Use 64-byte challenges consistently

2026-01-25 16:06:09 +00:00 · 2023-03-27 23:57:30 -07:00 · 2023-03-27 23:57:30 -07:00 · 3c561c564e
commit 3c561c564e
parent e09b21ddae
2 changed files with 12 additions and 9 deletions
--- a/src/d_clisrv.c
+++ b/src/d_clisrv.c
@ -161,8 +161,8 @@ boolean acceptnewnode = true;

 UINT32 ourIP; // Used when populating PT_SERVERCHALLENGE (guards against signature reuse)
 uint8_t lastReceivedKey[MAXNETNODES][MAXSPLITSCREENPLAYERS][32]; // Player's public key (join process only! active players have it on player_t)
-uint8_t lastSentChallenge[MAXNETNODES][32]; // The random message we asked them to sign in PT_SERVERCHALLENGE, check it in PT_CLIENTJOIN
-uint8_t lastChallengeAll[64]; // The message we asked EVERYONE to sign for client-to-client identity proofs
+uint8_t lastSentChallenge[MAXNETNODES][CHALLENGELENGTH]; // The random message we asked them to sign in PT_SERVERCHALLENGE, check it in PT_CLIENTJOIN
+uint8_t lastChallengeAll[CHALLENGELENGTH]; // The message we asked EVERYONE to sign for client-to-client identity proofs
 uint8_t lastReceivedSignature[MAXPLAYERS][64]; // Everyone's response to lastChallengeAll
 uint8_t knownWhenChallenged[MAXPLAYERS][32]; // Everyone a client saw at the moment a challenge should be initiated
 boolean expectChallenge = false; // Were we in-game before a client-to-client challenge should have been sent?
@ -227,7 +227,7 @@ void GenerateChallenge(uint8_t *buf)
 	#endif

 	UINT64 now = time(NULL);
-	csprng(buf, sizeof(&buf)); // Random noise as a baseline, but...
+	csprng(buf, CHALLENGELENGTH); // Random noise as a baseline, but...
 	memcpy(buf, &now, sizeof(now)); // Timestamp limits the reuse window.
 	memcpy(buf + sizeof(now), &ourIP, sizeof(ourIP)); // IP prevents captured signatures from being used elsewhere.

@ -4385,7 +4385,7 @@ static void HandleConnect(SINT8 node)
 				}
 				else
 				{	
-					sigcheck = crypto_eddsa_check(netbuffer->u.clientcfg.challengeResponse[i], lastReceivedKey[node][i], lastSentChallenge[node], 32);
+					sigcheck = crypto_eddsa_check(netbuffer->u.clientcfg.challengeResponse[i], lastReceivedKey[node][i], lastSentChallenge[node], CHALLENGELENGTH);
 				}

 				if (netgame && sigcheck != 0)
--- a/src/d_clisrv.h
+++ b/src/d_clisrv.h
@ -54,6 +54,9 @@ applications may follow different packet versions.
 // This just works as a quick implementation.
 #define MAXGENTLEMENDELAY TICRATE

+// Servers verify client identity by giving them messages to sign. How long are these messages?
+#define CHALLENGELENGTH 64
+
 //
 // Packet structure
 //
@ -367,12 +370,12 @@ struct clientkey_pak

 struct serverchallenge_pak
 {
-	uint8_t secret[32];
+	uint8_t secret[CHALLENGELENGTH];
 } ATTRPACK;

 struct challengeall_pak
 {
-	uint8_t secret[64];
+	uint8_t secret[CHALLENGELENGTH];
 } ATTRPACK;

 struct responseall_pak
@ -423,7 +426,7 @@ struct doomdata_t
 		filesneededconfig_pak filesneededcfg; //       ??? bytes
 		UINT32 pingtable[MAXPLAYERS+1];     //          68 bytes
 		clientkey_pak clientkey;				// 32 bytes
-		serverchallenge_pak serverchallenge;	// 64 bytes
+		serverchallenge_pak serverchallenge;	// 256 bytes
 		challengeall_pak challengeall;			// 256 bytes
 		responseall_pak responseall;			// 256 bytes
 		resultsall_pak resultsall;				// 1024 bytes. Also, you really shouldn't trust anything here.
@ -493,8 +496,8 @@ extern SINT8 servernode;
 extern char connectedservername[MAXSERVERNAME];
 extern UINT32 ourIP;
 extern uint8_t lastReceivedKey[MAXNETNODES][MAXSPLITSCREENPLAYERS][32];
-extern uint8_t lastSentChallenge[MAXNETNODES][32];
-extern uint8_t lastChallengeAll[64];
+extern uint8_t lastSentChallenge[MAXNETNODES][CHALLENGELENGTH];
+extern uint8_t lastChallengeAll[CHALLENGELENGTH];
 extern uint8_t lastReceivedSignature[MAXPLAYERS][64];
 extern uint8_t knownWhenChallenged[MAXPLAYERS][32];
 extern boolean expectChallenge;