native plugin

fix import flags

Show native state in ToString for NM HUD

Old unity support

Author: imerr

Assets/Mirror/Transports/Encryption/EncryptedConnection.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Security.Cryptography;
+using Mirror.Transports.Encryption.Native;
 using System.Text;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Agreement;
@@ -131,6 +132,7 @@ enum State
          * The client does this, since the fin is not acked explicitly, but by receiving data to decrypt
          */
         private readonly bool _sendsFirst;
+        private byte[] _keyRaw;
 
         public EncryptedConnection(EncryptionCredentials credentials,
             bool isClient,
@@ -363,6 +365,18 @@ private ArraySegment<byte> Encrypt(ArraySegment<byte> plaintext)
 #endif
             // Resize the static buffer to fit
             EnsureSize(ref _tmpCryptBuffer, outSize);
+
+            if (AesGCMEncryptionNative.IsSupported)
+            {
+                ArraySegment<byte> nativeRes = AesGCMEncryptionNative.Encrypt(_keyRaw, _nonce, plaintext, new ArraySegment<byte>(_tmpCryptBuffer));
+                if (nativeRes.Count == 0)
+                {
+                    _error(TransportError.Unexpected, $"Native Encryption failed. Please check STDERR (or editor log) for the error.");
+                    return new ArraySegment<byte>();
+                }
+                return nativeRes;
+            }
+
             int resultLen;
             try
             {
@@ -411,6 +425,16 @@ private ArraySegment<byte> Decrypt(ArraySegment<byte> ciphertext)
 #endif
             // Resize the static buffer to fit
             EnsureSize(ref _tmpCryptBuffer, outSize);
+            if (AesGCMEncryptionNative.IsSupported)
+            {
+                var nativeRes = AesGCMEncryptionNative.Decrypt(_keyRaw, ReceiveNonce, ciphertext, new ArraySegment<byte>(_tmpCryptBuffer));
+                if (nativeRes.Count == 0)
+                {
+                    _error(TransportError.Unexpected, $"Native Encryption failed. Please check STDERR (or editor log) for the error.");
+                    return new ArraySegment<byte>();
+                }
+                return nativeRes;
+            }
             int resultLen;
             try
             {
@@ -537,12 +561,12 @@ private void CompleteExchange(ArraySegment<byte> remotePubKeyRaw, byte[] salt)
             Hkdf.Init(new HkdfParameters(sharedSecret, salt, HkdfInfo));
 
             // Allocate a buffer for the output key
-            byte[] keyRaw = new byte[KeyLength];
+            _keyRaw = new byte[KeyLength];
 
             // Generate the output keying material
-            Hkdf.GenerateBytes(keyRaw, 0, keyRaw.Length);
+            Hkdf.GenerateBytes(_keyRaw, 0, _keyRaw.Length);
 
-            KeyParameter key = new KeyParameter(keyRaw);
+            KeyParameter key = new KeyParameter(_keyRaw);
 
             // generate a starting nonce
             _nonce = GenerateSecureBytes(NonceSize);

Assets/Mirror/Transports/Encryption/EncryptionTransport.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using Mirror.Transports.Encryption.Native;
 using UnityEngine;
 using UnityEngine.Profiling;
 using UnityEngine.Serialization;
@@ -38,6 +39,11 @@ public enum ValidationMode
         public string EncryptionPublicKeyFingerprint => _credentials?.PublicKeyFingerprint;
         public byte[] EncryptionPublicKey => _credentials?.PublicKeySerialized;
 
+
+        public override string ToString()
+        {
+            return $"EncryptionTransport(native: {AesGCMEncryptionNative.IsSupported})";
+        }
         private void ServerRemoveFromPending(EncryptedConnection con)
         {
             for (int i = 0; i < _serverPendingConnections.Count; i++)

Assets/Mirror/Transports/Encryption/Native.meta

@@ -0,0 +1,81 @@
+using System;
+using System.Runtime.InteropServices;
+using System.Security;
+using UnityEngine;
+namespace Mirror.Transports.Encryption.Native
+{
+    public class AesGCMEncryptionNative
+    {
+        [SuppressUnmanagedCodeSecurity]
+        [DllImport("rusty_mirror_encryption", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)]
+        private static extern byte is_supported();
+
+        [SuppressUnmanagedCodeSecurity]
+        [DllImport("rusty_mirror_encryption", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)]
+        private static extern uint aes_gcm_encrypt(
+            UIntPtr key, uint key_size,
+            UIntPtr nonce, uint nonce_size,
+            UIntPtr data, uint data_in_size, uint data_capacity);
+
+        [SuppressUnmanagedCodeSecurity]
+        [DllImport("rusty_mirror_encryption", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)]
+        private static extern uint aes_gcm_decrypt(
+            UIntPtr key, uint key_size,
+            UIntPtr nonce, uint nonce_size,
+            UIntPtr data, uint data_size);
+
+        private static bool _supported;
+        static AesGCMEncryptionNative()
+        {
+            try
+            {
+                _supported = is_supported() == 1;
+            }
+            catch (Exception e)
+            {
+                // TODO: silent?
+                Debug.LogWarning($"Native AES GCM is not supported: {e}");
+            }
+        }
+        public static bool IsSupported => _supported;
+        public static unsafe ArraySegment<byte> Encrypt(byte[] key, byte[] nonce, ArraySegment<byte> plaintext, ArraySegment<byte> dataOut)
+        {
+            Array.Copy(plaintext.Array, plaintext.Offset, dataOut.Array, dataOut.Offset ,plaintext.Count);
+            fixed (byte* keyPtr = key)
+            {
+                fixed (byte* noncePtr = nonce)
+                {
+                    fixed (byte* dataPtr = dataOut.Array)
+                    {
+                        UIntPtr data = ((UIntPtr)dataPtr) + dataOut.Offset;
+                        uint resultLength = aes_gcm_encrypt(
+                            (UIntPtr)keyPtr, (uint)key.Length,
+                            (UIntPtr)noncePtr, (uint)nonce.Length,
+                            data, (uint)plaintext.Count, (uint)dataOut.Count);
+                        return new ArraySegment<byte>(dataOut.Array, dataOut.Offset, (int)resultLength);
+                    }
+                }
+            }
+        }
+        
+        public static unsafe ArraySegment<byte> Decrypt(byte[] key, byte[] nonce, ArraySegment<byte> ciphertext, ArraySegment<byte> dataOut)
+        {
+            Array.Copy(ciphertext.Array, ciphertext.Offset, dataOut.Array, dataOut.Offset, ciphertext.Count);
+            fixed (byte* keyPtr = key)
+            {
+                fixed (byte* noncePtr = nonce)
+                {
+                    fixed (byte* dataPtr = dataOut.Array)
+                    {
+                        UIntPtr data = ((UIntPtr)dataPtr) + dataOut.Offset;
+                        uint resultLength = aes_gcm_decrypt(
+                            (UIntPtr)keyPtr, (uint)key.Length,
+                            (UIntPtr)noncePtr, (uint)nonce.Length,
+                            data, (uint)ciphertext.Count);
+                        return new ArraySegment<byte>(dataOut.Array, dataOut.Offset, (int)resultLength);
+                    }
+                }
+            }
+        }
+    }
+}

Assets/Mirror/Transports/Encryption/Native/AesGCMEncryptionNative.cs

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Robin Rolf
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Assets/Mirror/Transports/Encryption/Native/AesGCMEncryptionNative.cs.meta

@@ -0,0 +1,4 @@
+# [RustyMirrorEncryption](https://github.com/imerr/RustyMirrorEncryption)
+A tiny native library for hardware accelerated AES-GCM encryption and decryption for the EncryptionTransport in [Mirror](https://github.com/MirrorNetworking/Mirror)
+
+Uses [RustCryptos aes_gcm crate](https://github.com/RustCrypto/AEADs/tree/master/aes-gcm) crate