#217 in progress encryption support, as yet untested

davetcc · davetcc · commit 6378a2dd3f00 · 2024-06-15T13:07:48.000+01:00
diff --git a/src/remote/BaseBufferedRemoteTransport.cpp b/src/remote/BaseBufferedRemoteTransport.cpp
@@ -5,84 +5,125 @@
 
 #include "BaseBufferedRemoteTransport.h"
 
-using namespace tcremote;
+namespace tcremote {
 
-BaseBufferedRemoteTransport::BaseBufferedRemoteTransport(BufferingMode bufferMode, uint8_t readBufferSize, uint8_t writeBufferSize)
-        : TagValueTransport(TVAL_BUFFERED), writeBufferSize(writeBufferSize), writeBufferPos(0),
-        readBufferSize(readBufferSize), readBufferPos(0), readBufferAvail(0), mode(bufferMode), ticksSinceWrite(0) {
-    readBuffer = new uint8_t[readBufferSize];
-    writeBuffer = new uint8_t[writeBufferSize];
-}
-
-BaseBufferedRemoteTransport::~BaseBufferedRemoteTransport() {
-    delete[] readBuffer;
-    delete[] writeBuffer;
-}
+    BaseBufferedRemoteTransport::BaseBufferedRemoteTransport(BufferingMode bufferMode, uint8_t readBufferSize,
+                                                             uint8_t writeBufferSize, EncryptionHandler* encHandler)
+            : TagValueTransport(TVAL_BUFFERED), writeBufferSize(writeBufferSize),
+              readBufferSize(readBufferSize), writeBufferPos(0), readBufferPos(0), encryptionBufferPos(0), readBufferAvail(0),
+              encryptionHandler(encHandler), mode(bufferMode),
+              ticksSinceWrite(0) {
+        if(mode != BUFFER_ONE_MESSAGE && encHandler != nullptr) {
+            serlogF(SER_ERROR, "EncHandler requires mode=BUFFER_ONE_MESSAGE");
+            encHandler = nullptr; // turn off encryption, will not work in any other mode
+        }
+        readBuffer = new uint8_t[readBufferSize];
+        writeBuffer = new uint8_t[writeBufferSize];
+        encryptionBuffer = new uint8_t[readBufferSize];
+    }
 
-void BaseBufferedRemoteTransport::endMsg() {
-    TagValueTransport::endMsg();
-    if(mode == BUFFER_ONE_MESSAGE) flush();
-}
+    BaseBufferedRemoteTransport::~BaseBufferedRemoteTransport() {
+        delete[] readBuffer;
+        delete[] writeBuffer;
+    }
 
-uint8_t BaseBufferedRemoteTransport::readByte() {
-    if(!readAvailable()) return -1;
-    auto ch = readBuffer[readBufferPos];
-    readBufferPos += 1;
-    // only uncomment the below for worst case debugging.
-    //serlogF2(SER_DEBUG, "readByte ", ch);
-    return ch;
-}
+    void BaseBufferedRemoteTransport::endMsg() {
+        TagValueTransport::endMsg();
+        if (mode == BUFFER_ONE_MESSAGE) flushInternal();
+    }
 
-bool BaseBufferedRemoteTransport::readAvailable() {
-    if(readBufferAvail && readBufferPos < readBufferAvail) {
-        return true;
+    uint8_t BaseBufferedRemoteTransport::readByte() {
+        if (!readAvailable()) return -1;
+        auto ch = readBuffer[readBufferPos];
+        readBufferPos += 1;
+        // only uncomment the below for worst case debugging.
+        //serlogF2(SER_DEBUG, "readByte ", ch);
+        return ch;
     }
 
-    readBufferAvail = (int8_t)fillReadBuffer(readBuffer, readBufferSize);
-    readBufferPos = 0;
-    return readBufferPos < readBufferAvail;
-}
+    bool BaseBufferedRemoteTransport::readAvailable() {
+        if (readBufferAvail && readBufferPos < readBufferAvail) {
+            return true;
+        }
 
-int BaseBufferedRemoteTransport::writeChar(char data) {
-    if(writeBufferPos >= writeBufferSize) {
-        // we've exceeded the buffer size so we must flush, and then ensure
-        // that flush actually did something and there is now capacity.
-        flush();
-        if(writeBufferPos >= writeBufferSize) return 0;// we did not write so return an error condition.
+        if(encryptionHandler != nullptr && encryptionBuffer != nullptr) {
+            readBufferAvail = readBufferPos = 0;
+            if(encryptionBufferPos < 2) {
+                encryptionBufferPos = (uint16_t) fillReadBuffer(encryptionBuffer, readBufferSize);
+            }
+            if(encryptionBufferPos >= 2) {
+                int encryptionSize = (encryptionBuffer[0] << 8) + encryptionBuffer[1];
+                if(encryptionBufferPos >= encryptionSize) {
+                    int len = encryptionHandler->decryptData(&encryptionBuffer[2], encryptionBufferPos - 2, readBuffer, readBufferSize);
+                    readBufferAvail = len;
+                    readBufferPos = 0;
+                    encryptionBufferPos = 0;
+                    return len > 0;
+                }
+            }
+        } else {
+            readBufferAvail = (uint16_t) fillReadBuffer(readBuffer, readBufferSize);
+            readBufferPos = 0;
+        }
+        return readBufferPos < readBufferAvail;
     }
-    writeBuffer[writeBufferPos++] = data;
-    ticksSinceWrite = 0;
-    return 1;
-}
 
-int BaseBufferedRemoteTransport::writeStr(const char *data) {
-    // only uncomment below for worst case debugging..
-    //	serlogF2(SER_NETWORK_DEBUG, "writing ", data);
+    int BaseBufferedRemoteTransport::writeChar(char data) {
+        if (writeBufferPos >= writeBufferSize) {
+            // we've exceeded the buffer size so we must flush, and then ensure
+            // that flush actually did something and there is now capacity.
+            flushInternal();
+            if (writeBufferPos >= writeBufferSize) return 0;// we did not write so return an error condition.
+        }
+        writeBuffer[writeBufferPos++] = data;
+        ticksSinceWrite = 0;
+        return 1;
+    }
+
+    int BaseBufferedRemoteTransport::writeStr(const char *data) {
+        // only uncomment below for worst case debugging..
+        //	serlogF2(SER_NETWORK_DEBUG, "writing ", data);
 
-    size_t len = strlen(data);
-    for(size_t i = 0; i < len; ++i) {
-        if(writeChar(data[i]) == 0) {
-            return 0;
+        size_t len = strlen(data);
+        for (size_t i = 0; i < len; ++i) {
+            if (writeChar(data[i]) == 0) {
+                return 0;
+            }
         }
+        return (int) len;
     }
-    return (int)len;
-}
 
-void BaseBufferedRemoteTransport::flushIfRequired() {
-    if(!connected() || writeBufferPos == 0 || mode == BUFFER_ONE_MESSAGE) return;
+    void BaseBufferedRemoteTransport::flushIfRequired() {
+        if (!connected() || writeBufferPos == 0 || mode == BUFFER_ONE_MESSAGE) return;
 
-    if(ticksSinceWrite < TICKS_TO_FLUSH_WRITE) ++ticksSinceWrite;
-    if(ticksSinceWrite == TICKS_TO_FLUSH_WRITE) {
-        ticksSinceWrite = 0xff;
-        flush();
+        if (ticksSinceWrite < TICKS_TO_FLUSH_WRITE) ++ticksSinceWrite;
+        if (ticksSinceWrite == TICKS_TO_FLUSH_WRITE) {
+            ticksSinceWrite = 0xff;
+            flush();
+        }
     }
-}
 
-void BaseBufferedRemoteTransport::close() {
-    flush();
-    writeBufferPos = 0;
-    readBufferPos = 0;
-    readBufferAvail = 0;
-    currentField.msgType = UNKNOWN_MSG_TYPE;
-    currentField.fieldType = FVAL_PROCESSING_AWAITINGMSG;
-}
+    void BaseBufferedRemoteTransport::close() {
+        writeBufferPos = 0;
+        readBufferPos = 0;
+        readBufferAvail = 0;
+        currentField.msgType = UNKNOWN_MSG_TYPE;
+        currentField.fieldType = FVAL_PROCESSING_AWAITINGMSG;
+    }
+
+    void BaseBufferedRemoteTransport::flushInternal() {
+        if(encryptionHandler != nullptr && encryptionBuffer != nullptr) {
+            int written = encryptionHandler->encryptData(writeBuffer, writeBufferPos, encryptionBuffer, writeBufferSize);
+            if(written == 0) {
+                serlogF(SER_ERROR, "Net encrypt fail");
+                close();
+            }  else {
+                memcpy(writeBuffer, encryptionBuffer, written);
+                writeBufferPos = written;
+                flush();
+            }
+        } else {
+            flush();
+        }
+    }
+}
diff --git a/src/remote/BaseBufferedRemoteTransport.h b/src/remote/BaseBufferedRemoteTransport.h
@@ -16,7 +16,36 @@
 
 namespace tcremote {
 
-    enum BufferingMode : uint8_t { BUFFER_ONE_MESSAGE, BUFFER_MESSAGES_TILL_FULL };
+    enum BufferingMode : uint8_t {
+        BUFFER_ONE_MESSAGE, BUFFER_MESSAGES_TILL_FULL
+    };
+
+    /**
+     * An implementation of this class can both encrypt and decrypt data on behalf of a BaseBufferedTagValTransport
+     * instance.
+     */
+    class EncryptionHandler {
+    public:
+        /**
+         * Encrypt plain text data into encrypted format into the buffer
+         * @param plainText the plain bytes to encrypt
+         * @param bytesIn the number of bytes to encrypt
+         * @param buffer the output encrypted message
+         * @param buffLen the buffer maximum length
+         * @return the number of bytes encrypted or 0 if it fails.
+         */
+        virtual int encryptData(const uint8_t *plainText, int bytesIn, const uint8_t *buffer, size_t buffLen) = 0;
+        /**
+         * Decrypt data from the wire into plain text and store the output into the buffer
+         * @param encoded the encoded data to decrypt
+         * @param bytesIn the number of encoded bytes to decrypt
+         * @param buffer the buffer to output plaintext to
+         * @param buffLen the size of the buffer
+         * @return the number of bytes returned, or 0 if it fails.
+         */
+        virtual int decryptData(const uint8_t *encoded, int bytesIn, const uint8_t *buffer, size_t buffLen) = 0;
+    };
+
 
     /**
      * Many transports need buffering of messages, for example the regular Ethernet2 library will send
@@ -26,31 +55,42 @@ namespace tcremote {
      */
     class BaseBufferedRemoteTransport : public TagValueTransport {
     protected:
-        const int writeBufferSize;
-        uint8_t* readBuffer;
-        uint8_t* writeBuffer;
-        uint8_t writeBufferPos;
-        const uint8_t readBufferSize;
-        uint8_t readBufferPos;
-        uint8_t readBufferAvail;
+        const uint16_t writeBufferSize;
+        const uint16_t readBufferSize;
+        uint8_t *readBuffer;
+        uint8_t *writeBuffer;
+        uint8_t *encryptionBuffer;
+        uint16_t writeBufferPos;
+        uint16_t readBufferPos;
+        uint16_t encryptionBufferPos;
+        uint16_t readBufferAvail;
+        EncryptionHandler* encryptionHandler;
         BufferingMode mode;
         uint8_t ticksSinceWrite;
     public:
-        BaseBufferedRemoteTransport(BufferingMode bufferMode, uint8_t readBufferSize, uint8_t writeBufferSize);
+        BaseBufferedRemoteTransport(BufferingMode bufferMode, uint8_t readBufferSize, uint8_t writeBufferSize,
+                                    EncryptionHandler* encHandler = nullptr);
+
         ~BaseBufferedRemoteTransport() override;
 
         void endMsg() override;
 
-        int writeChar(char data) override ;
-        int writeStr(const char* data) override;
+        int writeChar(char data) override;
+
+        int writeStr(const char *data) override;
+
         uint8_t readByte() override;
+
         bool readAvailable() override;
+
         void close() override;
+
         void flushIfRequired();
 
-        virtual int fillReadBuffer(uint8_t* dataBuffer, int maxSize)=0;
-    };
+        void flushInternal();
 
+        virtual int fillReadBuffer(uint8_t *dataBuffer, int maxSize) = 0;
+    };
 }
 
 #endif //TCMENU_BASEBUFFEREDREMOTETRANSPORT_H
