Gray C++ Libraries  0.0.2
A set of C++ libraries for MSVC, GNU on Windows, WinCE, Linux
cSecureChannel.h
Go to the documentation of this file.
1 //
7 //
8 #ifndef _INC_cSecureChannel_H
9 #define _INC_cSecureChannel_H 0x1D // This is the version stamp for the protocol
10 #ifndef NO_PRAGMA_ONCE
11 #pragma once
12 #endif
13 
14 #include "../Net/cProtocol.h"
15 #include "../UID/cFourCC.h"
16 #include "../Hash/cHashSHA256.h"
17 #include "../Cipher/cCipherBase.h"
18 #include "../Codec/cStreamCipher.h"
19 #include "GrayCore/include/cArchive.h"
20 #include "GrayCore/include/StrA.h"
21 #include "GrayCore/include/cNewPtr.h"
22 #include "GrayCore/include/cUnitTestDecl.h"
23 
24 namespace GrayLib
25 {
26  UNITTEST2_PREDEF(cSecureChannel);
27  typedef cHashSHA256 cSecureHash;
28 
29  class GRAYLIB_LINK cSecureId
30  {
35 
36  public:
37  cStringA m_sAppId;
38  cStringA m_sUserId;
39 
40  public:
41  cSecureId(cStringA sAppId = "", cStringA sUserId = "") noexcept
42  : m_sAppId(sAppId)
43  , m_sUserId(sUserId)
44  {
45  }
46  bool IsSame(const cSecureId& k) const
47  {
48  if (m_sAppId.Compare(k.m_sAppId))
49  return false;
50  if (m_sUserId.Compare(k.m_sUserId))
51  return false;
52  return true;
53  }
54  };
55 
56  class GRAYLIB_LINK cSecureKnock : public cSecureId
57  {
60  public:
61  typedef cSecureId SUPER_t;
62 
63  enum CIPHER_TYPE
64  {
67  CIPHER_None = 0,
68  CIPHER_RC4,
69  CIPHER_Blowfish,
70  CIPHER_AES,
71 
72  // Other future crypto...
73  CIPHER_QTY,
74 
75  CIPHER_KEY_RSA = 31,
76  };
77 
78  static const FOURCC k_SIGNATURE = MAKEFOURCC('G', 'S', 'e', 'c');
79  static const size_t k_SizeMin = 14;
80 
81  FOURCC m_nSignature;
82  WORD m_nVersion;
83  WORD m_nCryptAbilities;
84 
85  public:
86 
87  cSecureKnock(cStringA sAppId = "", cStringA sUserId = "", WORD nCryptAbilities = _1BITMASK(CIPHER_RC4) | _1BITMASK(CIPHER_None))
88  : cSecureId(sAppId, sUserId)
89  , m_nSignature(k_SIGNATURE)
90  , m_nVersion(_INC_cSecureChannel_H)
91  , m_nCryptAbilities(nCryptAbilities) // CIPHER_TYPE
92  {
93  }
94 
95  HRESULT Serialize(cArchive& a);
96  HRESULT SetSecureKnock(cStreamInput& s);
97  HRESULT SetSecureKnock(const void* pData, size_t nSize);
98 
99  void SetClear() noexcept
100  {
101  m_nSignature = 0;
102  m_nVersion = 0;
103  }
104  bool IsSame(const cSecureKnock& k) const;
105  };
106 
107  class GRAYLIB_LINK cSecureChannel
108  {
116 
117  public:
118  enum STATE_TYPE
119  {
122  STATE_0 = 0,
123  Client_Knock,
124  Server_Challenge,
125  Client_Login,
128  STATE_Secure,
131  STATE_Failed,
132  };
133 
134  public:
135  cHashCode m_Challenge;
136  cHashCode m_HashPass;
137  cSecureId m_Id;
138 
139  protected:
140  STATE_TYPE m_eState;
141  cSecureKnock::CIPHER_TYPE m_eCipherType;
142  cNewPtr<cCipherBase> m_pCipherEnc;
143  cNewPtr<cStreamCipherEnc> m_pCipherOut;
144  cNewPtr<cCipherBase> m_pCipherDec;
145  cNewPtr<cStreamCipherDec> m_pCipherInp;
146 
147  protected:
148  virtual HRESULT SetStateSecure();
149  HRESULT GetCipher(OUT cNewPtr<cCipherBase>& rCipher, bool bEncodeMode, const cSecureHash& hashKey);
150 
151  public:
152  cSecureChannel();
153  virtual ~cSecureChannel();
154 
155  STATE_TYPE get_State() const noexcept
156  {
157  return m_eState;
158  }
159  bool isStateSecure() const noexcept
160  {
162  return get_State() == STATE_Secure;
163  }
164 
165  cStreamInput* get_SecureInp() const;
166  cStreamOutput* get_SecureOut() const;
167 
168  static void GRAYCALL ComputeHash(OUT cSecureHash& rHash, const cHashCode& r1, const cHashCode& r2);
169 
170  UNITTEST_FRIEND(cSecureChannel);
171  };
172 
173  class GRAYLIB_LINK cSecureClient : public cSecureChannel
174  {
177 
178  typedef cSecureChannel SUPER_t;
179 
180  protected:
181  cStreamInput* m_pStreamInp;
182  cStreamOutput* m_pStreamOut;
183 
184  private:
185  HRESULT OnState0();
186  HRESULT OnStateKnock();
187  HRESULT OnStateLogin();
188 
189  public:
190  cSecureClient(cStreamInput* pStreamInp, cStreamOutput* pStreamOut);
191  virtual ~cSecureClient();
192 
193  HRESULT AdvanceState();
194 
195  cStreamInput* get_SecureInp() const
196  {
198  if (m_pCipherInp == nullptr) // From the raw channel. CIPHER_None = No Crypt. Pass Through.
199  return m_pStreamInp;
200  return SUPER_t::get_SecureInp();
201  }
202  cStreamOutput* get_SecureOut() const
203  {
205  if (m_pCipherOut == nullptr) // From the raw channel. CIPHER_None = No Crypt. Pass Through.
206  return m_pStreamOut;
207  return SUPER_t::get_SecureOut();
208  }
209  };
210 
211  class GRAYLIB_LINK cSecureServerFactory;
212 
213  class GRAYLIB_LINK cSecureServerStream : public cRefBase, public cSecureChannel, public cProtocolStream
214  {
217 
218  friend class cSecureServerFactory;
219 
220  public:
221  static const size_t k_ChallengeSize = cSecureHash::k_Size;
222  cProtocolStreamPtr m_pProtocol2;
223 
224  private:
225  HRESULT SendFailState0(HRESULT hResRet);
226  HRESULT OnState0();
227  HRESULT OnStateChallenge();
228  HRESULT OnStateSecure();
229 
230  public:
231  cSecureServerStream(cSecureServerFactory* pFactory, IUnkObject* pServerConnection, cStreamInput* pStreamInp, cStreamOutput* pStreamOut);
232  virtual ~cSecureServerStream();
233 
234  IUNKNOWN_DISAMBIG(cRefBase);
235 
236  virtual HRESULT DisposeThis() override;
237 
238  HASHCODE_t get_HashCode() const noexcept
239  {
240  return cProtocolStream::get_HashCode();
241  }
242  STDMETHOD_(HASHCODE_t, get_HashCodeX)() const noexcept override
243  {
244  return cProtocolStream::get_HashCode();
245  }
246 
247  cStreamInput* get_SecureInp() const
248  {
250  if (m_pCipherInp == nullptr) // From the raw channel. CIPHER_None = No Crypt. Pass Through.
251  return cProtocolStream::get_StreamInp();
252  return cSecureChannel::get_SecureInp();
253  }
254  cStreamOutput* get_SecureOut() const
255  {
257  if (m_pCipherOut == nullptr) // From the raw channel. CIPHER_None = No Crypt. Pass Through.
258  return cProtocolStream::get_StreamOut();
259  return cSecureChannel::get_SecureOut();
260  }
261 
262  virtual HRESULT SetStateSecure();
263  virtual HRESULT ProcessStreamPacket() override;
264  };
265  typedef cRefPtr<cSecureServerStream> cSecureServerStreamPtr;
266 
267  class GRAYLIB_LINK cSecureServerFactory : public IProtocolFactory
268  {
271 
272  protected:
273  cProtocolFactories m_Factories;
274 
275  public:
276  virtual const char* get_ProtocolName() const override
277  {
279  return "GSec";
280  }
281  virtual HRESULT TestProtocol(const BYTE* pszPrefixData, size_t iPrefixLen) const override
282  {
288  cSecureKnock knock;
289  const HRESULT hRes = knock.SetSecureKnock(pszPrefixData, iPrefixLen);
290  return hRes;
291  }
292  virtual cProtocolStreamPtr CreateProtocolStream(IUnkObject* pServerConnection, cStreamInput* pStreamInp, cStreamOutput* pStreamOut) override
293  {
294  return new cSecureServerStream(this, pServerConnection, pStreamInp, pStreamOut);
295  }
296  virtual HRESULT FindChallengeMatch(cSecureServerStream* pStream, const void* pData, size_t nDataSize);
297  };
298 };
299 #endif // _INC_cSecureChannel_H
GRAYCALL
#define GRAYCALL
declare calling convention for static functions so everyone knows the arg passing scheme....
Definition: GrayCore.h:36
GRAYLIB_LINK
#define GRAYLIB_LINK
Definition: GrayLibBase.h:35
HRESULT
INT32 HRESULT
_WIN32 style error codes. INT32
Definition: SysTypes.h:465
_1BITMASK
#define _1BITMASK(b)
default bitmask type = size_t. Use cBits::Mask1() for other type.
Definition: cBits.h:32
FOURCC
UINT32 FOURCC
32 bit code. Also defined in _MMSYSTEM_H
Definition: cFourCC.h:19
MAKEFOURCC
#define MAKEFOURCC(ch0, ch1, ch2, ch3)
Definition: cFourCC.h:24
_INC_cSecureChannel_H
#define _INC_cSecureChannel_H
Definition: cSecureChannel.h:9
GrayLib::cHashCode
Definition: cHashCode.h:43
GrayLib::cHashSHA256
Definition: cHashSHA256.h:19
GrayLib::cProtocolFactories
Definition: cProtocol.h:147
GrayLib::cProtocolStream
Definition: cProtocol.h:24
GrayLib::cProtocolStream::get_StreamInp
cStreamInput * get_StreamInp() const
Definition: cProtocol.h:75
GrayLib::cProtocolStream::get_HashCode
HASHCODE_t get_HashCode() const noexcept
Definition: cProtocol.h:48
GrayLib::cProtocolStream::get_StreamOut
cStreamOutput * get_StreamOut() const
Definition: cProtocol.h:79
GrayLib::cSecureChannel
Definition: cSecureChannel.h:108
GrayLib::cSecureChannel::m_HashPass
cHashCode m_HashPass
The working PASSCODE for login.
Definition: cSecureChannel.h:136
GrayLib::cSecureChannel::m_eState
STATE_TYPE m_eState
current state of the negotiation of the connection.
Definition: cSecureChannel.h:140
GrayLib::cSecureChannel::STATE_TYPE
STATE_TYPE
Definition: cSecureChannel.h:119
GrayLib::cSecureChannel::Client_Login
@ Client_Login
Definition: cSecureChannel.h:125
GrayLib::cSecureChannel::Client_Knock
@ Client_Knock
Client starts by sending cSecureKnock. protocol id,version,cipher ability. time? server host?
Definition: cSecureChannel.h:123
GrayLib::cSecureChannel::Server_Challenge
@ Server_Challenge
Server sends response as protocol id,version,preferred CIPHER_TYPE, length prefix,...
Definition: cSecureChannel.h:124
GrayLib::cSecureChannel::STATE_Secure
@ STATE_Secure
Definition: cSecureChannel.h:128
GrayLib::cSecureChannel::STATE_Failed
@ STATE_Failed
Channel is junk.
Definition: cSecureChannel.h:131
GrayLib::cSecureChannel::m_Id
cSecureId m_Id
My USERNAME and APPNAME.
Definition: cSecureChannel.h:137
GrayLib::cSecureChannel::isStateSecure
bool isStateSecure() const noexcept
Definition: cSecureChannel.h:159
GrayLib::cSecureChannel::get_SecureInp
cStreamInput * get_SecureInp() const
Definition: cSecureChannel.cpp:110
GrayLib::cSecureChannel::UNITTEST_FRIEND
UNITTEST_FRIEND(cSecureChannel)
GrayLib::cSecureChannel::m_eCipherType
cSecureKnock::CIPHER_TYPE m_eCipherType
the selected crypto type. <0=Failed login, 0=no crypt by choice, 1=cCipherRC4, 2=cCipherBlowfish
Definition: cSecureChannel.h:141
GrayLib::cSecureChannel::get_State
STATE_TYPE get_State() const noexcept
Definition: cSecureChannel.h:155
GrayLib::cSecureChannel::m_pCipherEnc
cNewPtr< cCipherBase > m_pCipherEnc
the selected encryption of the channel.
Definition: cSecureChannel.h:142
GrayLib::cSecureChannel::get_SecureOut
cStreamOutput * get_SecureOut() const
Definition: cSecureChannel.cpp:104
GrayLib::cSecureChannel::m_pCipherDec
cNewPtr< cCipherBase > m_pCipherDec
the selected decryption of the channel.
Definition: cSecureChannel.h:144
GrayLib::cSecureChannel::m_Challenge
cHashCode m_Challenge
the random data used to form the challenge. part of crypto key for data stream.
Definition: cSecureChannel.h:135
GrayLib::cSecureChannel::m_pCipherOut
cNewPtr< cStreamCipherEnc > m_pCipherOut
m_pCipher as a encrypt/output stream. pads to get_BlockAlignSize(). m_pCipherEnc
Definition: cSecureChannel.h:143
GrayLib::cSecureChannel::m_pCipherInp
cNewPtr< cStreamCipherDec > m_pCipherInp
m_pCipher as a decrypt/input stream. m_pCipherDec
Definition: cSecureChannel.h:145
GrayLib::cSecureClient
Definition: cSecureChannel.h:174
GrayLib::cSecureClient::get_SecureOut
cStreamOutput * get_SecureOut() const
Definition: cSecureChannel.h:202
GrayLib::cSecureClient::m_pStreamInp
cStreamInput * m_pStreamInp
the raw data stream from the cNetSocket
Definition: cSecureChannel.h:181
GrayLib::cSecureClient::get_SecureInp
cStreamInput * get_SecureInp() const
Definition: cSecureChannel.h:195
GrayLib::cSecureClient::m_pStreamOut
cStreamOutput * m_pStreamOut
the raw data stream to the cNetSocket
Definition: cSecureChannel.h:182
GrayLib::cSecureId
Definition: cSecureChannel.h:30
GrayLib::cSecureId::m_sAppId
cStringA m_sAppId
The clients declared Purpose/Application in talking to the server. e.g. "Browser",...
Definition: cSecureChannel.h:37
GrayLib::cSecureId::cSecureId
cSecureId(cStringA sAppId="", cStringA sUserId="") noexcept
Definition: cSecureChannel.h:41
GrayLib::cSecureId::m_sUserId
cStringA m_sUserId
The clients User/Account/InstanceId name it wants to login with. derives security privilege level fro...
Definition: cSecureChannel.h:38
GrayLib::cSecureId::IsSame
bool IsSame(const cSecureId &k) const
Definition: cSecureChannel.h:46
GrayLib::cSecureKnock
Definition: cSecureChannel.h:57
GrayLib::cSecureKnock::m_nSignature
FOURCC m_nSignature
const cSecureKnock::k_SIGNATURE to declare my protocol
Definition: cSecureChannel.h:81
GrayLib::cSecureKnock::m_nCryptAbilities
WORD m_nCryptAbilities
Am i limited in my crypt abilities ? mask of CIPHER_TYPE. CIPHER_KEY_RSA.
Definition: cSecureChannel.h:83
GrayLib::cSecureKnock::cSecureKnock
cSecureKnock(cStringA sAppId="", cStringA sUserId="", WORD nCryptAbilities=_1BITMASK(CIPHER_RC4)|_1BITMASK(CIPHER_None))
Definition: cSecureChannel.h:87
GrayLib::cSecureKnock::CIPHER_TYPE
CIPHER_TYPE
Definition: cSecureChannel.h:64
GrayLib::cSecureKnock::CIPHER_RC4
@ CIPHER_RC4
cCipherRC4. Worst cipher. but has no block size/padding. Try not to use this ?
Definition: cSecureChannel.h:68
GrayLib::cSecureKnock::CIPHER_Blowfish
@ CIPHER_Blowfish
cCipherBlowfish has block alignment size. needs padding.
Definition: cSecureChannel.h:69
GrayLib::cSecureKnock::CIPHER_AES
@ CIPHER_AES
cCipherAES. Best but has block alignment size. needs padding.
Definition: cSecureChannel.h:70
GrayLib::cSecureKnock::CIPHER_QTY
@ CIPHER_QTY
Definition: cSecureChannel.h:73
GrayLib::cSecureKnock::SetSecureKnock
HRESULT SetSecureKnock(cStreamInput &s)
Definition: cSecureChannel.cpp:41
GrayLib::cSecureKnock::SUPER_t
cSecureId SUPER_t
Definition: cSecureChannel.h:61
GrayLib::cSecureKnock::m_nVersion
WORD m_nVersion
const _INC_cSecureChannel_H = my protocol version id
Definition: cSecureChannel.h:82
GrayLib::cSecureKnock::SetClear
void SetClear() noexcept
Definition: cSecureChannel.h:99
GrayLib::cSecureServerFactory
Definition: cSecureChannel.h:268
GrayLib::cSecureServerFactory::CreateProtocolStream
virtual cProtocolStreamPtr CreateProtocolStream(IUnkObject *pServerConnection, cStreamInput *pStreamInp, cStreamOutput *pStreamOut) override
Definition: cSecureChannel.h:292
GrayLib::cSecureServerFactory::get_ProtocolName
virtual const char * get_ProtocolName() const override
Definition: cSecureChannel.h:276
GrayLib::cSecureServerFactory::TestProtocol
virtual HRESULT TestProtocol(const BYTE *pszPrefixData, size_t iPrefixLen) const override
Definition: cSecureChannel.h:281
GrayLib::cSecureServerFactory::m_Factories
cProtocolFactories m_Factories
What protocols are we wrapping?
Definition: cSecureChannel.h:273
GrayLib::cSecureServerStream
Definition: cSecureChannel.h:214
GrayLib::cSecureServerStream::get_HashCode
HASHCODE_t get_HashCode() const noexcept
Definition: cSecureChannel.h:238
GrayLib::cSecureServerStream::get_SecureOut
cStreamOutput * get_SecureOut() const
Definition: cSecureChannel.h:254
GrayLib::cSecureServerStream::m_pProtocol2
cProtocolStreamPtr m_pProtocol2
The protocol wrapped by this cSecureServerStream.
Definition: cSecureChannel.h:222
GrayLib::cSecureServerStream::get_SecureInp
cStreamInput * get_SecureInp() const
Definition: cSecureChannel.h:247
GrayLib::cSecureServerStream::STDMETHOD_
STDMETHOD_(HASHCODE_t, get_HashCodeX)() const noexcept override
Definition: cSecureChannel.h:242
Gray::CStringT::Compare
COMPARE_t Compare(const _TYPE_CH *pszStr) const
Definition: cString.h:265
Gray::cArchive
Definition: cArchive.h:20
Gray::cMemStatic::k_Size
static const size_t k_Size
All hashes of this type are this size (bytes).
Definition: cMem.h:289
Gray::cNewPtr
Definition: cNewPtr.h:18
Gray::cRefBase
Definition: cRefPtr.h:22
Gray::cRefPtr
Definition: cRefPtr.h:225
Gray::cStreamInput
Definition: cStream.h:306
Gray::cStreamOutput
Definition: cStream.h:126
GrayLib
Definition: cMesh.h:22
GrayLib::cSecureHash
cHashSHA256 cSecureHash
compute my hashes via this.
Definition: cSecureChannel.h:27
GrayLib::UNITTEST2_PREDEF
UNITTEST2_PREDEF(cQuadtree)
GrayLib::cSecureServerStreamPtr
cRefPtr< cSecureServerStream > cSecureServerStreamPtr
Definition: cSecureChannel.h:265
GrayLib::cSecureServerFactory
class __DECL_IMPORT cSecureServerFactory
Definition: cSecureChannel.h:211
Gray::HASHCODE_t
UINT_PTR HASHCODE_t
could hold a pointer converted to a number? maybe 64 or 32 bit ? same as size_t.
Definition: GrayCore.h:116
GrayLib::IProtocolFactory
Definition: cProtocol.h:125