687ce778 Fix certificate generation with mbedtls 2.16.8 .
When generating certificates with
`Crypto.generate_self_signed_certificate` we generate the PEM in a
buffer via `mbedtls_x509write_crt_pem`.

Since version 2.16.8, mbedtls adds spurious data at the end of the
buffer due to internal optimizations, this breaks our logic when we try
to immediately parse it and return a proper `X509Certificate` object.

This commit updates the code to find the actual PEM length to parse
using `strlen`, takes extra caution always adding the terminator to the
buffer, and slightly improve error messages.
2020-09-15 18:47:51 +02:00
Fabio Alessandrelli 8e3f9aa681 Implement RSA encryption/decryption. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli dfcc11fa52 Implement sign and verify in crypto. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli 788f18086e CryptoKey supports public keys. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli f03b7f3d7a Better zeroizing in CryptoKey.
Small code clenup (after PoolByteArray change).
2020-06-18 15:26:01 +02:00
Rémi Verschelde 0ee0fa42e6 Style: Enforce braces around if blocks and loops
Using clang-tidy's `readability-braces-around-statements`.
https://clang.llvm.org/extra/clang-tidy/checks/readability-braces-around-statements.html
2020-05-14 21:57:34 +02:00
Rémi Verschelde 07bc4e2f96 Style: Enforce separation line between function definitions
I couldn't find a tool that enforces it, so I went the manual route:
```
find -name "thirdparty" -prune \
  -o -name "*.cpp" -o -name "*.h" -o -name "*.m" -o -name "*.mm" \
  -o -name "*.glsl" > files
perl -0777 -pi -e 's/\n}\n([^#])/\n}\n\n\1/g' $(cat files)
misc/scripts/fix_style.sh -c
```

This adds a newline after all `}` on the first column, unless they
are followed by `#` (typically `#endif`). This leads to having lots
of places with two lines between function/class definitions, but
clang-format then fixes it as we enforce max one line of separation.

This doesn't fix potential occurrences of function definitions which
are indented (e.g. for a helper class defined in a .cpp), but it's
better than nothing. Also can't be made to run easily on CI/hooks so
we'll have to be careful with new code.

Part of .
2020-05-14 16:54:55 +02:00
Rémi Verschelde 0be6d925dc Style: clang-format: Disable KeepEmptyLinesAtTheStartOfBlocks
Which means that reduz' beloved style which we all became used to
will now be changed automatically to remove the first empty line.

This makes us lean closer to 1TBS (the one true brace style) instead
of hybridating it with some Allman-inspired spacing.

There's still the case of braces around single-statement blocks that
needs to be addressed (but clang-format can't help with that, but
clang-tidy may if we agree about it).

Part of .
2020-05-14 16:54:55 +02:00
Rémi Verschelde e956e80c1f Style: clang-format: Disable AllowShortIfStatementsOnASingleLine
Part of , also discussed in .

Enforcing the use of brackets even on single line statements would be
preferred, but `clang-format` doesn't have this functionality yet.
2020-05-10 13:12:16 +02:00
lupoDharkael 95a1400a2a Replace NULL with nullptr 2020-04-02 13:38:00 +02:00
Rémi Verschelde cd4e46ee65 SCons: Format buildsystem files with psf/black
Configured for a max line length of 120 characters.

psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:

- Manually wrapped strings will be reflowed, so by using a line length
  of 120 for the sake of preserving readability for our long command
  calls, it also means that some manually wrapped strings are back on
  the same line and should be manually merged again.

- Code generators using string concatenation extensively look awful,
  since black puts each operand on a single line. We need to refactor
  these generators to use more pythonic string formatting, for which
  many options are available (`%`, `format` or f-strings).

- CI checks and a pre-commit hook will be added to ensure that future
  buildsystem changes are well-formatted.
2020-03-30 09:05:53 +02:00
Rajat Goswami 2ecf928ae3 Adding missing include guards to header files identified by LGTM.
This addresses the issue 
2020-03-23 04:52:36 -04:00
Rémi Verschelde cb282c6ef0 Style: Set clang-format Standard to Cpp11
For us, it practically only changes the fact that `A<A<int>>` is now
used instead of the C++03 compatible `A<A<int> >`.

Note: clang-format 10+ changed the `Standard` arguments to fully
specified `c++11`, `c++14`, etc. versions, but we can't use `c++17`
now if we want to preserve compatibility with clang-format 8 and 9.
`Cpp11` is still supported as deprecated alias for `Latest`.
2020-03-17 07:36:24 +01:00
simpuid 2584eb9c69 Changed default for p_validate_certs to true.
Fixes 
2020-03-17 02:18:57 +05:30
Juan Linietsky 69c95f4b4c Reworked signal connection system, added support for Callable and Signal objects and made them default. 2020-02-20 08:24:50 +01:00
Rémi Verschelde 27326f8238
Merge pull request from Faless/dtls/enet_vulkan
DTLS support + optional ENet encryption
2020-02-18 15:01:53 +01:00
Juan Linietsky 3205a92ad8 PoolVector is gone, replaced by Vector
Typed `PoolTypeArray` types are now renamed `PackedTypeArray` and are
sugar for `Vector<Type>`.
2020-02-18 10:10:36 +01:00
Fabio Alessandrelli 6fc50d785e New PacketPeerDTLS and DTLSServer classes.
Custom instance implementation via the mbedtls module.
2020-02-17 12:03:47 +01:00
Fabio Alessandrelli d06af89874 Move mbedlts print func to SSLMbedTLSContext. 2020-02-16 01:11:30 +01:00
Marcel Admiraal 5af3b4ca27 Remove duplicate ERR_PRINT macro. 2020-02-05 11:13:24 +01:00
Rémi Verschelde a7f49ac9a1 Update copyright statements to 2020
Happy new year to the wonderful Godot community!

We're starting a new decade with a well-established, non-profit, free
and open source game engine, and tons of further improvements in the
pipeline from hundreds of contributors.

Godot will keep getting better, and we're looking forward to all the
games that the community will keep developing and releasing with it.
2020-01-01 11:16:22 +01:00
Rafał Mikrut ed1c4bc77d Removed unused variables, add some constants numbers 2019-12-10 05:13:02 +01:00
Fabio Alessandrelli e9abcbac3b Fix crash when passing invalid key to Crypto.
In generate_self_signed_certificate
2019-10-09 15:59:17 +02:00
qarmin 17732fe698 Added some obvious errors explanations 2019-09-25 10:28:50 +02:00
Rémi Verschelde 538328898b Style: Fix copyright headers in new files 2019-08-28 09:19:52 +02:00
Fabio Alessandrelli 17d5b471b9 Better error handling in SSLContext, Crypto 2019-08-22 16:49:11 +02:00
Fabio Alessandrelli 99f657d89f Fix StreamPeerSSL connect_to_stream w/ custom cert
Follow up on .
Was checking the wrong parameter, causing the code to ignore provided
stream-specific SSL certificate.
2019-08-22 16:42:37 +02:00
Fabio Alessandrelli b223b207c4 Fix regression in StreamPeerSSL
Validate that base stream is valid before accepting/connecting.
Also remove unnecessary includes.
2019-08-22 00:14:01 +02:00
Fabio Alessandrelli ce5a3f56a6 Rewrite StreamPeerSSL with SSLContext helper class
connect_to_stream now accepts optional parameter to specify which
certificates to trust.
Implement accept_stream (SSL server) with key/cert parameters to specify
the RSA key and X509 certificate resources.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli dd8107caa4 New CryptoMbedTLS Crypto implementation.
Allows random bytes, RSA keys, and X509 certificates generation.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli 564d93ff10 CryptoCore class to access to base crypto utils.
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by
separate libraries.
Since we bundle mbedtls in most cases, and we can easily only include
the needed sources if we so desire, let's use it.

To simplify library changes in the future, and better isolate header
dependencies all functions have been wrapped around inside a class in
`core/math/crypto_base.h`.

If the mbedtls module is disabled, we only bundle the needed source
files independently of the `builtin_mbedtls` option.
If the module is enabled, the `builtin_mbedtls` option works as usual.

Also remove some unused headers from StreamPeerMbedTLS which were
causing build issues.
2019-07-02 12:36:27 +02:00
Fabio Alessandrelli 6baa3ff0de Add NULL check in SSL connect_to_stream 2019-06-24 07:43:31 +02:00
Fabio Alessandrelli 2b8b738391 Small hack to avoid runtime error when using ubsan
mbedtls_ssl_read cannot be called with a NULL buffer even if len is 0,
as those are passed to memcpy and compilers doesn't like that.
Always pass a single byte (still len 0 so nothing is actually copied)
2019-02-20 01:49:47 +01:00
Rémi Verschelde 5fc86026ca Fix typos with codespell
Using codespell 1.14.0.

Method:
```
$ cat > ../godot-word-whitelist.txt << EOF
ang
doubleclick
lod
nd
numer
que
te
unselect
EOF
$ codespell -w -q 3 -I ../godot-word-whitelist.txt --skip="./thirdparty,*.po"
$ git diff // undo unwanted changes
```
2019-02-13 09:23:29 +01:00
Rémi Verschelde b16c309f82 Update copyright statements to 2019
Happy new year to the wonderful Godot community!
2019-01-01 12:58:10 +01:00
Rémi Verschelde d1f3b622f0 Fix missing/malformed license headers 2019-01-01 12:46:36 +01:00
Rémi Verschelde 3a2ca68af3 SCons: Build thirdparty code in own env, disable warnings
Also remove unnecessary `Export('env')` in other SCsubs,
Export should only be used when exporting *new* objects.
2018-09-28 14:07:39 +02:00
Rémi Verschelde bca2d3ad40 Fix invalid comparison warnings: [-Wbool-compare] and [-Wenum-compare]
Fixes the following GCC 5 warnings and actual bugs:
```
drivers/unix/net_socket_posix.cpp:562:28: warning: comparison between 'enum IP::Type' and 'enum NetSocket::Type' [-Wenum-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: comparison of constant '17' with boolean expression is always true [-Wbool-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: comparison of constant '6' with boolean expression is always false [-Wbool-compare]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/mbedtls/stream_peer_mbed_tls.cpp:286:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
modules/mbedtls/stream_peer_mbed_tls.cpp:313:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
```
2018-09-27 16:25:24 +02:00
Fabio Alessandrelli 92de6df113 Add checks for clean disconnect in HTTP/TCP/SSL.
Half-open TCP connection can, of course, only be detected by
writing the socket, or waiting for TCP timeout.
2018-09-21 14:34:57 +02:00
Fabio Alessandrelli 0e56377e96 Allow system certs file to be used by Editor.
Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
2018-09-15 14:45:54 +02:00
Rémi Verschelde 277b24dfb7 Make core/ includes absolute, remove subfolders from include path
This allows more consistency in the manner we include core headers,
where previously there would be a mix of absolute, relative and
include path-dependent includes.
2018-09-12 09:52:22 +02:00
Rémi Verschelde d8e1cd7a10 mbedtls: Update to upstream version 2.12.0
_WIN32_WINNT redefinition fix is no longer needed as it was merged
upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-28 11:16:58 +02:00
Fabio Alessandrelli 99d0b7ba14 Implement non blocking-handshake for StreamPeerSSL 2018-07-16 13:08:17 +02:00
Fabio Alessandrelli 888379e513 Bump mbedTLS to version 2.10.0 2018-06-07 18:50:44 +02:00
Rémi Verschelde 3334209a73 SCons: Pass env to modules can_build method
This allows to disable modules based on the environment,
in particular `env[tools]` which tells us if we are
building the editor or not.
2018-05-30 19:11:36 +02:00
Fabio Alessandrelli 490dd9f946 Generalize SSL cert reading from file 2018-04-03 20:13:57 +02:00
Fabio Alessandrelli 659c62ee33 Use Prepend instead of Append for mbedTLS include
Fixes build on FreeBSD when system-wide mbedTLS and/or openSSL are installed
2018-02-28 20:02:16 +01:00
Fabio Alessandrelli bd3c27ba78 Allow building with system wide mbedtls on X11
Using builtin_mbedtls=yes is still the default as many distributions
do not ship with mbedtls included.
2018-02-14 01:34:25 +01:00