nlansing/DedicatedServerCourse
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lesson 35 - Get Compute Auth Token Working

Browse Source
This commit is contained in:
Norman Lansing
2026-02-28 12:32:28 -05:00
parent 1d477ee42a
commit 4fde462bce
7743 changed files with 1397833 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/crt/crypto/HMAC.h Normal file
View File

@@ -0,0 +1,168 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/cal/hmac.h>
#include <aws/crt/Exports.h>
#include <aws/crt/Types.h>
struct aws_hmac;
namespace Aws
{
namespace Crt
{
namespace Crypto
{
static const size_t SHA256_HMAC_DIGEST_SIZE = 32;
/**
* Computes a SHA256 HMAC with secret over input, and writes the digest to output. If truncateTo is
* non-zero, the digest will be truncated to the value of truncateTo. Returns true on success. If this
* function fails, Aws::Crt::LastError() will contain the error that occurred. Unless you're using
* 'truncateTo', output should have a minimum capacity of SHA256_HMAC_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeSHA256HMAC(
Allocator *allocator,
const ByteCursor &secret,
const ByteCursor &input,
ByteBuf &output,
size_t truncateTo = 0) noexcept;
/**
* Computes a SHA256 HMAC using the default allocator with secret over input, and writes the digest to
* output. If truncateTo is non-zero, the digest will be truncated to the value of truncateTo. Returns true
* on success. If this function fails, Aws::Crt::LastError() will contain the error that occurred. Unless
* you're using 'truncateTo', output should have a minimum capacity of SHA256_HMAC_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeSHA256HMAC(
const ByteCursor &secret,
const ByteCursor &input,
ByteBuf &output,
size_t truncateTo = 0) noexcept;
/**
* Streaming HMAC object. The typical use case is for computing the HMAC of an object that is too large to
* load into memory. You can call Update() multiple times as you load chunks of data into memory. When
* you're finished simply call Digest(). After Digest() is called, this object is no longer usable.
*/
class AWS_CRT_CPP_API HMAC final
{
public:
~HMAC();
HMAC(const HMAC &) = delete;
HMAC &operator=(const HMAC &) = delete;
HMAC(HMAC &&toMove);
HMAC &operator=(HMAC &&toMove);
/**
* Returns true if the instance is in a valid state, false otherwise.
*/
inline operator bool() const noexcept { return m_good; }
/**
* Returns the value of the last aws error encountered by operations on this instance.
*/
inline int LastError() const noexcept { return m_lastError; }
/**
* Creates an instance of a Streaming SHA256 HMAC.
*/
static HMAC CreateSHA256HMAC(Allocator *allocator, const ByteCursor &secret) noexcept;
/**
* Creates an instance of a Streaming SHA256 HMAC using the Default Allocator.
*/
static HMAC CreateSHA256HMAC(const ByteCursor &secret) noexcept;
/**
* Updates the running HMAC object with data in toHMAC. Returns true on success. Call
* LastError() for the reason this call failed.
*/
bool Update(const ByteCursor &toHMAC) noexcept;
/**
* Finishes the running HMAC operation and writes the digest into output. The available capacity of
* output must be large enough for the digest. See: SHA256_DIGEST_SIZE and MD5_DIGEST_SIZE for size
* hints. 'truncateTo' is for if you want truncated output (e.g. you only want the first 16 bytes of a
* SHA256 digest. Returns true on success. Call LastError() for the reason this call failed.
*/
bool Digest(ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Returns the size of the digest for this hmac algorithm. If this object is not valid, it will
* return 0 instead.
*/
size_t DigestSize() const noexcept;
/**
* Computes the running HMAC and finishes the running HMAC operation and writes the digest into output.
* The available capacity of output must be large enough for the digest.
* See: SHA256_DIGEST_SIZE and MD5_DIGEST_SIZE for size
* hints. 'truncateTo' is for if you want truncated output (e.g. you only want the first 16 bytes of a
* SHA256 HMAC digest. Returns true on success. Call LastError() for the reason this call failed.
*
* This is an API a user would use for smaller size inputs. For larger, streaming inputs, use
* multiple calls to Update() for each buffer, followed by a single call to Digest().
*/
bool ComputeOneShot(const ByteCursor &input, ByteBuf &output, size_t truncateTo = 0) noexcept;
private:
HMAC(aws_hmac *hmac) noexcept;
HMAC() = delete;
aws_hmac *m_hmac;
bool m_good;
int m_lastError;
};
/**
* BYO_CRYPTO: Base class for custom HMAC implementations.
*
* If using BYO_CRYPTO, you must define concrete implementations for the required HMAC algorithms
* and set their creation callbacks via functions like ApiHandle.SetBYOCryptoNewSHA256HMACCallback().
*/
class AWS_CRT_CPP_API ByoHMAC
{
public:
virtual ~ByoHMAC() = default;
/** @private
* this is called by the framework. If you're trying to create instances of this class manually,
* please don't. But if you do. Look at the other factory functions for reference.
*/
aws_hmac *SeatForCInterop(const std::shared_ptr<ByoHMAC> &selfRef);
protected:
ByoHMAC(size_t digestSize, const ByteCursor &secret, Allocator *allocator = ApiAllocator());
/**
* Updates the running HMAC with to_hash.
* This can be called multiple times.
* Raise an AWS error and return false to indicate failure.
*/
virtual bool UpdateInternal(const ByteCursor &toHash) noexcept = 0;
/**
* Complete the HMAC computation and write the final digest to output.
* This cannote be called more than once.
* If truncate_to is something other than 0, the output must be truncated to that number of bytes.
* Raise an AWS error and return false to indicate failure.
*/
virtual bool DigestInternal(ByteBuf &output, size_t truncateTo = 0) noexcept = 0;
private:
static void s_Destroy(struct aws_hmac *hmac);
static int s_Update(struct aws_hmac *hmac, const struct aws_byte_cursor *buf);
static int s_Finalize(struct aws_hmac *hmac, struct aws_byte_buf *out);
static aws_hmac_vtable s_Vtable;
aws_hmac m_hmacValue;
std::shared_ptr<ByoHMAC> m_selfReference;
};
using CreateHMACCallback =
std::function<std::shared_ptr<ByoHMAC>(size_t digestSize, const ByteCursor &secret, Allocator *)>;
} // namespace Crypto
} // namespace Crt
} // namespace Aws

212
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/crt/crypto/Hash.h Normal file
View File

@@ -0,0 +1,212 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/crt/Exports.h>
#include <aws/crt/Types.h>
#include <aws/cal/hash.h>
struct aws_hash;
namespace Aws
{
namespace Crt
{
namespace Crypto
{
static const size_t SHA1_DIGEST_SIZE = AWS_SHA1_LEN;
static const size_t SHA256_DIGEST_SIZE = AWS_SHA256_LEN;
static const size_t MD5_DIGEST_SIZE = AWS_MD5_LEN;
/**
* Computes a SHA256 Hash over input, and writes the digest to output. If truncateTo is non-zero, the digest
* will be truncated to the value of truncateTo. Returns true on success. If this function fails,
* Aws::Crt::LastError() will contain the error that occurred. Unless you're using 'truncateTo', output
* should have a minimum capacity of SHA256_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeSHA256(
Allocator *allocator,
const ByteCursor &input,
ByteBuf &output,
size_t truncateTo = 0) noexcept;
/**
* Computes a SHA256 Hash using the default allocator over input, and writes the digest to output. If
* truncateTo is non-zero, the digest will be truncated to the value of truncateTo. Returns true on success.
* If this function fails, Aws::Crt::LastError() will contain the error that occurred. Unless you're using
* 'truncateTo', output should have a minimum capacity of SHA256_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API
ComputeSHA256(const ByteCursor &input, ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Computes a MD5 Hash over input, and writes the digest to output. If truncateTo is non-zero, the digest
* will be truncated to the value of truncateTo. Returns true on success. If this function fails,
* Aws::Crt::LastError() will contain the error that occurred. Unless you're using 'truncateTo',
* output should have a minimum capacity of MD5_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeMD5(
Allocator *allocator,
const ByteCursor &input,
ByteBuf &output,
size_t truncateTo = 0) noexcept;
/**
* Computes a MD5 Hash using the default allocator over input, and writes the digest to output. If
* truncateTo is non-zero, the digest will be truncated to the value of truncateTo. Returns true on success.
* If this function fails, Aws::Crt::LastError() will contain the error that occurred. Unless you're using
* 'truncateTo', output should have a minimum capacity of MD5_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeMD5(const ByteCursor &input, ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Computes a SHA1 Hash over input, and writes the digest to output. If truncateTo is non-zero, the digest
* will be truncated to the value of truncateTo. Returns true on success. If this function fails,
* Aws::Crt::LastError() will contain the error that occurred. Unless you're using 'truncateTo',
* output should have a minimum capacity of MD5_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeSHA1(
Allocator *allocator,
const ByteCursor &input,
ByteBuf &output,
size_t truncateTo = 0) noexcept;
/**
* Computes a SHA1 Hash using the default allocator over input, and writes the digest to output. If
* truncateTo is non-zero, the digest will be truncated to the value of truncateTo. Returns true on success.
* If this function fails, Aws::Crt::LastError() will contain the error that occurred. Unless you're using
* 'truncateTo', output should have a minimum capacity of SHA1_DIGEST_SIZE.
*/
bool AWS_CRT_CPP_API ComputeSHA1(const ByteCursor &input, ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Streaming Hash object. The typical use case is for computing the hash of an object that is too large to
* load into memory. You can call Update() multiple times as you load chunks of data into memory. When
* you're finished simply call Digest(). After Digest() is called, this object is no longer usable.
*/
class AWS_CRT_CPP_API Hash final
{
public:
~Hash();
Hash(const Hash &) = delete;
Hash &operator=(const Hash &) = delete;
Hash(Hash &&toMove);
Hash &operator=(Hash &&toMove);
/**
* Returns true if the instance is in a valid state, false otherwise.
*/
operator bool() const noexcept;
/**
* Returns the value of the last aws error encountered by operations on this instance.
*/
inline int LastError() const noexcept { return m_lastError; }
/**
* Creates an instance of a Streaming SHA256 Hash.
*/
static Hash CreateSHA256(Allocator *allocator = ApiAllocator()) noexcept;
/**
* Creates an instance of a Stream SHA1 Hash.
*/
static Hash CreateSHA1(Allocator *allocator = ApiAllocator()) noexcept;
/**
* Creates an instance of a Streaming MD5 Hash.
*/
static Hash CreateMD5(Allocator *allocator = ApiAllocator()) noexcept;
/**
* Updates the running hash object with data in toHash. Returns true on success. Call
* LastError() for the reason this call failed.
*/
bool Update(const ByteCursor &toHash) noexcept;
/**
* Finishes the running hash operation and writes the digest into output. The available capacity of
* output must be large enough for the digest. See: SHA1_DIGEST_SIZE, SHA256_DIGEST_SIZE and
* MD5_DIGEST_SIZE for size hints. 'truncateTo' is for if you want truncated output (e.g. you only want
* the first 16 bytes of a SHA256 digest. Returns true on success. Call LastError() for the reason this
* call failed.
*/
bool Digest(ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Computes the hash of input and writes the digest into output. The available capacity of
* output must be large enough for the digest. See: SHA1_DIGEST_SIZE, SHA256_DIGEST_SIZE and
* MD5_DIGEST_SIZE for size hints. 'truncateTo' is for if you want truncated output (e.g. you only want
* the first 16 bytes of a SHA256 digest. Returns true on success. Call LastError() for the reason this
* call failed.
*
* This is an API a user would use for smaller size inputs. For larger, streaming inputs, use
* multiple calls to Update() for each buffer, followed by a single call to Digest().
*/
bool ComputeOneShot(const ByteCursor &input, ByteBuf &output, size_t truncateTo = 0) noexcept;
/**
* Returns the size of the digest for this hash algorithm. If this object is not valid, it will
* return 0 instead.
*/
size_t DigestSize() const noexcept;
private:
Hash(aws_hash *hash) noexcept;
Hash() = delete;
aws_hash *m_hash;
int m_lastError;
};
/**
* BYO_CRYPTO: Base class for custom hash implementations.
*
* If using BYO_CRYPTO, you must define concrete implementations for the required hash algorithms
* and set their creation callbacks via functions like ApiHandle.SetBYOCryptoNewMD5Callback().
*/
class AWS_CRT_CPP_API ByoHash
{
public:
virtual ~ByoHash();
/** @private
* this is called by the framework. If you're trying to create instances of this class manually,
* please don't. But if you do. Look at the other factory functions for reference.
*/
aws_hash *SeatForCInterop(const std::shared_ptr<ByoHash> &selfRef);
protected:
ByoHash(size_t digestSize, Allocator *allocator = ApiAllocator());
/**
* Update the running hash with to_hash.
* This can be called multiple times.
* Raise an AWS error and return false to indicate failure.
*/
virtual bool UpdateInternal(const ByteCursor &toHash) noexcept = 0;
/**
* Complete the hash computation and write the final digest to output.
* This cannot be called more than once.
* If truncate_to is something other than 0, the output must be truncated to that number of bytes.
* Raise an AWS error and return false to indicate failure.
*/
virtual bool DigestInternal(ByteBuf &output, size_t truncateTo = 0) noexcept = 0;
private:
static void s_Destroy(struct aws_hash *hash);
static int s_Update(struct aws_hash *hash, const struct aws_byte_cursor *buf);
static int s_Finalize(struct aws_hash *hash, struct aws_byte_buf *out);
static aws_hash_vtable s_Vtable;
aws_hash m_hashValue;
std::shared_ptr<ByoHash> m_selfReference;
};
using CreateHashCallback = std::function<std::shared_ptr<ByoHash>(size_t digestSize, Allocator *)>;
} // namespace Crypto
} // namespace Crt
} // namespace Aws

18
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/crt/crypto/SecureRandom.h Normal file
View File

@@ -0,0 +1,18 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/crt/Exports.h>
#include <aws/crt/Types.h>
namespace Aws
{
namespace Crt
{
namespace Crypto
{
bool AWS_CRT_CPP_API GenerateRandomBytes(ByteBuf &output, size_t lengthToGenerate);
}
} // namespace Crt
} // namespace Aws

166
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/crt/crypto/SymmetricCipher.h Normal file
View File

@@ -0,0 +1,166 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/cal/symmetric_cipher.h>
#include <aws/crt/Exports.h>
#include <aws/crt/Types.h>
struct aws_symmetric_cipher;
namespace Aws
{
namespace Crt
{
namespace Crypto
{
static const size_t AES_256_CIPHER_BLOCK_SIZE = 16u;
static const size_t AES_256_KEY_SIZE_BYTES = 32u;
enum class SymmetricCipherState
{
Ready = AWS_SYMMETRIC_CIPHER_READY,
Finalized = AWS_SYMMETRIC_CIPHER_FINALIZED,
Error = AWS_SYMMETRIC_CIPHER_ERROR,
};
class AWS_CRT_CPP_API SymmetricCipher final
{
public:
SymmetricCipher(const SymmetricCipher &) = delete;
SymmetricCipher &operator=(const SymmetricCipher &) = delete;
SymmetricCipher(SymmetricCipher &&) noexcept = default;
SymmetricCipher &operator=(SymmetricCipher &&) noexcept = default;
/**
* Creates an AES 256 CBC mode cipher using a provided key and iv.
* Key must be 32 bytes. If key or iv are not provided, they will be generated.
*/
static SymmetricCipher CreateAES_256_CBC_Cipher(
const Optional<ByteCursor> &key = Optional<ByteCursor>(),
const Optional<ByteCursor> &iv = Optional<ByteCursor>(),
Allocator *allocator = ApiAllocator()) noexcept;
/**
* Creates an AES 256 CTR mode cipher using a provided key and iv.
* If key and iv are not provided, they will be generated.
*/
static SymmetricCipher CreateAES_256_CTR_Cipher(
const Optional<ByteCursor> &key = Optional<ByteCursor>(),
const Optional<ByteCursor> &iv = Optional<ByteCursor>(),
Allocator *allocator = ApiAllocator()) noexcept;
/**
* Creates an AES 256 GCM mode cipher using a provided key, iv, tag, and aad if provided.
* Key and iv will be generated if not provided.
* AAD values are not generated.
* Provide AAD if you need to provide additional auth info.
*/
static SymmetricCipher CreateAES_256_GCM_Cipher(
const Optional<ByteCursor> &key = Optional<ByteCursor>(),
const Optional<ByteCursor> &iv = Optional<ByteCursor>(),
const Optional<ByteCursor> &aad = Optional<ByteCursor>(),
Allocator *allocator = ApiAllocator()) noexcept;
/**
* Creates an AES 256 Keywrap mode cipher using key if provided.
* If a key is not provided, one will be generated.
*/
static SymmetricCipher CreateAES_256_KeyWrap_Cipher(
const Optional<ByteCursor> &key = Optional<ByteCursor>(),
Allocator *allocator = ApiAllocator()) noexcept;
/**
* Returns true if the instance is in a valid state, false otherwise.
*/
operator bool() const noexcept;
/**
* Returns current state of the cipher instance. ready to be used, finalized, or in a error state.
* If the cipher is in a finalized or error state it may not be used anymore
**/
SymmetricCipherState GetState() const noexcept;
/**
* Returns the value of the last aws error encountered by operations on this instance.
*/
inline int LastError() const noexcept { return m_lastError; }
/**
* Encrypts the value in toEncrypt and stores any immediate results in out. Out can be dynamically
* re-sized if out is a dynamic byte buf. Otherwise, make sure the size of out is at least 2 blocks
* larger than the input to allow for padding.
*
* Returns true on success. Call
* LastError() for the reason this call failed.
*/
bool Encrypt(const ByteCursor &toEncrypt, ByteBuf &out) noexcept;
/**
* Encrypts any remaining data on the cipher and stores the output in out. Out can be dynamically
* re-sized if out is a dynamic byte buf. Otherwise, make sure the size of out is at least 2 blocks
* for CBC, CTR, and GCM modes and 40 bytes for KeyWrap.
*
* Returns true on success. Call
* LastError() for the reason this call failed.
*/
bool FinalizeEncryption(ByteBuf &out) noexcept;
/**
* Decrypts the value in toEncrypt and stores any immediate results in out. Out can be dynamically
* re-sized if out is a dynamic byte buf. Otherwise, make sure the size of out is at least 1 block
* larger than the input to allow for padding. Returns true on success. Call LastError() for the reason
* this call failed.
*/
bool Decrypt(const ByteCursor &toDecrypt, ByteBuf &out) noexcept;
/**
* Decrypts any remaining data on the cipher and stores the output in out. Out can be dynamically
* re-sized if out is a dynamic byte buf. Otherwise, make sure the size of out is at least 2 blocks
* for CBC, CTR, GCM, and Keywrap modes.
*
* Returns true on success. Call
* LastError() for the reason this call failed.
*/
bool FinalizeDecryption(ByteBuf &out) noexcept;
/**
* Reset to cipher to new state.
*/
bool Reset() noexcept;
/**
* Returns the key used for this cipher. This key is not copied from the cipher so do not mutate this
* data. Copy if you need to pass it around anywhere.
*/
ByteCursor GetKey() const noexcept;
/**
* Returns the initialization vector used for this cipher.
* This IV is not copied from the cipher so do not mutate this
* data. Copy if you need to pass it around anywhere.
*/
ByteCursor GetIV() const noexcept;
/**
* Returns the encryption tag generated during encryption operations for this cipher in GCM mode.
* This tag is not copied from the cipher so do not mutate this
* data. Copy if you need to pass it around anywhere.
*/
ByteCursor GetTag() const noexcept;
/**
* Sets the tag used during decryption operations for this cipher in GCM mode.
* No-op outside of GCM mode. In GCM mode, encrypt operation overrides the value of the tag.
*/
void SetTag(ByteCursor tag) const noexcept;
private:
SymmetricCipher(aws_symmetric_cipher *cipher) noexcept;
ScopedResource<struct aws_symmetric_cipher> m_cipher;
int m_lastError;
};
} // namespace Crypto
} // namespace Crt
} // namespace Aws