Kezdőlap Felfedezés Súgó
Bejelentkezés
Godot
/
godot
tükrözi: https://github.com/godotengine/godot.git
2
0
Másolás 0
Fájlok Problémák 0 Wiki
Fa: 6ce63017d5
Branch-ok Tag-ek
godot
/
doc
/
classes
/
Crypto.xml

Crypto.xml 6.7 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. <?xml version="1.0" encoding="UTF-8" ?>
    2. 

  2. <class name="Crypto" inherits="Reference" version="3.4">
    3. 

  3. 	<brief_description>
    4. 

  4. 		Access to advanced cryptographic functionalities.
    5. 

  5. 	</brief_description>
    6. 

  6. 	<description>
    7. 

  7. 		The Crypto class allows you to access some more advanced cryptographic functionalities in Godot.
    8. 

  8. 		For now, this includes generating cryptographically secure random bytes, RSA keys and self-signed X509 certificates generation, asymmetric key encryption/decryption, and signing/verification.
    9. 

  9. 		[codeblock]
    10. 

  10. 		extends Node
    11. 

  11. 

  12. 		var crypto = Crypto.new()
    13. 

  13. 		var key = CryptoKey.new()
    14. 

  14. 		var cert = X509Certificate.new()
    15. 

  15. 

  16. 		func _ready():
    17. 

  17. 		    # Generate new RSA key.
    18. 

  18. 		    key = crypto.generate_rsa(4096)
    19. 

  19. 		    # Generate new self-signed certificate with the given key.
    20. 

  20. 		    cert = crypto.generate_self_signed_certificate(key, "CN=mydomain.com,O=My Game Company,C=IT")
    21. 

  21. 		    # Save key and certificate in the user folder.
    22. 

  22. 		    key.save("user://generated.key")
    23. 

  23. 		    cert.save("user://generated.crt")
    24. 

  24. 		    # Encryption
    25. 

  25. 		    var data = "Some data"
    26. 

  26. 		    var encrypted = crypto.encrypt(key, data.to_utf8())
    27. 

  27. 		    # Decryption
    28. 

  28. 		    var decrypted = crypto.decrypt(key, encrypted)
    29. 

  29. 		    # Signing
    30. 

  30. 		    var signature = crypto.sign(HashingContext.HASH_SHA256, data.sha256_buffer(), key)
    31. 

  31. 		    # Verifying
    32. 

  32. 		    var verified = crypto.verify(HashingContext.HASH_SHA256, data.sha256_buffer(), signature, key)
    33. 

  33. 		    # Checks
    34. 

  34. 		    assert(verified)
    35. 

  35. 		    assert(data.to_utf8() == decrypted)
    36. 

  36. 		[/codeblock]
    37. 

  37. 		[b]Note:[/b] Not available in HTML5 exports.
    38. 

  38. 	</description>
    39. 

  39. 	<tutorials>
    40. 

  40. 	</tutorials>
    41. 

  41. 	<methods>
    42. 

  42. 		<method name="constant_time_compare">
    43. 

  43. 			<return type="bool">
    44. 

  44. 			</return>
    45. 

  45. 			<argument index="0" name="trusted" type="PoolByteArray">
    46. 

  46. 			</argument>
    47. 

  47. 			<argument index="1" name="received" type="PoolByteArray">
    48. 

  48. 			</argument>
    49. 

  49. 			<description>
    50. 

  50. 				Compares two [PoolByteArray]s for equality without leaking timing information in order to prevent timing attacks.
    51. 

  51. 				See [url=https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy]this blog post[/url] for more information.
    52. 

  52. 			</description>
    53. 

  53. 		</method>
    54. 

  54. 		<method name="decrypt">
    55. 

  55. 			<return type="PoolByteArray">
    56. 

  56. 			</return>
    57. 

  57. 			<argument index="0" name="key" type="CryptoKey">
    58. 

  58. 			</argument>
    59. 

  59. 			<argument index="1" name="ciphertext" type="PoolByteArray">
    60. 

  60. 			</argument>
    61. 

  61. 			<description>
    62. 

  62. 				Decrypt the given [code]ciphertext[/code] with the provided private [code]key[/code].
    63. 

  63. 				[b]Note[/b]: The maximum size of accepted ciphertext is limited by the key size.
    64. 

  64. 			</description>
    65. 

  65. 		</method>
    66. 

  66. 		<method name="encrypt">
    67. 

  67. 			<return type="PoolByteArray">
    68. 

  68. 			</return>
    69. 

  69. 			<argument index="0" name="key" type="CryptoKey">
    70. 

  70. 			</argument>
    71. 

  71. 			<argument index="1" name="plaintext" type="PoolByteArray">
    72. 

  72. 			</argument>
    73. 

  73. 			<description>
    74. 

  74. 				Encrypt the given [code]plaintext[/code] with the provided public [code]key[/code].
    75. 

  75. 				[b]Note[/b]: The maximum size of accepted plaintext is limited by the key size.
    76. 

  76. 			</description>
    77. 

  77. 		</method>
    78. 

  78. 		<method name="generate_random_bytes">
    79. 

  79. 			<return type="PoolByteArray">
    80. 

  80. 			</return>
    81. 

  81. 			<argument index="0" name="size" type="int">
    82. 

  82. 			</argument>
    83. 

  83. 			<description>
    84. 

  84. 				Generates a [PoolByteArray] of cryptographically secure random bytes with given [code]size[/code].
    85. 

  85. 			</description>
    86. 

  86. 		</method>
    87. 

  87. 		<method name="generate_rsa">
    88. 

  88. 			<return type="CryptoKey">
    89. 

  89. 			</return>
    90. 

  90. 			<argument index="0" name="size" type="int">
    91. 

  91. 			</argument>
    92. 

  92. 			<description>
    93. 

  93. 				Generates an RSA [CryptoKey] that can be used for creating self-signed certificates and passed to [method StreamPeerSSL.accept_stream].
    94. 

  94. 			</description>
    95. 

  95. 		</method>
    96. 

  96. 		<method name="generate_self_signed_certificate">
    97. 

  97. 			<return type="X509Certificate">
    98. 

  98. 			</return>
    99. 

  99. 			<argument index="0" name="key" type="CryptoKey">
    100. 

  100. 			</argument>
    101. 

  101. 			<argument index="1" name="issuer_name" type="String" default="&quot;CN=myserver,O=myorganisation,C=IT&quot;">
    102. 

  102. 			</argument>
    103. 

  103. 			<argument index="2" name="not_before" type="String" default="&quot;20140101000000&quot;">
    104. 

  104. 			</argument>
    105. 

  105. 			<argument index="3" name="not_after" type="String" default="&quot;20340101000000&quot;">
    106. 

  106. 			</argument>
    107. 

  107. 			<description>
    108. 

  108. 				Generates a self-signed [X509Certificate] from the given [CryptoKey] and [code]issuer_name[/code]. The certificate validity will be defined by [code]not_before[/code] and [code]not_after[/code] (first valid date and last valid date). The [code]issuer_name[/code] must contain at least "CN=" (common name, i.e. the domain name), "O=" (organization, i.e. your company name), "C=" (country, i.e. 2 lettered ISO-3166 code of the country the organization is based in).
    109. 

  109. 				A small example to generate an RSA key and a X509 self-signed certificate.
    110. 

  110. 				[codeblock]
    111. 

  111. 				var crypto = Crypto.new()
    112. 

  112. 				# Generate 4096 bits RSA key.
    113. 

  113. 				var key = crypto.generate_rsa(4096)
    114. 

  114. 				# Generate self-signed certificate using the given key.
    115. 

  115. 				var cert = crypto.generate_self_signed_certificate(key, "CN=example.com,O=A Game Company,C=IT")
    116. 

  116. 				[/codeblock]
    117. 

  117. 			</description>
    118. 

  118. 		</method>
    119. 

  119. 		<method name="hmac_digest">
    120. 

  120. 			<return type="PoolByteArray">
    121. 

  121. 			</return>
    122. 

  122. 			<argument index="0" name="hash_type" type="int" enum="HashingContext.HashType">
    123. 

  123. 			</argument>
    124. 

  124. 			<argument index="1" name="key" type="PoolByteArray">
    125. 

  125. 			</argument>
    126. 

  126. 			<argument index="2" name="msg" type="PoolByteArray">
    127. 

  127. 			</argument>
    128. 

  128. 			<description>
    129. 

  129. 				Generates an [url=https://en.wikipedia.org/wiki/HMAC]HMAC[/url] digest of [code]msg[/code] using [code]key[/code]. The [code]hash_type[/code] parameter is the hashing algorithm that is used for the inner and outer hashes.
    130. 

  130. 				Currently, only [constant HashingContext.HASH_SHA256] and [constant HashingContext.HASH_SHA1] are supported.
    131. 

  131. 			</description>
    132. 

  132. 		</method>
    133. 

  133. 		<method name="sign">
    134. 

  134. 			<return type="PoolByteArray">
    135. 

  135. 			</return>
    136. 

  136. 			<argument index="0" name="hash_type" type="int" enum="HashingContext.HashType">
    137. 

  137. 			</argument>
    138. 

  138. 			<argument index="1" name="hash" type="PoolByteArray">
    139. 

  139. 			</argument>
    140. 

  140. 			<argument index="2" name="key" type="CryptoKey">
    141. 

  141. 			</argument>
    142. 

  142. 			<description>
    143. 

  143. 				Sign a given [code]hash[/code] of type [code]hash_type[/code] with the provided private [code]key[/code].
    144. 

  144. 			</description>
    145. 

  145. 		</method>
    146. 

  146. 		<method name="verify">
    147. 

  147. 			<return type="bool">
    148. 

  148. 			</return>
    149. 

  149. 			<argument index="0" name="hash_type" type="int" enum="HashingContext.HashType">
    150. 

  150. 			</argument>
    151. 

  151. 			<argument index="1" name="hash" type="PoolByteArray">
    152. 

  152. 			</argument>
    153. 

  153. 			<argument index="2" name="signature" type="PoolByteArray">
    154. 

  154. 			</argument>
    155. 

  155. 			<argument index="3" name="key" type="CryptoKey">
    156. 

  156. 			</argument>
    157. 

  157. 			<description>
    158. 

  158. 				Verify that a given [code]signature[/code] for [code]hash[/code] of type [code]hash_type[/code] against the provided public [code]key[/code].
    159. 

  159. 			</description>
    160. 

  160. 		</method>
    161. 

  161. 	</methods>
    162. 

  162. 	<constants>
    163. 

  163. 	</constants>
    164. 

  164. </class>
    165.