void NetInterface::handleConnectChallengeResponse(const Address &address, BitStream *stream)
{
NetConnection *conn = findPendingConnection(address);
if(!conn || conn->getConnectionState() != NetConnection::AwaitingChallengeResponse)
return;
Nonce theNonce;
theNonce.read(stream);
ConnectionParameters &theParams = conn->getConnectionParameters();
if(theNonce != theParams.mNonce)
return;
stream->read(&theParams.mClientIdentity);
// see if the server wants us to solve a client puzzle
theParams.mServerNonce.read(stream);
stream->read(&theParams.mPuzzleDifficulty);
if(theParams.mPuzzleDifficulty > ClientPuzzleManager::MaxPuzzleDifficulty)
return;
// see if the connection needs to be authenticated or uses key exchange
if(stream->readFlag())
{
if(stream->readFlag())
{
theParams.mCertificate = new Certificate(stream);
if(!theParams.mCertificate->isValid() || !conn->validateCertficate(theParams.mCertificate, true))
return;
theParams.mPublicKey = theParams.mCertificate->getPublicKey();
}
else
{
theParams.mPublicKey = new AsymmetricKey(stream);
if(!theParams.mPublicKey->isValid() || !conn->validatePublicKey(theParams.mPublicKey, true))
return;
}
if(mPrivateKey.isNull() || mPrivateKey->getKeySize() != theParams.mPublicKey->getKeySize())
{
// we don't have a private key, so generate one for this connection
theParams.mPrivateKey = new AsymmetricKey(theParams.mPublicKey->getKeySize());
}
else
theParams.mPrivateKey = mPrivateKey;
theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey);
//logprintf("shared secret (client) %s", theParams.mSharedSecret->encodeBase64()->getBuffer());
Random::read(theParams.mSymmetricKey, SymmetricCipher::KeySize);
theParams.mUsingCrypto = true;
}
TNLLogMessageV(LogNetInterface, ("Received Challenge Response: %8x", theParams.mClientIdentity ));
conn->setConnectionState(NetConnection::ComputingPuzzleSolution);
conn->mConnectSendCount = 0;
theParams.mPuzzleSolution = 0;
conn->mConnectLastSendTime = getCurrentTime();
continuePuzzleSolution(conn);
}
void NetInterface::handlePunch(const Address &theAddress, BitStream *stream)
{
S32 i, j;
NetConnection *conn;
Nonce firstNonce;
firstNonce.read(stream);
ByteBuffer b(firstNonce.data, Nonce::NonceSize);
TNLLogMessageV(LogNetInterface, ("Received punch packet from %s - %s", theAddress.toString(), b.encodeBase64()->getBuffer()));
for(i = 0; i < mPendingConnections.size(); i++)
{
conn = mPendingConnections[i];
ConnectionParameters &theParams = conn->getConnectionParameters();
if(conn->getConnectionState() != NetConnection::SendingPunchPackets)
continue;
if((theParams.mIsInitiator && firstNonce != theParams.mServerNonce) ||
(!theParams.mIsInitiator && firstNonce != theParams.mNonce))
continue;
// first see if the address is in the possible addresses list:
for(j = 0; j < theParams.mPossibleAddresses.size(); j++)
if(theAddress == theParams.mPossibleAddresses[j])
break;
// if there was an exact match, just exit the loop, or
// continue on to the next pending if this is not an initiator:
if(j != theParams.mPossibleAddresses.size())
{
if(theParams.mIsInitiator)
break;
else
continue;
}
// if there was no exact match, we may have a funny NAT in the
// middle. But since a packet got through from the remote host
// we'll want to send a punch to the address it came from, as long
// as only the port is not an exact match:
for(j = 0; j < theParams.mPossibleAddresses.size(); j++)
if(theAddress.isEqualAddress(theParams.mPossibleAddresses[j]))
break;
// if the address wasn't even partially in the list, just exit out
if(j == theParams.mPossibleAddresses.size())
continue;
// otherwise, as long as we don't have too many ping addresses,
// add this one to the list:
if(theParams.mPossibleAddresses.size() < 5)
theParams.mPossibleAddresses.push_back(theAddress);
// if this is the initiator of the arranged connection, then
// process the punch packet from the remote host by issueing a
// connection request.
if(theParams.mIsInitiator)
break;
}
if(i == mPendingConnections.size())
return;
ConnectionParameters &theParams = conn->getConnectionParameters();
SymmetricCipher theCipher(theParams.mArrangedSecret);
if(!stream->decryptAndCheckHash(NetConnection::MessageSignatureBytes, stream->getBytePosition(), &theCipher))
return;
Nonce nextNonce;
nextNonce.read(stream);
if(nextNonce != theParams.mNonce)
return;
// see if the connection needs to be authenticated or uses key exchange
if(stream->readFlag())
{
if(stream->readFlag())
{
theParams.mCertificate = new Certificate(stream);
if(!theParams.mCertificate->isValid() || !conn->validateCertficate(theParams.mCertificate, true))
return;
theParams.mPublicKey = theParams.mCertificate->getPublicKey();
}
else
{
theParams.mPublicKey = new AsymmetricKey(stream);
if(!theParams.mPublicKey->isValid() || !conn->validatePublicKey(theParams.mPublicKey, true))
return;
}
if(mPrivateKey.isNull() || mPrivateKey->getKeySize() != theParams.mPublicKey->getKeySize())
{
// we don't have a private key, so generate one for this connection
theParams.mPrivateKey = new AsymmetricKey(theParams.mPublicKey->getKeySize());
}
else
theParams.mPrivateKey = mPrivateKey;
theParams.mSharedSecret = theParams.mPrivateKey->computeSharedSecretKey(theParams.mPublicKey);
//logprintf("shared secret (client) %s", theParams.mSharedSecret->encodeBase64()->getBuffer());
Random::read(theParams.mSymmetricKey, SymmetricCipher::KeySize);
theParams.mUsingCrypto = true;
}
conn->setNetAddress(theAddress);
TNLLogMessageV(LogNetInterface, ("Punch from %s matched nonces - connecting...", theAddress.toString()));
conn->setConnectionState(NetConnection::AwaitingConnectResponse);
conn->mConnectSendCount = 0;
conn->mConnectLastSendTime = getCurrentTime();
sendArrangedConnectRequest(conn);
}