From: divverent Date: Fri, 24 Jan 2014 16:39:06 +0000 (+0000) Subject: Fix some d0_blind_id related bugs: X-Git-Tag: xonotic-v0.8.1~29^2~107 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=2eb1f2e3f267600373aaf015b4caf6ea4a4163dc;p=xonotic%2Fdarkplaces.git Fix some d0_blind_id related bugs: - Higher numbered CAs should have priority over lower numbered CAs, making CA 0 the "default" CA. - Fix the "Authenticated connection to ..." message (no more -@- crap). git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12051 d7cf8633-e32d-0410-b094-e92efae38249 --- diff --git a/crypto.c b/crypto.c index 622e5a39..b9f21454 100644 --- a/crypto.c +++ b/crypto.c @@ -1,4 +1,3 @@ -// TODO key loading, generating, saving #include "quakedef.h" #include "crypto.h" #include "common.h" @@ -534,7 +533,7 @@ static crypto_t *Crypto_ServerFindInstance(lhnetaddress_t *peeraddress, qboolean return crypto; } -qboolean Crypto_ServerFinishInstance(crypto_t *out, crypto_t *crypto) +qboolean Crypto_FinishInstance(crypto_t *out, crypto_t *crypto) { // no check needed here (returned pointers are only used in prefilled fields) if(!crypto || !crypto->authenticated) @@ -651,7 +650,7 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri if(idend - idstart == FP64_SIZE && keyend - keystart == FP64_SIZE) { - for(keyid = 0; keyid < MAX_PUBKEYS; ++keyid) + for(keyid = MAX_PUBKEYS - 1; keyid >= 0; --keyid) if(pubkeys[keyid]) if(!memcmp(pubkeys_fp64[keyid], keystart, FP64_SIZE)) { @@ -659,8 +658,7 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri idfp[FP64_SIZE] = 0; break; } - if(keyid >= MAX_PUBKEYS) - keyid = -1; + // If this failed, keyid will be -1. } } @@ -1764,13 +1762,13 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in, p = GetUntilNul(&data_in, &len_in); if(p && *p) { + // Find the highest numbered matching key for p. for(i = 0; i < MAX_PUBKEYS; ++i) { if(pubkeys[i]) if(!strcmp(p, pubkeys_fp64[i])) if(pubkeys_havepriv[i]) - if(serverid < 0) - serverid = i; + serverid = i; } if(serverid < 0) return Crypto_ServerError(data_out, len_out, "Invalid server key", NULL); @@ -1778,12 +1776,12 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in, p = GetUntilNul(&data_in, &len_in); if(p && *p) { + // Find the highest numbered matching key for p. for(i = 0; i < MAX_PUBKEYS; ++i) { if(pubkeys[i]) if(!strcmp(p, pubkeys_fp64[i])) - if(clientid < 0) - clientid = i; + clientid = i; } if(clientid < 0) return Crypto_ServerError(data_out, len_out, "Invalid client key", NULL); @@ -2236,22 +2234,20 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, break; continue; } + // Find the highest numbered matching key for p. for(i = 0; i < MAX_PUBKEYS; ++i) { if(pubkeys[i]) if(!strcmp(p, pubkeys_fp64[i])) { if(pubkeys_havepriv[i]) - if(clientid < 0) - clientid = i; + clientid = i; if(server_can_auth) - if(serverid < 0) - if(wantserverid < 0 || i == wantserverid) - serverid = i; + if(wantserverid < 0 || i == wantserverid) + serverid = i; } } - if(clientid >= 0 && serverid >= 0) - break; + // Not breaking, as higher keys in the list always have priority. } // if stored host key is not found: @@ -2260,7 +2256,6 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, if(serverid >= 0 || clientid >= 0) { - // TODO at this point, fill clientside crypto struct! MAKE_CDATA; CDATA->cdata_id = ++cdata_id; CDATA->s = serverid; diff --git a/crypto.h b/crypto.h index ddc00a92..106e5a9a 100644 --- a/crypto.h +++ b/crypto.h @@ -48,7 +48,7 @@ int Crypto_ServerParsePacket(const char *data_in, size_t len_in, char *data_out, qboolean Crypto_ServerAppendToChallenge(const char *data_in, size_t len_in, char *data_out, size_t *len_out, size_t maxlen); crypto_t *Crypto_ServerGetInstance(lhnetaddress_t *peeraddress); -qboolean Crypto_ServerFinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory +qboolean Crypto_FinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory, and frees the instance received by ServerGetInstance const char *Crypto_GetInfoResponseDataString(void); // retrieves a host key for an address (can be exposed to menuqc, or used by the engine to look up stored keys e.g. for server bookmarking) diff --git a/netconn.c b/netconn.c index 707197b4..5f256cd9 100755 --- a/netconn.c +++ b/netconn.c @@ -1516,10 +1516,10 @@ static void NetConn_ConnectionEstablished(lhnetsocket_t *mysocket, lhnetaddress_ } // allocate a net connection to keep track of things cls.netcon = NetConn_Open(mysocket, peeraddress); - crypto = &cls.crypto; - if(crypto && crypto->authenticated) + crypto = &cls.netcon->crypto; + if(cls.crypto.authenticated) { - Crypto_ServerFinishInstance(&cls.netcon->crypto, crypto); + Crypto_FinishInstance(crypto, &cls.crypto); Con_Printf("%s connection to %s has been established: server is %s@%.*s, I am %.*s@%.*s\n", crypto->use_aes ? "Encrypted" : "Authenticated", cls.netcon->address, @@ -3079,7 +3079,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat Con_Printf("Datagram_ParseConnectionless: sending \"accept\" to %s.\n", addressstring2); NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress); if(crypto && crypto->authenticated) - Crypto_ServerFinishInstance(&client->netconnection->crypto, crypto); + Crypto_FinishInstance(&client->netconnection->crypto, crypto); SV_SendServerinfo(client); } else @@ -3089,7 +3089,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat if (developer_extra.integer) Con_Printf("Datagram_ParseConnectionless: sending duplicate accept to %s.\n", addressstring2); if(crypto && crypto->authenticated) - Crypto_ServerFinishInstance(&client->netconnection->crypto, crypto); + Crypto_FinishInstance(&client->netconnection->crypto, crypto); NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress); } return true; @@ -3111,7 +3111,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress); // now set up the client if(crypto && crypto->authenticated) - Crypto_ServerFinishInstance(&conn->crypto, crypto); + Crypto_FinishInstance(&conn->crypto, crypto); SV_ConnectClient(clientnum, conn); NetConn_Heartbeat(1); return true;