Added RSA signing to Diffie Hellman
This commit is contained in:
Albin Corén
parent
a9d5e6e571
commit
ec0ba47f7f
@ -31,6 +31,10 @@ namespace MLAPI
|
||||
public bool HandleObjectSpawning = true;
|
||||
|
||||
public bool EnableEncryption = true;
|
||||
public bool SignKeyExchange = true;
|
||||
public string RSAPrivateKey = "<RSAKeyValue><Modulus>vBEvOQki/EftWOgwh4G8/nFRvcDJLylc8P7Dhz5m/hpkkNtAMzizNKYUrGbs7sYWlEuMYBOWrzkIDGOMoOsYc9uCi+8EcmNoHDlIhK5yNfZUexYBF551VbvZ625LSBR7kmBxkyo4IPuA09fYCHeUFm3prt4h6aTD0Hjc7ZsJHUU=</Modulus><Exponent>EQ==</Exponent><P>ydgcrq5qLJOdDQibD3m9+o3/dkKoFeCC110dnMgdpEteCruyBdL0zjGKKvjjgy3XTSSp43EN591NiXaBp0JtDw==</P><Q>7obHrUnUCsSHUsIJ7+JOrupcGrQ0XaYcQ+Uwb2v7d2YUzwZ46U4gI9snfD2J0tc3DGEh3v3G0Q8q7bxEe3H4aw==</Q><DP>L34k3c6vkgSdbHp+1nb/hj+HZx6+I0PijQbZyolwYuSOmR0a1DGjA1bzVWe9D86NAxevgM9OkOjG8yrxVIgZqQ==</DP><DQ>OB+2gyBuIKa2bdNNodrlVlVC2RtXnZB/HwjAGjeGdnJfP8VJoE6eJo3rLEq3BG7fxq1xYaUfuLhGVg4uOyngGQ==</DQ><InverseQ>o97PimYu58qH5eFmySRCIsyhBr/tK2GM17Zd9QQPJZRSorrhIJn1m6gwQ/G5aJLIM/3Yl04CoyqmQGsPXMzW2w==</InverseQ><D>CxAR1i22w4vCquB7U0Pd8Nl9R2Wxez6rHTwpnoszPB+rkAzlqKj7e5FMgpykhoQfciKPyWqQZKkAeTMIRbN56JinvpAt5POId/28HDd5xjGymHE81k3RzoHqzQXFIOF1TSYKUWzjPPF/TU4nn7auD4i6lOODATsMqtLr5DRBN/0=</D></RSAKeyValue>"; //CHANGE THESE FOR PRODUCTION!
|
||||
public string RSAPublicKey = "<RSAKeyValue><Modulus>vBEvOQki/EftWOgwh4G8/nFRvcDJLylc8P7Dhz5m/hpkkNtAMzizNKYUrGbs7sYWlEuMYBOWrzkIDGOMoOsYc9uCi+8EcmNoHDlIhK5yNfZUexYBF551VbvZ625LSBR7kmBxkyo4IPuA09fYCHeUFm3prt4h6aTD0Hjc7ZsJHUU=</Modulus><Exponent>EQ==</Exponent></RSAKeyValue>"; //CHANGE THESE FOR PRODUCTION!
|
||||
|
||||
public bool AllowPassthroughMessages = true;
|
||||
public bool EnableSceneSwitching = false;
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ using System.IO;
|
||||
using UnityEngine;
|
||||
using UnityEngine.Networking;
|
||||
using System.Linq;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace MLAPI
|
||||
{
|
||||
@ -588,10 +589,6 @@ namespace MLAPI
|
||||
ushort diffiePublicSize = messageReader.ReadUInt16();
|
||||
byte[] diffiePublic = messageReader.ReadBytes(diffiePublicSize);
|
||||
diffieHellmanPublicKeys.Add(clientId, diffiePublic);
|
||||
/*
|
||||
EllipticDiffieHellman diffieHellman = new EllipticDiffieHellman(EllipticDiffieHellman.DEFAULT_CURVE, EllipticDiffieHellman.DEFAULT_GENERATOR, EllipticDiffieHellman.DEFAULT_ORDER);
|
||||
aesKey = diffieHellman.GetSharedSecret(diffiePublic);
|
||||
*/
|
||||
|
||||
}
|
||||
if (NetworkConfig.ConnectionApproval)
|
||||
@ -625,7 +622,25 @@ namespace MLAPI
|
||||
if (NetworkConfig.EnableEncryption)
|
||||
{
|
||||
ushort keyLength = messageReader.ReadUInt16();
|
||||
clientAesKey = clientDiffieHellman.GetSharedSecret(messageReader.ReadBytes(keyLength));
|
||||
byte[] serverPublicKey = messageReader.ReadBytes(keyLength);
|
||||
clientAesKey = clientDiffieHellman.GetSharedSecret(serverPublicKey);
|
||||
if (NetworkConfig.SignKeyExchange)
|
||||
{
|
||||
ushort signatureLength = messageReader.ReadUInt16();
|
||||
byte[] publicKeySignature = messageReader.ReadBytes(signatureLength);
|
||||
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
|
||||
{
|
||||
rsa.PersistKeyInCsp = false;
|
||||
rsa.FromXmlString(NetworkConfig.RSAPublicKey);
|
||||
if(!rsa.VerifyData(serverPublicKey, new SHA512CryptoServiceProvider(), publicKeySignature))
|
||||
{
|
||||
//Man in the middle.
|
||||
Debug.LogWarning("MLAPI: Signature doesnt match for the key exchange public part. Disconnecting");
|
||||
StopClient();
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
float netTime = messageReader.ReadSingle();
|
||||
@ -1292,6 +1307,7 @@ namespace MLAPI
|
||||
|
||||
byte[] aesKey = new byte[0];
|
||||
byte[] publicKey = new byte[0];
|
||||
byte[] publicKeySignature = new byte[0];
|
||||
if (NetworkConfig.EnableEncryption)
|
||||
{
|
||||
EllipticDiffieHellman diffieHellman = new EllipticDiffieHellman(EllipticDiffieHellman.DEFAULT_CURVE, EllipticDiffieHellman.DEFAULT_GENERATOR, EllipticDiffieHellman.DEFAULT_ORDER);
|
||||
@ -1300,6 +1316,16 @@ namespace MLAPI
|
||||
|
||||
if (diffieHellmanPublicKeys.ContainsKey(clientId))
|
||||
diffieHellmanPublicKeys.Remove(clientId);
|
||||
|
||||
if (NetworkConfig.SignKeyExchange)
|
||||
{
|
||||
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
|
||||
{
|
||||
rsa.PersistKeyInCsp = false;
|
||||
rsa.FromXmlString(NetworkConfig.RSAPrivateKey);
|
||||
publicKeySignature = rsa.SignData(publicKeySignature, new SHA512CryptoServiceProvider());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
NetworkedClient client = new NetworkedClient()
|
||||
@ -1315,21 +1341,26 @@ namespace MLAPI
|
||||
GameObject go = SpawnManager.SpawnPlayerObject(clientId, networkId);
|
||||
connectedClients[clientId].PlayerObject = go;
|
||||
}
|
||||
|
||||
int sizeOfStream = 16 + ((connectedClients.Count - 1) * 4);
|
||||
|
||||
int amountOfObjectsToSend = SpawnManager.spawnedObjects.Values.Count(x => x.ServerOnly == false);
|
||||
|
||||
if(NetworkConfig.HandleObjectSpawning)
|
||||
if (NetworkConfig.HandleObjectSpawning)
|
||||
{
|
||||
sizeOfStream += 4;
|
||||
sizeOfStream += 14 * amountOfObjectsToSend;
|
||||
}
|
||||
if(NetworkConfig.EnableEncryption)
|
||||
|
||||
if (NetworkConfig.EnableEncryption)
|
||||
{
|
||||
sizeOfStream += 2 + publicKey.Length;
|
||||
if (NetworkConfig.SignKeyExchange)
|
||||
{
|
||||
sizeOfStream += 2 + publicKeySignature.Length;
|
||||
}
|
||||
}
|
||||
if(NetworkConfig.EnableSceneSwitching)
|
||||
|
||||
if (NetworkConfig.EnableSceneSwitching)
|
||||
{
|
||||
sizeOfStream += 4;
|
||||
}
|
||||
@ -1344,10 +1375,15 @@ namespace MLAPI
|
||||
writer.Write(NetworkSceneManager.CurrentSceneIndex);
|
||||
}
|
||||
|
||||
if(NetworkConfig.EnableEncryption)
|
||||
if (NetworkConfig.EnableEncryption)
|
||||
{
|
||||
writer.Write((ushort)publicKey.Length);
|
||||
writer.Write(publicKey);
|
||||
if (NetworkConfig.SignKeyExchange)
|
||||
{
|
||||
writer.Write((ushort)publicKeySignature.Length);
|
||||
writer.Write(publicKeySignature);
|
||||
}
|
||||
}
|
||||
|
||||
writer.Write(NetworkTime);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user