AUTHENTICATION: qtv support SHA3-512 auth method

tcsabina · Oct 3, 2021 · b143334 · b143334
1 parent 5ac87c7
commit b143334
Show file tree

Hide file tree

Showing 7 changed files with 475 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ STRIPFLAGS=--strip-unneeded --remove-section=.comment
 
 OBJS = cmd.o crc.o cvar.o forward.o forward_pending.o info.o main.o mdfour.o \
        msg.o net_utils.o parse.o qw.o source.o source_cmds.o sys.o build.o token.o httpsv.o httpsv_generate.o \
-       cl_cmds.o fs.o ban.o udp.o
+       cl_cmds.o fs.o ban.o udp.o sha3.o
 
 qtv: $(OBJS) qtv.h qconst.h
 	$(CC) $(CFLAGS) $(OBJS) $(LDFLAGS) -o $@.db -lm

diff --git a/forward_pending.c b/forward_pending.c
@@ -323,6 +323,7 @@ typedef enum {
 	QTVAM_PLAIN,
 	QTVAM_CCITT,
 	QTVAM_MD4,
+	QTVAM_SHA3_512,
 } authmethod_t;
 
 static qbool SV_QTVValidateAuthentication(authmethod_t authmethod, const char* password_supplied, const char* authchallenge, const char* our_password)
@@ -365,6 +366,20 @@ static qbool SV_QTVValidateAuthentication(authmethod_t authmethod, const char* p
 		return strcmp(password_supplied, hash) == 0;
 	}
 
+	if (authmethod == QTVAM_SHA3_512) {
+		sha3_context c;
+		const uint8_t *byte_hash;
+		char hex_hash[SHA3_512_DIGEST_HEX_STR_SIZE] = {0};
+
+		sha3_Init512(&c);
+		sha3_Update(&c, authchallenge, strlen(authchallenge));
+		sha3_Update(&c, our_password, strlen(our_password));
+		byte_hash = sha3_Finalize(&c);
+		sha3_512_ByteToHex(hex_hash, byte_hash);
+		return strcmp(password_supplied, hex_hash) == 0;
+	}
+
+
 	// Unknown authentication method
 	return false;
 }
@@ -379,7 +394,7 @@ static qbool SV_CheckForQTVRequest(cluster_t *cluster, oproxy_t *pend)
 	int parse_end;
 	char *e = (char *)pend->inbuffer;
 	char *s = e;
-	char password[128] = { 0 };
+	char password[256] = { 0 };
 	authmethod_t authmethod = QTVAM_NONE;
 
 	// Parse a QTV request.
@@ -475,6 +490,9 @@ static qbool SV_CheckForQTVRequest(cluster_t *cluster, oproxy_t *pend)
 						else if (!strcmp(colon, "MD4")) {
 							this_method = QTVAM_MD4;
 						}
+						else if (!strcmp(colon, "SHA3_512")) {
+							this_method = QTVAM_SHA3_512;
+						}
 						authmethod = max(authmethod, this_method);
 					}
 					else if (!strcmp(s, "PASSWORD")) {
@@ -564,6 +582,15 @@ static qbool SV_CheckForQTVRequest(cluster_t *cluster, oproxy_t *pend)
 					pend->authchallenge
 				);
 			}
+			else if (authmethod == QTVAM_SHA3_512 && !password[0]) {
+				Net_ProxyPrintf(
+					pend, "%s"
+					"AUTH: SHA3_512\n"
+					"CHALLENGE: %s\n\n",
+					QTV_SV_HEADER(pend, QTV_VERSION),
+					pend->authchallenge
+				);
+			}
 			else {
 				Net_ProxyPrintf(pend, "%s"
 					"PERROR: Authentication failure\n\n",

diff --git a/meson.build b/meson.build
@@ -27,6 +27,7 @@ qtv_sources = [
 	'source_cmds.c',
 	'sys.c',
 	'token.c',
+	'sha3.c',
 	'udp.c'
 ]
 

diff --git a/qtv.h b/qtv.h
@@ -253,6 +253,7 @@ extern "C" {
 #include "cmd.h"
 #include "cvar.h"
 #include "info.h"
+#include "sha3.h"
 
 typedef struct 
 {