void NetInterface::disconnect(NetConnection *conn, NetConnection::TerminationReason reason, const char *reasonString)
{
if(conn->getConnectionState() == NetConnection::AwaitingChallengeResponse ||
conn->getConnectionState() == NetConnection::AwaitingConnectResponse)
{
conn->onConnectTerminated(reason, reasonString);
removePendingConnection(conn);
}
else if(conn->getConnectionState() == NetConnection::Connected)
{
conn->setConnectionState(NetConnection::Disconnected);
conn->onConnectionTerminated(reason, reasonString);
if(conn->isNetworkConnection())
{
// send a disconnect packet...
PacketStream out;
out.write(U8(Disconnect));
ConnectionParameters &theParams = conn->getConnectionParameters();
theParams.mNonce.write(&out);
theParams.mServerNonce.write(&out);
U32 encryptPos = out.getBytePosition();
out.setBytePosition(encryptPos);
out.writeString(reasonString);
if(theParams.mUsingCrypto)
{
SymmetricCipher theCipher(theParams.mSharedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher);
}
out.sendto(mSocket, conn->getNetAddress());
}
removeConnection(conn);
}
}
void NetInterface::handleDisconnect(const Address &address, BitStream *stream)
{
NetConnection *conn = findConnection(address);
if(!conn)
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
Nonce nonce, serverNonce;
char reason[256];
nonce.read(stream);
serverNonce.read(stream);
if(nonce != theParams.mNonce || serverNonce != theParams.mServerNonce)
return;
U32 decryptPos = stream->getBytePosition();
stream->setBytePosition(decryptPos);
if(theParams.mUsingCrypto)
{
SymmetricCipher theCipher(theParams.mSharedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher))
return;
}
stream->readString(reason);
conn->setConnectionState(NetConnection::Disconnected);
conn->onConnectionTerminated(NetConnection::ReasonRemoteDisconnectPacket, reason);
removeConnection(conn);
}
void NetInterface::sendConnectAccept(NetConnection *conn)
{
logprintf(LogConsumer::LogNetInterface, "Sending Connect Accept - connection established.");
PacketStream out;
out.write(U8(ConnectAccept));
ConnectionParameters &theParams = conn->getConnectionParameters();
theParams.mNonce.write(&out);
theParams.mServerNonce.write(&out);
U32 encryptPos = out.getBytePosition();
out.setBytePosition(encryptPos);
out.write(conn->getInitialSendSequence());
conn->writeConnectAccept(&out);
if(theParams.mUsingCrypto)
{
out.write(SymmetricCipher::KeySize, theParams.mInitVector);
SymmetricCipher theCipher(theParams.mSharedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher);
}
out.sendto(mSocket, conn->getNetAddress());
}
void NetInterface::sendArrangedConnectRequest(NetConnection *conn)
{
TNLLogMessageV(LogNetInterface, ("Sending Arranged Connect Request"));
PacketStream out;
ConnectionParameters &theParams = conn->getConnectionParameters();
out.write(U8(ArrangedConnectRequest));
theParams.mNonce.write(&out);
U32 encryptPos = out.getBytePosition();
U32 innerEncryptPos = 0;
out.setBytePosition(encryptPos);
theParams.mServerNonce.write(&out);
if(out.writeFlag(theParams.mUsingCrypto))
{
out.write(theParams.mPrivateKey->getPublicKey());
innerEncryptPos = out.getBytePosition();
out.setBytePosition(innerEncryptPos);
out.write(SymmetricCipher::KeySize, theParams.mSymmetricKey);
}
out.writeFlag(theParams.mDebugObjectSizes);
out.write(conn->getInitialSendSequence());
conn->writeConnectRequest(&out);
if(innerEncryptPos)
{
SymmetricCipher theCipher(theParams.mSharedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, innerEncryptPos, &theCipher);
}
SymmetricCipher theCipher(theParams.mArrangedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher);
conn->mConnectSendCount++;
conn->mConnectLastSendTime = getCurrentTime();
out.sendto(mSocket, conn->getNetAddress());
}
void NetInterface::handleConnectAccept(const Address &address, BitStream *stream)
{
Nonce nonce, serverNonce;
nonce.read(stream);
serverNonce.read(stream);
U32 decryptPos = stream->getBytePosition();
stream->setBytePosition(decryptPos);
// Make sure we're actually waiting for a connection. If not, then there's something wrong, and we bail.
NetConnection *conn = findPendingConnection(address);
if(!conn || conn->getConnectionState() != NetConnection::AwaitingConnectResponse)
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
if(theParams.mNonce != nonce || theParams.mServerNonce != serverNonce)
return;
if(theParams.mUsingCrypto)
{
SymmetricCipher theCipher(theParams.mSharedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher))
return;
}
U32 recvSequence;
stream->read(&recvSequence);
conn->setInitialRecvSequence(recvSequence);
NetConnection::TerminationReason reason;
if(!conn->readConnectAccept(stream, reason))
{
removePendingConnection(conn);
return;
}
if(theParams.mUsingCrypto)
{
stream->read(SymmetricCipher::KeySize, theParams.mInitVector);
conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector));
}
addConnection(conn); // First, add it as a regular connection,
removePendingConnection(conn); // then remove it from the pending connection list
conn->setConnectionState(NetConnection::Connected);
conn->onConnectionEstablished(); // notify the connection that it has been established
logprintf(LogConsumer::LogNetInterface, "Received Connect Accept - connection established.");
}
void NetInterface::sendConnectRequest(NetConnection *conn)
{
PacketStream out;
ConnectionParameters &theParams = conn->getConnectionParameters();
const char *destDescr;
if(theParams.mIsLocal)
destDescr = "local in-process server";
else
destDescr = conn->getNetAddress().toString();
logprintf(LogConsumer::LogNetInterface, "Sending connect request to %s", destDescr);
out.write(U8(ConnectRequest));
theParams.mNonce.write(&out);
theParams.mServerNonce.write(&out);
out.write(theParams.mClientIdentity);
out.write(theParams.mPuzzleDifficulty);
out.write(theParams.mPuzzleSolution);
U32 encryptPos = 0;
if(out.writeFlag(theParams.mUsingCrypto))
{
out.write(theParams.mPrivateKey->getPublicKey());
encryptPos = out.getBytePosition();
out.setBytePosition(encryptPos);
out.write(SymmetricCipher::KeySize, theParams.mSymmetricKey);
}
out.writeFlag(theParams.mDebugObjectSizes);
out.write(conn->getInitialSendSequence());
out.writeString(conn->getClassName());
conn->writeConnectRequest(&out);
if(encryptPos)
{
// if we're using crypto on this connection,
// then write a hash of everything we wrote into the packet
// key. Then we'll symmetrically encrypt the packet from
// the end of the public key to the end of the signature.
SymmetricCipher theCipher(theParams.mSharedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher);
}
conn->mConnectSendCount++;
conn->mConnectLastSendTime = getCurrentTime();
out.sendto(mSocket, conn->getNetAddress());
}
void NetInterface::handleConnectAccept(const Address &address, BitStream *stream)
{
Nonce nonce, serverNonce;
nonce.read(stream);
serverNonce.read(stream);
U32 decryptPos = stream->getBytePosition();
stream->setBytePosition(decryptPos);
NetConnection *conn = findPendingConnection(address);
if(!conn || conn->getConnectionState() != NetConnection::AwaitingConnectResponse)
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
if(theParams.mNonce != nonce || theParams.mServerNonce != serverNonce)
return;
if(theParams.mUsingCrypto)
{
SymmetricCipher theCipher(theParams.mSharedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher))
return;
}
U32 recvSequence;
stream->read(&recvSequence);
conn->setInitialRecvSequence(recvSequence);
const char *errorString = NULL;
if(!conn->readConnectAccept(stream, &errorString))
{
removePendingConnection(conn);
return;
}
if(theParams.mUsingCrypto)
{
stream->read(SymmetricCipher::KeySize, theParams.mInitVector);
conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector));
}
addConnection(conn); // first, add it as a regular connection
removePendingConnection(conn); // remove from the pending connection list
conn->setConnectionState(NetConnection::Connected);
conn->onConnectionEstablished(); // notify the connection that it has been established
TNLLogMessageV(LogNetInterface, ("Received Connect Accept - connection established."));
}
void NetInterface::sendPunchPackets(NetConnection *conn)
{
ConnectionParameters &theParams = conn->getConnectionParameters();
PacketStream out;
out.write(U8(Punch));
if(theParams.mIsInitiator)
theParams.mNonce.write(&out);
else
theParams.mServerNonce.write(&out);
U32 encryptPos = out.getBytePosition();
out.setBytePosition(encryptPos);
if(theParams.mIsInitiator)
theParams.mServerNonce.write(&out);
else
{
theParams.mNonce.write(&out);
if(out.writeFlag(mRequiresKeyExchange || (theParams.mRequestKeyExchange && !mPrivateKey.isNull())))
{
if(out.writeFlag(theParams.mRequestCertificate && !mCertificate.isNull()))
out.write(mCertificate);
else
out.write(mPrivateKey->getPublicKey());
}
}
SymmetricCipher theCipher(theParams.mArrangedSecret);
out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher);
for(S32 i = 0; i < theParams.mPossibleAddresses.size(); i++)
{
out.sendto(mSocket, theParams.mPossibleAddresses[i]);
TNLLogMessageV(LogNetInterface, ("Sending punch packet (%s, %s) to %s",
ByteBuffer(theParams.mNonce.data, Nonce::NonceSize).encodeBase64()->getBuffer(),
ByteBuffer(theParams.mServerNonce.data, Nonce::NonceSize).encodeBase64()->getBuffer(),
theParams.mPossibleAddresses[i].toString()));
}
conn->mConnectSendCount++;
conn->mConnectLastSendTime = getCurrentTime();
}
void NetInterface::handlePunch(const Address &theAddress, BitStream *stream)
{
S32 i, j;
NetConnection *conn;
Nonce firstNonce;
firstNonce.read(stream);
ByteBuffer b(firstNonce.data, Nonce::NonceSize);
TNLLogMessageV(LogNetInterface, ("Received punch packet from %s - %s", theAddress.toString(), b.encodeBase64()->getBuffer()));
for(i = 0; i < mPendingConnections.size(); i++)
{
conn = mPendingConnections[i];
ConnectionParameters &theParams = conn->getConnectionParameters();
if(conn->getConnectionState() != NetConnection::SendingPunchPackets)
continue;
if((theParams.mIsInitiator && firstNonce != theParams.mServerNonce) ||
(!theParams.mIsInitiator && firstNonce != theParams.mNonce))
continue;
// first see if the address is in the possible addresses list:
for(j = 0; j < theParams.mPossibleAddresses.size(); j++)
if(theAddress == theParams.mPossibleAddresses[j])
break;
// if there was an exact match, just exit the loop, or
// continue on to the next pending if this is not an initiator:
if(j != theParams.mPossibleAddresses.size())
{
if(theParams.mIsInitiator)
break;
else
continue;
}
// if there was no exact match, we may have a funny NAT in the
// middle. But since a packet got through from the remote host
// we'll want to send a punch to the address it came from, as long
// as only the port is not an exact match:
for(j = 0; j < theParams.mPossibleAddresses.size(); j++)
if(theAddress.isEqualAddress(theParams.mPossibleAddresses[j]))
break;
// if the address wasn't even partially in the list, just exit out
if(j == theParams.mPossibleAddresses.size())
continue;
// otherwise, as long as we don't have too many ping addresses,
// add this one to the list:
if(theParams.mPossibleAddresses.size() < 5)
theParams.mPossibleAddresses.push_back(theAddress);
// if this is the initiator of the arranged connection, then
// process the punch packet from the remote host by issueing a
// connection request.
if(theParams.mIsInitiator)
break;
}
if(i == mPendingConnections.size())
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
SymmetricCipher theCipher(theParams.mArrangedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, stream->getBytePosition(), &theCipher))
return;
Nonce nextNonce;
nextNonce.read(stream);
if(nextNonce != theParams.mNonce)
return;
// see if the connection needs to be authenticated or uses key exchange
if(stream->readFlag())
{
if(stream->readFlag())
{
theParams.mCertificate = new Certificate(stream);
if(!theParams.mCertificate->isValid() || !conn->validateCertficate(theParams.mCertificate, true))
return;
theParams.mPublicKey = theParams.mCertificate->getPublicKey();
}
else
{
theParams.mPublicKey = new AsymmetricKey(stream);
if(!theParams.mPublicKey->isValid() || !conn->validatePublicKey(theParams.mPublicKey, true))
return;
}
if(mPrivateKey.isNull() || mPrivateKey->getKeySize() != theParams.mPublicKey->getKeySize())
{
// we don't have a private key, so generate one for this connection
theParams.mPrivateKey = new AsymmetricKey(theParams.mPublicKey->getKeySize());
}
else
theParams.mPrivateKey = mPrivateKey;
theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey);
//logprintf("shared secret (client) %s", theParams.mSharedSecret->encodeBase64()->getBuffer());
Random::read(theParams.mSymmetricKey, SymmetricCipher::KeySize);
theParams.mUsingCrypto = true;
}
conn->setNetAddress(theAddress);
TNLLogMessageV(LogNetInterface, ("Punch from %s matched nonces - connecting...", theAddress.toString()));
conn->setConnectionState(NetConnection::AwaitingConnectResponse);
conn->mConnectSendCount = 0;
conn->mConnectLastSendTime = getCurrentTime();
sendArrangedConnectRequest(conn);
}
void NetInterface::handleConnectRequest(const Address &address, BitStream *stream)
{
if(!mAllowConnections)
return;
ConnectionParameters theParams;
theParams.mNonce.read(stream);
theParams.mServerNonce.read(stream);
stream->read(&theParams.mClientIdentity);
if(theParams.mClientIdentity != computeClientIdentityToken(address, theParams.mNonce))
return;
stream->read(&theParams.mPuzzleDifficulty);
stream->read(&theParams.mPuzzleSolution);
// see if the connection is in the main connection table.
// If the connection is in the connection table and it has
// the same initiatorSequence, we'll just resend the connect
// acceptance packet, assuming that the last time we sent it
// it was dropped.
NetConnection *connect = findConnection(address);
if(connect)
{
ConnectionParameters &cp = connect->getConnectionParameters();
if(cp.mNonce == theParams.mNonce && cp.mServerNonce == theParams.mServerNonce)
{
sendConnectAccept(connect);
return;
}
}
// check the puzzle solution
ClientPuzzleManager::ErrorCode result = mPuzzleManager.checkSolution(
theParams.mPuzzleSolution, theParams.mNonce, theParams.mServerNonce,
theParams.mPuzzleDifficulty, theParams.mClientIdentity);
if(result != ClientPuzzleManager::Success)
{
sendConnectReject(&theParams, address, "Puzzle");
return;
}
if(stream->readFlag())
{
if(mPrivateKey.isNull())
return;
theParams.mUsingCrypto = true;
theParams.mPublicKey = new AsymmetricKey(stream);
theParams.mPrivateKey = mPrivateKey;
U32 decryptPos = stream->getBytePosition();
stream->setBytePosition(decryptPos);
theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey);
//logprintf("shared secret (server) %s", theParams.mSharedSecret->encodeBase64()->getBuffer());
SymmetricCipher theCipher(theParams.mSharedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher))
return;
// now read the first part of the connection's symmetric key
stream->read(SymmetricCipher::KeySize, theParams.mSymmetricKey);
Random::read(theParams.mInitVector, SymmetricCipher::KeySize);
}
U32 connectSequence;
theParams.mDebugObjectSizes = stream->readFlag();
stream->read(&connectSequence);
TNLLogMessageV(LogNetInterface, ("Received Connect Request %8x", theParams.mClientIdentity));
if(connect)
disconnect(connect, NetConnection::ReasonSelfDisconnect, "NewConnection");
char connectionClass[256];
stream->readString(connectionClass);
NetConnection *conn = NetConnectionRep::create(connectionClass);
if(!conn)
return;
RefPtr<NetConnection> theConnection = conn;
conn->getConnectionParameters() = theParams;
conn->setNetAddress(address);
conn->setInitialRecvSequence(connectSequence);
conn->setInterface(this);
if(theParams.mUsingCrypto)
conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector));
const char *errorString = NULL;
if(!conn->readConnectRequest(stream, &errorString))
{
sendConnectReject(&theParams, address, errorString);
return;
}
addConnection(conn);
conn->setConnectionState(NetConnection::Connected);
conn->onConnectionEstablished();
sendConnectAccept(conn);
}
void NetInterface::handleArrangedConnectRequest(const Address &theAddress, BitStream *stream)
{
S32 i, j;
NetConnection *conn;
Nonce nonce, serverNonce;
nonce.read(stream);
// see if the connection is in the main connection table.
// If the connection is in the connection table and it has
// the same initiatorSequence, we'll just resend the connect
// acceptance packet, assuming that the last time we sent it
// it was dropped.
NetConnection *oldConnection = findConnection(theAddress);
if(oldConnection)
{
ConnectionParameters &cp = oldConnection->getConnectionParameters();
if(cp.mNonce == nonce)
{
sendConnectAccept(oldConnection);
return;
}
}
for(i = 0; i < mPendingConnections.size(); i++)
{
conn = mPendingConnections[i];
ConnectionParameters &theParams = conn->getConnectionParameters();
if(conn->getConnectionState() != NetConnection::SendingPunchPackets || theParams.mIsInitiator)
continue;
if(nonce != theParams.mNonce)
continue;
for(j = 0; j < theParams.mPossibleAddresses.size(); j++)
if(theAddress.isEqualAddress(theParams.mPossibleAddresses[j]))
break;
if(j != theParams.mPossibleAddresses.size())
break;
}
if(i == mPendingConnections.size())
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
SymmetricCipher theCipher(theParams.mArrangedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, stream->getBytePosition(), &theCipher))
return;
stream->setBytePosition(stream->getBytePosition());
serverNonce.read(stream);
if(serverNonce != theParams.mServerNonce)
return;
if(stream->readFlag())
{
if(mPrivateKey.isNull())
return;
theParams.mUsingCrypto = true;
theParams.mPublicKey = new AsymmetricKey(stream);
theParams.mPrivateKey = mPrivateKey;
U32 decryptPos = stream->getBytePosition();
stream->setBytePosition(decryptPos);
theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey);
SymmetricCipher theCipher(theParams.mSharedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher))
return;
// now read the first part of the connection's session (symmetric) key
stream->read(SymmetricCipher::KeySize, theParams.mSymmetricKey);
Random::read(theParams.mInitVector, SymmetricCipher::KeySize);
}
U32 connectSequence;
theParams.mDebugObjectSizes = stream->readFlag();
stream->read(&connectSequence);
TNLLogMessageV(LogNetInterface, ("Received Arranged Connect Request"));
if(oldConnection)
disconnect(oldConnection, NetConnection::ReasonSelfDisconnect, "");
conn->setNetAddress(theAddress);
conn->setInitialRecvSequence(connectSequence);
if(theParams.mUsingCrypto)
conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector));
const char *errorString = NULL;
if(!conn->readConnectRequest(stream, &errorString))
{
sendConnectReject(&theParams, theAddress, errorString);
removePendingConnection(conn);
return;
}
addConnection(conn);
removePendingConnection(conn);
conn->setConnectionState(NetConnection::Connected);
conn->onConnectionEstablished();
sendConnectAccept(conn);
}