Merge pull request #132 from MidLevel/certificate-hail

Certificate hail

Author: TwoTenPvP

MLAPI/Data/MLAPIConstants.cs

@@ -8,24 +8,32 @@ public static class MLAPIConstants
 #pragma warning disable CS1591 // Missing XML comment for publicly visible type or member
         public const string MLAPI_PROTOCOL_VERSION = "2.1.0";
 
-        public const byte MLAPI_CONNECTION_REQUEST = 0;
-        public const byte MLAPI_CONNECTION_APPROVED = 1;
-        public const byte MLAPI_ADD_OBJECT = 2;
-        public const byte MLAPI_CLIENT_DISCONNECT = 3;
-        public const byte MLAPI_DESTROY_OBJECT = 4;
-        public const byte MLAPI_SWITCH_SCENE = 5;
-        public const byte MLAPI_SPAWN_POOL_OBJECT = 6;
-        public const byte MLAPI_DESTROY_POOL_OBJECT = 7;
-        public const byte MLAPI_CHANGE_OWNER = 8;
-        public const byte MLAPI_ADD_OBJECTS = 9;
-        public const byte MLAPI_TIME_SYNC = 10;
-        public const byte MLAPI_NETWORKED_VAR_DELTA = 11;
-        public const byte MLAPI_NETWORKED_VAR_UPDATE = 12;
-        public const byte MLAPI_SERVER_RPC = 13;
-        public const byte MLAPI_CLIENT_RPC = 14;
-        public const byte MLAPI_CUSTOM_MESSAGE = 15;
+
+        public const byte MLAPI_CERTIFICATE_HAIL = 0;
+        public const byte MLAPI_CERTIFICATE_HAIL_RESPONSE = 1;
+        public const byte MLAPI_GREETINGS = 2;
+        public const byte MLAPI_CONNECTION_REQUEST = 3;
+        public const byte MLAPI_CONNECTION_APPROVED = 4;
+        public const byte MLAPI_ADD_OBJECT = 5;
+        public const byte MLAPI_CLIENT_DISCONNECT = 6;
+        public const byte MLAPI_DESTROY_OBJECT = 7;
+        public const byte MLAPI_SWITCH_SCENE = 8;
+        public const byte MLAPI_SPAWN_POOL_OBJECT = 9;
+        public const byte MLAPI_DESTROY_POOL_OBJECT = 10;
+        public const byte MLAPI_CHANGE_OWNER = 11;
+        public const byte MLAPI_ADD_OBJECTS = 12;
+        public const byte MLAPI_TIME_SYNC = 13;
+        public const byte MLAPI_NETWORKED_VAR_DELTA = 14;
+        public const byte MLAPI_NETWORKED_VAR_UPDATE = 15;
+        public const byte MLAPI_SERVER_RPC = 16;
+        public const byte MLAPI_CLIENT_RPC = 17;
+        public const byte MLAPI_CUSTOM_MESSAGE = 18;
+        public const byte INVALID = 32;
 
         public static readonly string[] MESSAGE_NAMES = {
+            "MLAPI_CERTIFICATE_HAIL", // 0
+            "MLAPI_CERTIFICATE_HAIL_RESPONSE",
+            "MLAPI_GREETINGS",
             "MLAPI_CONNECTION_REQUEST",
             "MLAPI_CONNECTION_APPROVED",
             "MLAPI_ADD_OBJECT",
@@ -39,9 +47,23 @@ public static class MLAPIConstants
             "MLAPI_TIME_SYNC",
             "MLAPI_NETWORKED_VAR_DELTA",
             "MLAPI_NETWORKED_VAR_UPDATE",
-            "MLAPI_SERVER_RPC",
+            "MLAPI_SERVER_RPC", // 16
             "MLAPI_CLIENT_RPC",
-            "MLAPI_CUSTOM_MESSAGE"
+            "MLAPI_CUSTOM_MESSAGE",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "INVALID" // 32
         };
 #pragma warning restore CS1591 // Missing XML comment for publicly visible type or member
     }

MLAPI/Data/NetworkConfig.cs

@@ -6,6 +6,7 @@
 using MLAPI.Serialization;
 using MLAPI.Transports;
 using BitStream = MLAPI.Serialization.BitStream;
+using System.Security.Cryptography.X509Certificates;
 
 namespace MLAPI.Configuration
 {
@@ -63,10 +64,18 @@ public class NetworkConfig
         [HideInInspector]
         internal string PlayerPrefabName;
         /// <summary>
-        /// The size of the receive message buffer. This is the max message size.
+        /// The size of the receive message buffer. This is the max message size including any MLAPI overheads.
         /// </summary>
         public int MessageBufferSize = 1024;
         /// <summary>
+        /// The size of the encryption buffer, this is the buffer where messages will be decrypted to.
+        /// If you plan on encrypting everything and you are pushing limits wth the MessageBufferSize already.
+        /// Note that Encryption might add a few extra bytes of padding and 16 bytes for the IV, if authentication is also enabled
+        /// 32 extra bytes will be used for the SHA256 hash of the HMAC.
+        /// Note that authentication without encryption will not use this buffer at all.
+        /// </summary>
+        public int EncryptionBufferSize = 265;
+        /// <summary>
         /// Amount of times per second the receive queue is emptied and all messages inside are processed.
         /// </summary>
         public int ReceiveTickrate = 64;
@@ -116,24 +125,6 @@ public class NetworkConfig
         /// </summary>
         public bool HandleObjectSpawning = true;
         /// <summary>
-        /// Wheter or not to enable encryption
-        /// </summary>
-        public bool EnableEncryption = false;
-        /// <summary>
-        /// Wheter or not to enable signed diffie hellman key exchange.
-        /// </summary>
-        public bool SignKeyExchange = false;
-        /// <summary>
-        /// Private RSA XML key to use for signing key exchange
-        /// </summary>
-        [TextArea]
-        public string RSAPrivateKey = "<RSAKeyValue><Modulus>vBEvOQki/EftWOgwh4G8/nFRvcDJLylc8P7Dhz5m/hpkkNtAMzizNKYUrGbs7sYWlEuMYBOWrzkIDGOMoOsYc9uCi+8EcmNoHDlIhK5yNfZUexYBF551VbvZ625LSBR7kmBxkyo4IPuA09fYCHeUFm3prt4h6aTD0Hjc7ZsJHUU=</Modulus><Exponent>EQ==</Exponent><P>ydgcrq5qLJOdDQibD3m9+o3/dkKoFeCC110dnMgdpEteCruyBdL0zjGKKvjjgy3XTSSp43EN591NiXaBp0JtDw==</P><Q>7obHrUnUCsSHUsIJ7+JOrupcGrQ0XaYcQ+Uwb2v7d2YUzwZ46U4gI9snfD2J0tc3DGEh3v3G0Q8q7bxEe3H4aw==</Q><DP>L34k3c6vkgSdbHp+1nb/hj+HZx6+I0PijQbZyolwYuSOmR0a1DGjA1bzVWe9D86NAxevgM9OkOjG8yrxVIgZqQ==</DP><DQ>OB+2gyBuIKa2bdNNodrlVlVC2RtXnZB/HwjAGjeGdnJfP8VJoE6eJo3rLEq3BG7fxq1xYaUfuLhGVg4uOyngGQ==</DQ><InverseQ>o97PimYu58qH5eFmySRCIsyhBr/tK2GM17Zd9QQPJZRSorrhIJn1m6gwQ/G5aJLIM/3Yl04CoyqmQGsPXMzW2w==</InverseQ><D>CxAR1i22w4vCquB7U0Pd8Nl9R2Wxez6rHTwpnoszPB+rkAzlqKj7e5FMgpykhoQfciKPyWqQZKkAeTMIRbN56JinvpAt5POId/28HDd5xjGymHE81k3RzoHqzQXFIOF1TSYKUWzjPPF/TU4nn7auD4i6lOODATsMqtLr5DRBN/0=</D></RSAKeyValue>"; //CHANGE THESE FOR PRODUCTION!
-        /// <summary>
-        /// Public RSA XML key to use for signing key exchange
-        /// </summary>
-        [TextArea]
-        public string RSAPublicKey = "<RSAKeyValue><Modulus>vBEvOQki/EftWOgwh4G8/nFRvcDJLylc8P7Dhz5m/hpkkNtAMzizNKYUrGbs7sYWlEuMYBOWrzkIDGOMoOsYc9uCi+8EcmNoHDlIhK5yNfZUexYBF551VbvZ625LSBR7kmBxkyo4IPuA09fYCHeUFm3prt4h6aTD0Hjc7ZsJHUU=</Modulus><Exponent>EQ==</Exponent></RSAKeyValue>"; //CHANGE THESE FOR PRODUCTION!
-        /// <summary>
         /// Wheter or not to enable scene switching
         /// </summary>
         public bool EnableSceneSwitching = true;
@@ -145,6 +136,40 @@ public class NetworkConfig
         /// Decides how many bytes to use for Attribute messaging. Leave this to 2 bytes unless you are facing hash collisions
         /// </summary>
         public AttributeMessageMode AttributeMessageMode = AttributeMessageMode.WovenTwoByte;
+        /// <summary>
+        /// Wheter or not to enable encryption
+        /// </summary>
+        [Header("Cryptography")]
+        public bool EnableEncryption = false;
+        /// <summary>
+        /// Wheter or not to enable signed diffie hellman key exchange.
+        /// </summary>
+        public bool SignKeyExchange = false;
+        [TextArea]
+        public string ServerBase64PfxCertificate;
+        public X509Certificate2 ServerX509Certificate
+        {
+            get
+            {
+                return serverX509Certificate;
+            }
+            internal set
+            {
+                serverX509CertificateBytes = null;
+                serverX509Certificate = value;
+            }
+        }
+        private X509Certificate2 serverX509Certificate;
+        public byte[] ServerX509CertificateBytes
+        {
+            get
+            {
+                if (serverX509CertificateBytes == null)
+                    serverX509CertificateBytes = ServerX509Certificate.Export(X509ContentType.Cert);
+                return serverX509CertificateBytes;
+            }
+        }
+        private byte[] serverX509CertificateBytes = null;
 
         private void Sort()
         {
@@ -188,6 +213,7 @@ public string ToBase64()
                     }
 
                     writer.WriteInt32Packed(config.MessageBufferSize);
+                    writer.WriteInt32Packed(config.EncryptionBufferSize);
                     writer.WriteInt32Packed(config.ReceiveTickrate);
                     writer.WriteInt32Packed(config.MaxReceiveEventsPerTickRate);
                     writer.WriteInt32Packed(config.SendTickrate);
@@ -268,6 +294,7 @@ public void FromBase64(string base64, bool createDummyObject = false)
                     }
 
                     config.MessageBufferSize = reader.ReadInt32Packed();
+                    config.EncryptionBufferSize = reader.ReadInt32Packed();
                     config.ReceiveTickrate = reader.ReadInt32Packed();
                     config.MaxReceiveEventsPerTickRate = reader.ReadInt32Packed();
                     config.SendTickrate = reader.ReadInt32Packed();

MLAPI/Data/PendingClient.cs

@@ -0,0 +1,21 @@
+using MLAPI.Cryptography;
+
+namespace MLAPI.Data
+{
+    public class PendingClient
+    {
+        public uint ClientId;
+
+        internal EllipticDiffieHellman KeyExchange;
+
+        public byte[] AesKey;
+
+        public State ConnectionState;
+
+        public enum State
+        {
+            PendingHail,
+            PendingConnection
+        }
+    }
+}

MLAPI/Data/SecuritySendFlags.cs

@@ -0,0 +1,12 @@
+using System;
+
+namespace MLAPI.Data
+{
+    [Flags]
+    public enum SecuritySendFlags
+    {
+        None = 0x0,
+        Encrypted = 0x1,
+        Authenticated = 0x2
+    }
+}

MLAPI/MLAPI.csproj

@@ -90,6 +90,8 @@
     <Compile Include="Data\NetworkedCollections\NetworkedList.cs" />
     <Compile Include="Data\NetworkedVar.cs" />
     <Compile Include="Data\NetworkedVarMeta.cs" />
+    <Compile Include="Data\PendingClient.cs" />
+    <Compile Include="Data\SecuritySendFlags.cs" />
     <Compile Include="Data\Transports\ChannelType.cs" />
     <Compile Include="Data\FixedQueue.cs" />
     <Compile Include="Data\Transports\DefaultTransport.cs" />

MLAPI/MonoBehaviours/Core/NetworkedBehaviour.cs

@@ -308,7 +308,7 @@ internal void NetworkedVarUpdate()
                                     }
                                 }
                             }
-
+                            
                             if (writtenAny)
                             {
                                 if (isServer)