X-Git-Url: http://git.xonotic.org/?p=xonotic%2Fdarkplaces.git;a=blobdiff_plain;f=crypto.h;h=abfe2b5bef146e3b75e56907eeb8239498ad5a77;hp=19e9735d5955771310432edf8c7b64fa71fca89c;hb=06f16b7a460c06040d2dafeb02f00d734211a753;hpb=1ea860909ea670451b5200ccd30aa19241cd081a diff --git a/crypto.h b/crypto.h index 19e9735d..abfe2b5b 100644 --- a/crypto.h +++ b/crypto.h @@ -1,8 +1,12 @@ #ifndef CRYPTO_H #define CRYPTO_H -extern cvar_t crypto_developer; -extern cvar_t crypto_aeslevel; +#include +#include "qtypes.h" +struct lhnetaddress_s; + +extern struct cvar_s crypto_developer; +extern struct cvar_s crypto_aeslevel; #define ENCRYPTION_REQUIRED (crypto_aeslevel.integer >= 3) extern int crypto_keyfp_recommended_length; // applies to LOCAL IDs, and to ALL keys @@ -11,8 +15,6 @@ extern int crypto_keyfp_recommended_length; // applies to LOCAL IDs, and to ALL // AES case causes 16 to 31 bytes overhead // SHA256 case causes 16 bytes overhead as we truncate to 128bit -#include "lhnet.h" - #define FP64_SIZE 44 #define DHKEY_SIZE 16 @@ -20,38 +22,46 @@ typedef struct { unsigned char dhkey[DHKEY_SIZE]; // shared key, not NUL terminated char client_idfp[FP64_SIZE+1]; - char client_keyfp[FP64_SIZE+1]; // NULL if signature fail + char client_keyfp[FP64_SIZE+1]; + qbool client_issigned; char server_idfp[FP64_SIZE+1]; - char server_keyfp[FP64_SIZE+1]; // NULL if signature fail - qboolean authenticated; - qboolean use_aes; + char server_keyfp[FP64_SIZE+1]; + qbool server_issigned; + qbool authenticated; + qbool use_aes; void *data; } crypto_t; void Crypto_Init(void); void Crypto_Init_Commands(void); +void Crypto_LoadKeys(void); // NOTE: when this is called, the SV_LockThreadMutex MUST be active void Crypto_Shutdown(void); +qbool Crypto_Available(void); +void sha256(unsigned char *out, const unsigned char *in, int n); // may ONLY be called if Crypto_Available() const void *Crypto_EncryptPacket(crypto_t *crypto, const void *data_src, size_t len_src, void *data_dst, size_t *len_dst, size_t len); const void *Crypto_DecryptPacket(crypto_t *crypto, const void *data_src, size_t len_src, void *data_dst, size_t *len_dst, size_t len); #define CRYPTO_NOMATCH 0 // process as usual (packet was not used) #define CRYPTO_MATCH 1 // process as usual (packet was used) #define CRYPTO_DISCARD 2 // discard this packet #define CRYPTO_REPLACE 3 // make the buffer the current packet -int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, size_t *len_out, lhnetaddress_t *peeraddress); -int Crypto_ServerParsePacket(const char *data_in, size_t len_in, char *data_out, size_t *len_out, lhnetaddress_t *peeraddress); +int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, size_t *len_out, struct lhnetaddress_s *peeraddress); +int Crypto_ServerParsePacket(const char *data_in, size_t len_in, char *data_out, size_t *len_out, struct lhnetaddress_s *peeraddress); // if len_out is nonzero, the packet is to be sent to the client -qboolean Crypto_ServerAppendToChallenge(const char *data_in, size_t len_in, char *data_out, size_t *len_out, size_t maxlen); -crypto_t *Crypto_ServerGetInstance(lhnetaddress_t *peeraddress); -qboolean Crypto_ServerFinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory +qbool Crypto_ServerAppendToChallenge(const char *data_in, size_t len_in, char *data_out, size_t *len_out, size_t maxlen); +crypto_t *Crypto_ServerGetInstance(struct lhnetaddress_s *peeraddress); +qbool Crypto_FinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory, and frees the instance received by ServerGetInstance const char *Crypto_GetInfoResponseDataString(void); // retrieves a host key for an address (can be exposed to menuqc, or used by the engine to look up stored keys e.g. for server bookmarking) // pointers may be NULL -qboolean Crypto_RetrieveHostKey(lhnetaddress_t *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel); -int Crypto_RetrieveLocalKey(int keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen); // return value: -1 if more to come, +1 if valid, 0 if end of list +qbool Crypto_RetrieveHostKey(struct lhnetaddress_s *peeraddress, int *keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, int *aeslevel, qbool *issigned); +int Crypto_RetrieveLocalKey(int keyid, char *keyfp, size_t keyfplen, char *idfp, size_t idfplen, qbool *issigned); // return value: -1 if more to come, +1 if valid, 0 if end of list + +size_t Crypto_SignData(const void *data, size_t datasize, int keyid, void *signed_data, size_t signed_size); +size_t Crypto_SignDataDetached(const void *data, size_t datasize, int keyid, void *signed_data, size_t signed_size); // netconn protocol: // non-crypto: