Proper NET_SetKey sanity checks

* Checks if input encoded key is 24 characters long.
* Checks if the input data is a valid base64.
This commit is contained in:
Kawe Mazidjatari 2022-08-30 20:04:59 +02:00
parent 529a28358a
commit 885e6fa94e
4 changed files with 32 additions and 9 deletions

View File

@ -61,19 +61,25 @@ int NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bo
//-----------------------------------------------------------------------------
// Purpose: sets the user specified encryption key
// Input : *svNetKey -
// Input : svNetKey -
//-----------------------------------------------------------------------------
void NET_SetKey(const string& svNetKey)
void NET_SetKey(string svNetKey)
{
std::lock_guard<std::mutex> l(g_NetKeyMutex);
g_svNetKey.clear();
g_svNetKey = svNetKey;
if (svNetKey.size() == AES_128_B64_ENCODED_SIZE &&
IsValidBase64(svNetKey))
{
g_svNetKey = svNetKey; // Results are tokenized by 'IsValidBase64()'.
v_NET_SetKey(g_pNetKey, g_svNetKey.c_str());
v_NET_SetKey(g_pNetKey, g_svNetKey.c_str());
DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n",
g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str());
DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n",
g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str());
}
else
{
Error(eDLL_T::ENGINE, false, "AES-128 key not encoded or invalid\n");
}
}
//-----------------------------------------------------------------------------

View File

@ -14,6 +14,7 @@
#define NET_MIN_MESSAGE 5 // Even connectionless packets require int32 value (-1) + 1 byte content
constexpr unsigned int AES_128_KEY_SIZE = 16;
constexpr unsigned int AES_128_B64_ENCODED_SIZE = 24;
constexpr const char* DEFAULT_NET_ENCRYPTION_KEY = "WDNWLmJYQ2ZlM0VoTid3Yg==";
/* ==== CNETCHAN ======================================================================================================================================================== */
@ -38,7 +39,7 @@ inline auto v_NET_PrintFunc = p_NET_PrintFunc.RCast<void(*)(const char* fmt)>();
///////////////////////////////////////////////////////////////////////////////
bool NET_ReceiveDatagram(int iSocket, netpacket_s* pInpacket, bool bRaw);
int NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bool bEncrypted);
void NET_SetKey(const string& svNetKey);
void NET_SetKey(string svNetKey);
void NET_GenerateKey();
void NET_PrintFunc(const char* fmt, ...);
void NET_Shutdown(void* thisptr, const char* szReason, uint8_t bBadRep, bool bRemoveNow);

View File

@ -401,6 +401,21 @@ string ConvertToUnixPath(const string& svInput)
return result;
}
///////////////////////////////////////////////////////////////////////////////
// For checking if input is a valid Base64.
bool IsValidBase64(string& svInput)
{
static const std::regex rx(R"((?:[A-Za-z0-9+\/]{4}?)*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=))");
std::smatch mh;
if (std::regex_search(svInput, mh, rx))
{
svInput = mh[0].str();
return true;
}
return false;
}
///////////////////////////////////////////////////////////////////////////////
// For encoding data in Base64.
string Base64Encode(const string& svInput)

View File

@ -31,6 +31,7 @@ string CreateDirectories(string svInput, bool bWindows = false);
string ConvertToWinPath(const string& svInput);
string ConvertToUnixPath(const string& svInput);
bool IsValidBase64(string& svInput);
string Base64Encode(const string& svInput);
string Base64Decode(const string& svInput);