#include "hmac.h"
#include "libcurl.h"
-cvar_t crypto_developer = {CVAR_SAVE, "crypto_developer", "0", "print extra info about crypto handshake"};
-cvar_t crypto_aeslevel = {CVAR_SAVE, "crypto_aeslevel", "1", "whether to support AES encryption in authenticated connections (0 = no, 1 = supported, 2 = requested, 3 = required)"};
+cvar_t crypto_developer = {CVAR_CLIENT | CVAR_SERVER | CVAR_SAVE, "crypto_developer", "0", "print extra info about crypto handshake"};
+cvar_t crypto_aeslevel = {CVAR_CLIENT | CVAR_SERVER | CVAR_SAVE, "crypto_aeslevel", "1", "whether to support AES encryption in authenticated connections (0 = no, 1 = supported, 2 = requested, 3 = required)"};
-cvar_t crypto_servercpupercent = {CVAR_SAVE, "crypto_servercpupercent", "10", "allowed crypto CPU load in percent for server operation (0 = no limit, faster)"};
-cvar_t crypto_servercpumaxtime = {CVAR_SAVE, "crypto_servercpumaxtime", "0.01", "maximum allowed crypto CPU time per frame (0 = no limit)"};
-cvar_t crypto_servercpudebug = {CVAR_SAVE, "crypto_servercpudebug", "0", "print statistics about time usage by crypto"};
+cvar_t crypto_servercpupercent = {CVAR_CLIENT | CVAR_SERVER | CVAR_SAVE, "crypto_servercpupercent", "10", "allowed crypto CPU load in percent for server operation (0 = no limit, faster)"};
+cvar_t crypto_servercpumaxtime = {CVAR_CLIENT | CVAR_SERVER | CVAR_SAVE, "crypto_servercpumaxtime", "0.01", "maximum allowed crypto CPU time per frame (0 = no limit)"};
+cvar_t crypto_servercpudebug = {CVAR_CLIENT | CVAR_SERVER | CVAR_SAVE, "crypto_servercpudebug", "0", "print statistics about time usage by crypto"};
static double crypto_servercpu_accumulator = 0;
static double crypto_servercpu_lastrealtime = 0;
if(i < MAX_CRYPTOCONNECTS && (allow_create || cryptoconnects[i].crypto.data))
{
crypto = &cryptoconnects[i].crypto;
- cryptoconnects[i].lasttime = realtime;
+ cryptoconnects[i].lasttime = host.realtime;
return crypto;
}
if(!allow_create)
if(cryptoconnects[i].lasttime < cryptoconnects[best].lasttime)
best = i;
crypto = &cryptoconnects[best].crypto;
- cryptoconnects[best].lasttime = realtime;
+ cryptoconnects[best].lasttime = host.realtime;
memcpy(&cryptoconnects[best].address, peeraddress, sizeof(cryptoconnects[best].address));
CLEAR_CDATA;
return crypto;
{
if(d0_blind_id_dll)
{
- Cmd_AddCommand(&cmd_client, "crypto_reload", Crypto_Reload_f, "reloads cryptographic keys");
- Cmd_AddCommand(&cmd_client, "crypto_keygen", Crypto_KeyGen_f, "generates and saves a cryptographic key");
- Cmd_AddCommand(&cmd_client, "crypto_keys", Crypto_Keys_f, "lists the loaded keys");
- Cmd_AddCommand(&cmd_client, "crypto_hostkeys", Crypto_HostKeys_f, "lists the cached host keys");
- Cmd_AddCommand(&cmd_client, "crypto_hostkey_clear", Crypto_HostKey_Clear_f, "clears a cached host key");
-
- Cmd_AddCommand(&cmd_server, "crypto_reload", Crypto_Reload_f, "reloads cryptographic keys");
- Cmd_AddCommand(&cmd_server, "crypto_keygen", Crypto_KeyGen_f, "generates and saves a cryptographic key");
- Cmd_AddCommand(&cmd_server, "crypto_keys", Crypto_Keys_f, "lists the loaded keys");
- Cmd_AddCommand(&cmd_server, "crypto_hostkeys", Crypto_HostKeys_f, "lists the cached host keys");
- Cmd_AddCommand(&cmd_server, "crypto_hostkey_clear", Crypto_HostKey_Clear_f, "clears a cached host key");
+ Cmd_AddCommand(CMD_SHARED, "crypto_reload", Crypto_Reload_f, "reloads cryptographic keys");
+ Cmd_AddCommand(CMD_SHARED, "crypto_keygen", Crypto_KeyGen_f, "generates and saves a cryptographic key");
+ Cmd_AddCommand(CMD_SHARED, "crypto_keys", Crypto_Keys_f, "lists the loaded keys");
+ Cmd_AddCommand(CMD_SHARED, "crypto_hostkeys", Crypto_HostKeys_f, "lists the cached host keys");
+ Cmd_AddCommand(CMD_SHARED, "crypto_hostkey_clear", Crypto_HostKey_Clear_f, "clears a cached host key");
Cvar_RegisterVariable(&crypto_developer);
if(d0_rijndael_dll)
// check if we may perform crypto...
if(crypto_servercpupercent.value > 0)
{
- crypto_servercpu_accumulator += (realtime - crypto_servercpu_lastrealtime) * crypto_servercpupercent.value * 0.01;
+ crypto_servercpu_accumulator += (host.realtime - crypto_servercpu_lastrealtime) * crypto_servercpupercent.value * 0.01;
if(crypto_servercpumaxtime.value)
if(crypto_servercpu_accumulator > crypto_servercpumaxtime.value)
crypto_servercpu_accumulator = crypto_servercpumaxtime.value;
else
{
if(crypto_servercpumaxtime.value > 0)
- if(realtime != crypto_servercpu_lastrealtime)
+ if(host.realtime != crypto_servercpu_lastrealtime)
crypto_servercpu_accumulator = crypto_servercpumaxtime.value;
}
- crypto_servercpu_lastrealtime = realtime;
+ crypto_servercpu_lastrealtime = host.realtime;
if(do_reject && crypto_servercpu_accumulator < 0)
{
- if(realtime > complain_time + 5)
+ if(host.realtime > complain_time + 5)
Con_Printf("crypto: cannot perform requested crypto operations; denial service attack or crypto_servercpupercent/crypto_servercpumaxtime are too low\n");
*len_out = 0;
return CRYPTO_DISCARD;
if(CDATA->next_step != 1)
return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
- cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
+ cls.connect_nextsendtime = max(cls.connect_nextsendtime, host.realtime + 1); // prevent "hammering"
if((s = InfoString_GetValue(string + 4, "aes", infostringvalue, sizeof(infostringvalue))))
aes = atoi(s);
if(CDATA->next_step != 3)
return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
- cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
+ cls.connect_nextsendtime = max(cls.connect_nextsendtime, host.realtime + 1); // prevent "hammering"
if(!qd0_blind_id_authenticate_with_private_id_verify(CDATA->id, data_in, len_in, msgbuf, &msgbuflen, &status))
{
if(CDATA->next_step != 5)
return Crypto_SoftClientError(data_out, len_out, va(vabuf, sizeof(vabuf), "Got d0pk\\cnt\\%s when expecting %d", cnt, CDATA->next_step));
- cls.connect_nextsendtime = max(cls.connect_nextsendtime, realtime + 1); // prevent "hammering"
+ cls.connect_nextsendtime = max(cls.connect_nextsendtime, host.realtime + 1); // prevent "hammering"
if(CDATA->s < 0) // only if server didn't auth
{