From 0bd2b0618dc4f8d3b2e56ff7f24c249442542530 Mon Sep 17 00:00:00 2001 From: Syntriax Date: Tue, 28 Oct 2025 19:47:54 +0300 Subject: [PATCH] feat: wip network packet encryption --- .../LiteNetLibClient.cs | 16 ++++++++- .../LiteNetLibCommunicatorBase.cs | 16 ++++++++- .../LiteNetLibServer.cs | 34 ++++++++++++++++++- .../PacketCryptor.cs | 26 ++++++++++++++ .../Abstract/INetworkPacketEncrypted.cs | 3 ++ 5 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 Engine.Integration/Engine.Integration.LiteNetLib/PacketCryptor.cs create mode 100644 Engine.Systems/Network/Abstract/INetworkPacketEncrypted.cs diff --git a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibClient.cs b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibClient.cs index cec0006..c6f578c 100644 --- a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibClient.cs +++ b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibClient.cs @@ -11,6 +11,7 @@ namespace Engine.Systems.Network; public class LiteNetLibClient : LiteNetLibCommunicatorBase, INetworkCommunicatorClient { private readonly NetDataWriter netDataWriter = new(); + private readonly NetDataWriter netDataWriterEncrypted = new(); private CancellationTokenSource? cancellationTokenSource = null; @@ -42,7 +43,20 @@ public class LiteNetLibClient : LiteNetLibCommunicatorBase, INetworkCommunicator public INetworkCommunicatorClient SendToServer(T packet, PacketDelivery packetDelivery) where T : class, new() { netDataWriter.Reset(); - netPacketProcessor.Write(netDataWriter, packet); + netDataWriterEncrypted.Reset(); + + if (packet is INetworkPacketEncrypted) + { + netPacketProcessor.Write(netDataWriterEncrypted, packet); + byte[] encryptedData = cryptor.Encrypt(netDataWriterEncrypted.CopyData()); + netDataWriter.Put(true); + netDataWriter.PutBytesWithLength(encryptedData); + } + else + { + netDataWriter.Put(false); + netPacketProcessor.Write(netDataWriter, packet); + } switch (packetDelivery) { diff --git a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibCommunicatorBase.cs b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibCommunicatorBase.cs index 4dd1016..daa7a0d 100644 --- a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibCommunicatorBase.cs +++ b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibCommunicatorBase.cs @@ -12,6 +12,7 @@ namespace Engine.Systems.Network; public abstract class LiteNetLibCommunicatorBase : Behaviour, IEnterUniverse, IExitUniverse, INetworkCommunicator { protected readonly NetPacketProcessor netPacketProcessor = new(); + protected readonly PacketCryptor cryptor = new("At4ywW9PGoWH3g==", "NmpMFTvd3pvUbA=="); // TODO implement public key exchange private readonly Dictionary> listeners = []; private readonly Dictionary _connections = []; @@ -54,7 +55,20 @@ public abstract class LiteNetLibCommunicatorBase : Behaviour, IEnterUniverse, IE private void NetworkReceiveEvent(NetPeer peer, NetPacketReader reader, byte channel, DeliveryMethod deliveryMethod) { - try { netPacketProcessor.ReadAllPackets(reader, peer); } + try + { + bool isEncrypted = reader.GetBool(); + if (isEncrypted) // TODO performance improvements + { + byte[] encryptedData = reader.GetBytesWithLength(); + byte[] decryptedData = cryptor.Decrypt(encryptedData); + NetDataReader innerReader = new(decryptedData); + netPacketProcessor.ReadAllPackets(innerReader, peer); + return; + } + + netPacketProcessor.ReadAllPackets(reader, peer); + } catch (Exception exception) { logger?.LogException(this, exception, force: true); } } diff --git a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibServer.cs b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibServer.cs index a749156..0ba6fa4 100644 --- a/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibServer.cs +++ b/Engine.Integration/Engine.Integration.LiteNetLib/LiteNetLibServer.cs @@ -13,6 +13,7 @@ public class LiteNetLibServer : LiteNetLibCommunicatorBase, INetworkCommunicator public int Port { get; private set; } = 8888; private readonly NetDataWriter netDataWriter = new(); + private readonly NetDataWriter netDataWriterEncrypted = new(); public LiteNetLibServer() : this(8888, 2) { } public LiteNetLibServer(int port, int maxConnectionCount) : base() @@ -53,11 +54,25 @@ public class LiteNetLibServer : LiteNetLibCommunicatorBase, INetworkCommunicator public INetworkCommunicatorServer SendToClient(IConnection connection, T packet, PacketDelivery packetDelivery) where T : class, new() { netDataWriter.Reset(); - netPacketProcessor.Write(netDataWriter, packet); if (Manager.ConnectedPeerList.FirstOrDefault(p => p.Id.ToString().CompareTo(connection.Id) == 0) is not NetPeer netPeer) throw new($"Peer {connection} couldn't be found."); + if (packet is INetworkPacketEncrypted) // TODO performance improvements + { + netDataWriterEncrypted.Reset(); + netPacketProcessor.Write(netDataWriterEncrypted, packet); + byte[] encryptedData = cryptor.Encrypt(netDataWriterEncrypted.CopyData()); + + netDataWriter.Put(true); + netDataWriter.PutBytesWithLength(encryptedData); + } + else + { + netDataWriter.Put(false); + netPacketProcessor.Write(netDataWriter, packet); + } + switch (packetDelivery) { case PacketDelivery.ReliableInOrder: netPeer.Send(netDataWriter, DeliveryMethod.ReliableOrdered); break; @@ -75,6 +90,23 @@ public class LiteNetLibServer : LiteNetLibCommunicatorBase, INetworkCommunicator netDataWriter.Reset(); netPacketProcessor.Write(netDataWriter, packet); + if (packet is INetworkPacketEncrypted) + { + netDataWriterEncrypted.Reset(); + + logger?.Log($"Encrypted Packet Sending"); + netPacketProcessor.Write(netDataWriterEncrypted, packet); + byte[] encryptedData = cryptor.Encrypt(netDataWriterEncrypted.CopyData()); + netDataWriter.PutBytesWithLength(encryptedData); + netDataWriter.Put(true); + } + else + { + logger?.Log($"Regular Packet Sending"); + netPacketProcessor.Write(netDataWriter, packet); + netDataWriter.Put(false); + } + switch (packetDelivery) { case PacketDelivery.ReliableInOrder: Manager.SendToAll(netDataWriter, DeliveryMethod.ReliableOrdered); break; diff --git a/Engine.Integration/Engine.Integration.LiteNetLib/PacketCryptor.cs b/Engine.Integration/Engine.Integration.LiteNetLib/PacketCryptor.cs new file mode 100644 index 0000000..3a3c5ba --- /dev/null +++ b/Engine.Integration/Engine.Integration.LiteNetLib/PacketCryptor.cs @@ -0,0 +1,26 @@ +using System.Security.Cryptography; +using System.Text; + +namespace Engine.Systems.Network; + +public class PacketCryptor // TODO performance improvements +{ + private readonly Aes aes = null!; + + private readonly ICryptoTransform encrpytor = null!; + private readonly ICryptoTransform decryptor = null!; + + public byte[] Encrypt(byte[] data) => encrpytor.TransformFinalBlock(data, 0, data.Length); + public byte[] Decrypt(byte[] data) => decryptor.TransformFinalBlock(data, 0, data.Length); + + public PacketCryptor(string key, string initializationVector) + { + aes = Aes.Create(); + + aes.Key = Encoding.UTF8.GetBytes(key); + aes.IV = Encoding.UTF8.GetBytes(initializationVector); + + encrpytor = aes.CreateEncryptor(); + decryptor = aes.CreateDecryptor(); + } +} diff --git a/Engine.Systems/Network/Abstract/INetworkPacketEncrypted.cs b/Engine.Systems/Network/Abstract/INetworkPacketEncrypted.cs new file mode 100644 index 0000000..f7c2bb1 --- /dev/null +++ b/Engine.Systems/Network/Abstract/INetworkPacketEncrypted.cs @@ -0,0 +1,3 @@ +namespace Engine.Systems.Network; + +public interface INetworkPacketEncrypted : INetworkPacket;