#include "quakedef.h"
#include "crypto.h"
#include "common.h"
+#include "thread.h"
#include "hmac.h"
#include "libcurl.h"
+void *crypto_mutex = NULL;
+
cvar_t crypto_developer = {CVAR_SAVE, "crypto_developer", "0", "print extra info about crypto handshake"};
cvar_t crypto_servercpupercent = {CVAR_SAVE, "crypto_servercpupercent", "10", "allowed crypto CPU load in percent for server operation (0 = no limit, faster)"};
cvar_t crypto_servercpumaxtime = {CVAR_SAVE, "crypto_servercpumaxtime", "0.01", "maximum allowed crypto CPU time per frame (0 = no limit)"};
#define qd0_blind_id_SHUTDOWN d0_blind_id_SHUTDOWN
#define qd0_blind_id_util_sha256 d0_blind_id_util_sha256
#define qd0_blind_id_sign_with_private_id_sign d0_blind_id_sign_with_private_id_sign
+#define qd0_blind_id_sign_with_private_id_sign_detached d0_blind_id_sign_with_private_id_sign_detached
#else
static D0_EXPORT void (*qd0_blind_id_SHUTDOWN) (void);
static D0_EXPORT void (*qd0_blind_id_util_sha256) (char *out, const char *in, size_t n);
static D0_EXPORT D0_WARN_UNUSED_RESULT D0_BOOL (*qd0_blind_id_sign_with_private_id_sign) (d0_blind_id_t *ctx, D0_BOOL is_first, D0_BOOL send_modulus, const char *message, size_t msglen, char *outbuf, size_t *outbuflen);
+static D0_EXPORT D0_WARN_UNUSED_RESULT D0_BOOL (*qd0_blind_id_sign_with_private_id_sign_detached) (d0_blind_id_t *ctx, D0_BOOL is_first, D0_BOOL send_modulus, const char *message, size_t msglen, char *outbuf, size_t *outbuflen);
static dllfunction_t d0_blind_id_funcs[] =
{
{"d0_blind_id_new", (void **) &qd0_blind_id_new},
{"d0_blind_id_SHUTDOWN", (void **) &qd0_blind_id_SHUTDOWN},
{"d0_blind_id_util_sha256", (void **) &qd0_blind_id_util_sha256},
{"d0_blind_id_sign_with_private_id_sign", (void **) &qd0_blind_id_sign_with_private_id_sign},
+ {"d0_blind_id_sign_with_private_id_sign_detached", (void **) &qd0_blind_id_sign_with_private_id_sign_detached},
{NULL, NULL}
};
// end of d0_blind_id interface
static size_t Crypto_LoadFile(const char *path, char *buf, size_t nmax)
{
+ char vabuf[1024];
qfile_t *f = NULL;
fs_offset_t n;
if(*fs_userdir)
- f = FS_SysOpen(va("%s%s", fs_userdir, path), "rb", false);
+ f = FS_SysOpen(va(vabuf, sizeof(vabuf), "%s%s", fs_userdir, path), "rb", false);
if(!f)
- f = FS_SysOpen(va("%s%s", fs_basedir, path), "rb", false);
+ f = FS_SysOpen(va(vabuf, sizeof(vabuf), "%s%s", fs_basedir, path), "rb", false);
if(!f)
return 0;
n = FS_Read(f, buf, nmax);
return (size_t) n;
}
-static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-static void base64_3to4(const unsigned char *in, unsigned char *out, int bytes)
-{
- unsigned char i0 = (bytes > 0) ? in[0] : 0;
- unsigned char i1 = (bytes > 1) ? in[1] : 0;
- unsigned char i2 = (bytes > 2) ? in[2] : 0;
- unsigned char o0 = base64[i0 >> 2];
- unsigned char o1 = base64[((i0 << 4) | (i1 >> 4)) & 077];
- unsigned char o2 = base64[((i1 << 2) | (i2 >> 6)) & 077];
- unsigned char o3 = base64[i2 & 077];
- out[0] = (bytes > 0) ? o0 : '?';
- out[1] = (bytes > 0) ? o1 : '?';
- out[2] = (bytes > 1) ? o2 : '=';
- out[3] = (bytes > 2) ? o3 : '=';
-}
-
-size_t base64_encode(unsigned char *buf, size_t buflen, size_t outbuflen)
-{
- size_t blocks, i;
- // expand the out-buffer
- blocks = (buflen + 2) / 3;
- if(blocks*4 > outbuflen)
- return 0;
- for(i = blocks; i > 0; )
- {
- --i;
- base64_3to4(buf + 3*i, buf + 4*i, buflen - 3*i);
- }
- return blocks * 4;
-}
-
static qboolean PutWithNul(char **data, size_t *len, const char *str)
{
// invariant: data points to insertion point
char buf[8192];
size_t len, len2;
int i;
+ char vabuf[1024];
// load keys
// note: we are just a CLIENT
memset(pubkeys_fp64[i], 0, sizeof(pubkeys_fp64[i]));
memset(pubkeys_priv_fp64[i], 0, sizeof(pubkeys_fp64[i]));
pubkeys_havepriv[i] = false;
- len = Crypto_LoadFile(va("key_%d.d0pk", i), buf, sizeof(buf));
+ len = Crypto_LoadFile(va(vabuf, sizeof(vabuf), "key_%d.d0pk", i), buf, sizeof(buf));
if((pubkeys[i] = Crypto_ReadPublicKey(buf, len)))
{
len2 = FP64_SIZE;
if(qd0_blind_id_fingerprint64_public_key(pubkeys[i], pubkeys_fp64[i], &len2)) // keeps final NUL
{
Con_Printf("Loaded public key key_%d.d0pk (fingerprint: %s)\n", i, pubkeys_fp64[i]);
- len = Crypto_LoadFile(va("key_%d.d0si", i), buf, sizeof(buf));
+ len = Crypto_LoadFile(va(vabuf, sizeof(vabuf), "key_%d.d0si", i), buf, sizeof(buf));
if(len)
{
if(Crypto_AddPrivateKey(pubkeys[i], buf, len))
len2 = FP64_SIZE;
if(qd0_blind_id_fingerprint64_public_id(pubkeys[i], pubkeys_priv_fp64[i], &len2)) // keeps final NUL
{
- Con_Printf("Loaded private ID key_%d.d0si for key_%d.d0pk (fingerprint: %s)\n", i, i, pubkeys_priv_fp64[i]);
+ Con_Printf("Loaded private ID key_%d.d0si for key_%d.d0pk (public key fingerprint: %s)\n", i, i, pubkeys_priv_fp64[i]);
pubkeys_havepriv[i] = true;
- strlcat(crypto_idstring_buf, va(" %s@%s", pubkeys_priv_fp64[i], pubkeys_fp64[i]), sizeof(crypto_idstring_buf));
+ strlcat(crypto_idstring_buf, va(vabuf, sizeof(vabuf), " %s@%s", pubkeys_priv_fp64[i], pubkeys_fp64[i]), sizeof(crypto_idstring_buf));
}
else
{
crypto_t *crypto;
int i;
+ if (crypto_mutex)
+ Thread_DestroyMutex(crypto_mutex);
+ crypto_mutex = NULL;
+
Crypto_Rijndael_CloseLibrary();
if(d0_blind_id_dll)
if(!Crypto_OpenLibrary())
return;
+ if (Thread_HasThreads())
+ crypto_mutex = Thread_CreateMutex();
+
if(!qd0_blind_id_INITIALIZE())
{
Crypto_Rijndael_CloseLibrary();
}
// end
+qboolean Crypto_Available(void)
+{
+ if(!d0_blind_id_dll)
+ return false;
+ return true;
+}
+
// keygen code
static void Crypto_KeyGen_Finished(int code, size_t length_received, unsigned char *buffer, void *cbdata)
{
d0_blind_id_t *ctx, *ctx2;
D0_BOOL status;
size_t len2;
+ char vabuf[1024];
+
+ if (crypto_mutex) Thread_LockMutex(crypto_mutex);
if(!d0_blind_id_dll)
{
Con_Print("libd0_blind_id DLL not found, this command is inactive.\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
{
Con_Printf("overflow of keygen_i\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(keygen_i < 0)
{
Con_Printf("Unexpected response from keygen server:\n");
Com_HexDumpToConsole(buffer, length_received);
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!Crypto_ParsePack((const char *) buffer, length_received, FOURCC_D0IR, p, l, 1))
Com_HexDumpToConsole(buffer, length_received);
}
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!qd0_blind_id_finish_private_id_request(pubkeys[keygen_i], p[0], l[0]))
{
Con_Printf("d0_blind_id_finish_private_id_request failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
{
Con_Printf("d0_blind_id_new failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
ctx2 = qd0_blind_id_new();
Con_Printf("d0_blind_id_new failed\n");
qd0_blind_id_free(ctx);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!qd0_blind_id_copy(ctx, pubkeys[keygen_i]))
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!qd0_blind_id_copy(ctx2, pubkeys[keygen_i]))
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
bufsize = sizeof(buf);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
buf2size = sizeof(buf2);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
bufsize = sizeof(buf);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
buf2size = sizeof(buf2);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
qd0_blind_id_free(ctx);
len2 = FP64_SIZE;
if(qd0_blind_id_fingerprint64_public_id(pubkeys[keygen_i], pubkeys_priv_fp64[keygen_i], &len2)) // keeps final NUL
{
- Con_Printf("Received private ID key_%d.d0pk (fingerprint: %s)\n", keygen_i, pubkeys_priv_fp64[keygen_i]);
+ Con_Printf("Received private ID key_%d.d0pk (public key fingerprint: %s)\n", keygen_i, pubkeys_priv_fp64[keygen_i]);
pubkeys_havepriv[keygen_i] = true;
- strlcat(crypto_idstring_buf, va(" %s@%s", pubkeys_priv_fp64[keygen_i], pubkeys_fp64[keygen_i]), sizeof(crypto_idstring_buf));
+ strlcat(crypto_idstring_buf, va(vabuf, sizeof(vabuf), " %s@%s", pubkeys_priv_fp64[keygen_i], pubkeys_fp64[keygen_i]), sizeof(crypto_idstring_buf));
crypto_idstring = crypto_idstring_buf;
Crypto_BuildChallengeAppend();
}
{
Con_Printf("d0_blind_id_write_private_id failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!(buf2size = Crypto_UnParsePack(buf2, sizeof(buf2), FOURCC_D0SI, p, l, 1)))
{
Con_Printf("Crypto_UnParsePack failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(*fs_userdir)
{
- FS_CreatePath(va("%skey_%d.d0si", fs_userdir, keygen_i));
- f = FS_SysOpen(va("%skey_%d.d0si", fs_userdir, keygen_i), "wb", false);
+ FS_CreatePath(va(vabuf, sizeof(vabuf), "%skey_%d.d0si", fs_userdir, keygen_i));
+ f = FS_SysOpen(va(vabuf, sizeof(vabuf), "%skey_%d.d0si", fs_userdir, keygen_i), "wb", false);
}
if(!f)
{
- FS_CreatePath(va("%skey_%d.d0si", fs_basedir, keygen_i));
- f = FS_SysOpen(va("%skey_%d.d0si", fs_basedir, keygen_i), "wb", false);
+ FS_CreatePath(va(vabuf, sizeof(vabuf), "%skey_%d.d0si", fs_basedir, keygen_i));
+ f = FS_SysOpen(va(vabuf, sizeof(vabuf), "%skey_%d.d0si", fs_basedir, keygen_i), "wb", false);
}
if(!f)
{
Con_Printf("Cannot open key_%d.d0si\n", keygen_i);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
FS_Write(f, buf2, buf2size);
Con_Printf("Saved to key_%d.d0si\n", keygen_i);
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
}
static void Crypto_KeyGen_f(void)
Con_Printf("usage:\n%s id url\n", Cmd_Argv(0));
return;
}
+ if (crypto_mutex) Thread_LockMutex(crypto_mutex);
i = atoi(Cmd_Argv(1));
if(!pubkeys[i])
{
Con_Printf("there is no public key %d\n", i);
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(pubkeys_havepriv[i])
{
Con_Printf("there is already a private key for %d\n", i);
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(keygen_i >= 0)
{
Con_Printf("there is already a keygen run on the way\n");
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
keygen_i = i;
{
Con_Printf("d0_blind_id_start failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
p[0] = buf;
{
Con_Printf("d0_blind_id_generate_private_id_request failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
buf2pos = strlen(Cmd_Argv(2));
{
Con_Printf("Crypto_UnParsePack failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
if(!(buf2l = base64_encode((unsigned char *) (buf2 + buf2pos), buf2l, sizeof(buf2) - buf2pos - 1)))
{
Con_Printf("base64_encode failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
buf2l += buf2pos;
{
Con_Printf("curl failed\n");
keygen_i = -1;
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
return;
}
Con_Printf("key generation in progress\n");
+ if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
}
// end
{
Con_Printf("%2d: public key key_%d.d0pk (fingerprint: %s)\n", i, i, pubkeys_fp64[i]);
if(pubkeys_havepriv[i])
- Con_Printf(" private key key_%d.d0si (fingerprint: %s)\n", i, pubkeys_priv_fp64[i]);
+ Con_Printf(" private ID key_%d.d0si (public key fingerprint: %s)\n", i, pubkeys_priv_fp64[i]);
}
}
}
}
}
+// NOTE: we MUST avoid the following begins of the packet:
+// 1. 0xFF, 0xFF, 0xFF, 0xFF
+// 2. 0x80, 0x00, length/256, length%256
+// this luckily does NOT affect AES mode, where the first byte always is in the range from 0x00 to 0x0F
const void *Crypto_EncryptPacket(crypto_t *crypto, const void *data_src, size_t len_src, void *data_dst, size_t *len_dst, size_t len)
{
unsigned char h[32];
+ int i;
if(crypto->authenticated)
{
if(crypto->use_aes)
*len_dst = len_src + 16;
memcpy(data_dst, h, 16);
memcpy(((unsigned char *) data_dst) + 16, (unsigned char *) data_src, len_src);
+
+ // handle the "avoid" conditions:
+ i = BuffBigLong((unsigned char *) data_dst);
+ if(
+ (i == (int)0xFFFFFFFF) // avoid QW control packet
+ ||
+ (i == (int)0x80000000 + (int)*len_dst) // avoid NQ control packet
+ )
+ *(unsigned char *)data_dst ^= 0x80; // this will ALWAYS fix it
}
return data_dst;
}
const void *Crypto_DecryptPacket(crypto_t *crypto, const void *data_src, size_t len_src, void *data_dst, size_t *len_dst, size_t len)
{
unsigned char h[32];
+ int i;
+
+ // silently handle non-crypto packets
+ i = BuffBigLong((unsigned char *) data_src);
+ if(
+ (i == (int)0xFFFFFFFF) // avoid QW control packet
+ ||
+ (i == (int)0x80000000 + (int)len_src) // avoid NQ control packet
+ )
+ return NULL;
+
if(crypto->authenticated)
{
if(crypto->use_aes)
Com_HexDumpToConsole((const unsigned char *) data_src, len_src);
return NULL;
}
+
if(memcmp((const unsigned char *) data_src, h, 16)) // ignore first byte, used for length
{
- Con_Printf("HMAC mismatch\n");
- Com_HexDumpToConsole((const unsigned char *) data_src, len_src);
- return NULL;
+ // undo the "avoid conditions"
+ if(
+ (i == (int)0x7FFFFFFF) // avoided QW control packet
+ ||
+ (i == (int)0x00000000 + (int)len_src) // avoided NQ control packet
+ )
+ {
+ // do the avoidance on the hash too
+ h[0] ^= 0x80;
+ if(memcmp((const unsigned char *) data_src, h, 16)) // ignore first byte, used for length
+ {
+ Con_Printf("HMAC mismatch\n");
+ Com_HexDumpToConsole((const unsigned char *) data_src, len_src);
+ return NULL;
+ }
+ }
+ else
+ {
+ Con_Printf("HMAC mismatch\n");
+ Com_HexDumpToConsole((const unsigned char *) data_src, len_src);
+ return NULL;
+ }
}
return ((const unsigned char *) data_src) + 16; // no need to copy, so data_dst is not used
}
int aeslevel;
D0_BOOL aes;
D0_BOOL status;
+ char infostringvalue[MAX_INPUTLINE];
+ char vabuf[1024];
if(!d0_blind_id_dll)
return CRYPTO_NOMATCH; // no support
int i;
// sorry, we have to verify the challenge here to not reflect network spam
- if (!(s = SearchInfostring(string + 4, "challenge")))
+ if (!(s = InfoString_GetValue(string + 4, "challenge", infostringvalue, sizeof(infostringvalue))))
return CRYPTO_NOMATCH; // will be later accepted if encryption was set up
// validate the challenge
for (i = 0;i < MAX_CHALLENGES;i++)
const char *cnt, *s, *p;
int id;
int clientid = -1, serverid = -1;
- cnt = SearchInfostring(string + 4, "id");
+ cnt = InfoString_GetValue(string + 4, "id", infostringvalue, sizeof(infostringvalue));
id = (cnt ? atoi(cnt) : -1);
- cnt = SearchInfostring(string + 4, "cnt");
+ cnt = InfoString_GetValue(string + 4, "cnt", infostringvalue, sizeof(infostringvalue));
if(!cnt)
return CRYPTO_DISCARD; // pre-challenge: rather be silent
GetUntilNul(&data_in, &len_in);
if(!strcmp(cnt, "0"))
{
int i;
- if (!(s = SearchInfostring(string + 4, "challenge")))
+ if (!(s = InfoString_GetValue(string + 4, "challenge", infostringvalue, sizeof(infostringvalue))))
return CRYPTO_DISCARD; // pre-challenge: rather be silent
// validate the challenge
for (i = 0;i < MAX_CHALLENGES;i++)
if (i == MAX_CHALLENGES) // challenge mismatch is silent
return CRYPTO_DISCARD; // pre-challenge: rather be silent
- if (!(s = SearchInfostring(string + 4, "aeslevel")))
+ if (!(s = InfoString_GetValue(string + 4, "aeslevel", infostringvalue, sizeof(infostringvalue))))
aeslevel = 0; // not supported
else
aeslevel = bound(0, atoi(s), 3);
CLEAR_CDATA;
return Crypto_ServerError(data_out, len_out, "d0_blind_id_copy failed", "Internal error");
}
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\1\\id\\%d\\aes\\%d", CDATA->cdata_id, crypto->use_aes));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\1\\id\\%d\\aes\\%d", CDATA->cdata_id, crypto->use_aes));
if(!qd0_blind_id_authenticate_with_private_id_start(CDATA->id, true, false, "XONOTIC", 8, data_out_p, len_out)) // len_out receives used size by this op
{
CLEAR_CDATA;
CLEAR_CDATA;
return Crypto_ServerError(data_out, len_out, "d0_blind_id_copy failed", "Internal error");
}
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\5\\id\\%d\\aes\\%d", CDATA->cdata_id, crypto->use_aes));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\5\\id\\%d\\aes\\%d", CDATA->cdata_id, crypto->use_aes));
if(!qd0_blind_id_authenticate_with_private_id_challenge(CDATA->id, true, false, data_in, len_in, data_out_p, len_out, &status))
{
CLEAR_CDATA;
return CRYPTO_NOMATCH; // pre-challenge, rather be silent
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 2)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\3\\id\\%d", CDATA->cdata_id));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\3\\id\\%d", CDATA->cdata_id));
if(!qd0_blind_id_authenticate_with_private_id_response(CDATA->id, data_in, len_in, data_out_p, len_out))
{
CLEAR_CDATA;
return CRYPTO_NOMATCH; // pre-challenge, rather be silent
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 4)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\5\\id\\%d", CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\5\\id\\%d", CDATA->cdata_id));
if(!qd0_blind_id_authenticate_with_private_id_challenge(CDATA->id, true, false, data_in, len_in, data_out_p, len_out, &status))
{
CLEAR_CDATA;
return CRYPTO_NOMATCH; // pre-challenge, rather be silent
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 6)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
if(!qd0_blind_id_authenticate_with_private_id_verify(CDATA->id, data_in, len_in, msgbuf, &msgbuflen, &status))
{
const char *cnt;
qboolean do_time = false;
qboolean do_reject = false;
+ char infostringvalue[MAX_INPUTLINE];
if(crypto_servercpupercent.value > 0 || crypto_servercpumaxtime.value > 0)
if(len_in > 5 && !memcmp(data_in, "d0pk\\", 5))
{
do_time = true;
- cnt = SearchInfostring(data_in + 4, "cnt");
+ cnt = InfoString_GetValue(data_in + 4, "cnt", infostringvalue, sizeof(infostringvalue));
if(cnt)
if(!strcmp(cnt, "0"))
do_reject = true;
*len_out = 0;
return CRYPTO_DISCARD;
}
- t = Sys_DoubleTime();
+ t = Sys_DirtyTime();
}
ret = Crypto_ServerParsePacket_Internal(data_in, len_in, data_out, len_out, peeraddress);
if(do_time)
{
- t = Sys_DoubleTime() - t;
+ t = Sys_DirtyTime() - t;if (t < 0.0) t = 0.0; // dirtytime can step backwards
if(crypto_servercpudebug.integer)
Con_Printf("crypto: accumulator was %.1f ms, used %.1f ms for crypto, ", crypto_servercpu_accumulator * 1000, t * 1000);
crypto_servercpu_accumulator -= t;
D0_BOOL aes;
char *data_out_p = data_out;
D0_BOOL status;
+ char infostringvalue[MAX_INPUTLINE];
+ char vabuf[1024];
if(!d0_blind_id_dll)
return CRYPTO_NOMATCH; // no support
}
else if (len_in >= 13 && !memcmp(string, "infoResponse\x0A", 13))
{
- s = SearchInfostring(string + 13, "d0_blind_id");
+ s = InfoString_GetValue(string + 13, "d0_blind_id", infostringvalue, sizeof(infostringvalue));
if(s)
Crypto_StoreHostKey(peeraddress, s, true);
return CRYPTO_NOMATCH;
save = *p;
* (char *) p = 0; // cut off the string there
}
- s = SearchInfostring(string + 15, "d0_blind_id");
+ s = InfoString_GetValue(string + 15, "d0_blind_id", infostringvalue, sizeof(infostringvalue));
if(s)
Crypto_StoreHostKey(peeraddress, s, true);
if(p)
// build outgoing message
// append regular stuff
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\0\\id\\%d\\aeslevel\\%d\\challenge\\%s", CDATA->cdata_id, d0_rijndael_dll ? crypto_aeslevel.integer : 0, challenge));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\0\\id\\%d\\aeslevel\\%d\\challenge\\%s", CDATA->cdata_id, d0_rijndael_dll ? crypto_aeslevel.integer : 0, challenge));
PutWithNul(&data_out_p, len_out, serverid >= 0 ? pubkeys_fp64[serverid] : "");
PutWithNul(&data_out_p, len_out, clientid >= 0 ? pubkeys_fp64[clientid] : "");
{
const char *cnt;
int id;
- cnt = SearchInfostring(string + 4, "id");
+ cnt = InfoString_GetValue(string + 4, "id", infostringvalue, sizeof(infostringvalue));
id = (cnt ? atoi(cnt) : -1);
- cnt = SearchInfostring(string + 4, "cnt");
+ cnt = InfoString_GetValue(string + 4, "cnt", infostringvalue, sizeof(infostringvalue));
if(!cnt)
return Crypto_ClientError(data_out, len_out, "d0pk\\ message without cnt");
GetUntilNul(&data_in, &len_in);
{
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 1)
- return Crypto_SoftClientError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
- if((s = SearchInfostring(string + 4, "aes")))
+ if((s = InfoString_GetValue(string + 4, "aes", infostringvalue, sizeof(infostringvalue))))
aes = atoi(s);
else
aes = false;
}
crypto->use_aes = aes != 0;
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\2\\id\\%d", CDATA->cdata_id));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\2\\id\\%d", CDATA->cdata_id));
if(!qd0_blind_id_authenticate_with_private_id_challenge(CDATA->id, true, false, data_in, len_in, data_out_p, len_out, &status))
{
CLEAR_CDATA;
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 3)
- return Crypto_SoftClientError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
}
// cache the server key
- Crypto_StoreHostKey(&cls.connect_address, va("%d %s@%s", crypto->use_aes ? 1 : 0, crypto->server_idfp, pubkeys_fp64[CDATA->s]), false);
+ Crypto_StoreHostKey(&cls.connect_address, va(vabuf, sizeof(vabuf), "%d %s@%s", crypto->use_aes ? 1 : 0, crypto->server_idfp, pubkeys_fp64[CDATA->s]), false);
if(CDATA->c >= 0)
{
// client will auth next
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\4\\id\\%d", CDATA->cdata_id));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\4\\id\\%d", CDATA->cdata_id));
if(!qd0_blind_id_copy(CDATA->id, pubkeys[CDATA->c]))
{
CLEAR_CDATA;
if(id >= 0)
if(CDATA->cdata_id != id)
- return Crypto_SoftServerError(data_out, len_out, va("Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
+ return Crypto_SoftServerError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\id\\%d when expecting %d", id, CDATA->cdata_id));
if(CDATA->next_step != 5)
- return Crypto_SoftClientError(data_out, len_out, va("Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
+ return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
if(CDATA->s < 0) // only if server didn't auth
{
- if((s = SearchInfostring(string + 4, "aes")))
+ if((s = InfoString_GetValue(string + 4, "aes", infostringvalue, sizeof(infostringvalue))))
aes = atoi(s);
else
aes = false;
crypto->use_aes = aes != 0;
}
- PutWithNul(&data_out_p, len_out, va("d0pk\\cnt\\6\\id\\%d", CDATA->cdata_id));
+ PutWithNul(&data_out_p, len_out, va(vabuf, sizeof(vabuf), "d0pk\\cnt\\6\\id\\%d", CDATA->cdata_id));
if(!qd0_blind_id_authenticate_with_private_id_response(CDATA->id, data_in, len_in, data_out_p, len_out))
{
CLEAR_CDATA;
return 0;
if(!pubkeys_havepriv[keyid])
return 0;
- if(qd0_blind_id_sign_with_private_id_sign(pubkeys[keyid], true, false, data, datasize, signed_data, &signed_size))
+ if(qd0_blind_id_sign_with_private_id_sign(pubkeys[keyid], true, false, (const char *)data, datasize, (char *)signed_data, &signed_size))
+ return signed_size;
+ return 0;
+}
+
+size_t Crypto_SignDataDetached(const void *data, size_t datasize, int keyid, void *signed_data, size_t signed_size)
+{
+ if(keyid < 0 || keyid >= MAX_PUBKEYS)
+ return 0;
+ if(!pubkeys_havepriv[keyid])
+ return 0;
+ if(qd0_blind_id_sign_with_private_id_sign_detached(pubkeys[keyid], true, false, (const char *)data, datasize, (char *)signed_data, &signed_size))
return signed_size;
return 0;
}
projects / xonotic / darkplaces.git / blobdiff