void NetInterface::disconnect(NetConnection *conn, NetConnection::TerminationReason reason, const char *reasonString) { if(conn->getConnectionState() == NetConnection::AwaitingChallengeResponse || conn->getConnectionState() == NetConnection::AwaitingConnectResponse) { conn->onConnectTerminated(reason, reasonString); removePendingConnection(conn); } else if(conn->getConnectionState() == NetConnection::Connected) { conn->setConnectionState(NetConnection::Disconnected); conn->onConnectionTerminated(reason, reasonString); if(conn->isNetworkConnection()) { // send a disconnect packet... PacketStream out; out.write(U8(Disconnect)); ConnectionParameters &theParams = conn->getConnectionParameters(); theParams.mNonce.write(&out); theParams.mServerNonce.write(&out); U32 encryptPos = out.getBytePosition(); out.setBytePosition(encryptPos); out.writeString(reasonString); if(theParams.mUsingCrypto) { SymmetricCipher theCipher(theParams.mSharedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher); } out.sendto(mSocket, conn->getNetAddress()); } removeConnection(conn); } }
void NetInterface::handleDisconnect(const Address &address, BitStream *stream) { NetConnection *conn = findConnection(address); if(!conn) return; ConnectionParameters &theParams = conn->getConnectionParameters(); Nonce nonce, serverNonce; char reason[256]; nonce.read(stream); serverNonce.read(stream); if(nonce != theParams.mNonce || serverNonce != theParams.mServerNonce) return; U32 decryptPos = stream->getBytePosition(); stream->setBytePosition(decryptPos); if(theParams.mUsingCrypto) { SymmetricCipher theCipher(theParams.mSharedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher)) return; } stream->readString(reason); conn->setConnectionState(NetConnection::Disconnected); conn->onConnectionTerminated(NetConnection::ReasonRemoteDisconnectPacket, reason); removeConnection(conn); }
void NetInterface::sendConnectAccept(NetConnection *conn) { logprintf(LogConsumer::LogNetInterface, "Sending Connect Accept - connection established."); PacketStream out; out.write(U8(ConnectAccept)); ConnectionParameters &theParams = conn->getConnectionParameters(); theParams.mNonce.write(&out); theParams.mServerNonce.write(&out); U32 encryptPos = out.getBytePosition(); out.setBytePosition(encryptPos); out.write(conn->getInitialSendSequence()); conn->writeConnectAccept(&out); if(theParams.mUsingCrypto) { out.write(SymmetricCipher::KeySize, theParams.mInitVector); SymmetricCipher theCipher(theParams.mSharedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher); } out.sendto(mSocket, conn->getNetAddress()); }
void NetInterface::sendArrangedConnectRequest(NetConnection *conn) { TNLLogMessageV(LogNetInterface, ("Sending Arranged Connect Request")); PacketStream out; ConnectionParameters &theParams = conn->getConnectionParameters(); out.write(U8(ArrangedConnectRequest)); theParams.mNonce.write(&out); U32 encryptPos = out.getBytePosition(); U32 innerEncryptPos = 0; out.setBytePosition(encryptPos); theParams.mServerNonce.write(&out); if(out.writeFlag(theParams.mUsingCrypto)) { out.write(theParams.mPrivateKey->getPublicKey()); innerEncryptPos = out.getBytePosition(); out.setBytePosition(innerEncryptPos); out.write(SymmetricCipher::KeySize, theParams.mSymmetricKey); } out.writeFlag(theParams.mDebugObjectSizes); out.write(conn->getInitialSendSequence()); conn->writeConnectRequest(&out); if(innerEncryptPos) { SymmetricCipher theCipher(theParams.mSharedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, innerEncryptPos, &theCipher); } SymmetricCipher theCipher(theParams.mArrangedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher); conn->mConnectSendCount++; conn->mConnectLastSendTime = getCurrentTime(); out.sendto(mSocket, conn->getNetAddress()); }
void NetInterface::handleConnectAccept(const Address &address, BitStream *stream) { Nonce nonce, serverNonce; nonce.read(stream); serverNonce.read(stream); U32 decryptPos = stream->getBytePosition(); stream->setBytePosition(decryptPos); // Make sure we're actually waiting for a connection. If not, then there's something wrong, and we bail. NetConnection *conn = findPendingConnection(address); if(!conn || conn->getConnectionState() != NetConnection::AwaitingConnectResponse) return; ConnectionParameters &theParams = conn->getConnectionParameters(); if(theParams.mNonce != nonce || theParams.mServerNonce != serverNonce) return; if(theParams.mUsingCrypto) { SymmetricCipher theCipher(theParams.mSharedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher)) return; } U32 recvSequence; stream->read(&recvSequence); conn->setInitialRecvSequence(recvSequence); NetConnection::TerminationReason reason; if(!conn->readConnectAccept(stream, reason)) { removePendingConnection(conn); return; } if(theParams.mUsingCrypto) { stream->read(SymmetricCipher::KeySize, theParams.mInitVector); conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector)); } addConnection(conn); // First, add it as a regular connection, removePendingConnection(conn); // then remove it from the pending connection list conn->setConnectionState(NetConnection::Connected); conn->onConnectionEstablished(); // notify the connection that it has been established logprintf(LogConsumer::LogNetInterface, "Received Connect Accept - connection established."); }
void NetInterface::sendConnectRequest(NetConnection *conn) { PacketStream out; ConnectionParameters &theParams = conn->getConnectionParameters(); const char *destDescr; if(theParams.mIsLocal) destDescr = "local in-process server"; else destDescr = conn->getNetAddress().toString(); logprintf(LogConsumer::LogNetInterface, "Sending connect request to %s", destDescr); out.write(U8(ConnectRequest)); theParams.mNonce.write(&out); theParams.mServerNonce.write(&out); out.write(theParams.mClientIdentity); out.write(theParams.mPuzzleDifficulty); out.write(theParams.mPuzzleSolution); U32 encryptPos = 0; if(out.writeFlag(theParams.mUsingCrypto)) { out.write(theParams.mPrivateKey->getPublicKey()); encryptPos = out.getBytePosition(); out.setBytePosition(encryptPos); out.write(SymmetricCipher::KeySize, theParams.mSymmetricKey); } out.writeFlag(theParams.mDebugObjectSizes); out.write(conn->getInitialSendSequence()); out.writeString(conn->getClassName()); conn->writeConnectRequest(&out); if(encryptPos) { // if we're using crypto on this connection, // then write a hash of everything we wrote into the packet // key. Then we'll symmetrically encrypt the packet from // the end of the public key to the end of the signature. SymmetricCipher theCipher(theParams.mSharedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher); } conn->mConnectSendCount++; conn->mConnectLastSendTime = getCurrentTime(); out.sendto(mSocket, conn->getNetAddress()); }
void NetInterface::handleConnectAccept(const Address &address, BitStream *stream) { Nonce nonce, serverNonce; nonce.read(stream); serverNonce.read(stream); U32 decryptPos = stream->getBytePosition(); stream->setBytePosition(decryptPos); NetConnection *conn = findPendingConnection(address); if(!conn || conn->getConnectionState() != NetConnection::AwaitingConnectResponse) return; ConnectionParameters &theParams = conn->getConnectionParameters(); if(theParams.mNonce != nonce || theParams.mServerNonce != serverNonce) return; if(theParams.mUsingCrypto) { SymmetricCipher theCipher(theParams.mSharedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher)) return; } U32 recvSequence; stream->read(&recvSequence); conn->setInitialRecvSequence(recvSequence); const char *errorString = NULL; if(!conn->readConnectAccept(stream, &errorString)) { removePendingConnection(conn); return; } if(theParams.mUsingCrypto) { stream->read(SymmetricCipher::KeySize, theParams.mInitVector); conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector)); } addConnection(conn); // first, add it as a regular connection removePendingConnection(conn); // remove from the pending connection list conn->setConnectionState(NetConnection::Connected); conn->onConnectionEstablished(); // notify the connection that it has been established TNLLogMessageV(LogNetInterface, ("Received Connect Accept - connection established.")); }
void NetInterface::sendPunchPackets(NetConnection *conn) { ConnectionParameters &theParams = conn->getConnectionParameters(); PacketStream out; out.write(U8(Punch)); if(theParams.mIsInitiator) theParams.mNonce.write(&out); else theParams.mServerNonce.write(&out); U32 encryptPos = out.getBytePosition(); out.setBytePosition(encryptPos); if(theParams.mIsInitiator) theParams.mServerNonce.write(&out); else { theParams.mNonce.write(&out); if(out.writeFlag(mRequiresKeyExchange || (theParams.mRequestKeyExchange && !mPrivateKey.isNull()))) { if(out.writeFlag(theParams.mRequestCertificate && !mCertificate.isNull())) out.write(mCertificate); else out.write(mPrivateKey->getPublicKey()); } } SymmetricCipher theCipher(theParams.mArrangedSecret); out.hashAndEncrypt(NetConnection::MessageSignatureBytes, encryptPos, &theCipher); for(S32 i = 0; i < theParams.mPossibleAddresses.size(); i++) { out.sendto(mSocket, theParams.mPossibleAddresses[i]); TNLLogMessageV(LogNetInterface, ("Sending punch packet (%s, %s) to %s", ByteBuffer(theParams.mNonce.data, Nonce::NonceSize).encodeBase64()->getBuffer(), ByteBuffer(theParams.mServerNonce.data, Nonce::NonceSize).encodeBase64()->getBuffer(), theParams.mPossibleAddresses[i].toString())); } conn->mConnectSendCount++; conn->mConnectLastSendTime = getCurrentTime(); }
void NetInterface::handlePunch(const Address &theAddress, BitStream *stream) { S32 i, j; NetConnection *conn; Nonce firstNonce; firstNonce.read(stream); ByteBuffer b(firstNonce.data, Nonce::NonceSize); TNLLogMessageV(LogNetInterface, ("Received punch packet from %s - %s", theAddress.toString(), b.encodeBase64()->getBuffer())); for(i = 0; i < mPendingConnections.size(); i++) { conn = mPendingConnections[i]; ConnectionParameters &theParams = conn->getConnectionParameters(); if(conn->getConnectionState() != NetConnection::SendingPunchPackets) continue; if((theParams.mIsInitiator && firstNonce != theParams.mServerNonce) || (!theParams.mIsInitiator && firstNonce != theParams.mNonce)) continue; // first see if the address is in the possible addresses list: for(j = 0; j < theParams.mPossibleAddresses.size(); j++) if(theAddress == theParams.mPossibleAddresses[j]) break; // if there was an exact match, just exit the loop, or // continue on to the next pending if this is not an initiator: if(j != theParams.mPossibleAddresses.size()) { if(theParams.mIsInitiator) break; else continue; } // if there was no exact match, we may have a funny NAT in the // middle. But since a packet got through from the remote host // we'll want to send a punch to the address it came from, as long // as only the port is not an exact match: for(j = 0; j < theParams.mPossibleAddresses.size(); j++) if(theAddress.isEqualAddress(theParams.mPossibleAddresses[j])) break; // if the address wasn't even partially in the list, just exit out if(j == theParams.mPossibleAddresses.size()) continue; // otherwise, as long as we don't have too many ping addresses, // add this one to the list: if(theParams.mPossibleAddresses.size() < 5) theParams.mPossibleAddresses.push_back(theAddress); // if this is the initiator of the arranged connection, then // process the punch packet from the remote host by issueing a // connection request. if(theParams.mIsInitiator) break; } if(i == mPendingConnections.size()) return; ConnectionParameters &theParams = conn->getConnectionParameters(); SymmetricCipher theCipher(theParams.mArrangedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, stream->getBytePosition(), &theCipher)) return; Nonce nextNonce; nextNonce.read(stream); if(nextNonce != theParams.mNonce) return; // see if the connection needs to be authenticated or uses key exchange if(stream->readFlag()) { if(stream->readFlag()) { theParams.mCertificate = new Certificate(stream); if(!theParams.mCertificate->isValid() || !conn->validateCertficate(theParams.mCertificate, true)) return; theParams.mPublicKey = theParams.mCertificate->getPublicKey(); } else { theParams.mPublicKey = new AsymmetricKey(stream); if(!theParams.mPublicKey->isValid() || !conn->validatePublicKey(theParams.mPublicKey, true)) return; } if(mPrivateKey.isNull() || mPrivateKey->getKeySize() != theParams.mPublicKey->getKeySize()) { // we don't have a private key, so generate one for this connection theParams.mPrivateKey = new AsymmetricKey(theParams.mPublicKey->getKeySize()); } else theParams.mPrivateKey = mPrivateKey; theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey); //logprintf("shared secret (client) %s", theParams.mSharedSecret->encodeBase64()->getBuffer()); Random::read(theParams.mSymmetricKey, SymmetricCipher::KeySize); theParams.mUsingCrypto = true; } conn->setNetAddress(theAddress); TNLLogMessageV(LogNetInterface, ("Punch from %s matched nonces - connecting...", theAddress.toString())); conn->setConnectionState(NetConnection::AwaitingConnectResponse); conn->mConnectSendCount = 0; conn->mConnectLastSendTime = getCurrentTime(); sendArrangedConnectRequest(conn); }
void NetInterface::handleConnectRequest(const Address &address, BitStream *stream) { if(!mAllowConnections) return; ConnectionParameters theParams; theParams.mNonce.read(stream); theParams.mServerNonce.read(stream); stream->read(&theParams.mClientIdentity); if(theParams.mClientIdentity != computeClientIdentityToken(address, theParams.mNonce)) return; stream->read(&theParams.mPuzzleDifficulty); stream->read(&theParams.mPuzzleSolution); // see if the connection is in the main connection table. // If the connection is in the connection table and it has // the same initiatorSequence, we'll just resend the connect // acceptance packet, assuming that the last time we sent it // it was dropped. NetConnection *connect = findConnection(address); if(connect) { ConnectionParameters &cp = connect->getConnectionParameters(); if(cp.mNonce == theParams.mNonce && cp.mServerNonce == theParams.mServerNonce) { sendConnectAccept(connect); return; } } // check the puzzle solution ClientPuzzleManager::ErrorCode result = mPuzzleManager.checkSolution( theParams.mPuzzleSolution, theParams.mNonce, theParams.mServerNonce, theParams.mPuzzleDifficulty, theParams.mClientIdentity); if(result != ClientPuzzleManager::Success) { sendConnectReject(&theParams, address, "Puzzle"); return; } if(stream->readFlag()) { if(mPrivateKey.isNull()) return; theParams.mUsingCrypto = true; theParams.mPublicKey = new AsymmetricKey(stream); theParams.mPrivateKey = mPrivateKey; U32 decryptPos = stream->getBytePosition(); stream->setBytePosition(decryptPos); theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey); //logprintf("shared secret (server) %s", theParams.mSharedSecret->encodeBase64()->getBuffer()); SymmetricCipher theCipher(theParams.mSharedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher)) return; // now read the first part of the connection's symmetric key stream->read(SymmetricCipher::KeySize, theParams.mSymmetricKey); Random::read(theParams.mInitVector, SymmetricCipher::KeySize); } U32 connectSequence; theParams.mDebugObjectSizes = stream->readFlag(); stream->read(&connectSequence); TNLLogMessageV(LogNetInterface, ("Received Connect Request %8x", theParams.mClientIdentity)); if(connect) disconnect(connect, NetConnection::ReasonSelfDisconnect, "NewConnection"); char connectionClass[256]; stream->readString(connectionClass); NetConnection *conn = NetConnectionRep::create(connectionClass); if(!conn) return; RefPtr<NetConnection> theConnection = conn; conn->getConnectionParameters() = theParams; conn->setNetAddress(address); conn->setInitialRecvSequence(connectSequence); conn->setInterface(this); if(theParams.mUsingCrypto) conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector)); const char *errorString = NULL; if(!conn->readConnectRequest(stream, &errorString)) { sendConnectReject(&theParams, address, errorString); return; } addConnection(conn); conn->setConnectionState(NetConnection::Connected); conn->onConnectionEstablished(); sendConnectAccept(conn); }
void NetInterface::handleArrangedConnectRequest(const Address &theAddress, BitStream *stream) { S32 i, j; NetConnection *conn; Nonce nonce, serverNonce; nonce.read(stream); // see if the connection is in the main connection table. // If the connection is in the connection table and it has // the same initiatorSequence, we'll just resend the connect // acceptance packet, assuming that the last time we sent it // it was dropped. NetConnection *oldConnection = findConnection(theAddress); if(oldConnection) { ConnectionParameters &cp = oldConnection->getConnectionParameters(); if(cp.mNonce == nonce) { sendConnectAccept(oldConnection); return; } } for(i = 0; i < mPendingConnections.size(); i++) { conn = mPendingConnections[i]; ConnectionParameters &theParams = conn->getConnectionParameters(); if(conn->getConnectionState() != NetConnection::SendingPunchPackets || theParams.mIsInitiator) continue; if(nonce != theParams.mNonce) continue; for(j = 0; j < theParams.mPossibleAddresses.size(); j++) if(theAddress.isEqualAddress(theParams.mPossibleAddresses[j])) break; if(j != theParams.mPossibleAddresses.size()) break; } if(i == mPendingConnections.size()) return; ConnectionParameters &theParams = conn->getConnectionParameters(); SymmetricCipher theCipher(theParams.mArrangedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, stream->getBytePosition(), &theCipher)) return; stream->setBytePosition(stream->getBytePosition()); serverNonce.read(stream); if(serverNonce != theParams.mServerNonce) return; if(stream->readFlag()) { if(mPrivateKey.isNull()) return; theParams.mUsingCrypto = true; theParams.mPublicKey = new AsymmetricKey(stream); theParams.mPrivateKey = mPrivateKey; U32 decryptPos = stream->getBytePosition(); stream->setBytePosition(decryptPos); theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey); SymmetricCipher theCipher(theParams.mSharedSecret); if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, decryptPos, &theCipher)) return; // now read the first part of the connection's session (symmetric) key stream->read(SymmetricCipher::KeySize, theParams.mSymmetricKey); Random::read(theParams.mInitVector, SymmetricCipher::KeySize); } U32 connectSequence; theParams.mDebugObjectSizes = stream->readFlag(); stream->read(&connectSequence); TNLLogMessageV(LogNetInterface, ("Received Arranged Connect Request")); if(oldConnection) disconnect(oldConnection, NetConnection::ReasonSelfDisconnect, ""); conn->setNetAddress(theAddress); conn->setInitialRecvSequence(connectSequence); if(theParams.mUsingCrypto) conn->setSymmetricCipher(new SymmetricCipher(theParams.mSymmetricKey, theParams.mInitVector)); const char *errorString = NULL; if(!conn->readConnectRequest(stream, &errorString)) { sendConnectReject(&theParams, theAddress, errorString); removePendingConnection(conn); return; } addConnection(conn); removePendingConnection(conn); conn->setConnectionState(NetConnection::Connected); conn->onConnectionEstablished(); sendConnectAccept(conn); }