move EncryptStream to dtool; add encrypted and globally untrusted prc support

dtool/Config.pp

@@ -187,6 +187,15 @@
 // default; normally there's no reason to change this.
 #define PRC_PATTERNS *.prc
 
+// You can optionally encrypt your prc file(s) to help protect them
+// from curious eyes.  You have to specify the encryption key, which
+// gets hard-coded into the executable.  (This feature provides mere
+// obfuscation, not real security, since the encryption key can
+// potentially be extracted by a hacker.)  This requires building with
+// OpenSSL (see below).
+#define PRC_ENCRYPTED_PATTERNS *.prc.pe
+#define PRC_ENCRYPTION_KEY ""
+
 // One unusual feature of config is the ability to execute one or more
 // of the files it discovers as if it were a program, and then treat
 // the output of this program as a prc file.  If you want to use this
@@ -220,6 +229,18 @@
 // (empty) to explicitly enable or disable this feature.
 #defer PRC_RESPECT_TRUST_LEVEL $[= $[OPTIMIZE],4]
 
+// If trust level is in effect, this specifies the default trust level
+// for any legacy (Dconfig) config variables (that is, variables
+// created using the config.GetBool(), etc. interface, rather than the
+// newer ConfigVariableBool interface).
+#defer PRC_DCONFIG_TRUST_LEVEL 0
+
+// If trust level is in effect, you may globally increment the
+// (mis)trust level of all variables by the specified amount.
+// Incrementing this value by 1 will cause all variables to require at
+// least a level 1 signature.
+#define PRC_INC_TRUST_LEVEL 0
+
 // Similarly, the descriptions are normally saved only in a
 // development build, not in a release build.  Set this value true to
 // explicitly save them anyway.

dtool/LocalSetup.pp

@@ -312,31 +312,10 @@ $[cdefine LINK_IN_PHYSICS]
    components of a path list (e.g. $PRC_PATH). */
 # define DEFAULT_PATHSEP "$[DEFAULT_PATHSEP]"
 
-/* The compiled-in default directory to look for the Configrc file, in
-   the absence of the PRC_DIR environment variable set, and in
-   the absence of anything specified via the configpath directive. */
-# define DEFAULT_PRC_DIR "$[unixfilename $[DEFAULT_PRC_DIR]]"
-
-/* The compiled-in name of the environment variable(s) that contain
-   the name of a single directory in which to search for prc files. */
-# define PRC_DIR_ENVVARS "$[PRC_DIR_ENVVARS]"
-
-/* The compiled-in name of the environment variable(s) that contain
-   the name of multiple directories, separated by DEFAULT_PATHSEP, in
-   which to search for prc files. */
-# define PRC_PATH_ENVVARS "$[PRC_PATH_ENVVARS]"
-
-/* The filename(s) to search for in the above paths.  Normally this is
-   *.prc. */
-# define PRC_PATTERNS "$[PRC_PATTERNS]"
-
-/* The filename(s) to search for, and execute, in the above paths.
-   Normally this is empty. */
-# define PRC_EXECUTABLE_PATTERNS "$[PRC_EXECUTABLE_PATTERNS]"
-
-/* The environment variable that defines optional args to pass to
-   executables found that match one of the above patterns. */
-# define PRC_EXECUTABLE_ARGS_ENVVAR "$[PRC_EXECUTABLE_ARGS_ENVVAR]"
+/* Many of the prc variables are exported by
+   dtool/src/prc/prc_parameters.h.pp, instead of here.  Only those prc
+   variables that must be visible outside of the prc directory are
+   exported here. */
 
 /* The filename that specifies the public keys to import into
    config. */
@@ -345,11 +324,6 @@ $[cdefine LINK_IN_PHYSICS]
 # define PRC_PUBLIC_KEYS_INCLUDE "$[osfilename $[PRC_PUBLIC_KEYS_FILENAME]]"
 #endif
 
-/* Define if we want to enable the "trust_level" feature of prc config
-   variables.  This requires OpenSSL and PRC_PUBLIC_KEYS_FILENAME,
-   above. */
-$[cdefine PRC_RESPECT_TRUST_LEVEL]
-
 /* Define if you want to save the descriptions for ConfigVariables. */
 $[cdefine PRC_SAVE_DESCRIPTIONS]
 

dtool/src/prc/Sources.pp

@@ -7,6 +7,7 @@
   #define COMBINED_SOURCES $[TARGET]_composite1.cxx  $[TARGET]_composite2.cxx
   
   #define SOURCES \
+    bigEndian.h \
     config_prc.h \
     configDeclaration.I configDeclaration.h \
     configFlags.I configFlags.h \
@@ -24,12 +25,17 @@
     configVariableManager.I configVariableManager.h \
     configVariableSearchPath.I configVariableSearchPath.h \
     configVariableString.I configVariableString.h \
+    encryptStreamBuf.h encryptStreamBuf.I encryptStream.h encryptStream.I \
     globPattern.I globPattern.h \
+    littleEndian.h \
+    nativeNumericData.I nativeNumericData.h \
     pnotify.I pnotify.h \
     notifyCategory.I notifyCategory.h \
     notifyCategoryProxy.I notifyCategoryProxy.h \
     notifySeverity.h \
-    prcKeyRegistry.h
+    prcKeyRegistry.h \
+    reversedNumericData.I reversedNumericData.h \
+    streamReader.I streamReader.h streamWriter.I streamWriter.h
   
   #define INCLUDED_SOURCES \
     config_prc.cxx \
@@ -49,13 +55,18 @@
     configVariableManager.cxx \
     configVariableSearchPath.cxx \
     configVariableString.cxx \
+    encryptStreamBuf.cxx encryptStream.cxx \
     globPattern.cxx \
+    nativeNumericData.cxx \
     notify.cxx \
     notifyCategory.cxx \
     notifySeverity.cxx \
-    prcKeyRegistry.cxx
+    prcKeyRegistry.cxx \
+    reversedNumericData.cxx \
+    streamReader.cxx streamWriter.cxx
   
   #define INSTALL_HEADERS \
+    bigEndian.h \
     config_prc.h \
     configDeclaration.I configDeclaration.h \
     configFlags.I configFlags.h \
@@ -73,11 +84,20 @@
     configVariableManager.I configVariableManager.h \
     configVariableSearchPath.I configVariableSearchPath.h \
     configVariableString.I configVariableString.h \
+    encryptStreamBuf.h encryptStreamBuf.I encryptStream.h encryptStream.I \
     globPattern.I globPattern.h \
+    littleEndian.h \
+    nativeNumericData.I nativeNumericData.h \
     pnotify.I pnotify.h \
     notifyCategory.I notifyCategory.h \
     notifyCategoryProxy.I notifyCategoryProxy.h \
     notifySeverity.h \
-    prcKeyRegistry.I prcKeyRegistry.h
+    prcKeyRegistry.I prcKeyRegistry.h \
+    reversedNumericData.I reversedNumericData.h \
+    streamReader.I streamReader.h streamWriter.I streamWriter.h
+
 
 #end lib_target
+
+#include $[THISDIRPREFIX]prc_parameters.h.pp
+

panda/src/express/bigEndian.h → dtool/src/prc/bigEndian.h

@@ -19,7 +19,7 @@
 #ifndef BIGENDIAN_H
 #define BIGENDIAN_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 #include "numeric_types.h"
 #include "nativeNumericData.h"

dtool/src/prc/configPage.cxx

@@ -22,6 +22,7 @@
 #include "configVariableManager.h"
 #include "prcKeyRegistry.h"
 #include "config_prc.h"
+#include "encryptStream.h"
 
 #include <ctype.h>
 
@@ -228,6 +229,19 @@ read_prc(istream &in) {
   return !failed;
 }
 
+////////////////////////////////////////////////////////////////////
+//     Function: ConfigPage::read_encrypted_prc
+//       Access: Published
+//  Description: Automatically decrypts and reads the stream, given
+//               the indicated password.  Note that if the password is
+//               incorrect, the result may be garbage.
+////////////////////////////////////////////////////////////////////
+bool ConfigPage::
+read_encrypted_prc(istream &in, const string &password) {
+  IDecryptStream decrypt(&in, false, password);
+  return read_prc(decrypt);
+}
+
 ////////////////////////////////////////////////////////////////////
 //     Function: ConfigPage::make_declaration
 //       Access: Published

dtool/src/prc/configPage.h

@@ -57,6 +57,7 @@ PUBLISHED:
 
   void clear();
   bool read_prc(istream &in);
+  bool read_encrypted_prc(istream &in, const string &password);
 
   ConfigDeclaration *make_declaration(const string &variable, const string &value);
   ConfigDeclaration *make_declaration(ConfigVariableCore *variable, const string &value);

dtool/src/prc/configPageManager.I

@@ -88,6 +88,31 @@ get_prc_pattern(int n) const {
   return _prc_patterns[n].get_pattern();
 }
 
+////////////////////////////////////////////////////////////////////
+//     Function: ConfigPageManager::get_num_prc_encrypted_patterns
+//       Access: Published
+//  Description: Returns the number of patterns, like "*.pre", that
+//               are compiled in that will be searched for as special
+//               config files that are understood to be encrypted.
+////////////////////////////////////////////////////////////////////
+INLINE int ConfigPageManager::
+get_num_prc_encrypted_patterns() const {
+  return _prc_encrypted_patterns.size();
+}
+
+////////////////////////////////////////////////////////////////////
+//     Function: ConfigPageManager::get_prc_encrypted_pattern
+//       Access: Published
+//  Description: Returns the nth filename pattern that will be
+//               considered a match as a valid encrypted config
+//               file.  See get_num_prc_encrypted_patterns().
+////////////////////////////////////////////////////////////////////
+INLINE string ConfigPageManager::
+get_prc_encrypted_pattern(int n) const {
+  nassertr(n >= 0 && n < (int)_prc_patterns.size(), string());
+  return _prc_encrypted_patterns[n].get_pattern();
+}
+
 ////////////////////////////////////////////////////////////////////
 //     Function: ConfigPageManager::get_num_prc_executable_patterns
 //       Access: Published

dtool/src/prc/configPageManager.cxx

@@ -25,6 +25,9 @@
 #include "config_prc.h"
 #include "pfstream.h"
 
+// This file is generated by ppremake.
+#include "prc_parameters.h"
+
 #include <set>
 
 // Pick up the public key definitions.
@@ -117,7 +120,24 @@ reload_implicit_pages() {
     }
   }
 
-  // Similarly for PRC_EXECUTABLE_PATTERNS.
+  // Similarly for PRC_ENCRYPTED_PATTERNS.
+  _prc_encrypted_patterns.clear();
+
+  string prc_encrypted_patterns = PRC_ENCRYPTED_PATTERNS;
+  if (!prc_encrypted_patterns.empty()) {
+    vector_string pat_list;
+    ConfigDeclaration::extract_words(prc_encrypted_patterns, pat_list);
+    _prc_encrypted_patterns.reserve(pat_list.size());
+    for (size_t i = 0; i < pat_list.size(); ++i) {
+      GlobPattern glob(pat_list[i]);
+#ifdef WIN32
+      glob.set_case_sensitive(false);
+#endif  // WIN32
+      _prc_encrypted_patterns.push_back(glob);
+    }
+  }
+
+  // And again for PRC_EXECUTABLE_PATTERNS.
   _prc_executable_patterns.clear();
 
   string prc_executable_patterns = PRC_EXECUTABLE_PATTERNS;
@@ -230,6 +250,14 @@ reload_implicit_pages() {
               break;
             }
           }
+          for (gi = _prc_encrypted_patterns.begin();
+               gi != _prc_encrypted_patterns.end();
+               ++gi) {
+            if ((*gi).matches(*fi)) {
+              file_flags |= FF_read | FF_decrypt;
+              break;
+            }
+          }
           for (gi = _prc_executable_patterns.begin();
                gi != _prc_executable_patterns.end();
                ++gi) {
@@ -280,6 +308,24 @@ reload_implicit_pages() {
       _pages_sorted = false;
       
       page->read_prc(ifs);
+
+    } else if ((file._file_flags & FF_decrypt) != 0) {
+      // Read and decrypt the file.
+      filename.set_binary();
+      
+      ifstream in;
+      if (!filename.open_read(in)) {
+        prc_cat.error()
+          << "Unable to read " << filename << "\n";
+      } else {
+        ConfigPage *page = new ConfigPage(filename, true, i);
+        ++i;
+        _implicit_pages.push_back(page);
+        _pages_sorted = false;
+        
+        page->read_encrypted_prc(in, PRC_ENCRYPTION_KEY);
+      }
+
     } else if ((file._file_flags & FF_read) != 0) {
       // Just read the file.
       filename.set_text();

dtool/src/prc/configPageManager.h

@@ -50,6 +50,9 @@ PUBLISHED:
   INLINE int get_num_prc_patterns() const;
   INLINE string get_prc_pattern(int n) const;
 
+  INLINE int get_num_prc_encrypted_patterns() const;
+  INLINE string get_prc_encrypted_pattern(int n) const;
+
   INLINE int get_num_prc_executable_patterns() const;
   INLINE string get_prc_executable_pattern(int n) const;
 
@@ -88,6 +91,7 @@ private:
 
   typedef vector<GlobPattern> Globs;
   Globs _prc_patterns;
+  Globs _prc_encrypted_patterns;
   Globs _prc_executable_patterns;
 
   // In load_implicit_pages(), we temporarily build up a list of
@@ -96,6 +100,7 @@ private:
   enum FileFlags {
     FF_read     = 0x001,
     FF_execute  = 0x002,
+    FF_decrypt  = 0x004,
   };
   class ConfigFile {
   public:

dtool/src/prc/configVariableCore.cxx

@@ -23,6 +23,9 @@
 #include "pnotify.h"
 #include "config_prc.h"
 
+// This file is generated by ppremake.
+#include "prc_parameters.h"
+
 #include <algorithm>
 
 
@@ -43,6 +46,9 @@ ConfigVariableCore(const string &name) :
   _declarations_sorted(true),
   _value_queried(false)
 {
+#if defined(PRC_INC_TRUST_LEVEL) && PRC_INC_TRUST_LEVEL != 0
+  _flags = (_flags & ~F_trust_level_mask) | ((_flags & F_trust_level_mask) + PRC_INC_TRUST_LEVEL);
+#endif  // PRC_INC_TRUST_LEVEL
 }
 
 ////////////////////////////////////////////////////////////////////
@@ -121,6 +127,14 @@ set_value_type(ConfigVariableCore::ValueType value_type) {
 ////////////////////////////////////////////////////////////////////
 void ConfigVariableCore::
 set_flags(int flags) {
+  if ((flags & F_dconfig) != 0) {
+    flags = (flags & ~F_trust_level_mask) | PRC_DCONFIG_TRUST_LEVEL;
+  }
+
+#if defined(PRC_INC_TRUST_LEVEL) && PRC_INC_TRUST_LEVEL != 0
+  flags = (flags & ~F_trust_level_mask) | ((flags & F_trust_level_mask) + PRC_INC_TRUST_LEVEL);
+#endif  // PRC_INC_TRUST_LEVEL
+
   if (_value_queried) {
     int bits_changed = (_flags ^ flags);
     if ((bits_changed & F_trust_level_mask) != 0) {

dtool/src/prc/encryptStream.cxx

@@ -0,0 +1,19 @@
+// Filename: encryptStream.cxx
+// Created by:  drose (01Sep04)
+//
+////////////////////////////////////////////////////////////////////
+//
+// PANDA 3D SOFTWARE
+// Copyright (c) 2001 - 2004, Disney Enterprises, Inc.  All rights reserved
+//
+// All use of this software is subject to the terms of the Panda 3d
+// Software license.  You should have received a copy of this license
+// along with this source code; you will also find a current copy of
+// the license at http://etc.cmu.edu/panda3d/docs/license/ .
+//
+// To contact the maintainers of this program write to
+// [email protected] .
+//
+////////////////////////////////////////////////////////////////////
+
+#include "encryptStream.h"

panda/src/express/encryptStream.h → dtool/src/prc/encryptStream.h

@@ -19,7 +19,7 @@
 #ifndef ENCRYPTSTREAM_H
 #define ENCRYPTSTREAM_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 // This module is not compiled if OpenSSL is not available.
 #ifdef HAVE_OPENSSL
@@ -38,7 +38,7 @@
 //
 //               Seeking is not supported.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS IDecryptStream : public istream {
+class EXPCL_DTOOLCONFIG IDecryptStream : public istream {
 public:
   INLINE IDecryptStream();
   INLINE IDecryptStream(istream *source, bool owns_source,
@@ -67,7 +67,7 @@ private:
 //
 //               Seeking is not supported.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS OEncryptStream : public ostream {
+class EXPCL_DTOOLCONFIG OEncryptStream : public ostream {
 public:
   INLINE OEncryptStream();
   INLINE OEncryptStream(ostream *dest, bool owns_dest, 
@@ -85,11 +85,6 @@ private:
   EncryptStreamBuf _buf;
 };
 
-BEGIN_PUBLISH
-string encrypt_string(const string &source, const string &password);
-string decrypt_string(const string &source, const string &password);
-END_PUBLISH
-
 #include "encryptStream.I"
 
 #endif  // HAVE_OPENSSL

panda/src/express/encryptStreamBuf.cxx → dtool/src/prc/encryptStreamBuf.cxx

@@ -17,9 +17,11 @@
 ////////////////////////////////////////////////////////////////////
 
 #include "encryptStreamBuf.h"
-#include "config_express.h"
+#include "config_prc.h"
 #include "streamReader.h"
 #include "streamWriter.h"
+#include "configVariableInt.h"
+#include "configVariableString.h"
 
 #ifdef HAVE_OPENSSL
 
@@ -46,6 +48,35 @@ EncryptStreamBuf() {
   _dest = (ostream *)NULL;
   _owns_dest = false;
 
+  ConfigVariableString encryption_algorithm
+    ("encryption-algorithm", "bf-cbc",
+     PRC_DESC("This defines the OpenSSL encryption algorithm which is used to "
+              "encrypt any streams created by the current runtime.  The default is "
+              "Blowfish; the complete set of available algorithms is defined by "
+              "the current version of OpenSSL.  This value is used only to control "
+              "encryption; the correct algorithm will automatically be selected on "
+              "decryption."));
+
+  ConfigVariableInt encryption_key_length
+    ("encryption-key-length", 0,
+     PRC_DESC("This defines the key length, in bits, for the selected encryption "
+              "algorithm.  Some algorithms have a variable key length.  Specifying "
+              "a value of 0 here means to use the default key length for the "
+              "algorithm as defined by OpenSSL.  This value is used only to "
+              "control encryption; the correct key length will automatically be "
+              "selected on decryption."));
+
+  ConfigVariableInt encryption_iteration_count
+    ("encryption-iteration-count", 100000,
+     PRC_DESC("This defines the number of times a password is hashed to generate a "
+              "key when encrypting.  Its purpose is to make it computationally "
+              "more expensive for an attacker to search the key space "
+              "exhaustively.  This should be a multiple of 1,000 and should not "
+              "exceed about 65 million; the value 0 indicates just one application "
+              "of the hashing algorithm.  This value is used only to control "
+              "encryption; the correct count will automatically be selected on "
+              "decryption."));
+
   _algorithm = encryption_algorithm;
   _key_length = encryption_key_length;
   _iteration_count = encryption_iteration_count;
@@ -102,7 +133,7 @@ open_read(istream *source, bool owns_source, const string &password) {
   const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
 
   if (cipher == NULL) {
-    express_cat.error()
+    prc_cat.error()
       << "Unknown encryption algorithm in stream.\n";
     return;
   }
@@ -111,11 +142,11 @@ open_read(istream *source, bool owns_source, const string &password) {
   _key_length = key_length * 8;
   _iteration_count = count * iteration_count_factor;
 
-  if (express_cat.is_debug()) {
-    express_cat.debug()
+  if (prc_cat.is_debug()) {
+    prc_cat.debug()
       << "Using decryption algorithm " << _algorithm << " with key length "
       << _key_length << " bits.\n";
-    express_cat.debug()
+    prc_cat.debug()
       << "Key is hashed " << _iteration_count << " extra times.\n";
   }
 
@@ -131,7 +162,7 @@ open_read(istream *source, bool owns_source, const string &password) {
 
   result = EVP_CIPHER_CTX_set_key_length(&_read_ctx, key_length);
   if (result <= 0) {
-    express_cat.error()
+    prc_cat.error()
       << "Invalid key length " << key_length * 8 << " bits for algorithm "
       << OBJ_nid2sn(nid) << "\n";
     EVP_CIPHER_CTX_cleanup(&_read_ctx);
@@ -201,7 +232,7 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
     EVP_get_cipherbyname(_algorithm.c_str());
 
   if (cipher == NULL) {
-    express_cat.error()
+    prc_cat.error()
       << "Unknown encryption algorithm: " << _algorithm << "\n";
     return;
   };
@@ -228,7 +259,7 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
   }
   result = EVP_CIPHER_CTX_set_key_length(&_write_ctx, key_length);
   if (result <= 0) {
-    express_cat.error()
+    prc_cat.error()
       << "Invalid key length " << key_length * 8 << " bits for algorithm "
       << OBJ_nid2sn(nid) << "\n";
     EVP_CIPHER_CTX_cleanup(&_write_ctx);
@@ -237,11 +268,11 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
 
   int count = _iteration_count / iteration_count_factor;
 
-  if (express_cat.is_debug()) {
-    express_cat.debug()
+  if (prc_cat.is_debug()) {
+    prc_cat.debug()
       << "Using encryption algorithm " << OBJ_nid2sn(nid) << " with key length "
       << key_length * 8 << " bits.\n";
-    express_cat.debug()
+    prc_cat.debug()
       << "Hashing key " << count * iteration_count_factor
       << " extra times.\n";
   }
@@ -425,7 +456,7 @@ read_chars(char *start, size_t length) {
     }
 
     if (result <= 0) {
-      express_cat.error()
+      prc_cat.error()
         << "Error decrypting stream.\n";
       if (_read_valid) {
         EVP_CIPHER_CTX_cleanup(&_read_ctx);
@@ -470,7 +501,7 @@ write_chars(const char *start, size_t length) {
       EVP_EncryptUpdate(&_write_ctx, write_buffer, &bytes_written,
                         (unsigned char *)start, length);
     if (result <= 0) {
-      express_cat.error() 
+      prc_cat.error() 
         << "Error encrypting stream.\n";
     }
     _dest->write((const char *)write_buffer, bytes_written);

panda/src/express/encryptStreamBuf.h → dtool/src/prc/encryptStreamBuf.h

@@ -19,7 +19,7 @@
 #ifndef ENCRYPTSTREAMBUF_H
 #define ENCRYPTSTREAMBUF_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 // This module is not compiled if OpenSSL is not available.
 #ifdef HAVE_OPENSSL
@@ -31,7 +31,7 @@
 // Description : The streambuf object that implements
 //               IDecompressStream and OCompressStream.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS EncryptStreamBuf : public streambuf {
+class EXPCL_DTOOLCONFIG EncryptStreamBuf : public streambuf {
 public:
   EncryptStreamBuf();
   virtual ~EncryptStreamBuf();

panda/src/express/littleEndian.h → dtool/src/prc/littleEndian.h

@@ -19,7 +19,7 @@
 #ifndef LITTLEENDIAN_H
 #define LITTLEENDIAN_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 #include "numeric_types.h"
 #include "nativeNumericData.h"

panda/src/express/nativeNumericData.h → dtool/src/prc/nativeNumericData.h

@@ -19,7 +19,7 @@
 #ifndef NATIVENUMERICDATA_H
 #define NATIVENUMERICDATA_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 #include <string.h>  // for memcpy()
 
@@ -45,7 +45,7 @@
 //               BigEndian, which are typedeffed to be one of these or
 //               the other, according to the machine's architecture.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS NativeNumericData {
+class EXPCL_DTOOLCONFIG NativeNumericData {
 public:
   INLINE NativeNumericData(const void *data, size_t length);
   INLINE NativeNumericData(const void *data, size_t start, size_t length);

dtool/src/prc/prc_composite1.cxx

@@ -9,3 +9,6 @@
 #include "configVariableCore.cxx"
 #include "configVariableDouble.cxx"
 #include "configVariableEnum.cxx"
+#include "configVariableFilename.cxx"
+#include "configVariableInt.cxx"
+#include "configVariableList.cxx"

dtool/src/prc/prc_composite2.cxx

@@ -1,11 +1,14 @@
-#include "configVariableFilename.cxx"
-#include "configVariableInt.cxx"
-#include "configVariableList.cxx"
 #include "configVariableManager.cxx"
 #include "configVariableSearchPath.cxx"
 #include "configVariableString.cxx"
+#include "encryptStreamBuf.cxx"
+#include "encryptStream.cxx"
 #include "globPattern.cxx"
+#include "nativeNumericData.cxx"
 #include "notify.cxx"
 #include "notifyCategory.cxx"
 #include "notifySeverity.cxx"
 #include "prcKeyRegistry.cxx"
+#include "reversedNumericData.cxx"
+#include "streamReader.cxx"
+#include "streamWriter.cxx"

dtool/src/prc/prc_parameters.h.pp

@@ -0,0 +1,59 @@
+// This file is read and processed by ppremake to generate
+// prc_parameters.h, which is #included by configPageManager.cxx.
+// This mechanism is used, rather than just putting the parameters in
+// dtool_config.h, to (a) help keep the prc encryption key from
+// getting spread around to too many places, and (b) minimize the need
+// to rebuild the whole world just because you changed some low-level
+// prc parameters.
+
+#output prc_parameters.h notouch
+/* prc_parameters.h.  Generated automatically by $[PPREMAKE] $[PPREMAKE_VERSION] from $[notdir $[THISFILENAME]]. */
+/********************************** DO NOT EDIT ****************************/
+
+
+/* The compiled-in default directory to look for the Configrc file, in
+   the absence of the PRC_DIR environment variable set, and in
+   the absence of anything specified via the configpath directive. */
+# define DEFAULT_PRC_DIR "$[unixfilename $[DEFAULT_PRC_DIR]]"
+
+/* The compiled-in name of the environment variable(s) that contain
+   the name of a single directory in which to search for prc files. */
+# define PRC_DIR_ENVVARS "$[PRC_DIR_ENVVARS]"
+
+/* The compiled-in name of the environment variable(s) that contain
+   the name of multiple directories, separated by DEFAULT_PATHSEP, in
+   which to search for prc files. */
+# define PRC_PATH_ENVVARS "$[PRC_PATH_ENVVARS]"
+
+/* The filename(s) to search for in the above paths.  Normally this is
+   *.prc. */
+# define PRC_PATTERNS "$[PRC_PATTERNS]"
+
+/* The filename(s) for encrypted prc files. */
+# define PRC_ENCRYPTED_PATTERNS "$[PRC_ENCRYPTED_PATTERNS]"
+
+/* The encryption key used to decrypt any encrypted prc files
+   identified by PRC_ENCRYPTED_PATTERNS. */
+$[cdefine PRC_ENCRYPTION_KEY]
+
+/* The filename(s) to search for, and execute, in the above paths.
+   Normally this is empty. */
+# define PRC_EXECUTABLE_PATTERNS "$[PRC_EXECUTABLE_PATTERNS]"
+
+/* The environment variable that defines optional args to pass to
+   executables found that match one of the above patterns. */
+# define PRC_EXECUTABLE_ARGS_ENVVAR "$[PRC_EXECUTABLE_ARGS_ENVVAR]"
+
+/* Define if we want to enable the "trust_level" feature of prc config
+   variables.  This requires OpenSSL and PRC_PUBLIC_KEYS_FILENAME,
+   above. */
+$[cdefine PRC_RESPECT_TRUST_LEVEL]
+
+/* The trust level value for any legacy (DConfig) variables. */
+$[cdefine PRC_DCONFIG_TRUST_LEVEL]
+
+/* The amount by which we globally increment the trust level. */
+$[cdefine PRC_INC_TRUST_LEVEL]
+
+#end prc_parameters.h
+

panda/src/express/reversedNumericData.h → dtool/src/prc/reversedNumericData.h

@@ -19,7 +19,7 @@
 #ifndef REVERSEDNUMERICDATA_H
 #define REVERSEDNUMERICDATA_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 
 #include <string.h>  // for memcpy()
 
@@ -49,7 +49,7 @@ static const int max_numeric_size = 8;
 //               BigEndian, which are typedeffed to be one of these or
 //               the other, according to the machine's architecture.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS ReversedNumericData {
+class EXPCL_DTOOLCONFIG ReversedNumericData {
 public:
   INLINE ReversedNumericData(const void *data, size_t length);
   INLINE ReversedNumericData(const void *data, size_t start, size_t length);

panda/src/express/streamReader.h → dtool/src/prc/streamReader.h

@@ -19,7 +19,7 @@
 #ifndef STREAMREADER_H
 #define STREAMREADER_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 #include "pnotify.h"
 #include "numeric_types.h"
 #include "littleEndian.h"
@@ -31,7 +31,7 @@
 //               an istream.  Its interface is similar to
 //               DatagramIterator by design; see also StreamWriter.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS StreamReader {
+class EXPCL_DTOOLCONFIG StreamReader {
 public:
   INLINE StreamReader(istream &in);
 PUBLISHED:

panda/src/express/streamWriter.h → dtool/src/prc/streamWriter.h

@@ -19,7 +19,7 @@
 #ifndef STREAMWRITER_H
 #define STREAMWRITER_H
 
-#include "pandabase.h"
+#include "dtoolbase.h"
 #include "pnotify.h"
 #include "numeric_types.h"
 #include "littleEndian.h"
@@ -34,7 +34,7 @@
 //               of writing bytes to a Datagram and then writing the
 //               Datagram to a stream.
 ////////////////////////////////////////////////////////////////////
-class EXPCL_PANDAEXPRESS StreamWriter {
+class EXPCL_DTOOLCONFIG StreamWriter {
 public:
   INLINE StreamWriter(ostream &out);
 PUBLISHED:

panda/src/express/Sources.pp

@@ -9,7 +9,7 @@
   #define COMBINED_SOURCES $[TARGET]_composite1.cxx $[TARGET]_composite2.cxx
 
   #define SOURCES \
-    bigEndian.h buffer.I buffer.h \
+    buffer.I buffer.h \
     checksumHashGenerator.I checksumHashGenerator.h circBuffer.I \
     circBuffer.h \
     config_express.h \
@@ -17,19 +17,18 @@
     datagramGenerator.h \
     datagramIterator.I datagramIterator.h datagramSink.I datagramSink.h \
     dcast.T dcast.h \
-    encryptStreamBuf.h encryptStreamBuf.I encryptStream.h encryptStream.I \
+    encrypt_string.h \
     error_utils.h \
     hashGeneratorBase.I hashGeneratorBase.h \
     hashVal.I hashVal.h \
     indirectLess.I indirectLess.h \
-    littleEndian.h \
     memoryInfo.I memoryInfo.h \
     memoryUsage.I memoryUsage.h \
     memoryUsagePointerCounts.I memoryUsagePointerCounts.h \
     memoryUsagePointers.I memoryUsagePointers.h \
     multifile.I multifile.h \
     namable.I \
-    namable.h nativeNumericData.I nativeNumericData.h \
+    namable.h \
     nodePointerToBase.h nodePointerToBase.I \
     nodePointerTo.h nodePointerTo.I \
     nodeReferenceCount.h nodeReferenceCount.I \
@@ -47,8 +46,6 @@
     pta_uchar.h \
     ramfile.I ramfile.h \
     referenceCount.I referenceCount.h \
-    reversedNumericData.I reversedNumericData.h \
-    streamReader.I streamReader.h streamWriter.I streamWriter.h \
     stringDecoder.h stringDecoder.I \
     subStream.I subStream.h subStreamBuf.h \
     textEncoder.h textEncoder.I \
@@ -78,13 +75,12 @@
     datagram.cxx datagramGenerator.cxx \
     datagramIterator.cxx \
     datagramSink.cxx dcast.cxx \
-    encryptStreamBuf.cxx encryptStream.cxx \
+    encrypt_string.cxx \
     error_utils.cxx \
     hashGeneratorBase.cxx hashVal.cxx \
     memoryInfo.cxx memoryUsage.cxx memoryUsagePointerCounts.cxx \
     memoryUsagePointers.cxx multifile.cxx \
     namable.cxx \
-    nativeNumericData.cxx \
     nodePointerToBase.cxx \
     nodePointerTo.cxx \
     nodeReferenceCount.cxx \
@@ -101,8 +97,6 @@
     pta_uchar.cxx \
     ramfile.cxx \
     referenceCount.cxx \
-    reversedNumericData.cxx \
-    streamReader.cxx streamWriter.cxx \
     stringDecoder.cxx \
     subStream.cxx subStreamBuf.cxx \
     textEncoder.cxx \
@@ -125,7 +119,7 @@
     zStream.cxx zStreamBuf.cxx
 
   #define INSTALL_HEADERS  \
-    bigEndian.h buffer.I buffer.h \
+    buffer.I buffer.h \
     checksumHashGenerator.I checksumHashGenerator.h circBuffer.I \
     circBuffer.h \
     config_express.h \
@@ -133,19 +127,18 @@
     datagramGenerator.h \
     datagramIterator.I datagramIterator.h datagramSink.I datagramSink.h \
     dcast.T dcast.h \
-    encryptStreamBuf.h encryptStreamBuf.I encryptStream.h encryptStream.I \
+    encrypt_string.h \
     error_utils.h \
     hashGeneratorBase.I hashGeneratorBase.h \
     hashVal.I hashVal.h \
     indirectLess.I indirectLess.h \
-    littleEndian.h \
     memoryInfo.I memoryInfo.h \
     memoryUsage.I memoryUsage.h \
     memoryUsagePointerCounts.I memoryUsagePointerCounts.h \
     memoryUsagePointers.I memoryUsagePointers.h \
     multifile.I multifile.h \
     namable.I \
-    namable.h nativeNumericData.I nativeNumericData.h \
+    namable.h \
     nodePointerToBase.h nodePointerToBase.I \
     nodePointerTo.h nodePointerTo.I \
     nodeReferenceCount.h nodeReferenceCount.I \
@@ -163,8 +156,6 @@
     pta_uchar.h \
     ramfile.I ramfile.h \
     referenceCount.I referenceCount.h \
-    reversedNumericData.I reversedNumericData.h \
-    streamReader.I streamReader.h streamWriter.I streamWriter.h \
     stringDecoder.h stringDecoder.I \
     subStream.I subStream.h subStreamBuf.h \
     textEncoder.h textEncoder.I \

panda/src/express/config_express.N

@@ -10,6 +10,8 @@ forcetype NotifySeverity
 forcetype TypedObject
 forcetype TypeHandle
 forcetype TypeRegistry
+forcetype StreamReader
+forcetype StreamWriter
 
 forcetype ConfigExpress
 renametype ConfigExpress ConfigExpress

panda/src/express/config_express.cxx

@@ -67,35 +67,6 @@ ConfigVariableBool lock_to_one_cpu
           "mainly a hack to solve a bug in which QueryPerformanceCounter "
           "returns inconsistent results on multi-core machines. "));
 
-ConfigVariableString encryption_algorithm
-("encryption-algorithm", "bf-cbc",
- PRC_DESC("This defines the OpenSSL encryption algorithm which is used to "
-          "encrypt any streams created by the current runtime.  The default is "
-          "Blowfish; the complete set of available algorithms is defined by "
-          "the current version of OpenSSL.  This value is used only to control "
-          "encryption; the correct algorithm will automatically be selected on "
-          "decryption."));
-
-ConfigVariableInt encryption_key_length
-("encryption-key-length", 0,
- PRC_DESC("This defines the key length, in bits, for the selected encryption "
-          "algorithm.  Some algorithms have a variable key length.  Specifying "
-          "a value of 0 here means to use the default key length for the "
-          "algorithm as defined by OpenSSL.  This value is used only to "
-          "control encryption; the correct key length will automatically be "
-          "selected on decryption."));
-
-ConfigVariableInt encryption_iteration_count
-("encryption-iteration-count", 100000,
- PRC_DESC("This defines the number of times a password is hashed to generate a "
-          "key when encrypting.  Its purpose is to make it computationally "
-          "more expensive for an attacker to search the key space "
-          "exhaustively.  This should be a multiple of 1,000 and should not "
-          "exceed about 65 million; the value 0 indicates just one application "
-          "of the hashing algorithm.  This value is used only to control "
-          "encryption; the correct count will automatically be selected on "
-          "decryption."));
-
 ConfigVariableInt multifile_encryption_iteration_count
 ("multifile-encryption-iteration-count", 0,
  PRC_DESC("This is a special value of encryption-iteration-count used to encrypt "

panda/src/express/config_express.h

@@ -65,9 +65,6 @@ extern ConfigVariableBool keep_temporary_files;
 
 extern ConfigVariableBool lock_to_one_cpu;
 
-extern ConfigVariableString encryption_algorithm;
-extern ConfigVariableInt encryption_key_length;
-extern ConfigVariableInt encryption_iteration_count;
 extern ConfigVariableInt multifile_encryption_iteration_count;
 
 extern ConfigVariableBool vfs_case_sensitive;

panda/src/express/encryptStream.cxx → panda/src/express/encrypt_string.cxx

@@ -1,5 +1,5 @@
-// Filename: encryptStream.cxx
-// Created by:  drose (01Sep04)
+// Filename: encrypt_string.cxx
+// Created by:  drose (30Jan07)
 //
 ////////////////////////////////////////////////////////////////////
 //
@@ -16,6 +16,7 @@
 //
 ////////////////////////////////////////////////////////////////////
 
+#include "encrypt_string.h"
 #include "encryptStream.h"
 
 #ifdef HAVE_OPENSSL

panda/src/express/encrypt_string.h

@@ -0,0 +1,33 @@
+// Filename: encrypt_string.h
+// Created by:  drose (30Jan07)
+//
+////////////////////////////////////////////////////////////////////
+//
+// PANDA 3D SOFTWARE
+// Copyright (c) 2001 - 2004, Disney Enterprises, Inc.  All rights reserved
+//
+// All use of this software is subject to the terms of the Panda 3d
+// Software license.  You should have received a copy of this license
+// along with this source code; you will also find a current copy of
+// the license at http://etc.cmu.edu/panda3d/docs/license/ .
+//
+// To contact the maintainers of this program write to
+// [email protected] .
+//
+////////////////////////////////////////////////////////////////////
+
+#ifndef ENCRYPT_STRING_H
+#define ENCRYPT_STRING_H
+
+#include "pandabase.h"
+
+#ifdef HAVE_OPENSSL
+
+BEGIN_PUBLISH
+EXPCL_PANDAEXPRESS string encrypt_string(const string &source, const string &password);
+EXPCL_PANDAEXPRESS string decrypt_string(const string &source, const string &password);
+END_PUBLISH
+
+#endif  // HAVE_OPENSSL
+
+#endif

panda/src/express/express_composite1.cxx

@@ -6,9 +6,8 @@
 #include "datagramIterator.cxx"
 #include "datagramSink.cxx"
 #include "dcast.cxx"
+#include "encrypt_string.cxx"
 #include "error_utils.cxx"
-#include "encryptStreamBuf.cxx"
-#include "encryptStream.cxx"
 #include "hashGeneratorBase.cxx"
 #include "hashVal.cxx"
 #include "memoryInfo.cxx"
@@ -17,7 +16,6 @@
 #include "memoryUsagePointers.cxx"
 #include "multifile.cxx"
 #include "namable.cxx"
-#include "nativeNumericData.cxx"
 #include "nodePointerToBase.cxx"
 #include "nodePointerTo.cxx"
 #include "nodeReferenceCount.cxx"

panda/src/express/express_composite2.cxx

@@ -1,9 +1,6 @@
 #include "pta_uchar.cxx"
 #include "ramfile.cxx"
 #include "referenceCount.cxx"
-#include "reversedNumericData.cxx"
-#include "streamReader.cxx"
-#include "streamWriter.cxx"
 #include "stringDecoder.cxx"
 #include "subStream.cxx"
 #include "subStreamBuf.cxx"