Crypto: handle properly whether the a server key is signed or not.

author divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>

Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)

committer divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>

Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)
author divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)
committer divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)
diff --git a/crypto.c b/crypto.c

index 8428c6784c483e44e6070b286e334734e9490ec2..63988031386e5cbc12db7572773141cfb5ef4326 100644 (file)
--- a/crypto.c
+++ b/crypto.c
@@ -489,6 +489,7 @@ typedef struct
         char challenge[2048];
         char wantserver_idfp[FP64_SIZE+1];
         qboolean wantserver_aes;
         char challenge[2048];
         char wantserver_idfp[FP64_SIZE+1];
         qboolean wantserver_aes;
+       qboolean wantserver_issigned;
         int cdata_id;
  }
  crypto_data_t;
         int cdata_id;
  }
  crypto_data_t;
@@ -556,6 +557,7 @@ typedef struct crypto_storedhostkey_s
         int keyid;
         char idfp[FP64_SIZE+1];
         int aeslevel;
         int keyid;
         char idfp[FP64_SIZE+1];
         int aeslevel;
+       qboolean issigned;
  }
  crypto_storedhostkey_t;
  static crypto_storedhostkey_t *crypto_storedhostkey_hashtable[CRYPTO_HOSTKEY_HASHSIZE];
  }
  crypto_storedhostkey_t;
  static crypto_storedhostkey_t *crypto_storedhostkey_hashtable[CRYPTO_HOSTKEY_HASHSIZE];
@@ -612,6 +614,7 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
         int keyid;
         char idfp[FP64_SIZE+1];
         int aeslevel;
         int keyid;
         char idfp[FP64_SIZE+1];
         int aeslevel;
+       qboolean issigned;
  
         if(!d0_blind_id_dll)
                 return;
  
         if(!d0_blind_id_dll)
                 return;
@@ -626,10 +629,12 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
                 ++keystring;
  
         keyid = -1;
                 ++keystring;
  
         keyid = -1;
+       issigned = false;
         while(*keystring && keyid < 0)
         {
                 // id@key
                 const char *idstart, *idend, *keystart, *keyend;
         while(*keystring && keyid < 0)
         {
                 // id@key
                 const char *idstart, *idend, *keystart, *keyend;
+               qboolean thisissigned = true;
                 ++keystring; // skip the space
                 idstart = keystring;
                 while(*keystring && *keystring != ' ' && *keystring != '@')
                 ++keystring; // skip the space
                 idstart = keystring;
                 while(*keystring && *keystring != ' ' && *keystring != '@')
@@ -643,14 +648,23 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
                         ++keystring;
                 keyend = keystring;
  
                         ++keystring;
                 keyend = keystring;
  
+               if (keystart[0] == '~')
+               {
+                       thisissigned = false;
+                       ++keystart;
+               }
+
                 if(idend - idstart == FP64_SIZE && keyend - keystart == FP64_SIZE)
                 {
                 if(idend - idstart == FP64_SIZE && keyend - keystart == FP64_SIZE)
                 {
-                       for(keyid = MAX_PUBKEYS - 1; keyid >= 0; --keyid)
-                               if(pubkeys[keyid])
-                                       if(!memcmp(pubkeys_fp64[keyid], keystart, FP64_SIZE))
+                       int thiskeyid;
+                       for(thiskeyid = MAX_PUBKEYS - 1; thiskeyid >= 0; --thiskeyid)
+                               if(pubkeys[thiskeyid])
+                                       if(!memcmp(pubkeys_fp64[thiskeyid], keystart, FP64_SIZE))
                                         {
                                                 memcpy(idfp, idstart, FP64_SIZE);
                                                 idfp[FP64_SIZE] = 0;
                                         {
                                                 memcpy(idfp, idstart, FP64_SIZE);
                                                 idfp[FP64_SIZE] = 0;
+                                               keyid = thiskeyid;
+                                               issigned = thisissigned;
                                                 break;
                                         }
                         // If this failed, keyid will be -1.
                                                 break;
                                         }
                         // If this failed, keyid will be -1.
@@ -672,8 +686,11 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
                                 Con_Printf("Server %s tried to change the host key to a value not in the host cache. Connecting to it will fail. To accept the new host key, do crypto_hostkey_clear %s\n", buf, buf);
                         if(hk->aeslevel > aeslevel)
                                 Con_Printf("Server %s tried to reduce encryption status, not accepted. Connecting to it will fail. To accept, do crypto_hostkey_clear %s\n", buf, buf);
                                 Con_Printf("Server %s tried to change the host key to a value not in the host cache. Connecting to it will fail. To accept the new host key, do crypto_hostkey_clear %s\n", buf, buf);
                         if(hk->aeslevel > aeslevel)
                                 Con_Printf("Server %s tried to reduce encryption status, not accepted. Connecting to it will fail. To accept, do crypto_hostkey_clear %s\n", buf, buf);
+                       if(hk->issigned > issigned)
+                               Con_Printf("Server %s tried to reduce signature status, not accepted. Connecting to it will fail. To accept, do crypto_hostkey_clear %s\n", buf, buf);
                 }
                 hk->aeslevel = max(aeslevel, hk->aeslevel);
                 }
                 hk->aeslevel = max(aeslevel, hk->aeslevel);
+               hk->issigned = issigned;
                 return;
         }
  
                 return;
         }
  
@@ -684,10 +701,11 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
         memcpy(hk->idfp, idfp, FP64_SIZE+1);
         hk->next = crypto_storedhostkey_hashtable[hashindex];
         hk->aeslevel = aeslevel;
         memcpy(hk->idfp, idfp, FP64_SIZE+1);
         hk->next = crypto_storedhostkey_hashtable[hashindex];
         hk->aeslevel = aeslevel;
+       hk->issigned = issigned;
         crypto_storedhostkey_hashtable[hashindex] = hk;
  }
  
         crypto_storedhostkey_hashtable[hashindex] = hk;
  }
  
-qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel)
+qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel, qboolean *issigned)
  {
         char buf[128];
         int hashindex;
  {
         char buf[128];
         int hashindex;
@@ -711,6 +729,8 @@ qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *k
                 strlcpy(idfp, hk->idfp, idfplen);
         if(aeslevel)
                 *aeslevel = hk->aeslevel;
                 strlcpy(idfp, hk->idfp, idfplen);
         if(aeslevel)
                 *aeslevel = hk->aeslevel;
+       if(issigned)
+               *issigned = hk->issigned;
  
         return true;
  }
  
         return true;
  }
@@ -793,6 +813,19 @@ static qboolean Crypto_SavePubKeyTextFile(int i)
         return true;
  }
  
         return true;
  }
  
+static void Crypto_BuildIdString(void)
+{
+       int i;
+       char vabuf[1024];
+
+       crypto_idstring = NULL;
+       dpsnprintf(crypto_idstring_buf, sizeof(crypto_idstring_buf), "%d", d0_rijndael_dll ? crypto_aeslevel.integer : 0);
+       for (i = 0; i < MAX_PUBKEYS; ++i)
+               if (pubkeys[i])
+                       strlcat(crypto_idstring_buf, va(vabuf, sizeof(vabuf), " %s@%s%s", pubkeys_priv_fp64[i], pubkeys_havesig[i] ? "" : "~", pubkeys_fp64[i]), sizeof(crypto_idstring_buf));
+       crypto_idstring = crypto_idstring_buf;
+}
+
  void Crypto_LoadKeys(void)
  {
         char buf[8192];
  void Crypto_LoadKeys(void)
  {
         char buf[8192];
@@ -814,8 +847,6 @@ void Crypto_LoadKeys(void)
         //   PUBLIC KEYS to accept (including modulus)
         //   PRIVATE KEY of user
  
         //   PUBLIC KEYS to accept (including modulus)
         //   PRIVATE KEY of user
  
-       crypto_idstring = NULL;
-       dpsnprintf(crypto_idstring_buf, sizeof(crypto_idstring_buf), "%d", d0_rijndael_dll ? crypto_aeslevel.integer : 0);
         for(i = 0; i < MAX_PUBKEYS; ++i)
         {
                 memset(pubkeys_fp64[i], 0, sizeof(pubkeys_fp64[i]));
         for(i = 0; i < MAX_PUBKEYS; ++i)
         {
                 memset(pubkeys_fp64[i], 0, sizeof(pubkeys_fp64[i]));
@@ -845,12 +876,10 @@ void Crypto_LoadKeys(void)
                                                         if(qd0_blind_id_verify_private_id(pubkeys[i]) && qd0_blind_id_verify_public_id(pubkeys[i], &status))
                                                         {
                                                                 pubkeys_havepriv[i] = true;
                                                         if(qd0_blind_id_verify_private_id(pubkeys[i]) && qd0_blind_id_verify_public_id(pubkeys[i], &status))
                                                         {
                                                                 pubkeys_havepriv[i] = true;
-                                                               strlcat(crypto_idstring_buf, va(vabuf, sizeof(vabuf), " %s@%s", pubkeys_priv_fp64[i], pubkeys_fp64[i]), sizeof(crypto_idstring_buf));
+                                                               pubkeys_havesig[i] = status;
  
                                                                 // verify the key we just got (just in case)
  
                                                                 // verify the key we just got (just in case)
-                                                               if(status)
-                                                                       pubkeys_havesig[i] = true;
-                                                               else
+                                                               if(!status)
                                                                         Con_Printf("NOTE: this ID has not yet been signed!\n");
  
                                                                 Crypto_SavePubKeyTextFile(i);
                                                                         Con_Printf("NOTE: this ID has not yet been signed!\n");
  
                                                                 Crypto_SavePubKeyTextFile(i);
@@ -879,9 +908,9 @@ void Crypto_LoadKeys(void)
                         }
                 }
         }
                         }
                 }
         }
-       crypto_idstring = crypto_idstring_buf;
  
         keygen_i = -1;
  
         keygen_i = -1;
+       Crypto_BuildIdString();
         Crypto_BuildChallengeAppend();
  
         // find a good prefix length for all the keys we know (yes, algorithm is not perfect yet, may yield too long prefix length)
         Crypto_BuildChallengeAppend();
  
         // find a good prefix length for all the keys we know (yes, algorithm is not perfect yet, may yield too long prefix length)
@@ -1153,6 +1182,8 @@ static void Crypto_KeyGen_Finished(int code, size_t length_received, unsigned ch
  
         Con_Printf("Saved to key_%d.d0si%s\n", keygen_i, sessionid.string);
  
  
         Con_Printf("Saved to key_%d.d0si%s\n", keygen_i, sessionid.string);
  
+       Crypto_BuildIdString();
+
         keygen_i = -1;
         SV_UnlockThreadMutex();
  }
         keygen_i = -1;
         SV_UnlockThreadMutex();
  }
@@ -1802,6 +1833,7 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in,
                                 // I am the server, and my key is ok... so let's set server_keyfp and server_idfp
                                 strlcpy(crypto->server_keyfp, pubkeys_fp64[CDATA->s], sizeof(crypto->server_keyfp));
                                 strlcpy(crypto->server_idfp, pubkeys_priv_fp64[CDATA->s], sizeof(crypto->server_idfp));
                                 // I am the server, and my key is ok... so let's set server_keyfp and server_idfp
                                 strlcpy(crypto->server_keyfp, pubkeys_fp64[CDATA->s], sizeof(crypto->server_keyfp));
                                 strlcpy(crypto->server_idfp, pubkeys_priv_fp64[CDATA->s], sizeof(crypto->server_idfp));
+                               crypto->server_issigned = pubkeys_havesig[CDATA->s];
  
                                 if(!CDATA->id)
                                         CDATA->id = qd0_blind_id_new();
  
                                 if(!CDATA->id)
                                         CDATA->id = qd0_blind_id_new();
@@ -1942,10 +1974,9 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in,
                                 CLEAR_CDATA;
                                 return Crypto_ServerError(data_out, len_out, "d0_blind_id_authenticate_with_private_id_verify failed (authentication error)", "Authentication error");
                         }
                                 CLEAR_CDATA;
                                 return Crypto_ServerError(data_out, len_out, "d0_blind_id_authenticate_with_private_id_verify failed (authentication error)", "Authentication error");
                         }
-                       if(status)
-                               strlcpy(crypto->client_keyfp, pubkeys_fp64[CDATA->c], sizeof(crypto->client_keyfp));
-                       else
-                               crypto->client_keyfp[0] = 0;
+                       strlcpy(crypto->client_keyfp, pubkeys_fp64[CDATA->c], sizeof(crypto->client_keyfp));
+                       crypto->client_issigned = status;
+
                         memset(crypto->client_idfp, 0, sizeof(crypto->client_idfp));
                         fpbuflen = FP64_SIZE;
                         if(!qd0_blind_id_fingerprint64_public_id(CDATA->id, crypto->client_idfp, &fpbuflen))
                         memset(crypto->client_idfp, 0, sizeof(crypto->client_idfp));
                         fpbuflen = FP64_SIZE;
                         if(!qd0_blind_id_fingerprint64_public_id(CDATA->id, crypto->client_idfp, &fpbuflen))
@@ -2068,7 +2099,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
         if (len_in == 6 && !memcmp(string, "accept", 6) && cls.connect_trying && d0_rijndael_dll)
         {
                 int wantserverid = -1;
         if (len_in == 6 && !memcmp(string, "accept", 6) && cls.connect_trying && d0_rijndael_dll)
         {
                 int wantserverid = -1;
-               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL, NULL);
                 if(!crypto || !crypto->authenticated) // we ALSO get here if we are using an encrypted connection, so let's rule this out
                 {
                         if(wantserverid >= 0)
                 if(!crypto || !crypto->authenticated) // we ALSO get here if we are using an encrypted connection, so let's rule this out
                 {
                         if(wantserverid >= 0)
@@ -2081,7 +2112,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
         else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll)
         {
                 int wantserverid = -1;
         else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll)
         {
                 int wantserverid = -1;
-               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL, NULL);
                 //if(!crypto || !crypto->authenticated)
                 {
                         if(wantserverid >= 0)
                 //if(!crypto || !crypto->authenticated)
                 {
                         if(wantserverid >= 0)
@@ -2103,7 +2134,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                 if(string[4] == CCREP_RULE_INFO)
                         return CRYPTO_NOMATCH;
  
                 if(string[4] == CCREP_RULE_INFO)
                         return CRYPTO_NOMATCH;
  
-               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL, NULL);
                 //if(!crypto || !crypto->authenticated)
                 {
                         if(wantserverid >= 0)
                 //if(!crypto || !crypto->authenticated)
                 {
                         if(wantserverid >= 0)
@@ -2152,11 +2183,12 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                 qboolean server_can_auth = true;
                 char wantserver_idfp[FP64_SIZE+1];
                 int wantserver_aeslevel = 0;
                 qboolean server_can_auth = true;
                 char wantserver_idfp[FP64_SIZE+1];
                 int wantserver_aeslevel = 0;
+               qboolean wantserver_issigned = false;
  
                 // if we have a stored host key for the server, assume serverid to already be selected!
                 // (the loop will refuse to overwrite this one then)
                 wantserver_idfp[0] = 0;
  
                 // if we have a stored host key for the server, assume serverid to already be selected!
                 // (the loop will refuse to overwrite this one then)
                 wantserver_idfp[0] = 0;
-               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, wantserver_idfp, sizeof(wantserver_idfp), &wantserver_aeslevel);
+               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, wantserver_idfp, sizeof(wantserver_idfp), &wantserver_aeslevel, &wantserver_issigned);
                 // requirement: wantserver_idfp is a full ID if wantserverid set
  
                 // if we leave, we have to consider the connection
                 // requirement: wantserver_idfp is a full ID if wantserverid set
  
                 // if we leave, we have to consider the connection
@@ -2262,6 +2294,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                         crypto->server_keyfp[0] = 0;
                         crypto->server_idfp[0] = 0;
                         memcpy(CDATA->wantserver_idfp, wantserver_idfp, sizeof(crypto->server_idfp));
                         crypto->server_keyfp[0] = 0;
                         crypto->server_idfp[0] = 0;
                         memcpy(CDATA->wantserver_idfp, wantserver_idfp, sizeof(crypto->server_idfp));
+                       CDATA->wantserver_issigned = wantserver_issigned;
  
                         if(CDATA->wantserver_idfp[0]) // if we know a host key, honor its encryption setting
                         switch(bound(0, d0_rijndael_dll ? crypto_aeslevel.integer : 0, 3))
  
                         if(CDATA->wantserver_idfp[0]) // if we know a host key, honor its encryption setting
                         switch(bound(0, d0_rijndael_dll ? crypto_aeslevel.integer : 0, 3))
@@ -2296,6 +2329,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                                 // I am the client, and my key is ok... so let's set client_keyfp and client_idfp
                                 strlcpy(crypto->client_keyfp, pubkeys_fp64[CDATA->c], sizeof(crypto->client_keyfp));
                                 strlcpy(crypto->client_idfp, pubkeys_priv_fp64[CDATA->c], sizeof(crypto->client_idfp));
                                 // I am the client, and my key is ok... so let's set client_keyfp and client_idfp
                                 strlcpy(crypto->client_keyfp, pubkeys_fp64[CDATA->c], sizeof(crypto->client_keyfp));
                                 strlcpy(crypto->client_idfp, pubkeys_priv_fp64[CDATA->c], sizeof(crypto->client_idfp));
+                               crypto->client_issigned = pubkeys_havesig[CDATA->c];
                         }
  
                         if(serverid >= 0)
                         }
  
                         if(serverid >= 0)
@@ -2428,10 +2462,15 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                                 CLEAR_CDATA;
                                 return Crypto_ClientError(data_out, len_out, "d0_blind_id_authenticate_with_private_id_verify failed (server authentication error)");
                         }
                                 CLEAR_CDATA;
                                 return Crypto_ClientError(data_out, len_out, "d0_blind_id_authenticate_with_private_id_verify failed (server authentication error)");
                         }
-                       if(status)
-                               strlcpy(crypto->server_keyfp, pubkeys_fp64[CDATA->s], sizeof(crypto->server_keyfp));
-                       else
-                               crypto->server_keyfp[0] = 0;
+
+                       strlcpy(crypto->server_keyfp, pubkeys_fp64[CDATA->s], sizeof(crypto->server_keyfp));
+                       if (!status && CDATA->wantserver_issigned)
+                       {
+                               CLEAR_CDATA;
+                               return Crypto_ClientError(data_out, len_out, "Stored host key requires a valid signature, but server did not provide any");
+                       }
+                       crypto->server_issigned = status;
+
                         memset(crypto->server_idfp, 0, sizeof(crypto->server_idfp));
                         fpbuflen = FP64_SIZE;
                         if(!qd0_blind_id_fingerprint64_public_id(CDATA->id, crypto->server_idfp, &fpbuflen))
                         memset(crypto->server_idfp, 0, sizeof(crypto->server_idfp));
                         fpbuflen = FP64_SIZE;
                         if(!qd0_blind_id_fingerprint64_public_id(CDATA->id, crypto->server_idfp, &fpbuflen))
diff --git a/crypto.h b/crypto.h

index 106e5a9a195a2e334762223586b5e0e2a9d41fad..0a2d4869cea4679813929d6c33da8b85acd2da36 100644 (file)
--- a/crypto.h
+++ b/crypto.h
@@ -20,9 +20,11 @@ typedef struct
  {
         unsigned char dhkey[DHKEY_SIZE]; // shared key, not NUL terminated
         char client_idfp[FP64_SIZE+1];
  {
         unsigned char dhkey[DHKEY_SIZE]; // shared key, not NUL terminated
         char client_idfp[FP64_SIZE+1];
-       char client_keyfp[FP64_SIZE+1]; // NULL if signature fail
+       char client_keyfp[FP64_SIZE+1];
+       qboolean client_issigned;
         char server_idfp[FP64_SIZE+1];
         char server_idfp[FP64_SIZE+1];
-       char server_keyfp[FP64_SIZE+1]; // NULL if signature fail
+       char server_keyfp[FP64_SIZE+1];
+       qboolean server_issigned;
         qboolean authenticated;
         qboolean use_aes;
         void *data;
         qboolean authenticated;
         qboolean use_aes;
         void *data;
@@ -53,7 +55,7 @@ const char *Crypto_GetInfoResponseDataString(void);
  
  // retrieves a host key for an address (can be exposed to menuqc, or used by the engine to look up stored keys e.g. for server bookmarking)
  // pointers may be NULL
  
  // retrieves a host key for an address (can be exposed to menuqc, or used by the engine to look up stored keys e.g. for server bookmarking)
  // pointers may be NULL
-qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel);
+qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel, qboolean *issigned);
  int Crypto_RetrieveLocalKey(int keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, qboolean *issigned); // return value: -1 if more to come, +1 if valid, 0 if end of list
  
  size_t Crypto_SignData(const void *data, size_t datasize, int keyid, void *signed_data, size_t signed_size);
  int Crypto_RetrieveLocalKey(int keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, qboolean *issigned); // return value: -1 if more to come, +1 if valid, 0 if end of list
  
  size_t Crypto_SignData(const void *data, size_t datasize, int keyid, void *signed_data, size_t signed_size);
diff --git a/dpdefs/csprogsdefs.qc b/dpdefs/csprogsdefs.qc

index 1dc73a14f0a44fbf937ac1fed3d3d0288785897d..18a89209a10f0c1bb86cb256a2b95a058c59d9dc 100644 (file)
--- a/dpdefs/csprogsdefs.qc
+++ b/dpdefs/csprogsdefs.qc
@@ -194,7 +194,7 @@ const float VF_DRAWCROSSHAIR        = 21;   //(float)
  const float VF_CL_VIEWANGLES   = 33;   //(vector)
  const float VF_CL_VIEWANGLES_X = 34;   //(float)
  const float VF_CL_VIEWANGLES_Y = 35;   //(float)
  const float VF_CL_VIEWANGLES   = 33;   //(vector)
  const float VF_CL_VIEWANGLES_X = 34;   //(float)
  const float VF_CL_VIEWANGLES_Y = 35;   //(float)
-const float VF_CL_VIEWANGLES_Z = 36;   //(float) 
+const float VF_CL_VIEWANGLES_Z = 36;   //(float)
  
  const float VF_PERSPECTIVE      = 200;
  
  
  const float VF_PERSPECTIVE      = 200;
  
@@ -291,7 +291,7 @@ const float TE_EXPLOSION2                                   = 12;
         const float TE_EXPLOSIONQUAD                            = 70;
         const float TE_SPIKEQUAD                                        = 58;
         const float TE_SUPERSPIKEQUAD                           = 59;
         const float TE_EXPLOSIONQUAD                            = 70;
         const float TE_SPIKEQUAD                                        = 58;
         const float TE_SUPERSPIKEQUAD                           = 59;
-       
+
  // PFlags for Dynamic Lights
  const float PFLAGS_NOSHADOW                                    = 1;
  const float PFLAGS_CORONA                                      = 2;
  // PFlags for Dynamic Lights
  const float PFLAGS_NOSHADOW                                    = 1;
  const float PFLAGS_CORONA                                      = 2;
@@ -447,6 +447,7 @@ string(float ccase, float calpha, float cnum, string s, ...) strconv = #224;
  string(float chars, string s, ...) strpad = #225;
  string(string info, string key, string value, ...) infoadd = #226;
  string(string info, string key) infoget = #227;
  string(float chars, string s, ...) strpad = #225;
  string(string info, string key, string value, ...) infoadd = #226;
  string(string info, string key) infoget = #227;
+float(string s1, string s2) strcmp = #228;
  float(string s1, string s2, float len) strncmp = #228;
  float(string s1, string s2) strcasecmp = #229;
  float(string s1, string s2, float len) strncasecmp = #230;
  float(string s1, string s2, float len) strncmp = #228;
  float(string s1, string s2) strcasecmp = #229;
  float(string s1, string s2, float len) strncasecmp = #230;
@@ -656,11 +657,11 @@ float PARTICLE_BEAM = 3;
  float particle_type; // one of PT_
  float particle_blendmode; // one of PBLEND_ values
  float particle_orientation; // one of PARTICLE_ values
  float particle_type; // one of PT_
  float particle_blendmode; // one of PBLEND_ values
  float particle_orientation; // one of PARTICLE_ values
-vector particle_color1; 
+vector particle_color1;
  vector particle_color2;
  float particle_tex; // number of chunk in particlefont
  float particle_size;
  vector particle_color2;
  float particle_tex; // number of chunk in particlefont
  float particle_size;
-float particle_sizeincrease; 
+float particle_sizeincrease;
  float particle_alpha;
  float particle_alphafade;
  float particle_time;
  float particle_alpha;
  float particle_alphafade;
  float particle_time;
@@ -692,10 +693,10 @@ float(vector org, vector vel) spawnparticle = #527; // returns 0 when failed, 1
  float(vector org, vector vel, float theme) quickparticle = #527; // not reading globals, just theme, returns 0 when failed, 1 when spawned
  float(vector org, vector vel, float delay, float collisiondelay) delayedparticle = #528;
  float(vector org, vector vel, float delay, float collisiondelay, float theme) quickdelayedparticle = #528;
  float(vector org, vector vel, float theme) quickparticle = #527; // not reading globals, just theme, returns 0 when failed, 1 when spawned
  float(vector org, vector vel, float delay, float collisiondelay) delayedparticle = #528;
  float(vector org, vector vel, float delay, float collisiondelay, float theme) quickdelayedparticle = #528;
-// description: this builtin provides an easy and flexible way to spawn particles, 
-// it is not created as replace for DP_SV_POINTPARTICLES but as an addition to it. 
+// description: this builtin provides an easy and flexible way to spawn particles,
+// it is not created as replace for DP_SV_POINTPARTICLES but as an addition to it.
  // With this extension you can create a specific particles like rain particles, or entity particles
  // With this extension you can create a specific particles like rain particles, or entity particles
-// notes: 
+// notes:
  // 1) 0 is default particle template, it could be changed
  // 2) color vectors could have value 0-255 of each component
  // restrictions: max themes could be between 4 and 2048
  // 1) 0 is default particle template, it could be changed
  // 2) color vectors could have value 0-255 of each component
  // restrictions: max themes could be between 4 and 2048
@@ -805,7 +806,7 @@ vector(float entitynum, float fldnum) getentityvec = #504;
  //darkplaces implementation: Blub\0
  //console commands:
  //  loadfont fontname fontmaps size1 size2 ...
  //darkplaces implementation: Blub\0
  //console commands:
  //  loadfont fontname fontmaps size1 size2 ...
-//   A font can simply be gfx/tgafile (freetype fonts doent need extension), 
+//   A font can simply be gfx/tgafile (freetype fonts doent need extension),
  //   or alternatively you can specify multiple fonts and faces
  //   Like this: gfx/vera-sans:2,gfx/fallback:1
  //   to load face 2 of the font gfx/vera-sans and use face 1
  //   or alternatively you can specify multiple fonts and faces
  //   Like this: gfx/vera-sans:2,gfx/fallback:1
  //   to load face 2 of the font gfx/vera-sans and use face 1
@@ -834,7 +835,7 @@ float FONT_USER6 = 14;     // 'user6', userdefined fonts
  float FONT_USER7 = 15;     // 'user7' slot, userdefined fonts
  //builtin definitions:
  float findfont(string s) = #356; // find font by fontname and return it's index
  float FONT_USER7 = 15;     // 'user7' slot, userdefined fonts
  //builtin definitions:
  float findfont(string s) = #356; // find font by fontname and return it's index
-float loadfont(string fontname, string fontmaps, string sizes, float slot, float fix_scale, float fix_voffset) = #357; 
+float loadfont(string fontname, string fontmaps, string sizes, float slot, float fix_scale, float fix_voffset) = #357;
  // loads font immediately so stringwidth() function can be used just after builtin call
  // returns a font slotnum (which is used to set drawfont to)
  // first 3 parms are identical to "loadfont" console command ones
  // loads font immediately so stringwidth() function can be used just after builtin call
  // returns a font slotnum (which is used to set drawfont to)
  // first 3 parms are identical to "loadfont" console command ones
@@ -865,7 +866,7 @@ float stringwidth_menu(string text, float allowColorCodes, vector size) = #468;
  //   r_font_postprocess_shadow_y X  : font outline shadow y shift amount, applied during outlining
  //   r_font_postprocess_shadow_z X  : font outline shadow z shift amount, applied during blurring
  //description: engine support for truetype/freetype fonts
  //   r_font_postprocess_shadow_y X  : font outline shadow y shift amount, applied during outlining
  //   r_font_postprocess_shadow_z X  : font outline shadow z shift amount, applied during blurring
  //description: engine support for truetype/freetype fonts
-//so .AFM+.PFB/.OTF/.TTF files could be stuffed as fontmaps in loadfont() 
+//so .AFM+.PFB/.OTF/.TTF files could be stuffed as fontmaps in loadfont()
  //(console command version will support them as well)
  
  //DP_CSQC_BINDMAPS
  //(console command version will support them as well)
  
  //DP_CSQC_BINDMAPS
@@ -896,7 +897,7 @@ float(string url, float id, string content_type, string delim, float buf, float
  //constant definitions:
  const float VF_MAINVIEW         = 400;
  //use setproperty(VF_MAINVIEW, 1); before calling R_RenderView for the render
  //constant definitions:
  const float VF_MAINVIEW         = 400;
  //use setproperty(VF_MAINVIEW, 1); before calling R_RenderView for the render
-//that shall become the "main" view, which is e.g. used by PRYDON_CLIENTCURSOR 
+//that shall become the "main" view, which is e.g. used by PRYDON_CLIENTCURSOR
  //this flag is set for the first scene, and not cleared by R_ClearScene
  //this flag is automatically cleared by R_RenderView
  //so when not using this extension, the first view rendered is the main view
  //this flag is set for the first scene, and not cleared by R_ClearScene
  //this flag is automatically cleared by R_RenderView
  //so when not using this extension, the first view rendered is the main view
diff --git a/dpdefs/dpextensions.qc b/dpdefs/dpextensions.qc

index c8ceac35496db296764ea00369db3f2b315d77c3..07142e9437317799487f3a0945f036149293488f 100644 (file)
--- a/dpdefs/dpextensions.qc
+++ b/dpdefs/dpextensions.qc
@@ -2428,6 +2428,7 @@ string(float ccase, float calpha, float cnum, string s, ...) strconv = #224; //
  string(float chars, string s, ...) strpad = #225; // pad string with spaces to a specified length, < 0 = left padding, > 0 = right padding
  string(string info, string key, string value, ...) infoadd = #226; // sets or adds a key/value pair to an infostring - note: forbidden characters are \ and "
  string(string info, string key) infoget = #227; // gets a key/value pair in an infostring, returns value or null if not found
  string(float chars, string s, ...) strpad = #225; // pad string with spaces to a specified length, < 0 = left padding, > 0 = right padding
  string(string info, string key, string value, ...) infoadd = #226; // sets or adds a key/value pair to an infostring - note: forbidden characters are \ and "
  string(string info, string key) infoget = #227; // gets a key/value pair in an infostring, returns value or null if not found
+float(string s1, string s2) strcmp = #228; // compare two strings
  float(string s1, string s2, float len) strncmp = #228; // compare two strings up to the specified number of characters, if their length differs and is within the specified limit the result will be negative, otherwise it is the difference in value of their first non-matching character.
  float(string s1, string s2) strcasecmp = #229; // compare two strings with case-insensitive matching, characters a-z are considered equivalent to the matching A-Z character, no other differences, and this does not consider special characters equal even if they look similar
  float(string s1, string s2, float len) strncasecmp = #230; // same as strcasecmp but with a length limit, see strncmp
  float(string s1, string s2, float len) strncmp = #228; // compare two strings up to the specified number of characters, if their length differs and is within the specified limit the result will be negative, otherwise it is the difference in value of their first non-matching character.
  float(string s1, string s2) strcasecmp = #229; // compare two strings with case-insensitive matching, characters a-z are considered equivalent to the matching A-Z character, no other differences, and this does not consider special characters equal even if they look similar
  float(string s1, string s2, float len) strncasecmp = #230; // same as strcasecmp but with a length limit, see strncmp
@@ -2559,9 +2560,10 @@ void coverage() = #642;  // Reports a coverage event. The engine counts for each
  //idea: divVerent
  //darkplaces implementation: divVerent
  //field definitions: (SVQC)
  //idea: divVerent
  //darkplaces implementation: divVerent
  //field definitions: (SVQC)
-.string crypto_keyfp; // fingerprint of CA key the player used to authenticate, or string_null if not verified
-.string crypto_mykeyfp; // fingerprint of CA key the server used to authenticate to the player, or string_null if not verified
+.string crypto_keyfp; // fingerprint of CA key the player used to authenticate
+.string crypto_mykeyfp; // fingerprint of CA key the server used to authenticate to the player
  .string crypto_idfp; // fingerprint of ID used by the player entity, or string_null if not identified
  .string crypto_idfp; // fingerprint of ID used by the player entity, or string_null if not identified
+.float crypto_idfp_signed; // set if the player's ID has been signed
  .string crypto_encryptmethod; // the string "AES128" if encrypting, and string_null if plaintext
  .string crypto_signmethod; // the string "HMAC-SHA256" if signing, and string_null if plaintext
  // there is no field crypto_myidfp, as that info contains no additional information the QC may have a use for
  .string crypto_encryptmethod; // the string "AES128" if encrypting, and string_null if plaintext
  .string crypto_signmethod; // the string "HMAC-SHA256" if signing, and string_null if plaintext
  // there is no field crypto_myidfp, as that info contains no additional information the QC may have a use for
diff --git a/dpdefs/menudefs.qc b/dpdefs/menudefs.qc

index cb7ef55abb6ef01f1ccf952446fb8089e44d8490..8caab4a9279e6afec354b94d2f43236be0564c25 100644 (file)
--- a/dpdefs/menudefs.qc
+++ b/dpdefs/menudefs.qc
@@ -354,6 +354,7 @@ float(string key) stringtokeynum = #341;
  //field definitions: (MENUQC)
  string(string serveraddress) crypto_getkeyfp = #633; // retrieves the cached host key's CA fingerprint of a server given by IP address
  string(string serveraddress) crypto_getidfp = #634; // retrieves the cached host key fingerprint of a server given by IP address
  //field definitions: (MENUQC)
  string(string serveraddress) crypto_getkeyfp = #633; // retrieves the cached host key's CA fingerprint of a server given by IP address
  string(string serveraddress) crypto_getidfp = #634; // retrieves the cached host key fingerprint of a server given by IP address
+float(string serveraddress) crypto_getidstatus = #643; // retrieves the cached host key's key status. See below for CRYPTO_IDSTATUS_ defines.
  string(string serveraddress) crypto_getencryptlevel = #635; // 0 if never encrypting, 1 supported, 2 requested, 3 required, appended by list of allowed methods in order of preference ("AES128"), preceded by a space each
  string(float i) crypto_getmykeyfp = #636; // retrieves the CA key fingerprint of a given CA slot, or "" if slot is unused but more to come, or string_null if end of list
  string(float i) crypto_getmyidfp = #637; // retrieves the ID fingerprint of a given CA slot, or "" if slot is unused but more to come, or string_null if end of list
  string(string serveraddress) crypto_getencryptlevel = #635; // 0 if never encrypting, 1 supported, 2 requested, 3 required, appended by list of allowed methods in order of preference ("AES128"), preceded by a space each
  string(float i) crypto_getmykeyfp = #636; // retrieves the CA key fingerprint of a given CA slot, or "" if slot is unused but more to come, or string_null if end of list
  string(float i) crypto_getmyidfp = #637; // retrieves the ID fingerprint of a given CA slot, or "" if slot is unused but more to come, or string_null if end of list
@@ -401,6 +402,7 @@ string(float ccase, float calpha, float cnum, string s, ...) strconv = #224;
  string(float chars, string s, ...) strpad = #225;
  string(string info, string key, string value, ...) infoadd = #226;
  string(string info, string key) infoget = #227;
  string(float chars, string s, ...) strpad = #225;
  string(string info, string key, string value, ...) infoadd = #226;
  string(string info, string key) infoget = #227;
+float(string s1, string s2) strcmp = #228;
  float(string s1, string s2, float len) strncmp = #228;
  float(string s1, string s2) strcasecmp = #229;
  float(string s1, string s2, float len) strncasecmp = #230;
  float(string s1, string s2, float len) strncmp = #228;
  float(string s1, string s2) strcasecmp = #229;
  float(string s1, string s2, float len) strncasecmp = #230;
diff --git a/mvm_cmds.c b/mvm_cmds.c

index d44d22c363ef7020b93c0bdb657a4b51ba7bf4ec..ace22bfa74c2ac5009dcde180ea00b2adb0e7dea 100644 (file)
--- a/mvm_cmds.c
+++ b/mvm_cmds.c
@@ -809,7 +809,7 @@ static void VM_M_crypto_getkeyfp(prvm_prog_t *prog)
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
-       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, keyfp, sizeof(keyfp), NULL, 0, NULL))
+       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, keyfp, sizeof(keyfp), NULL, 0, NULL, NULL))
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString( prog, keyfp );
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString( prog, keyfp );
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
@@ -825,11 +825,27 @@ static void VM_M_crypto_getidfp(prvm_prog_t *prog)
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
-       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, NULL, 0, idfp, sizeof(idfp), NULL))
+       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, NULL, 0, idfp, sizeof(idfp), NULL, NULL))
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString( prog, idfp );
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
  }
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString( prog, idfp );
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
  }
+static void VM_M_crypto_getidstatus(prvm_prog_t *prog)
+{
+       lhnetaddress_t addr;
+       const char *s;
+       qboolean issigned;
+
+       VM_SAFEPARMCOUNT(1,VM_M_crypto_getidstatus);
+
+       s = PRVM_G_STRING( OFS_PARM0 );
+       VM_CheckEmptyString( prog, s );
+
+       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, NULL, 0, NULL, 0, NULL, &issigned))
+               PRVM_G_FLOAT( OFS_RETURN ) = issigned ? 2 : 1;
+       else
+               PRVM_G_FLOAT( OFS_RETURN ) = 0;
+}
  static void VM_M_crypto_getencryptlevel(prvm_prog_t *prog)
  {
         lhnetaddress_t addr;
  static void VM_M_crypto_getencryptlevel(prvm_prog_t *prog)
  {
         lhnetaddress_t addr;
@@ -842,7 +858,7 @@ static void VM_M_crypto_getencryptlevel(prvm_prog_t *prog)
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
         s = PRVM_G_STRING( OFS_PARM0 );
         VM_CheckEmptyString( prog, s );
  
-       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, NULL, 0, NULL, 0, &aeslevel))
+       if(LHNETADDRESS_FromString(&addr, s, 26000) && Crypto_RetrieveHostKey(&addr, NULL, NULL, 0, NULL, 0, &aeslevel, NULL))
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString(prog, aeslevel ? va(vabuf, sizeof(vabuf), "%d AES128", aeslevel) : "0");
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
                 PRVM_G_INT( OFS_RETURN ) = PRVM_SetTempString(prog, aeslevel ? va(vabuf, sizeof(vabuf), "%d AES128", aeslevel) : "0");
         else
                 PRVM_G_INT( OFS_RETURN ) = OFS_NULL;
@@ -1585,6 +1601,7 @@ VM_digest_hex,                                            // #639
  NULL,                                                  // #640
  VM_M_crypto_getmyidstatus,                             // #641 float(float i) crypto_getmyidstatus
  VM_coverage,                                           // #642
  NULL,                                                  // #640
  VM_M_crypto_getmyidstatus,                             // #641 float(float i) crypto_getmyidstatus
  VM_coverage,                                           // #642
+VM_M_crypto_getidstatus,                               // #643 float(string addr) crypto_getidstatus
  NULL
  };
  
  NULL
  };
  
diff --git a/netconn.c b/netconn.c

index b4ef314777fd24687b69aacffbb543a53da2dcd9..abf8e31af82a5ef0df7e62843cf99811b65c0e72 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -445,7 +445,7 @@ static void ServerList_ViewList_Insert( serverlist_entry_t *entry )
                                 break;
                         }
                 }
                                 break;
                         }
                 }
-               if(Crypto_RetrieveHostKey(&addr, 0, NULL, 0, idfp, sizeof(idfp), NULL))
+               if(Crypto_RetrieveHostKey(&addr, 0, NULL, 0, idfp, sizeof(idfp), NULL, NULL))
                 {
                         for(i = 0; i < nFavorites_idfp; ++i)
                         {
                 {
                         for(i = 0; i < nFavorites_idfp; ++i)
                         {
@@ -1521,12 +1521,14 @@ static void NetConn_ConnectionEstablished(lhnetsocket_t *mysocket, lhnetaddress_
         if(cls.crypto.authenticated)
         {
                 Crypto_FinishInstance(crypto, &cls.crypto);
         if(cls.crypto.authenticated)
         {
                 Crypto_FinishInstance(crypto, &cls.crypto);
-               Con_Printf("%s connection to %s has been established: server is %s@%.*s, I am %.*s@%.*s\n",
+               Con_Printf("%s connection to %s has been established: server is %s@%s%.*s, I am %.*s@%s%.*s\n",
                                 crypto->use_aes ? "Encrypted" : "Authenticated",
                                 cls.netcon->address,
                                 crypto->server_idfp[0] ? crypto->server_idfp : "-",
                                 crypto->use_aes ? "Encrypted" : "Authenticated",
                                 cls.netcon->address,
                                 crypto->server_idfp[0] ? crypto->server_idfp : "-",
+                               (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
                                 crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-",
                                 crypto_keyfp_recommended_length, crypto->client_idfp[0] ? crypto->client_idfp : "-",
                                 crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-",
                                 crypto_keyfp_recommended_length, crypto->client_idfp[0] ? crypto->client_idfp : "-",
+                               (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
                                 crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-"
                                 );
         }
                                 crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-"
                                 );
         }
@@ -2987,12 +2989,14 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                                 // no need to check challenge
                                 if(crypto_developer.integer)
                                 {
                                 // no need to check challenge
                                 if(crypto_developer.integer)
                                 {
-                                       Con_Printf("%s connection to %s is being established: client is %s@%.*s, I am %.*s@%.*s\n",
+                                       Con_Printf("%s connection to %s is being established: client is %s@%s%.*s, I am %.*s@%s%.*s\n",
                                                         crypto->use_aes ? "Encrypted" : "Authenticated",
                                                         addressstring2,
                                                         crypto->client_idfp[0] ? crypto->client_idfp : "-",
                                                         crypto->use_aes ? "Encrypted" : "Authenticated",
                                                         addressstring2,
                                                         crypto->client_idfp[0] ? crypto->client_idfp : "-",
+                                                       (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
                                                         crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-",
                                                         crypto_keyfp_recommended_length, crypto->server_idfp[0] ? crypto->server_idfp : "-",
                                                         crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-",
                                                         crypto_keyfp_recommended_length, crypto->server_idfp[0] ? crypto->server_idfp : "-",
+                                                       (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
                                                         crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-"
                                                   );
                                 }
                                                         crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-"
                                                   );
                                 }
diff --git a/prvm_offsets.h b/prvm_offsets.h

index fcb57ad0c3d63b21d5c14c7e6312e688d2cca5a1..1563a0510f29264f475cfb436d0ec11b8395231f 100644 (file)
--- a/prvm_offsets.h
+++ b/prvm_offsets.h
@@ -262,6 +262,7 @@ PRVM_DECLARE_field(colormod)
  PRVM_DECLARE_field(contentstransition)
  PRVM_DECLARE_field(crypto_encryptmethod)
  PRVM_DECLARE_field(crypto_idfp)
  PRVM_DECLARE_field(contentstransition)
  PRVM_DECLARE_field(crypto_encryptmethod)
  PRVM_DECLARE_field(crypto_idfp)
+PRVM_DECLARE_field(crypto_idfp_signed)
  PRVM_DECLARE_field(crypto_keyfp)
  PRVM_DECLARE_field(crypto_mykeyfp)
  PRVM_DECLARE_field(crypto_signmethod)
  PRVM_DECLARE_field(crypto_keyfp)
  PRVM_DECLARE_field(crypto_mykeyfp)
  PRVM_DECLARE_field(crypto_signmethod)
@@ -736,6 +737,7 @@ PRVM_DECLARE_serverfieldstring(classname)
  PRVM_DECLARE_serverfieldstring(clientstatus)
  PRVM_DECLARE_serverfieldstring(crypto_encryptmethod)
  PRVM_DECLARE_serverfieldstring(crypto_idfp)
  PRVM_DECLARE_serverfieldstring(clientstatus)
  PRVM_DECLARE_serverfieldstring(crypto_encryptmethod)
  PRVM_DECLARE_serverfieldstring(crypto_idfp)
+PRVM_DECLARE_serverfieldfloat(crypto_idfp_signed)
  PRVM_DECLARE_serverfieldstring(crypto_keyfp)
  PRVM_DECLARE_serverfieldstring(crypto_mykeyfp)
  PRVM_DECLARE_serverfieldstring(crypto_signmethod)
  PRVM_DECLARE_serverfieldstring(crypto_keyfp)
  PRVM_DECLARE_serverfieldstring(crypto_mykeyfp)
  PRVM_DECLARE_serverfieldstring(crypto_signmethod)
diff --git a/sv_main.c b/sv_main.c

index 17a171dfd89b6572c0fd85e7e2e8de8f909148e6..a5eed884bdade7f6e4a780a0ee991877a44f5781 100644 (file)
--- a/sv_main.c
+++ b/sv_main.c
@@ -1085,12 +1085,14 @@ void SV_ConnectClient (int clientnum, netconn_t *netconnection)
  
         if(client->netconnection && client->netconnection->crypto.authenticated)
         {
  
         if(client->netconnection && client->netconnection->crypto.authenticated)
         {
-               Con_Printf("%s connection to %s has been established: client is %s@%.*s, I am %.*s@%.*s\n",
+               Con_Printf("%s connection to %s has been established: client is %s@%s%.*s, I am %.*s@%s%.*s\n",
                                 client->netconnection->crypto.use_aes ? "Encrypted" : "Authenticated",
                                 client->netconnection->address,
                                 client->netconnection->crypto.client_idfp[0] ? client->netconnection->crypto.client_idfp : "-",
                                 client->netconnection->crypto.use_aes ? "Encrypted" : "Authenticated",
                                 client->netconnection->address,
                                 client->netconnection->crypto.client_idfp[0] ? client->netconnection->crypto.client_idfp : "-",
+                               (client->netconnection->crypto.client_issigned || !client->netconnection->crypto.client_keyfp[0]) ? "" : "~",
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.client_keyfp[0] ? client->netconnection->crypto.client_keyfp : "-",
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.server_idfp[0] ? client->netconnection->crypto.server_idfp : "-",
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.client_keyfp[0] ? client->netconnection->crypto.client_keyfp : "-",
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.server_idfp[0] ? client->netconnection->crypto.server_idfp : "-",
+                               (client->netconnection->crypto.server_issigned || !client->netconnection->crypto.server_keyfp[0]) ? "" : "~",
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.server_keyfp[0] ? client->netconnection->crypto.server_keyfp : "-"
                                 );
         }
                                 crypto_keyfp_recommended_length, client->netconnection->crypto.server_keyfp[0] ? client->netconnection->crypto.server_keyfp : "-"
                                 );
         }
@@ -3599,6 +3601,7 @@ static void SVVM_init_edict(prvm_prog_t *prog, prvm_edict_t *e)
                         PRVM_serveredictstring(e, crypto_idfp) = PRVM_SetEngineString(prog, svs.clients[num].netconnection->crypto.client_idfp);
                 else
                         PRVM_serveredictstring(e, crypto_idfp) = 0;
                         PRVM_serveredictstring(e, crypto_idfp) = PRVM_SetEngineString(prog, svs.clients[num].netconnection->crypto.client_idfp);
                 else
                         PRVM_serveredictstring(e, crypto_idfp) = 0;
+               PRVM_serveredictfloat(e, crypto_idfp_signed) = (svs.clients[num].netconnection != NULL && svs.clients[num].netconnection->crypto.authenticated && svs.clients[num].netconnection->crypto.client_issigned);
                 if(svs.clients[num].netconnection != NULL && svs.clients[num].netconnection->crypto.authenticated && svs.clients[num].netconnection->crypto.client_keyfp[0])
                         PRVM_serveredictstring(e, crypto_keyfp) = PRVM_SetEngineString(prog, svs.clients[num].netconnection->crypto.client_keyfp);
                 else
                 if(svs.clients[num].netconnection != NULL && svs.clients[num].netconnection->crypto.authenticated && svs.clients[num].netconnection->crypto.client_keyfp[0])
                         PRVM_serveredictstring(e, crypto_keyfp) = PRVM_SetEngineString(prog, svs.clients[num].netconnection->crypto.client_keyfp);
                 else
author	divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
	Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)
committer	divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
	Mon, 9 Feb 2015 11:06:06 +0000 (11:06 +0000)
crypto.c		patch \| blob \| history
crypto.h		patch \| blob \| history
dpdefs/csprogsdefs.qc		patch \| blob \| history
dpdefs/dpextensions.qc		patch \| blob \| history
dpdefs/menudefs.qc		patch \| blob \| history
mvm_cmds.c		patch \| blob \| history
netconn.c		patch \| blob \| history
prvm_offsets.h		patch \| blob \| history
sv_main.c		patch \| blob \| history