Game Development Community

dev|Pro Game Development Curriculum

SSLObject

by CdnGater · 11/27/2005 (10:48 pm) · 7 comments

Download Code File

What is SSLObject
--------------

SSLObject is a TGEScript extension that provides secure connections over the TCP protocol. It is based on the free library OpenSSL, and provides the security the Secure Socket Layer has to offer with a great ease in its use.

The first goal of SSLObject is to make available a simple implementation of the SSL for applications which needs network security, authentication issues or simply some criptography. With SSLObject, you won't need to master all the OpenSSL api to make secure connections over the internet.

The code is yet in an alpha stage, but it has been tested over Windows.

SSLObject is heavly based on the work done by 'Mauricio Oliveira Carneiro' for LuaSSL.


What You Can't Do With SSLObject
-----------------------------
As SSLObject is a simplification of the OpenSSL API, there are some things that can't be done with SSLObject. Here is a brief list of what SSLObject can't do:

Multiple sessions.
Non-Blocking I/O.
Command line encrypting/decrypting.
Generation of keys (Private/Public).

Some of these features were not implemented just for the sake of simplicity (multiple sessions and non-blocking I/O). The others are not intended to be in the SSLObject package, since it's not a general crypto library like OpenSSL, it just handles the SSL connections part of OpenSSL. For the command line tool, you can use the OpenSSL one.


Installation
------------

First of all, you'll need OpenSSL 0.9.6 or higher installed on your machine from www.openssl.org

Download and build OpenSSL as instructed for Windows

copy the openssl libraries and DLLS from openssl-0.9.8a/out32dll to lib/opensll (Don't forget to copy the DLLS to the directory where your EXE resides)

copy the openssl directory found in openssl-0.9.8a/inc32 to lib/openssl


Project Changes
---------------

Add ../lib/openssl to the additional include directories of the compiler

Add ../lib/openssl/ssleay32.lib ../lib/openssl/libeay32.lib to the library modules of the linker


Code Changes
------------

console/simBase.cc
ImplementNamedGroup(TCPGroup)
   ImplementNamedGroup(SSLGroup)  << Add this

console/simBase.h
DeclareNamedGroup(TCPGroup)
   DeclareNamedGroup(SSLGroup)  << Add this

console/simManager.cc
InstantiateNamedGroup(TCPGroup);
   InstantiateNamedGroup(SSLGroup); << Add this

New Files
---------

Add sslObject.cc and sslObject.h to the game/net directory, add them to the appropriate place in your project


DEMO
----

I have inclued ssl_client.cs, ssl_server.cs and keys as simple demos of SSLObject.

start torque using the respective files as a parameter to run each of the demos.


Building Keys
-------------
sslObject does not build keys, you have to use the openSSl. Below is the example I used to generate the keys for this test

openssl req -newkey rsa:1024 -sha1 -keyout keys/rootkey.pem -out keys/rootreq.pem -config keys/root.cnf
 
openssl x509 -req -in keys/rootreq.pem -sha1 -extfile keys/root.cnf -extensions certificate_extensions -signkey keys/rootkey.pem -out keys/rootcert.pem
 
cat keys/rootcert.pem keys/rootkey.pem > keys/root.pem
 
 
 
openssl req -newkey rsa:1024 -sha1 -keyout keys/serverCAkey.pem -out keys/serverCAreq.pem -config keys/serverCA.cnf
 
openssl x509 -req -in keys/serverCAreq.pem -sha1 -extfile keys/serverCA.cnf -extensions certificate_extensions -CA keys/root.pem -CAkey keys/root.pem -CAcreateserial -out keys/serverCAcert.pem
 
cat keys/serverCAcert.pem keys/serverCAkey.pem keys/rootcert.pem > keys/serverCA.pem
 
 
 
openssl req -newkey rsa:1024 -sha1 -keyout keys/serverkey.pem -out keys/serverreq.pem -config keys/server.cnf -reqexts req_extensions
 
openssl x509 -req -in keys/serverreq.pem -sha1 -extfile keys/server.cnf -extensions certificate_extensions -CA keys/serverCA.pem -CAkey keys/serverCA.pem -CAcreateserial -out keys/servercert.pem
 
cat keys/servercert.pem keys/serverkey.pem keys/serverCAcert.pem keys/rootcert.pem > keys/server.pem
 
 
 
openssl req -newkey rsa:1024 -sha1 -keyout keys/clientkey.pem -out keys/clientreq.pem -config keys/client.cnf -reqexts req_extensions
 
openssl x509 -req -in keys/clientreq.pem -sha1 -extfile keys/client.cnf -extensions certificate_extensions -CA keys/root.pem -CAkey keys/root.pem -CAcreateserial -out keys/clientcert.pem
 
cat keys/clientcert.pem keys/clientkey.pem keys/rootcert.pem > keys/client.pem
 
 
openssl dhparam -check -text -5 512 -out keys/dh512.pem
openssl dhparam -check -text -5 1024 -out keys/dh1024.pem


Comments and requests about what should be implemented are very welcome!

[Edit] Added spaces to ssl code above, was hard to read

#1
11/27/2005 (10:50 pm)
Another cool one Simon. :) Hey, I kind of sound like a broken record lately as I keep saying this, but... it's good to get people thinking about... consider posting how-to's like this over on the Torque Developer Network as well!
#2
11/28/2005 (12:30 am)
Yes, very nice resource. TDN needs submissions like this =)
#3
11/28/2005 (10:29 am)
Hell, the concept alone is refreshing.
Very nice, I'll be testing ASAP.

Ari
#4
11/30/2005 (6:59 am)
@Josh, I'll post on TDN when I can successfully navigate TDN without being told that
A) I need to be an SDK owner to view pages. (I own all the SDKs at this point)
B) I need to login (for the hundredth time)
C) The search function works, as well as the google site search function.

Other than that TDN seems like it is a great effort. Too buggy at the moment though, I would hate to be attempting to post a resource that takes an hour or two to write up and get any of those messages.
#5
12/02/2005 (12:20 pm)
I second Dreamers comments on TDN. I don't want to 'study' and obtain a TDN degree before before posting there. I just don't have the time.
#6
12/02/2005 (12:21 pm)
@Simon, great idea. I have not tested it yet but have bookmarked it for when the time comes.
#7
02/25/2008 (9:20 am)
How does the security of this resource compare to that of an HTTPS web page?

This is an incredibly useful resource BTW!