Changeset 190:22bc1a693c15

Timestamp:

05/28/08 17:17:38 (2 years ago)

Author:

amanieu@…

Branch:

pubkey

Message:

Added public key identification

Files:

• Makefile (modified) (7 diffs)
• src/client/cl_cgame.c (modified) (1 diff)
• src/client/cl_main.c (modified) (4 diffs)
• src/client/client.h (modified) (1 diff)
• src/game/g_admin.c (modified) (20 diffs)
• src/game/g_admin.h (modified) (2 diffs)
• src/game/g_client.c (modified) (4 diffs)
• src/game/g_cmds.c (modified) (3 diffs)
• src/game/g_local.h (modified) (3 diffs)
• src/game/g_main.c (modified) (3 diffs)
• src/game/g_public.h (modified) (1 diff)
• src/game/g_syscalls.asm (modified) (1 diff)
• src/game/g_syscalls.c (modified) (1 diff)
• src/qcommon/common.c (modified) (3 diffs)
• src/qcommon/q_shared.h (modified) (1 diff)
• src/qcommon/qcommon.h (modified) (3 diffs)
• src/server/sv_game.c (modified) (1 diff)

Makefile

@@ -95 +95 @@
 ifndef USE_OPENAL_DLOPEN
 USE_OPENAL_DLOPEN=0
+endif
+
+ifndef USE_GMP_DLOPEN
+USE_GMP_DLOPEN=0
+endif
+
+ifndef USE_NETTLE_DLOPEN
+USE_NETTLE_DLOPEN=0
 endif
 
@@ -213 +221 @@
   endif
 
+  ifeq ($(USE_NETTLE_DLOPEN),1)
+    BASE_CFLAGS += -DUSE_NETTLE_DLOPEN
+  else
+    USE_GMP_DLOPEN = 0
+  endif
+  ifeq ($(USE_GMP_DLOPEN),1)
+    BASE_CFLAGS += -DUSE_GMP_DLOPEN
+  endif
+
   OPTIMIZE = -O2 -funroll-loops -fomit-frame-pointer
 
@@ -264 +281 @@
   endif
 
+  ifneq ($(USE_NETTLE_DLOPEN),1)
+    LDFLAGS += -lnettle
+  endif
+  ifneq ($(USE_GMP_DLOPEN),1)
+    LDFLAGS += -lgmp
+  endif
+
   ifeq ($(ARCH),x86)
     # linux32 make ...
@@ -397 +421 @@
   endif
 
+#  Building nettle as a dll is broken, atm
+#  ifeq ($(USE_NETTLE_DLOPEN),1)
+#    BASE_CFLAGS += -DUSE_NETTLE_DLOPEN
+#  else
+#    USE_GMP_DLOPEN = 0
+#  endif
+#  ifeq ($(USE_GMP_DLOPEN),1)
+#    BASE_CFLAGS += -DUSE_GMP_DLOPEN
+#  endif
+
   OPTIMIZE = -O2 -march=i586 -fno-omit-frame-pointer  \
     -falign-loops=2 -funroll-loops -falign-jumps=2 -falign-functions=2 \
@@ -421 +455 @@
     CLIENT_LDFLAGS += -lvorbisfile -lvorbis -logg
   endif
+
+#  Building nettle as a dll is broken, atm
+  LDFLAGS += -lnettle -lgmp
+#  ifneq ($(USE_NETTLE_DLOPEN),1)
+#    LDFLAGS += -lnettle
+#  endif
+#  ifneq ($(USE_GMP_DLOPEN),1)
+#    LDFLAGS += -lgmp
+#  endif
 
   ifeq ($(ARCH),x86)
@@ -1072 +1115 @@
   $(B)/client/cmd.o \
   $(B)/client/common.o \
+  $(B)/client/crypto.o \
   $(B)/client/cvar.o \
   $(B)/client/files.o \
@@ -1264 +1308 @@
   $(B)/ded/cmd.o \
   $(B)/ded/common.o \
+  $(B)/ded/crypto.o \
   $(B)/ded/cvar.o \
   $(B)/ded/files.o \

src/client/cl_cgame.c

@@ -357 +357 @@
                 Cbuf_AddText( "wait ; wait ; wait ; wait ; screenshot levelshot\n" );
                 return qtrue;
+        }
+
+        if ( cl_pubkeyID->integer && !strcmp( cmd, "pubkey_request" ) ) {
+                char buffer[ MAX_STRING_CHARS ] = "pubkey ";
+                qmpz_get_str( buffer + 7, 16, public_key.n );
+                CL_AddReliableCommand( buffer );
+                return qfalse;
+        }
+
+        if ( cl_pubkeyID->integer && !strcmp( cmd, "pubkey_decrypt" ) && argc > 1 ) {
+                char buffer[ MAX_STRING_CHARS ] = "pubkey_identify ";
+                unsigned int msg_len = MAX_STRING_CHARS - 16;
+                mpz_t message;
+                qmpz_init_set_str( message, Cmd_Argv( 1 ), 16 );
+                if ( qrsa_decrypt( &private_key, &msg_len, (unsigned char *) buffer + 16, message ) )
+                {
+                        qnettle_mpz_set_str_256_u( message, msg_len, (unsigned char *) buffer + 16 );
+                        qmpz_get_str( buffer + 16, 16, message );
+                        CL_AddReliableCommand( buffer );
+                }
+                qmpz_clear( message );
+                return qfalse;
         }
 

src/client/cl_main.c

@@ -79 +79 @@
 
 cvar_t  *cl_guidServerUniq;
+
+cvar_t  *cl_pubkeyID;
+
+struct rsa_public_key public_key;
+struct rsa_private_key private_key;
 
 clientActive_t          cl;
@@ -2602 +2607 @@
 
 /*
+===============
+CL_GeneratePKey
+
+Check if the PKEY file contains a valid RSA keypair
+If not then generate a new keypair
+===============
+*/
+static void CL_GeneratePKey(void)
+{
+        int len;
+        fileHandle_t f;
+        void *buf;
+
+        qrsa_public_key_init( &public_key );
+        qrsa_private_key_init( &private_key );
+
+        len = FS_SV_FOpenFileRead( PKEY_FILE, &f );
+        if ( !f || len < 1 )
+        {
+                Com_Printf( "PKEY file not found, regenerating\n" );
+                goto new_key;
+        }
+        buf = Z_TagMalloc( len, TAG_CRYPTO );
+        FS_Read( buf, len, f );
+        FS_FCloseFile( f );
+
+        if ( !qrsa_keypair_from_sexp( &public_key, &private_key, 0 , len, buf ) )
+        {
+                Com_Printf( "Invalid RSA keypair in PKEY, regenerating\n" );
+                Z_Free( buf );
+                goto new_key;
+        }
+
+        Z_Free( buf );
+        Com_Printf( "PKEY found.\n" );
+        return;
+
+new_key:
+        qmpz_set_ui(public_key.e, RSA_PUBLIC_EXPONENT);
+        if ( !qrsa_generate_keypair( &public_key, &private_key, NULL, qnettle_random, NULL, NULL, RSA_KEY_LENGTH, 0 ) )
+                goto keygen_error;
+
+        struct nettle_buffer key_buffer;
+        int key_buffer_len = 0;
+        qnettle_buffer_init(&key_buffer, &key_buffer_len);
+        if ( !qrsa_keypair_to_sexp( &key_buffer, NULL, &public_key, &private_key ) )
+                goto keygen_error;
+
+        f = FS_SV_FOpenFileWrite( PKEY_FILE );
+        if( !f )
+        {
+                Com_Printf( "PKEY could not open %s for write, RSA support will be disabled\n", PKEY_FILE );
+                Cvar_Set( "cl_pubkeyID", "0" );
+                CRYPTO_Shutdown();
+                return;
+        }
+        FS_Write( key_buffer.contents, key_buffer.size, f );
+        qnettle_buffer_clear( &key_buffer );
+        FS_FCloseFile( f );
+        Com_Printf( "PKEY generated\n" );
+        return;
+
+keygen_error:
+        Com_Printf( "Error generating RSA keypair, RSA support will be disabled\n" );
+        Cvar_Set( "cl_pubkeyID", "0" );
+        CRYPTO_Shutdown();
+} 
+
+/*
 ====================
 CL_Init
@@ -2697 +2771 @@
 
         cl_guidServerUniq = Cvar_Get ("cl_guidServerUniq", "1", CVAR_ARCHIVE);
+
+        cl_pubkeyID = Cvar_Get ("cl_pubkeyID", "1", CVAR_ARCHIVE | CVAR_USERINFO);
 
         // userinfo
@@ -2750 +2826 @@
 
         CL_GenerateQKey();      
+        if (cl_pubkeyID->integer)
+                CL_GeneratePKey();
         Cvar_Get( "cl_guid", "", CVAR_USERINFO | CVAR_ROM );
         CL_UpdateGUID( NULL, 0 );

src/client/client.h

@@ -379 +379 @@
 extern  cvar_t  *cl_autoRecordDemo;
 
+extern  cvar_t  *cl_pubkeyID;
+
+extern  struct rsa_public_key public_key;
+extern  struct rsa_private_key private_key;
+
 //=================================================
 

src/game/g_admin.c

@@ -454 +454 @@
 }
 
-static void admin_writeconfig( void )
+void G_admin_writeconfig( void )
 {
   fileHandle_t f;
@@ -471 +471 @@
   if( len < 0 )
   {
-    G_Printf( "admin_writeconfig: could not open g_admin file \"%s\"\n",
+    G_Printf( "G_admin_writeconfig: could not open g_admin file \"%s\"\n",
               g_admin.string );
     return;
@@ -501 +501 @@
     trap_FS_Write( "flags   = ", 10, f );
     admin_writeconfig_string( g_admin_admins[ i ]->flags, f );
+    trap_FS_Write( "pubkey  = ", 10, f );
+    admin_writeconfig_string( g_admin_admins[ i ]->pubkey, f );
+    trap_FS_Write( "msg     = ", 10, f );
+    admin_writeconfig_string( g_admin_admins[ i ]->msg, f );
+    trap_FS_Write( "msg2    = ", 10, f );
+    admin_writeconfig_string( g_admin_admins[ i ]->msg2, f );
+    trap_FS_Write( "counter = ", 10, f );
+    admin_writeconfig_int( g_admin_admins[ i ]->counter, f );
     trap_FS_Write( "\n", 1, f );
   }
@@ -649 +657 @@
 }
 
-//  return a level for a player entity.
-int G_admin_level( gentity_t *ent )
+// return the admin struct for a player entity.
+g_admin_admin_t *G_admin_admin( gentity_t *ent )
 {
   int i;
@@ -657 +665 @@
   if( !ent )
   {
-    return MAX_ADMIN_LEVELS;
+    return NULL;
   }
 
@@ -672 +680 @@
   if( found )
   {
-    return g_admin_admins[ i ]->level;
-  }
-
-  return 0;
+    return g_admin_admins[i];
+  }
+
+  return NULL;
 }
 
@@ -1152 +1160 @@
 }
 
+void G_admin_pubkey( void )
+{
+  int i;
+  g_admin_admin_t *highest = NULL;
+
+  // Uncomment this if your server lags (shouldn't happen unless you are on a *very* old computer)
+  // Will only regenrate messages when there are no active client (When they are all loading the map)
+#if 0
+  for( i = 0; i < level.maxclients; i++ )
+  {
+    if( g_entities[ i ].client && g_entities[ i ].client->pers.connected == CON_CONNECTED )
+      return;
+  }
+#endif
+
+  // Only do 1 encryption per frame to avoid lag
+  for( i = 0; i < MAX_ADMIN_ADMINS && g_admin_admins[ i ]; i++ )
+  {
+    if ( g_admin_admins[ i ]->counter == -1 && g_admin_admins[ i ]->pubkey[ 0 ] )
+    {
+      highest = g_admin_admins[ i ];
+      break;
+    }
+    else if ( g_admin_admins[ i ]->counter == 0 || !g_admin_admins[ i ]->pubkey[ 0 ] )
+      continue;
+    else if ( !highest )
+    {
+      highest = g_admin_admins[ i ];
+      continue;
+    }
+    else if ( highest->counter < g_admin_admins[ i ]->counter )
+      highest = g_admin_admins[ i ];
+  }
+  if ( highest )
+  {
+    if ( trap_RSA_GenerateMessage( highest->pubkey, highest->msg, highest->msg2 ) )
+      highest->counter = 0;
+    else
+    {
+      // If the key generation failed it can only be because of a bad pubkey
+      // so we clear the pubkey and ask the client for a new one when he reconnects
+      highest->pubkey[ 0 ] = '\0';
+      highest->msg[ 0 ] = '\0';
+      highest->msg2[ 0 ] = '\0';
+      highest->counter = -1;
+    }
+    G_admin_writeconfig( );
+  }
+}
+
 qboolean G_admin_readconfig( gentity_t *ent, int skiparg )
 {
@@ -1251 +1309 @@
       {
         admin_readconfig_string( &cnf, a->flags, sizeof( a->flags ) );
+      }
+      else if( !Q_stricmp( t, "pubkey" ) )
+      {
+        admin_readconfig_string( &cnf, a->pubkey, sizeof( a->pubkey ) );
+      }
+      else if( !Q_stricmp( t, "msg" ) )
+      {
+        admin_readconfig_string( &cnf, a->msg, sizeof( a->msg ) );
+      }
+      else if( !Q_stricmp( t, "msg2" ) )
+      {
+        admin_readconfig_string( &cnf, a->msg2, sizeof( a->msg2 ) );
+      }
+      else if( !Q_stricmp( t, "counter" ) )
+      {
+        admin_readconfig_int( &cnf, &a->counter );
       }
       else
@@ -1362 +1436 @@
       a->level = 0;
       *a->flags = '\0';
+      *a->pubkey = '\0';
+      *a->msg = '\0';
+      *a->msg2 = '\0';
+      a->counter = -1;
       admin_open = qtrue;
     }
@@ -1418 +1496 @@
   for( i = 0; i < level.maxclients; i++ )
     if( level.clients[ i ].pers.connected != CON_DISCONNECTED )
-      level.clients[ i ].pers.adminLevel = G_admin_level( &g_entities[ i ] );
+    {
+      level.clients[ i ].pers.admin = G_admin_admin( &g_entities[ i ] );
+      level.clients[ i ].pers.adminLevel = ( level.clients[ i ].pers.pubkey_authenticated ? level.clients[ i ].pers.admin->level : 0 );
+    }
   return qtrue;
 }
@@ -1576 +1657 @@
     if( !Q_stricmp( g_admin_admins[ i ]->guid, guid ) )
     {
-      g_admin_admins[ i ]->level = l;
-      Q_strncpyz( g_admin_admins[ i ]->name, adminname,
-                  sizeof( g_admin_admins[ i ]->name ) );
+      a = g_admin_admins[ i ];
+      a->level = l;
+      Q_strncpyz( a->name, adminname,
+                  sizeof( a->name ) );
       updated = qtrue;
     }
@@ -1594 +1676 @@
     Q_strncpyz( a->guid, guid, sizeof( a->guid ) );
     *a->flags = '\0';
+    *a->pubkey = '\0';
+    *a->msg = '\0';
+    *a->msg2 = '\0';
+    a->counter = -1;
     g_admin_admins[ i ] = a;
   }
@@ -1601 +1687 @@
     adminname, l, ( ent ) ? ent->client->pers.netname : "console" ) );
   if( vic )
+  {
+    vic->client->pers.admin = ( l ? a : NULL );
     vic->client->pers.adminLevel = l;
+    if ( l && l >= g_adminPubkeyID.integer && !a->pubkey[0] && vic->client->pers.cl_pubkeyID )
+      trap_SendServerCommand( vic - g_entities, "pubkey_request" );
+  }
 
   if( !g_admin.string[ 0 ] )
@@ -1607 +1698 @@
       "to a file\n" );
   else
-    admin_writeconfig();
+    G_admin_writeconfig();
   return qtrue;
 }
@@ -1827 +1918 @@
       ADM_NEW_BAN );
     if( g_admin.string[ 0 ] )
-      admin_writeconfig();
+      G_admin_writeconfig();
   }
 
@@ -2055 +2146 @@
        ADMP( "^3!ban: ^7WARNING g_admin not set, not saving ban to a file\n" );
     else
-       admin_writeconfig();
+       G_admin_writeconfig();
 
     AP( va( "print \"^3!ban:^7 %s^7 has been banned by %s^7 "
@@ -2095 +2186 @@
       ADMP( "^3!ban: ^7WARNING g_admin not set, not saving ban to a file\n" );
     else
-      admin_writeconfig();
+      G_admin_writeconfig();
 
     if( g_admin_namelog[ logmatch ]->slot == -1 )
@@ -2154 +2245 @@
           ( ent ) ? ent->client->pers.netname : "console" ) );
   if( g_admin.string[ 0 ] )
-    admin_writeconfig();
+    G_admin_writeconfig();
   return qtrue;
 }
@@ -3217 +3308 @@
   }
 
-  level = G_admin_level(ent);
+  level = ent->client->pers.adminLevel;
         
   if( level == 0 )
@@ -3256 +3347 @@
   level = 0;
   
-  level = G_admin_level(ent);
+  level = ent->client->pers.adminLevel;
   if( level == 0 )
     level = 1;

src/game/g_admin.h

@@ -109 +109 @@
   int level;
   char flags[ MAX_ADMIN_FLAGS ];
+  char pubkey[ RSA_STRING_LENGTH ];
+  char msg[ RSA_STRING_LENGTH ];
+  char msg2[ RSA_STRING_LENGTH ];
+  int counter;
 }
 g_admin_admin_t;
@@ -147 +151 @@
 qboolean G_admin_cmd_check( gentity_t *ent, qboolean say );
 qboolean G_admin_readconfig( gentity_t *ent, int skiparg );
+void G_admin_writeconfig( void );
 qboolean G_admin_permission( gentity_t *ent, char flag );
 qboolean G_admin_guid_permission( char *guid, char flag );
 qboolean G_admin_name_check( gentity_t *ent, char *name, char *err, int len );
 void G_admin_namelog_update( gclient_t *ent, qboolean disconnect );
-int G_admin_level( gentity_t *ent );
+g_admin_admin_t *G_admin_admin( gentity_t *ent );
+void G_admin_pubkey( void );
 
 // ! command functions

src/game/g_client.c

@@ -1264 +1264 @@
   int       used_privateSlots;
   int       privateClients;
+  g_admin_admin_t *admin;
 
   ent = &g_entities[ clientNum ];
@@ -1340 +1341 @@
   }
   Q_strncpyz( client->pers.ip, ip, sizeof( client->pers.ip ) );
-  client->pers.adminLevel = G_admin_level( ent );
-  
+  admin = G_admin_admin( ent );
+  client->pers.admin = admin;
+  client->pers.adminLevel = admin->level;
+  client->pers.pubkey_authenticated = -1;
+  client->pers.cl_pubkeyID = atoi( Info_ValueForKey( userinfo, "cl_pubkeyID" ) );
+
+  if ( g_adminPubkeyID.integer && admin )
+  {
+    if ( admin->pubkey[0] && admin->counter != -1 && admin->level >= g_adminPubkeyID.integer )
+    {
+      // remove admin from client
+      client->pers.pubkey_authenticated = 0;
+      client->pers.adminLevel = 0;
+      Q_strncpyz( client->pers.guid, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", sizeof( client->pers.guid ) );
+      // save name before we get renamed to UnamedPlayer
+      Q_strncpyz( client->pers.connect_name, Info_ValueForKey( userinfo, "name" ), sizeof( client->pers.connect_name ) );
+    }
+  }
+
   // do autoghost now so that there won't be any name conflicts later on
   if ( g_autoGhost.integer )
@@ -1383 +1401 @@
   gclient_t *client;
   int       flags;
+  g_admin_admin_t *admin;
 
   ent = g_entities + clientNum;
@@ -1424 +1443 @@
   // request the clients PTR code
   trap_SendServerCommand( ent - g_entities, "ptrcrequest" );
+
+  // ask for identification
+  admin = client->pers.admin;
+  if ( g_adminPubkeyID.integer && admin && client->pers.cl_pubkeyID )
+  {
+    if ( admin->level >= g_adminPubkeyID.integer && !admin->pubkey[0] )
+      trap_SendServerCommand( ent - g_entities, "pubkey_request" );
+    else if ( client->pers.pubkey_authenticated == 0 )
+    {
+      trap_SendServerCommand( ent - g_entities, va( "pubkey_decrypt %s", admin->msg2 ) );
+      admin->counter++;
+      // copy the decrypted message because generating a new message will overwrite it
+      Q_strncpyz( client->pers.pubkey_msg, admin->msg, sizeof( client->pers.pubkey_msg ) );
+      G_admin_writeconfig( );
+    }
+  }
 
   G_LogPrintf( "ClientBegin: %i\n", clientNum );

src/game/g_cmds.c

@@ -888 +888 @@
     default:
     case SAY_ALL:
-      if(ent->client->pers.teamSelection == TEAM_NONE && G_admin_level(ent)<g_minLevelToSpecMM1.integer)
+      if(ent->client->pers.teamSelection == TEAM_NONE && ent->client->pers.adminLevel<g_minLevelToSpecMM1.integer)
       {
         trap_SendServerCommand( ent-g_entities,va( "print \"Sorry, but your admin level is not permitted to speak to all while spectating.\n\"") ); 
@@ -3529 +3529 @@
 }
 
+static void Cmd_Pubkey_f( gentity_t *ent )
+{
+  char buffer[ RSA_STRING_LENGTH ];
+  g_admin_admin_t *admin = ent->client->pers.admin;
+  if ( !g_adminPubkeyID.integer || ent->client->pers.adminLevel < g_adminPubkeyID.integer || trap_Argc() != 2 )
+    return;
+  if ( admin->pubkey[0] )
+    return;
+  trap_Argv( 1, buffer, sizeof( buffer ) );
+  Q_strncpyz( admin->pubkey, buffer, sizeof( admin->pubkey ) );
+  admin->counter = -1;
+  G_admin_writeconfig( );
+}
+
+static void Cmd_Pubkey_Identify_f( gentity_t *ent )
+{
+  char buffer[ MAX_STRING_CHARS ];
+  char userinfo[ MAX_INFO_STRING ];
+  g_admin_admin_t *admin = ent->client->pers.admin;
+  if ( !g_adminPubkeyID.integer || ent->client->pers.admin->level < g_adminPubkeyID.integer || trap_Argc() != 2 )
+    return;
+  if ( ent->client->pers.pubkey_authenticated != 0 || !admin->pubkey[0] || admin->counter == -1 || !ent->client->pers.pubkey_msg[0] )
+    return;
+  trap_Argv( 1, buffer, sizeof( buffer ) );
+  if ( Q_strncmp( buffer, ent->client->pers.pubkey_msg, MAX_STRING_CHARS ) )
+    return;
+  ent->client->pers.pubkey_authenticated = 1;
+  ent->client->pers.pubkey_msg[0] = '\0';
+  ent->client->pers.adminLevel = admin->level;
+  trap_GetUserinfo( ent - g_entities, userinfo, sizeof( userinfo ) );
+  Q_strncpyz( ent->client->pers.guid, Info_ValueForKey( userinfo, "cl_guid" ), sizeof( ent->client->pers.guid ) );
+  Info_SetValueForKey( userinfo, "name", ent->client->pers.connect_name );
+  trap_SetUserinfo( ent - g_entities, userinfo );
+  ClientUserinfoChanged( ent - g_entities );
+}
+
 commands_t cmds[ ] = {
   // normal commands
@@ -3571 +3607 @@
   { "donate", CMD_TEAM, Cmd_Donate_f },
 
+  { "pubkey", CMD_INTERMISSION, Cmd_Pubkey_f },
+  { "pubkey_identify", CMD_INTERMISSION, Cmd_Pubkey_Identify_f },
+
   { "follow", CMD_NOTEAM, Cmd_Follow_f },
   { "follownext", CMD_NOTEAM, Cmd_FollowCycle_f },

src/game/g_local.h

@@ -324 +324 @@
   int                 specExpires;          // level.time at which a player can join a team again after !spec
   char                voice[ MAX_VOICE_NAME_LEN ];
+  g_admin_admin_t     *admin;
+  int                 pubkey_authenticated; // -1 = does not have pubkey, 0 = not authenticated, 1 = authenticated
+  int                 cl_pubkeyID;
+  char                pubkey_msg[ RSA_STRING_LENGTH ];
+  char                connect_name[ MAX_NAME_LENGTH ]; // Name of client before admin was removed with pubkey
 } clientPersistant_t;
 
@@ -1223 +1228 @@
 extern  vmCvar_t  g_adminNameProtect;
 extern  vmCvar_t  g_adminTempBan;
+extern  vmCvar_t  g_adminPubkeyID;
 extern  vmCvar_t  g_adminTempSpec;
 extern  vmCvar_t  g_minLevelToSpecMM1;
@@ -1301 +1307 @@
 void      trap_SnapVector( float *v );
 void      trap_SendGameStat( const char *data );
+int       trap_RSA_GenerateMessage( const char *public_key, char *cleartext, char *encrypted );
 
 void      do_health( gentity_t *ent, int quantity );

src/game/g_main.c

@@ -149 +149 @@
 vmCvar_t  g_autoRegister;
 vmCvar_t  g_adminTempBan;
+vmCvar_t  g_adminPubkeyID;
 vmCvar_t  g_adminTempSpec;
 vmCvar_t  g_minLevelToSpecMM1;
@@ -329 +330 @@
   { &g_adminNameProtect, "g_adminNameProtect", "1", CVAR_ARCHIVE, 0, qfalse  },
   { &g_adminTempBan, "g_adminTempBan", "120", CVAR_ARCHIVE, 0, qfalse  },
+  { &g_adminPubkeyID, "g_adminPubkeyID", "2", CVAR_ARCHIVE | CVAR_SERVERINFO, 0, qfalse  },
   { &g_adminTempSpec, "g_adminTempSpec", "120", CVAR_ARCHIVE, 0, qfalse  },
   { &g_adminWarnMessage, "g_adminWarnMessage", "You have been warned by an administrator.\n Cease imeediately or face admin action!\n", CVAR_ARCHIVE, 0, qfalse },
@@ -2735 +2737 @@
   CheckTeamVote( TEAM_ALIENS );
 
+  // generate public-key messages
+  if ( g_adminPubkeyID.integer )
+    G_admin_pubkey();
+
   // for tracking changes
   CheckCvars( );

src/game/g_public.h

@@ -221 +221 @@
   G_PARSE_SOURCE_FILE_AND_LINE,
 
-  G_SEND_GAMESTAT
+  G_SEND_GAMESTAT,
+  
+  G_RSA_GENMSG // ( const char *public_key, char *cleartext, char *encrypted )
 } gameImport_t;
 

src/game/g_syscalls.asm

@@ -51 +51 @@
 
 equ trap_SendGameStat               -48
+equ trap_RSA_GenerateMessage            -49
 
 

src/game/g_syscalls.c

@@ -258 +258 @@
 }
 
+int trap_RSA_GenerateMessage( const char *public_key, char *cleartext, char *encrypted )
+{
+        return syscall( G_RSA_GENMSG, public_key, cleartext, encrypted );
+}
+
 int trap_Parse_AddGlobalDefine( char *define )
 {

src/qcommon/common.c

@@ -83 +83 @@
 cvar_t  *com_unfocused;
 cvar_t  *com_minimized;
+cvar_t  *com_gmpLibName;
+cvar_t  *com_nettleLibName;
 
 // com_speeds times
@@ -2471 +2473 @@
         com_minimized = Cvar_Get( "com_minimized", "0", CVAR_ROM );
 
+        com_gmpLibName = Cvar_Get( "com_gmpLibName", DEFAULT_GMP_LIB, CVAR_ARCHIVE );
+        com_nettleLibName = Cvar_Get( "com_nettleLibName", DEFAULT_NETTLE_LIB, CVAR_ARCHIVE );
+
         if ( com_developer && com_developer->integer ) {
                 Cmd_AddCommand ("error", Com_Error_f);
@@ -2486 +2491 @@
         VM_Init();
         SV_Init();
+        if (!CRYPTO_Init())
+        {
+                // Disable all crypto functions
+                Cvar_Get("g_adminPubkeyID", "0", CVAR_ROM);
+#ifndef DEDICATED
+                Cvar_Get("cl_pubkeyID", "0", CVAR_ROM);
+#endif
+        }
 
         com_dedicated->modified = qfalse;

src/qcommon/q_shared.h

@@ -1332 +1332 @@
 #define MAX_EMOTICONS 64
 
+/* This should not be changed because this value is
+ * expected to be the same on the client and on the server */
+#define RSA_KEY_LENGTH 2048
+#define RSA_STRING_LENGTH (RSA_KEY_LENGTH / 4 + 1)
+
 #endif  // __Q_SHARED_H

src/qcommon/qcommon.h

@@ -26 +26 @@
 
 #include "../qcommon/cm_public.h"
+
+#include "../qcommon/crypto.h"
 
 //Ignore __attribute__ on non-gcc platforms
@@ -785 +787 @@
 extern  cvar_t  *com_minimized;
 extern  cvar_t  *com_altivec;
+extern  cvar_t  *com_gmpLibName;
+extern  cvar_t  *com_nettleLibName;
 
 // both client and server must agree to pause
@@ -811 +815 @@
         TAG_BOTLIB,
         TAG_RENDERER,
+        TAG_CRYPTO,
         TAG_SMALL,
         TAG_STATIC

src/server/sv_game.c

@@ -435 +435 @@
                 SV_MasterGameStat( VMA(1) );
                 return 0;
+        case G_RSA_GENMSG:
+                {
+                        struct rsa_public_key public_key;
+                        mpz_t message;
+                        unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ];
+                        int retval;
+                        Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 );
+                        qnettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer );
+                        qmpz_get_str( VMA(2), 16, message );
+                        qrsa_public_key_init( &public_key );
+                        qmpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT );
+                        retval = qmpz_set_str( public_key.n, VMA(1), 16 ) + 1;
+                        if ( retval )
+                        {
+                                qrsa_public_key_prepare( &public_key );
+                                retval = qrsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message );
+                        }
+                        qrsa_public_key_clear( &public_key );
+                        qmpz_get_str( VMA(3), 16, message );
+                        qmpz_clear( message );
+                        return retval;
+                }
 
         //====================================