blob: a416242ceac996c97adab0a46171beb543b8acce [file] [log] [blame] [raw]
package li.cil.oc.server.component
import java.security._
import java.security.interfaces.ECPublicKey
import java.security.spec.PKCS8EncodedKeySpec
import java.security.spec.X509EncodedKeySpec
import java.util
import java.util.zip.DeflaterOutputStream
import java.util.zip.InflaterOutputStream
import javax.crypto.Cipher
import javax.crypto.KeyAgreement
import javax.crypto.Mac
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
import com.google.common.hash.Hashing
import li.cil.oc.api.driver.DeviceInfo.DeviceAttribute
import li.cil.oc.api.driver.DeviceInfo.DeviceClass
import li.cil.oc.Settings
import li.cil.oc.api.Network
import li.cil.oc.api.driver.DeviceInfo
import li.cil.oc.api.machine.Arguments
import li.cil.oc.api.machine.Callback
import li.cil.oc.api.machine.Context
import li.cil.oc.api.network.Visibility
import li.cil.oc.api.prefab
import net.minecraft.nbt.NBTTagCompound
import org.apache.commons.codec.binary.Base64
import org.apache.commons.io.output.ByteArrayOutputStream
import scala.collection.convert.WrapAsJava._
abstract class DataCard extends prefab.ManagedEnvironment with DeviceInfo {
override val node = Network.newNode(this, Visibility.Neighbors).
withComponent("data", Visibility.Neighbors).
withConnector().
create()
// ----------------------------------------------------------------------- //
protected def checkCost(context: Context, args: Arguments, baseCost: Double, byteCost: Double): Array[Byte] = {
val data = args.checkByteArray(0)
if (data.length > Settings.get.dataCardHardLimit) throw new IllegalArgumentException("data size limit exceeded")
val cost = baseCost + data.length * byteCost
if (!node.tryChangeBuffer(-cost)) throw new Exception("not enough energy")
if (data.length > Settings.get.dataCardSoftLimit) context.pause(Settings.get.dataCardTimeout)
data
}
protected def checkCost(baseCost: Double): Unit = {
if (!node.tryChangeBuffer(-baseCost)) throw new Exception("not enough energy")
}
protected def trivialCost(context: Context, args: Arguments) =
checkCost(context, args, Settings.get.dataCardTrivial, Settings.get.dataCardTrivialByte)
protected def simpleCost(context: Context, args: Arguments) =
checkCost(context, args, Settings.get.dataCardSimple, Settings.get.dataCardSimpleByte)
protected def complexCost(context: Context, args: Arguments) =
checkCost(context, args, Settings.get.dataCardComplex, Settings.get.dataCardComplexByte)
protected def asymmetricCost(context: Context, args: Arguments) =
checkCost(context, args, Settings.get.dataCardAsymmetric, Settings.get.dataCardComplexByte)
// ----------------------------------------------------------------------- //
@Callback(direct = true, doc = """function():number -- The maximum size of data that can be passed to other functions of the card.""")
def getLimit(context: Context, args: Arguments): Array[AnyRef] = {
result(Settings.get.dataCardHardLimit)
}
}
object DataCard {
val SecureRandomInstance = new ThreadLocal[SecureRandom]() {
override def initialValue = SecureRandom.getInstance("SHA1PRNG")
}
class Tier1 extends DataCard {
private final lazy val deviceInfo = Map(
DeviceAttribute.Class -> DeviceClass.Processor,
DeviceAttribute.Description -> "Data processor card",
DeviceAttribute.Vendor -> "S.C. Ltd.",
DeviceAttribute.Product -> "SC01D H45h3r"
)
override def getDeviceInfo: util.Map[String, String] = deviceInfo
// ----------------------------------------------------------------------- //
@Callback(direct = true, limit = 32, doc = """function(data:string):string -- Applies base64 encoding to the data.""")
def encode64(context: Context, args: Arguments): Array[AnyRef] = {
result(Base64.encodeBase64(trivialCost(context, args)))
}
@Callback(direct = true, limit = 32, doc = """function(data:string):string -- Applies base64 decoding to the data.""")
def decode64(context: Context, args: Arguments): Array[AnyRef] = {
result(Base64.decodeBase64(trivialCost(context, args)))
}
@Callback(direct = true, limit = 4, doc = """function(data:string):string -- Applies deflate compression to the data.""")
def deflate(context: Context, args: Arguments): Array[AnyRef] = {
val data = complexCost(context, args)
val baos = new ByteArrayOutputStream(512)
val deos = new DeflaterOutputStream(baos)
deos.write(data)
deos.finish()
result(baos.toByteArray)
}
@Callback(direct = true, limit = 4, doc = """function(data:string):string -- Applies inflate decompression to the data.""")
def inflate(context: Context, args: Arguments): Array[AnyRef] = {
val data = complexCost(context, args)
val baos = new ByteArrayOutputStream(512)
val inos = new InflaterOutputStream(baos)
inos.write(data)
inos.finish()
result(baos.toByteArray)
}
@Callback(direct = true, limit = 32, doc = """function(data:string):string -- Computes CRC-32 hash of the data. Result is binary data.""")
def crc32(context: Context, args: Arguments): Array[AnyRef] = {
val data = trivialCost(context, args)
result(Hashing.crc32().hashBytes(data).asBytes())
}
@Callback(direct = true, limit = 8, doc = """function(data:string):string -- Computes MD5 hash of the data. Result is binary data.""")
def md5(context: Context, args: Arguments): Array[AnyRef] = {
val data = simpleCost(context, args)
result(Hashing.md5().hashBytes(data).asBytes())
}
@Callback(direct = true, limit = 4, doc = """function(data:string):string -- Computes SHA2-256 hash of the data. Result is binary data.""")
def sha256(context: Context, args: Arguments): Array[AnyRef] = {
val data = complexCost(context, args)
result(Hashing.sha256().hashBytes(data).asBytes())
}
}
class Tier2 extends Tier1 {
private final lazy val deviceInfo = Map(
DeviceAttribute.Class -> DeviceClass.Processor,
DeviceAttribute.Description -> "Data processor card",
DeviceAttribute.Vendor -> "S.C. Ltd.",
DeviceAttribute.Product -> "SC02D Cryptic"
)
override def getDeviceInfo: util.Map[String, String] = deviceInfo
// ----------------------------------------------------------------------- //
@Callback(direct = true, limit = 8, doc = """function(data:string[, hmacKey:string]):string -- Computes MD5 hash of the data. Result is binary data.""")
override def md5(context: Context, args: Arguments): Array[AnyRef] =
if (args.count() > 1) {
val data = simpleCost(context, args)
val key = args.checkByteArray(1)
hash(data, key, "MD5", "HmacMD5")
}
else super.md5(context, args)
@Callback(direct = true, limit = 4, doc = """function(data:string[, hmacKey:string]):string -- Computes SHA2-256 hash of the data. Result is binary data.""")
override def sha256(context: Context, args: Arguments): Array[AnyRef] =
if (args.count() > 1) {
val data = complexCost(context, args)
val key = args.checkByteArray(1)
hash(data, key, "SHA-256", "HmacSHA256")
}
else super.sha256(context, args)
@Callback(direct = true, limit = 8, doc = """function(data:string, key: string, iv:string):string -- Encrypt data with AES. Result is binary data.""")
def encrypt(context: Context, args: Arguments): Array[AnyRef] = crypt(context, args, Cipher.ENCRYPT_MODE)
@Callback(direct = true, limit = 8, doc = """function(data:string, key:string, iv:string):string -- Decrypt data with AES.""")
def decrypt(context: Context, args: Arguments): Array[AnyRef] = crypt(context, args, Cipher.DECRYPT_MODE)
@Callback(direct = true, limit = 4, doc = """function(len:number):string -- Generates secure random binary data.""")
def random(context: Context, args: Arguments): Array[AnyRef] = {
val len = args.checkInteger(0)
if (len <= 0 || len > 1024)
throw new IllegalArgumentException("length must be in range [1..1024]")
checkCost(Settings.get.dataCardComplex + Settings.get.dataCardComplexByte * len)
val target = new Array[Byte](len)
SecureRandomInstance.get.nextBytes(target)
result(target)
}
// ----------------------------------------------------------------------- //
private def crypt(context: Context, args: Arguments, mode: Int): Array[AnyRef] = {
val data = simpleCost(context, args)
val key = args.checkByteArray(1)
if (key.length != 16)
throw new IllegalArgumentException("expected a 128-bit AES key")
val iv = args.checkByteArray(2)
if (iv.length != 16)
throw new IllegalArgumentException("expected a 128-bit AES IV")
val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(mode, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv))
result(cipher.doFinal(data))
}
private def hash(data: Array[Byte], key: Array[Byte], mode: String, hmacMode: String): Array[AnyRef] = {
val hmac = Mac.getInstance(hmacMode)
hmac.init(new SecretKeySpec(key, hmacMode))
result(hmac.doFinal(data))
}
}
class Tier3 extends Tier2 {
private final lazy val deviceInfo = Map(
DeviceAttribute.Class -> DeviceClass.Processor,
DeviceAttribute.Description -> "Data processor card",
DeviceAttribute.Vendor -> "S.C. Ltd.",
DeviceAttribute.Product -> "SC03D Signer"
)
override def getDeviceInfo: util.Map[String, String] = deviceInfo
// ----------------------------------------------------------------------- //
@Callback(direct = true, limit = 1, doc = """function([bitLen:number]):userdata, userdata -- Generates key pair. Returns: public, private keys. Allowed key lengths: 256, 384 bits.""")
def generateKeyPair(context: Context, args: Arguments): Array[AnyRef] = {
checkCost(Settings.get.dataCardAsymmetric)
val bitLen = args.optInteger(0, 384)
if (bitLen != 256 && bitLen != 384)
throw new IllegalArgumentException("invalid key length, must be 256 or 384")
val kpg = KeyPairGenerator.getInstance("EC")
kpg.initialize(bitLen, SecureRandomInstance.get)
val kp = kpg.generateKeyPair()
result(new ECUserdata(kp.getPublic), new ECUserdata(kp.getPrivate))
}
@Callback(direct = true, limit = 8, doc = """function(data:string, type:string):userdata -- Restores key from its string representation.""")
def deserializeKey(context: Context, args: Arguments): Array[AnyRef] = {
val data = simpleCost(context, args)
val t = args.checkString(1)
result(new ECUserdata(ECUserdata.deserializeKey(t, data)))
}
@Callback(direct = true, limit = 1, doc = """function(priv:userdata, pub:userdata):string -- Generates a shared key. ecdh(a.priv, b.pub) == ecdh(b.priv, a.pub)""")
def ecdh(context: Context, args: Arguments): Array[AnyRef] = {
checkCost(Settings.get.dataCardAsymmetric)
val privKey = checkUserdata(args, 0, isPublic = Option(false)).value
val pubKey = checkUserdata(args, 1, isPublic = Option(true)).value
val ka = KeyAgreement.getInstance("ECDH")
ka.init(privKey)
ka.doPhase(pubKey, true)
result(ka.generateSecret)
}
@Callback(direct = true, limit = 1, doc = """function(data:string, key:userdata[, sig:string]):string or boolean -- Signs or verifies data.""")
def ecdsa(context: Context, args: Arguments): Array[AnyRef] = {
val data = asymmetricCost(context, args)
val key = checkUserdata(args, 1)
val sig = args.optByteArray(2, null)
val sign = Signature.getInstance("SHA256withECDSA")
if (sig != null) {
// Verify mode
key.value match {
case public: PublicKey =>
sign.initVerify(public)
sign.update(data)
result(sign.verify(sig))
case _ => throw new IllegalArgumentException("public key expected")
}
}
else {
// Sign mode
key.value match {
case k: PrivateKey =>
sign.initSign(k)
sign.update(data)
result(sign.sign())
case _ =>
throw new IllegalArgumentException("private key expected")
}
}
}
// ----------------------------------------------------------------------- //
private def checkUserdata(args: Arguments, i: Int, isPublic: Option[Boolean] = None) =
args.checkAny(i) match {
case value: ECUserdata =>
if (isPublic.fold(true)(_ == value.isPublic)) value
else throw new IllegalArgumentException(
s"${if (isPublic.get) "public" else "private"} key expected at ${i + 1}")
case null => throw new IllegalArgumentException(
s"bad argument #${i + 1} (userdata expected, got no value)")
case value => throw new IllegalArgumentException(
s"bad argument #${i + 1} (userdata expected, got ${value.getClass.getName})")
}
}
class ECUserdata(var value: Key) extends prefab.AbstractValue {
// Empty constructor for deserialization.
def this() = this(null)
def isPublic = value.isInstanceOf[ECPublicKey]
def keyType = if (isPublic) ECUserdata.PublicTypeName else ECUserdata.PrivateTypeName
// ----------------------------------------------------------------------- //
@Callback(direct = true, doc = "function():boolean -- Returns whether key is public.")
def isPublic(context: Context, args: Arguments): Array[AnyRef] = result(isPublic)
@Callback(direct = true, doc = "function():string -- Returns type of key.")
def keyType(context: Context, args: Arguments): Array[AnyRef] = result(keyType)
@Callback(direct = true, limit = 4, doc = "function():string -- Returns string representation of key. Result is binary data.")
def serialize(context: Context, args: Arguments): Array[AnyRef] = result(value.getEncoded)
// ----------------------------------------------------------------------- //
override def load(nbt: NBTTagCompound): Unit = {
val keyType = nbt.getString("Type")
val data = nbt.getByteArray("Data")
value = ECUserdata.deserializeKey(keyType, data)
}
override def save(nbt: NBTTagCompound): Unit = {
nbt.setString("Type", keyType)
nbt.setByteArray("Data", value.getEncoded)
}
}
object ECUserdata {
final val PrivateTypeName = "ec-private"
final val PublicTypeName = "ec-public"
def deserializeKey(typeName: String, data: Array[Byte]): Key = {
if (typeName == PrivateTypeName) KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(data))
else if (typeName == PublicTypeName) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(data))
else throw new IllegalArgumentException("invalid key type, must be ec-public or ec-private")
}
}
}