Sunshine master
Self-hosted game stream host for Moonlight.
crypto.h File Reference

Declarations for cryptography functions. More...

#include <array>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <openssl/x509.h>
#include "utility.h"
Include dependency graph for crypto.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

class  crypto::cipher::cbc_t
 AES-CBC cipher helper used for block-mode encryption and decryption. More...
 
class  crypto::cert_chain_t
 Owns the certificate chain returned by Sunshine's TLS certificate loader. More...
 
class  crypto::cipher::cipher_t
 AES-GCM encrypt/decrypt context pair used for GameStream messages. More...
 
struct  crypto::creds_t
 PEM-encoded certificate and private key pair. More...
 
class  crypto::cipher::ecb_t
 AES-ECB cipher helper used by pairing and stream encryption code. More...
 
class  crypto::cipher::gcm_t
 AES-GCM cipher helper that encrypts and authenticates payloads. More...
 

Typedefs

using crypto::aes_t = std::vector<std::uint8_t>
 Byte buffer containing AES key material.
 
using crypto::bignum_t = util::safe_ptr<BIGNUM, BN_free>
 Owning pointer for an OpenSSL BIGNUM.
 
using crypto::bio_t = util::safe_ptr<BIO, BIO_free_all>
 Owning pointer for an OpenSSL BIO chain.
 
using crypto::cipher_ctx_t = util::safe_ptr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>
 Owning pointer for an OpenSSL cipher context.
 
using crypto::md_ctx_t = util::safe_ptr<EVP_MD_CTX, md_ctx_destroy>
 Owning pointer for an OpenSSL message digest context.
 
using crypto::pkey_ctx_t = util::safe_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_free>
 Owning pointer for an OpenSSL key-generation context.
 
using crypto::pkey_t = util::safe_ptr<EVP_PKEY, EVP_PKEY_free>
 Owning pointer for an OpenSSL public or private key.
 
using crypto::sha256_t = std::array<std::uint8_t, SHA256_DIGEST_LENGTH>
 Fixed-size SHA-256 digest byte array.
 
using crypto::x509_store_ctx_t = util::safe_ptr<X509_STORE_CTX, X509_STORE_CTX_free>
 Owning pointer for an OpenSSL certificate verification context.
 
using crypto::x509_store_t = util::safe_ptr<X509_STORE, X509_STORE_free>
 Owning pointer for an OpenSSL certificate store.
 
using crypto::x509_t = util::safe_ptr<X509, X509_free>
 Owning pointer for an OpenSSL X.509 certificate.
 

Functions

aes_t crypto::gen_aes_key (const std::array< uint8_t, 16 > &salt, const std::string_view &pin)
 Derive the AES key used by the pairing protocol.
 
creds_t crypto::gen_creds (const std::string_view &cn, std::uint32_t key_bits)
 Generate a self-signed certificate and private key for Sunshine pairing.
 
sha256_t crypto::hash (const std::string_view &plaintext)
 Hashes the given plaintext using SHA-256.
 
void crypto::md_ctx_destroy (EVP_MD_CTX *ctx)
 Destroy an OpenSSL message digest context.
 
std::string crypto::pem (pkey_t &pkey)
 Serialize an OpenSSL object to PEM text.
 
std::string crypto::pem (x509_t &x509)
 Serialize an OpenSSL object to PEM text.
 
pkey_t crypto::pkey (const std::string_view &k)
 Parse PEM text into an OpenSSL private key object.
 
std::string crypto::rand (std::size_t bytes)
 Generate cryptographically secure random bytes.
 
std::string crypto::rand_alphabet (std::size_t bytes, const std::string_view &alphabet)
 Generate random text from the supplied alphabet.
 
constexpr std::size_t crypto::cipher::round_to_pkcs7_padded (std::size_t size)
 Round a byte count up to the next PKCS#7 padding boundary.
 
std::vector< uint8_t > crypto::sign256 (const pkey_t &pkey, const std::string_view &data)
 Sign data with SHA-256.
 
std::string_view crypto::signature (const x509_t &x)
 Return the certificate signature bytes.
 
bool crypto::verify256 (const x509_t &x509, const std::string_view &data, const std::string_view &signature)
 Verify a SHA-256 signature with the certificate public key.
 
x509_t crypto::x509 (const std::string_view &x)
 Parse PEM text into an X.509 certificate object.
 

Variables

constexpr std::size_t crypto::cipher::tag_size = 16
 Tag size.
 

Detailed Description

Declarations for cryptography functions.

Function Documentation

◆ gen_aes_key()

aes_t crypto::gen_aes_key ( const std::array< uint8_t, 16 > & salt,
const std::string_view & pin )

Derive the AES key used by the pairing protocol.

Parameters
saltRandom salt used when deriving the pairing secret.
pinPIN supplied by the client during pairing.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ gen_creds()

creds_t crypto::gen_creds ( const std::string_view & cn,
std::uint32_t key_bits )

Generate a self-signed certificate and private key for Sunshine pairing.

Parameters
cnCommon name to place in the generated certificate.
key_bitsSize in bits of the generated RSA key.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ hash()

sha256_t crypto::hash ( const std::string_view & plaintext)

Hashes the given plaintext using SHA-256.

Parameters
plaintext
Returns
The SHA-256 hash of the plaintext.

◆ md_ctx_destroy()

void crypto::md_ctx_destroy ( EVP_MD_CTX * ctx)

Destroy an OpenSSL message digest context.

Parameters
ctxMessage digest context.

◆ pem() [1/2]

std::string crypto::pem ( pkey_t & pkey)

Serialize an OpenSSL object to PEM text.

Parameters
pkeyPrivate key PEM data or private key file path.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ pem() [2/2]

std::string crypto::pem ( x509_t & x509)

Serialize an OpenSSL object to PEM text.

Parameters
x509X.509 certificate object or PEM data.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ pkey()

pkey_t crypto::pkey ( const std::string_view & k)

Parse PEM text into an OpenSSL private key object.

Parameters
kPEM text containing a private key.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ rand()

std::string crypto::rand ( std::size_t bytes)

Generate cryptographically secure random bytes.

Parameters
bytesNumber of random bytes to generate.
Returns
Random bytes or text generated by OpenSSL.

◆ rand_alphabet()

std::string crypto::rand_alphabet ( std::size_t bytes,
const std::string_view & alphabet = std::string_view {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-"} )

Generate random text from the supplied alphabet.

Parameters
bytesNumber of random bytes to generate.
alphabetAllowed characters used for random string generation.
Returns
Random bytes or text generated by OpenSSL.

◆ round_to_pkcs7_padded()

std::size_t crypto::cipher::round_to_pkcs7_padded ( std::size_t size)
constexpr

Round a byte count up to the next PKCS#7 padding boundary.

Parameters
sizeNumber of bytes or elements requested.
Returns
size rounded up to the next PKCS#7 block boundary.

◆ sign256()

std::vector< uint8_t > crypto::sign256 ( const pkey_t & pkey,
const std::string_view & data )

Sign data with SHA-256.

Parameters
pkeyPrivate key PEM data or private key file path.
dataPayload or state data to serialize, deserialize, or forward.
Returns
Number of bytes written, signature bytes, or an error status depending on the overload.

◆ signature()

std::string_view crypto::signature ( const x509_t & x)

Return the certificate signature bytes.

Parameters
xCertificate object or PEM text, depending on the overload.
Returns
Parsed or generated OpenSSL object or PEM data.

◆ verify256()

bool crypto::verify256 ( const x509_t & x509,
const std::string_view & data,
const std::string_view & signature )

Verify a SHA-256 signature with the certificate public key.

Parameters
x509X.509 certificate object or PEM data.
dataPayload or state data to serialize, deserialize, or forward.
signatureSignature bytes to verify or encode.
Returns
True when the signature is valid for the supplied data.

◆ x509()

x509_t crypto::x509 ( const std::string_view & x)

Parse PEM text into an X.509 certificate object.

Parameters
xCertificate object or PEM text, depending on the overload.
Returns
Parsed or generated OpenSSL object or PEM data.