#include "hmac.h"
#include "libcurl.h"
-void *crypto_mutex = NULL;
-
cvar_t crypto_developer = {CVAR_SAVE, "crypto_developer", "0", "print extra info about crypto handshake"};
cvar_t crypto_servercpupercent = {CVAR_SAVE, "crypto_servercpupercent", "10", "allowed crypto CPU load in percent for server operation (0 = no limit, faster)"};
cvar_t crypto_servercpumaxtime = {CVAR_SAVE, "crypto_servercpumaxtime", "0.01", "maximum allowed crypto CPU time per frame (0 = no limit)"};
static void Crypto_UnloadKeys(void)
{
int i;
+
keygen_i = -1;
for(i = 0; i < MAX_PUBKEYS; ++i)
{
crypto_t *crypto;
int i;
- if (crypto_mutex)
- Thread_DestroyMutex(crypto_mutex);
- crypto_mutex = NULL;
-
Crypto_Rijndael_CloseLibrary();
if(d0_blind_id_dll)
qd0_blind_id_setmallocfuncs(Crypto_d0_malloc, Crypto_d0_free);
if (Thread_HasThreads())
- {
- crypto_mutex = Thread_CreateMutex();
qd0_blind_id_setmutexfuncs(Crypto_d0_createmutex, Crypto_d0_destroymutex, Crypto_d0_lockmutex, Crypto_d0_unlockmutex);
- }
if(!qd0_blind_id_INITIALIZE())
{
size_t len2;
char vabuf[1024];
- if (crypto_mutex) Thread_LockMutex(crypto_mutex);
+ SV_LockThreadMutex();
if(!d0_blind_id_dll)
{
Con_Print("libd0_blind_id DLL not found, this command is inactive.\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
{
Con_Printf("overflow of keygen_i\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(keygen_i < 0)
{
Con_Printf("Unexpected response from keygen server:\n");
Com_HexDumpToConsole(buffer, length_received);
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!Crypto_ParsePack((const char *) buffer, length_received, FOURCC_D0IR, p, l, 1))
Com_HexDumpToConsole(buffer, length_received);
}
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!qd0_blind_id_finish_private_id_request(pubkeys[keygen_i], p[0], l[0]))
{
Con_Printf("d0_blind_id_finish_private_id_request failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
{
Con_Printf("d0_blind_id_new failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
ctx2 = qd0_blind_id_new();
Con_Printf("d0_blind_id_new failed\n");
qd0_blind_id_free(ctx);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!qd0_blind_id_copy(ctx, pubkeys[keygen_i]))
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!qd0_blind_id_copy(ctx2, pubkeys[keygen_i]))
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
bufsize = sizeof(buf);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
buf2size = sizeof(buf2);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
bufsize = sizeof(buf);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
buf2size = sizeof(buf2);
qd0_blind_id_free(ctx);
qd0_blind_id_free(ctx2);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
qd0_blind_id_free(ctx);
{
Con_Printf("d0_blind_id_write_private_id failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!(buf2size = Crypto_UnParsePack(buf2, sizeof(buf2), FOURCC_D0SI, p, l, 1)))
{
Con_Printf("Crypto_UnParsePack failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
{
Con_Printf("Cannot open key_%d.d0si%s\n", keygen_i, sessionid.string);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
FS_Write(f, buf2, buf2size);
Con_Printf("Saved to key_%d.d0si%s\n", keygen_i, sessionid.string);
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
}
static void Crypto_KeyGen_f(void)
Con_Printf("usage:\n%s id url\n", Cmd_Argv(0));
return;
}
- if (crypto_mutex) Thread_LockMutex(crypto_mutex);
+ SV_LockThreadMutex();
Crypto_LoadKeys();
i = atoi(Cmd_Argv(1));
if(!pubkeys[i])
{
Con_Printf("there is no public key %d\n", i);
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(pubkeys_havepriv[i])
{
Con_Printf("there is already a private key for %d\n", i);
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(keygen_i >= 0)
{
Con_Printf("there is already a keygen run on the way\n");
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
keygen_i = i;
{
Con_Printf("d0_blind_id_start failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
p[0] = buf;
{
Con_Printf("d0_blind_id_generate_private_id_request failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
buf2pos = strlen(Cmd_Argv(2));
{
Con_Printf("Crypto_UnParsePack failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
if(!(buf2l = base64_encode((unsigned char *) (buf2 + buf2pos), buf2l, sizeof(buf2) - buf2pos - 1)))
{
Con_Printf("base64_encode failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
buf2l += buf2pos;
{
Con_Printf("curl failed\n");
keygen_i = -1;
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
return;
}
Con_Printf("key generation in progress\n");
- if (crypto_mutex) Thread_UnlockMutex(crypto_mutex);
+ SV_UnlockThreadMutex();
}
// end
{
int wantserverid = -1;
Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
- if(!crypto || !crypto->authenticated)
+ if(!crypto || !crypto->authenticated) // we ALSO get here if we are using an encrypted connection, so let's rule this out
{
if(wantserverid >= 0)
return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
}
return CRYPTO_NOMATCH;
}
- else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll && crypto_aeslevel.integer >= 3)
+ else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll)
{
int wantserverid = -1;
Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
- if(!crypto || !crypto->authenticated)
+ //if(!crypto || !crypto->authenticated)
+ {
+ if(wantserverid >= 0)
+ return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
+ if(crypto_aeslevel.integer >= 3)
+ return Crypto_ClientError(data_out, len_out, "This server requires encryption to be not required (crypto_aeslevel <= 2)");
+ }
+ return CRYPTO_NOMATCH;
+ }
+ else if (len_in >= 5 && BuffLittleLong((unsigned char *) string) == ((int)NETFLAG_CTL | (int)len_in))
+ {
+ int wantserverid = -1;
+
+ // these three are harmless
+ if(string[4] == CCREP_SERVER_INFO)
+ return CRYPTO_NOMATCH;
+ if(string[4] == CCREP_PLAYER_INFO)
+ return CRYPTO_NOMATCH;
+ if(string[4] == CCREP_RULE_INFO)
+ return CRYPTO_NOMATCH;
+
+ Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+ //if(!crypto || !crypto->authenticated)
{
if(wantserverid >= 0)
return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
projects / xonotic / darkplaces.git / blobdiff