package MasterServer::Core::Secure;

use strict;
use warnings;
use POSIX qw/strftime/;
use Exporter 'import';

our @EXPORT = qw| load_ciphers 
                  secure_string 
                  validated_beacon 
                  validated_request 
                  validate_string 
                  charshift 
                  get_validate_string |;

################################################################################
## Supported Games list ciphers
## Clear the Supported Games table and insert the list of supported games AND
## their ciphers / default ports / descriptions included from the 
## data/supportedgames.pl file.
## 
## Only config files after 5 October 2015 work with this script.
## IMPORTANT! Afterwards, the $self->{game} hash will be cleared!
################################################################################
sub load_ciphers {
  my $self = shift;
  
  # first delete the old cipher database
  $self->clear_ciphers();
  
  # start inserting ciphers (lots of 'em)
  $self->{dbh}->begin_work;
  
  # iterate through the game list
  for (keys %{$self->{game}}) {
    
    # verify entries
    my %opt = ();
    $opt{gamename}      = lc $_;
    $opt{cipher}        = $self->{game}->{$_}->{key};
    $opt{description}   = $self->{game}->{$_}->{label} || 'Unknown Game';
    $opt{default_qport} = $self->{game}->{$_}->{port} || 0;
    
    # insert the game/cipher in the db or halt on error
    if ($self->insert_cipher(%opt) < 0) {
      $self->{dbh}->rollback;
      $self->halt();
    }
    
  }
  
  # commit
  $self->{dbh}->commit;
  $self->log("info", "Cipher database successfully updated!");
  
  # unload the game variables from memory
  $self->{game} = undef;
  
}


################################################################################
# generate a random string of 6 characters long for the \secure\ challenge
# returns string
################################################################################
sub secure_string {
  # spit out a random string, only uppercase characters
  my @c = ('A'..'Z');
  my $s = "";
  $s .= $c[rand @c] for 1..6;
  
  # return random string
  return $s;
}

################################################################################
# authenticate the \validate\ response for the \secure\ challenge. 
# returns 1 on valid response, 0 on invalid
################################################################################
sub validated_beacon {
  my ($self, $gamename, $secure, $enctype, $validate) = @_;
  
  # debugging enabled? Then don't care about validation
  return 1 if ($self->{debug_validate});
  
  # enctype given? 
  $enctype = 0 unless $enctype;
  
  if ($self->{ignore_beacon_key} =~ m/$gamename/i){
    $self->log("secure", "ignored beacon validation for $gamename");
    return 1;
  }
  
  # compare received response with expected response
  return ($self->validate_string($gamename, $secure, $enctype) eq $validate) || 0;
}

################################################################################
# authenticate the \validate\ response for the \secure\ challenge. 
# returns 1 on valid response, 0 on invalid
################################################################################
sub validated_request {
  my ($self, $gamename, $secure, $enctype, $validate) = @_;
  
  # debugging enabled? Then don't care about validation
  return 1 if ($self->{debug_validate});
  
  # enctype given? 
  $enctype = 0 unless $enctype;
  
  # ignore games and beacons that are listed
  if ($self->{ignore_browser_key} =~ m/$gamename/i){
    $self->log("secure", "ignored browser validation for $gamename");
    return 1;
  }
  
  # compare received response with expected response
  return ($self->validate_string($gamename, $secure, $enctype) eq $validate) || 0;
}

################################################################################
# process the validate string as a response to the secure challenge
# returns: validate string (usually 8 characters long)
################################################################################
sub validate_string {
  my ($self, $game, $sec, $enc)  = @_;
  
  # get cipher from gamename
  my $cip = $self->get_cipher($game);
  
  # don't accept challenge longer than 16 characters (because vulnerable in UE)
  if (length $sec > 16) {
    return "invalid!"}
  
  # check for valid encryption choices
  my $enc_val = (defined $enc && 0 <= $enc && $enc <= 2) ? $enc : 0;
  
  # calculate and return validate string
  return $self->get_validate_string($cip, $sec, $enc_val);
}

################################################################################
# rotate characters as part of the secure/validate algorithm.
# arg and return: int (representing a character)
################################################################################
sub charshift {
  my ($self, $reg) = @_;
    return($reg + 65) if ($reg <  26);
    return($reg + 71) if ($reg <  52);
    return($reg - 4)  if ($reg <  62);
    return(43)        if ($reg == 62);
    return(47)        if ($reg == 63);
    
    # if all else fails
    return(0);
}

################################################################################
# algorithm to process the response to the secure/validate query. processes
# the secure_string and returns the challenge_string with which GameSpy secure
# protocol authenticates games.
#
# the following algorithm is based on gsmsalg.h in GSMSALG 0.3.3 by Luigi 
# Auriemma, aluigi@autistici.org, aluigi.org, copyright 2004-2008. GSMSALG 0.3.3
# was released under the GNU General Public License, for more information, see
# the original software at http://aluigi.altervista.org/papers.htm#gsmsalg
#
# conversion and modification of the algorithm by Darkelarious, June 2014.
#
# args: game cipher, 6-char challenge string, encryption type
# returns: validate string (usually 8 characters long)
# !! requires cipher hash to be configured in config! (imported or otherwise)
################################################################################
sub get_validate_string {
  my ($self, $cipher_string, $secure_string, $enctype) = @_;
  
  # use pre-built rotations for enctype 
  # -- see GSMSALG 0.3.3 reference for copyright and more information
  my @enc_chars = ( qw |
    001 186 250 178 081 000 084 128 117 022 142 142 002 008 054 165 
    045 005 013 022 082 007 180 034 140 233 009 214 185 038 000 004 
    006 005 000 019 024 196 030 091 029 118 116 252 080 081 006 022 
    000 081 040 000 004 010 041 120 081 000 001 017 082 022 006 074 
    032 132 001 162 030 022 071 022 050 081 154 196 003 042 115 225 
    045 079 024 075 147 076 015 057 010 000 004 192 018 012 154 094 
    002 179 024 184 007 012 205 033 005 192 169 065 067 004 060 082 
    117 236 152 128 029 008 002 029 088 132 001 078 059 106 083 122 
    085 086 087 030 127 236 184 173 000 112 031 130 216 252 151 139 
    240 131 254 014 118 003 190 057 041 119 048 224 043 255 183 158 
    001 004 248 001 014 232 083 255 148 012 178 069 158 010 199 006 
    024 001 100 176 003 152 001 235 002 176 001 180 018 073 007 031 
    095 094 093 160 079 091 160 090 089 088 207 082 084 208 184 052 
    002 252 014 066 041 184 218 000 186 177 240 018 253 035 174 182 
    069 169 187 006 184 136 020 036 169 000 020 203 036 018 174 204 
    087 086 238 253 008 048 217 253 139 062 010 132 070 250 119 184 
  |),

  # convert to array of characters
  my @cip = split "", $cipher_string;
  my @sec = split "", $secure_string;

  # length of strings/arrays which should be 6
  my $sec_len = scalar @sec;
  my $cip_len = scalar @cip;
  
  # from this point on, work with ordinal values
  for (0..$sec_len-1) { $sec[$_] = ord $sec[$_]; }
  for (0..$cip_len-1) { $cip[$_] = ord $cip[$_]; }
  
  # helper vars
  my ($i,$j,$k,$l,$m,$n,$p);

  # too short or too long -- return empty string
  return "" if ($sec_len <= 0 || $sec_len >= 32);
  return "" if ($cip_len <= 0 || $cip_len >= 32);
  
  # temporary array with ascii characters
  my @enc;
  for(0..255) {$enc[$_] = $_;}

  $j = 0;
  for(0..255) {
      $j += $enc[$_] + $cip[$_ % $cip_len];
      $j = $j % 256;
      $l = $enc[$j];
      $enc[$j] = $enc[$_];
      $enc[$_] = $l;
  }

  # store temporary positions  
  my @tmp;
  
  $j = 0;
  $k = 0;
  for($i = 0; $sec[$i]; $i++) {
      $j += $sec[$i] + 1;
      $j = $j % 256;
      $l = $enc[$j];
      $k += $l;
      $k = $k % 256;
      $m = $enc[$k];
      $enc[$k] = $l;
      $enc[$j] = $m;
      $tmp[$i] = $sec[$i] ^ $enc[($l + $m) & 0xff];
  }
  
# part of the enctype 1-2 process
  for($sec_len = $i; $sec_len % 3; $sec_len++) {
      $tmp[$sec_len] = 0;
  }
  
  if ($enctype == 1) {
    for (0..$sec_len-1) {
      $tmp[$_] = $enc_chars[$tmp[$_]];
    }
  }
  elsif ($enctype == 2) {
    for (0..$sec_len-1) {
      $tmp[$_] ^= $cip[$_ % $cip_len];
    }
  }  
  
  # parse the validate array
  $p = 0;
  my @val;
  for($i = 0; $i < $sec_len; $i += 3) {
      $l = $tmp[$i];
      $m = $tmp[$i + 1];
      $m = $m % 256;
      $n = $tmp[$i + 2];
      $n = $n % 256;
      $val[$p++] = $self->charshift($l >> 2);
      $val[$p++] = $self->charshift((($l & 3 ) << 4) | ($m >> 4));
      $val[$p++] = $self->charshift((($m & 15) << 2) | ($n >> 6));
      $val[$p++] = $self->charshift($n & 63);
  }
  
  # return to ascii characters
  my $str = "";
  for (@val) { $str .= chr $_}
  
  return $str;
}

1;