Sunshine master
Self-hosted game stream host for Moonlight.
crypto.cpp File Reference

Definitions for cryptography functions. More...

#include <openssl/pem.h>
#include <openssl/rsa.h>
#include "crypto.h"
Include dependency graph for crypto.cpp:

Typedefs

using crypto::asn1_string_t = util::safe_ptr<ASN1_STRING, ASN1_STRING_free>
 OpenSSL ASN.1 string pointer with automatic release.
 
using crypto::x509_name_t = util::safe_ptr<X509_NAME, &X509_NAME_free>
 OpenSSL X.509 subject/issuer name pointer with automatic release.
 

Functions

aes_t crypto::gen_aes_key (const std::array< uint8_t, 16 > &salt, const std::string_view &pin)
 Derive the AES key used by the pairing protocol.
 
creds_t crypto::gen_creds (const std::string_view &cn, std::uint32_t key_bits)
 Generate a self-signed certificate and private key for Sunshine pairing.
 
sha256_t crypto::hash (const std::string_view &plaintext)
 Hashes the given plaintext using SHA-256.
 
void crypto::md_ctx_destroy (EVP_MD_CTX *ctx)
 Destroy an OpenSSL message digest context.
 
std::string crypto::pem (pkey_t &pkey)
 Serialize an OpenSSL object to PEM text.
 
std::string crypto::pem (x509_t &x509)
 Serialize an OpenSSL object to PEM text.
 
pkey_t crypto::pkey (const std::string_view &k)
 Parse PEM text into an OpenSSL private key object.
 
std::string crypto::rand (std::size_t bytes)
 Generate cryptographically secure random bytes.
 
std::string crypto::rand_alphabet (std::size_t bytes, const std::string_view &alphabet)
 Generate random text from the supplied alphabet.
 
std::vector< uint8_t > crypto::sign (const pkey_t &pkey, const std::string_view &data, const EVP_MD *md)
 Sign data with the requested OpenSSL digest.
 
std::vector< uint8_t > crypto::sign256 (const pkey_t &pkey, const std::string_view &data)
 Sign data with SHA-256.
 
std::string_view crypto::signature (const x509_t &x)
 Return the certificate signature bytes.
 
bool crypto::verify (const x509_t &x509, const std::string_view &data, const std::string_view &signature, const EVP_MD *md)
 Verify a signature against certificate public key data.
 
bool crypto::verify256 (const x509_t &x509, const std::string_view &data, const std::string_view &signature)
 Verify a SHA-256 signature with the certificate public key.
 
x509_t crypto::x509 (const std::string_view &x)
 Parse PEM text into an X.509 certificate object.
 

Detailed Description

Definitions for cryptography functions.

Function Documentation

◆ gen_aes_key()

aes_t crypto::gen_aes_key ( const std::array< uint8_t, 16 > & salt,
const std::string_view & pin )

Derive the AES key used by the pairing protocol.

Parameters
saltRandom salt used when deriving the pairing secret.
pinPIN supplied by the client during pairing.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ gen_creds()

creds_t crypto::gen_creds ( const std::string_view & cn,
std::uint32_t key_bits )

Generate a self-signed certificate and private key for Sunshine pairing.

Parameters
cnCommon name to place in the generated certificate.
key_bitsSize in bits of the generated RSA key.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ hash()

sha256_t crypto::hash ( const std::string_view & plaintext)

Hashes the given plaintext using SHA-256.

Parameters
plaintext
Returns
The SHA-256 hash of the plaintext.

◆ md_ctx_destroy()

void crypto::md_ctx_destroy ( EVP_MD_CTX * ctx)

Destroy an OpenSSL message digest context.

Parameters
ctxMessage digest context.

◆ pem() [1/2]

std::string crypto::pem ( pkey_t & pkey)

Serialize an OpenSSL object to PEM text.

Parameters
pkeyPrivate key PEM data or private key file path.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ pem() [2/2]

std::string crypto::pem ( x509_t & x509)

Serialize an OpenSSL object to PEM text.

Parameters
x509X.509 certificate object or PEM data.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ pkey()

pkey_t crypto::pkey ( const std::string_view & k)

Parse PEM text into an OpenSSL private key object.

Parameters
kPEM text containing a private key.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ rand()

std::string crypto::rand ( std::size_t bytes)

Generate cryptographically secure random bytes.

Parameters
bytesNumber of random bytes to generate.
Returns
Random bytes or text generated by OpenSSL.

◆ rand_alphabet()

std::string crypto::rand_alphabet ( std::size_t bytes,
const std::string_view & alphabet = std::string_view {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-"} )

Generate random text from the supplied alphabet.

Parameters
bytesNumber of random bytes to generate.
alphabetAllowed characters used for random string generation.
Returns
Random bytes or text generated by OpenSSL.

◆ sign()

std::vector< uint8_t > crypto::sign ( const pkey_t & pkey,
const std::string_view & data,
const EVP_MD * md )

Sign data with the requested OpenSSL digest.

Parameters
pkeyPrivate key PEM data or private key file path.
dataPayload or state data to serialize, deserialize, or forward.
mdOpenSSL message digest algorithm used for signing or verification.
Returns
Number of bytes written, signature bytes, or an error status depending on the overload.

◆ sign256()

std::vector< uint8_t > crypto::sign256 ( const pkey_t & pkey,
const std::string_view & data )

Sign data with SHA-256.

Parameters
pkeyPrivate key PEM data or private key file path.
dataPayload or state data to serialize, deserialize, or forward.
Returns
Number of bytes written, signature bytes, or an error status depending on the overload.

◆ signature()

std::string_view crypto::signature ( const x509_t & x)

Return the certificate signature bytes.

Parameters
xCertificate object or PEM text, depending on the overload.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ verify()

bool crypto::verify ( const x509_t & x509,
const std::string_view & data,
const std::string_view & signature,
const EVP_MD * md )

Verify a signature against certificate public key data.

Parameters
x509X.509 certificate object or PEM data.
dataPayload or state data to serialize, deserialize, or forward.
signatureSignature bytes to verify or encode.
mdOpenSSL message digest algorithm used for signing or verification.
Returns
True when OpenSSL verifies the signature with the supplied digest.

◆ verify256()

bool crypto::verify256 ( const x509_t & x509,
const std::string_view & data,
const std::string_view & signature )

Verify a SHA-256 signature with the certificate public key.

Parameters
x509X.509 certificate object or PEM data.
dataPayload or state data to serialize, deserialize, or forward.
signatureSignature bytes to verify or encode.
Returns
True when the signature is valid for the supplied data.

◆ x509()

x509_t crypto::x509 ( const std::string_view & x)

Parse PEM text into an X.509 certificate object.

Parameters
xCertificate object or PEM text, depending on the overload.
Returns
Parsed or generated OpenSSL object or PEM data.