So if I understand correctly, by default, IOQ3 does not encrypt traffic. If LEGACY_PROTOCOL is defined, some basic XOR’ing is going on but it’s not secure as the key can be intercepted by sniffing the traffic from the beginning.
Why has this been removed anyway? Because it was creating a feeling of security while not really providing any?
So anyways. I’d like to XOR encrypt Q3 traffic with a per-client preshared secret key (PSK). Except the key isn’t sniffable by a 3rd party - it is preshared through SSL, by a small external launcher program, then the client is launched with the PSK in a cvar, and the server has the PSK in a variable somewhere. Each client gets a different PSK, consistent between reconnects, until it’s regenerated by the launcher program for whatever reason.
After spending some time dwelling the labyrinths of netchan, msg.c and such, I’m still not sure when to apply encryption/decryption.
qcommon/net_chan.c : Netchan_TransmitNextFragment() and Netchan_Transmit() seem like good candidates for encryption, Netchan_Process() seems like a decent place to decrypt.
How would you guys do it? I mean, the server must know WHICH key to decrypt the data with, so the user has to identify themselves in some way to the server, in clear text. A hash of the PSK added to each packet, maybe? Like, the 4 first bytes of each packet would be the PSK’s hash, and then the server figures out what PSK this hash is of and decrypts the rest of the packet with the PSK? The client doesn’t have that problem since it only has one PSK to deal with.
Also it’s important that someone can’t just capture all traffic between client and server then replay the client traffic in order to fool the server and perform whatever was performed during the original session.
Any comments / thoughts welcome!