/*************************************************************************/ /* file_access_encrypted.cpp */ /*************************************************************************/ /* This file is part of: */ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ /* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ /* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ /* "Software"), to deal in the Software without restriction, including */ /* without limitation the rights to use, copy, modify, merge, publish, */ /* distribute, sublicense, and/or sell copies of the Software, and to */ /* permit persons to whom the Software is furnished to do so, subject to */ /* the following conditions: */ /* */ /* The above copyright notice and this permission notice shall be */ /* included in all copies or substantial portions of the Software. */ /* */ /* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ /* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ /* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ /* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ /* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ /* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ #include "file_access_encrypted.h" #include "core/crypto/crypto_core.h" #include "core/print_string.h" #include "core/variant.h" #include <stdio.h> #define COMP_MAGIC 0x43454447 Error FileAccessEncrypted::open_and_parse(FileAccess *p_base, const Vector<uint8_t> &p_key, Mode p_mode) { ERR_FAIL_COND_V_MSG(file != nullptr, ERR_ALREADY_IN_USE, "Can't open file while another file from path '" + file->get_path_absolute() + "' is open."); ERR_FAIL_COND_V(p_key.size() != 32, ERR_INVALID_PARAMETER); pos = 0; eofed = false; if (p_mode == MODE_WRITE_AES256) { data.clear(); writing = true; file = p_base; mode = p_mode; key = p_key; } else if (p_mode == MODE_READ) { writing = false; key = p_key; uint32_t magic = p_base->get_32(); ERR_FAIL_COND_V(magic != COMP_MAGIC, ERR_FILE_UNRECOGNIZED); mode = Mode(p_base->get_32()); ERR_FAIL_INDEX_V(mode, MODE_MAX, ERR_FILE_CORRUPT); ERR_FAIL_COND_V(mode == 0, ERR_FILE_CORRUPT); unsigned char md5d[16]; p_base->get_buffer(md5d, 16); length = p_base->get_64(); base = p_base->get_position(); ERR_FAIL_COND_V(p_base->get_len() < base + length, ERR_FILE_CORRUPT); uint64_t ds = length; if (ds % 16) { ds += 16 - (ds % 16); } data.resize(ds); uint64_t blen = p_base->get_buffer(data.ptrw(), ds); ERR_FAIL_COND_V(blen != ds, ERR_FILE_CORRUPT); CryptoCore::AESContext ctx; ctx.set_decode_key(key.ptrw(), 256); for (uint64_t i = 0; i < ds; i += 16) { ctx.decrypt_ecb(&data.write[i], &data.write[i]); } data.resize(length); unsigned char hash[16]; ERR_FAIL_COND_V(CryptoCore::md5(data.ptr(), data.size(), hash) != OK, ERR_BUG); ERR_FAIL_COND_V_MSG(String::md5(hash) != String::md5(md5d), ERR_FILE_CORRUPT, "The MD5 sum of the decrypted file does not match the expected value. It could be that the file is corrupt, or that the provided decryption key is invalid."); file = p_base; } return OK; } Error FileAccessEncrypted::open_and_parse_password(FileAccess *p_base, const String &p_key, Mode p_mode) { String cs = p_key.md5_text(); ERR_FAIL_COND_V(cs.length() != 32, ERR_INVALID_PARAMETER); Vector<uint8_t> key; key.resize(32); for (int i = 0; i < 32; i++) { key.write[i] = cs[i]; } return open_and_parse(p_base, key, p_mode); } Error FileAccessEncrypted::_open(const String &p_path, int p_mode_flags) { return OK; } void FileAccessEncrypted::close() { if (!file) { return; } if (writing) { Vector<uint8_t> compressed; uint64_t len = data.size(); if (len % 16) { len += 16 - (len % 16); } unsigned char hash[16]; ERR_FAIL_COND(CryptoCore::md5(data.ptr(), data.size(), hash) != OK); // Bug? compressed.resize(len); memset(compressed.ptrw(), 0, len); for (int i = 0; i < data.size(); i++) { compressed.write[i] = data[i]; } CryptoCore::AESContext ctx; ctx.set_encode_key(key.ptrw(), 256); for (uint64_t i = 0; i < len; i += 16) { ctx.encrypt_ecb(&compressed.write[i], &compressed.write[i]); } file->store_32(COMP_MAGIC); file->store_32(mode); file->store_buffer(hash, 16); file->store_64(data.size()); file->store_buffer(compressed.ptr(), compressed.size()); file->close(); memdelete(file); file = nullptr; data.clear(); } else { file->close(); memdelete(file); data.clear(); file = nullptr; } } bool FileAccessEncrypted::is_open() const { return file != nullptr; } String FileAccessEncrypted::get_path() const { if (file) { return file->get_path(); } else { return ""; } } String FileAccessEncrypted::get_path_absolute() const { if (file) { return file->get_path_absolute(); } else { return ""; } } void FileAccessEncrypted::seek(uint64_t p_position) { if (p_position > get_len()) { p_position = get_len(); } pos = p_position; eofed = false; } void FileAccessEncrypted::seek_end(int64_t p_position) { seek(get_len() + p_position); } uint64_t FileAccessEncrypted::get_position() const { return pos; } uint64_t FileAccessEncrypted::get_len() const { return data.size(); } bool FileAccessEncrypted::eof_reached() const { return eofed; } uint8_t FileAccessEncrypted::get_8() const { ERR_FAIL_COND_V_MSG(writing, 0, "File has not been opened in read mode."); if (pos >= get_len()) { eofed = true; return 0; } uint8_t b = data[pos]; pos++; return b; } uint64_t FileAccessEncrypted::get_buffer(uint8_t *p_dst, uint64_t p_length) const { ERR_FAIL_COND_V(!p_dst && p_length > 0, -1); ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode."); uint64_t to_copy = MIN(p_length, get_len() - pos); for (uint64_t i = 0; i < to_copy; i++) { p_dst[i] = data[pos++]; } if (to_copy < p_length) { eofed = true; } return to_copy; } Error FileAccessEncrypted::get_error() const { return eofed ? ERR_FILE_EOF : OK; } void FileAccessEncrypted::store_buffer(const uint8_t *p_src, uint64_t p_length) { ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode."); ERR_FAIL_COND(!p_src && p_length > 0); if (pos < get_len()) { for (uint64_t i = 0; i < p_length; i++) { store_8(p_src[i]); } } else if (pos == get_len()) { data.resize(pos + p_length); for (uint64_t i = 0; i < p_length; i++) { data.write[pos + i] = p_src[i]; } pos += p_length; } } void FileAccessEncrypted::flush() { ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode."); // encrypted files keep data in memory till close() } void FileAccessEncrypted::store_8(uint8_t p_dest) { ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode."); if (pos < get_len()) { data.write[pos] = p_dest; pos++; } else if (pos == get_len()) { data.push_back(p_dest); pos++; } } bool FileAccessEncrypted::file_exists(const String &p_name) { FileAccess *fa = FileAccess::open(p_name, FileAccess::READ); if (!fa) { return false; } memdelete(fa); return true; } uint64_t FileAccessEncrypted::_get_modified_time(const String &p_file) { return 0; } uint32_t FileAccessEncrypted::_get_unix_permissions(const String &p_file) { return 0; } Error FileAccessEncrypted::_set_unix_permissions(const String &p_file, uint32_t p_permissions) { ERR_PRINT("Setting UNIX permissions on encrypted files is not implemented yet."); return ERR_UNAVAILABLE; } FileAccessEncrypted::FileAccessEncrypted() { file = nullptr; pos = 0; eofed = false; mode = MODE_MAX; writing = false; } FileAccessEncrypted::~FileAccessEncrypted() { if (file) { close(); } }