Refactored auth manager to use simplified encryption API.

author: Per Larsson <[email protected]> 2022-02-07 15:46:51 +0100
committer: Per Larsson <[email protected]> 2022-02-07 15:46:51 +0100
commit: 4b3d9873def5e974fd47a5360a3eff4095aab88b (patch)
tree: 23196dba05475cbec6bb6141e08390fcd44d6961 /zenserver/auth/authmgr.cpp
parent: Replaced crypto transform abstraction with a concrete API. (diff)
download: zen-4b3d9873def5e974fd47a5360a3eff4095aab88b.tar.xz
zen-4b3d9873def5e974fd47a5360a3eff4095aab88b.zip
1 files changed, 40 insertions, 41 deletions
diff --git a/zenserver/auth/authmgr.cpp b/zenserver/auth/authmgr.cpp
index 2c54386ee..223fcbfe2 100644
--- a/zenserver/auth/authmgr.cpp
+++ b/zenserver/auth/authmgr.cpp
@@ -23,7 +23,10 @@ namespace zen {
 using namespace std::literals;
 
 namespace details {
-	IoBuffer ReadEncryptedFile(std::filesystem::path Path, MemoryView EncryptionKey, MemoryView IV)
+	IoBuffer ReadEncryptedFile(std::filesystem::path	   Path,
+							   const AesKey256Bit&		   Key,
+							   const AesIV128Bit&		   IV,
+							   std::optional<std::string>& Reason)
 	{
 		FileContents Result = ReadFile(Path);
 
@@ -39,53 +42,45 @@ namespace details {
 			return IoBuffer();
 		}
 
-		std::unique_ptr<SymmetricCipher> Cipher = SymmetricCipher::CreateAes();
+		std::vector<uint8_t> DecryptionBuffer;
+		DecryptionBuffer.resize(EncryptedBuffer.GetSize() + Aes::BlockSize);
 
-		if (Cipher->Initialize(EncryptionKey, IV) == false)
+		MemoryView DecryptedView = Aes::Decrypt(Key, IV, EncryptedBuffer, MakeMutableMemoryView(DecryptionBuffer), Reason);
+
+		if (DecryptedView.IsEmpty())
 		{
 			return IoBuffer();
 		}
 
-		IoBuffer   DecryptionBuffer(EncryptedBuffer.GetSize() + Cipher->Settings().BlockSize);
-		MemoryView DecryptedView = Cipher->Decrypt(EncryptedBuffer, DecryptionBuffer.GetMutableView());
-
 		return IoBufferBuilder::MakeCloneFromMemory(DecryptedView);
 	}
 
-	uint64_t WriteEncryptedFile(std::filesystem::path Path, IoBuffer FileData, MemoryView EncryptionKey, MemoryView IV)
+	void WriteEncryptedFile(std::filesystem::path		Path,
+							IoBuffer					FileData,
+							const AesKey256Bit&			Key,
+							const AesIV128Bit&			IV,
+							std::optional<std::string>& Reason)
 	{
 		if (FileData.GetSize() == 0)
 		{
-			return 0;
+			return;
 		}
 
-		std::unique_ptr<SymmetricCipher> Cipher = SymmetricCipher::CreateAes();
+		std::vector<uint8_t> EncryptionBuffer;
+		;
+		EncryptionBuffer.resize(FileData.GetSize() + Aes::BlockSize);
 
-		if (Cipher->Initialize(EncryptionKey, IV) == false)
+		MemoryView EncryptedView = Aes::Encrypt(Key, IV, FileData, MakeMutableMemoryView(EncryptionBuffer), Reason);
+
+		if (EncryptedView.IsEmpty())
 		{
-			return 0;
+			return;
 		}
 
-		IoBuffer EncryptionBuffer(FileData.GetSize() + Cipher->Settings().BlockSize);
-
-		MemoryView EncryptedView = Cipher->Encrypt(FileData, EncryptionBuffer.GetMutableView());
-
 		WriteFile(Path, IoBuffer(IoBuffer::Wrap, EncryptedView.GetData(), EncryptedView.GetSize()));
-
-		return EncryptedView.GetSize();
 	}
 }  // namespace details
 
-AuthEncryptionKey
-AuthEncryptionKey::Default()
-{
-	const std::string_view DefaultKey = "HeyThisIsNotAGoodPrivateKeyToUse"sv;
-	const std::string_view DefaultIV  = "DefaultInitVecto"sv;
-
-	return {.Key = IoBufferBuilder::MakeCloneFromMemory(MakeMemoryView(DefaultKey)),
-			.IV	 = IoBufferBuilder::MakeCloneFromMemory(MakeMemoryView(DefaultIV))};
-}
-
 class AuthMgrImpl final : public AuthMgr
 {
 	using Clock		= std::chrono::system_clock;
@@ -95,12 +90,6 @@ class AuthMgrImpl final : public AuthMgr
 public:
 	AuthMgrImpl(const AuthConfig& Config) : m_Config(Config), m_Log(logging::Get("auth"))
 	{
-		if (!m_Config.EncryptionKey.Key || !m_Config.EncryptionKey.IV)
-		{
-			ZEN_WARN("using default encryption key");
-			m_Config.EncryptionKey = AuthEncryptionKey::Default();
-		}
-
 		LoadState();
 
 		m_BackgroundThread.Interval = Config.UpdateInterval;
@@ -248,11 +237,18 @@ private:
 	{
 		try
 		{
+			std::optional<std::string> Reason;
+
 			IoBuffer Buffer =
-				details::ReadEncryptedFile(m_Config.RootDirectory / "authstate"sv, m_Config.EncryptionKey.Key, m_Config.EncryptionKey.IV);
+				details::ReadEncryptedFile(m_Config.RootDirectory / "authstate"sv, m_Config.EncryptionKey, m_Config.EncryptionIV, Reason);
 
-			if (Buffer.GetSize() == 0)
+			if (!Buffer)
 			{
+				if (Reason)
+				{
+					ZEN_WARN("load auth state FAILED, reason '{}'", Reason.value());
+				}
+
 				return;
 			}
 
@@ -352,14 +348,17 @@ private:
 
 			std::filesystem::create_directories(m_Config.RootDirectory);
 
-			const uint64_t ByteCount = details::WriteEncryptedFile(m_Config.RootDirectory / "authstate"sv,
-																   AuthState.Save().GetBuffer().AsIoBuffer(),
-																   m_Config.EncryptionKey.Key,
-																   m_Config.EncryptionKey.IV);
+			std::optional<std::string> Reason;
+
+			details::WriteEncryptedFile(m_Config.RootDirectory / "authstate"sv,
+										AuthState.Save().GetBuffer().AsIoBuffer(),
+										m_Config.EncryptionKey,
+										m_Config.EncryptionIV,
+										Reason);
 
-			if (ByteCount == 0)
+			if (Reason)
 			{
-				ZEN_WARN("save auth state FAILED");
+				ZEN_WARN("save auth state FAILED, reason '{}'", Reason.value());
 			}
 		}
 		catch (std::exception& Err)
author	Per Larsson <[email protected]>	2022-02-07 15:46:51 +0100
committer	Per Larsson <[email protected]>	2022-02-07 15:46:51 +0100
commit	4b3d9873def5e974fd47a5360a3eff4095aab88b (patch)
tree	23196dba05475cbec6bb6141e08390fcd44d6961 /zenserver/auth/authmgr.cpp
parent	Replaced crypto transform abstraction with a concrete API. (diff)
download	zen-4b3d9873def5e974fd47a5360a3eff4095aab88b.tar.xz zen-4b3d9873def5e974fd47a5360a3eff4095aab88b.zip