Merge pull request #69 from diafero/config-simplification

Config simplification

Sources/Plasma/NucleusLib/pnNetCli/pnNcChannel.cpp

@@ -341,9 +341,9 @@ void NetMsgChannelGetDhConstants (
     const BigNum **         dh_xa,
     const BigNum **         dh_n
 ) {
-    *dh_g   =  channel->m_dh_g;
-    *dh_xa  = &channel->m_dh_xa;
-    *dh_n   = &channel->m_dh_n;
+    if (dh_g) *dh_g   =  channel->m_dh_g;
+    if (dh_xa) *dh_xa  = &channel->m_dh_xa;
+    if (dh_n) *dh_n   = &channel->m_dh_n;
 }
 
 

Sources/Plasma/NucleusLib/pnNetCli/pnNcCli.cpp

@@ -40,8 +40,6 @@ You can contact Cyan Worlds, Inc. by email legal@cyan.com
 # define NCCLI_LOG  NULL_STMT
 #endif
 
-//#define NO_ENCRYPTION
-
 #ifndef PLASMA_EXTERNAL_RELEASE
 
 struct NetLogMessage_Header
@@ -120,8 +118,8 @@ struct NetCli : THashKeyVal<Uuid> {
     ENetCliMode             mode;
     FNetCliEncrypt          encryptFcn;
     byte                    seed[kNetMaxSymmetricSeedBytes];
-    CryptKey *              cryptIn;
-    CryptKey *              cryptOut;
+    CryptKey *              cryptIn; // nil if encrytpion is disabled
+    CryptKey *              cryptOut; // nil if encrytpion is disabled
     void *                  encryptParam;
 
     // Message buffers
@@ -174,9 +172,8 @@ static void PutBufferOnWire (NetCli * cli, void * data, unsigned bytes) {
     }
 #endif // PLASMA_EXTERNAL_RELEASE
 
-    if (cli->mode == kNetCliModeEncrypted) {
+    if (cli->mode == kNetCliModeEncrypted && cli->cryptOut) {
         // Encrypt data...
-#ifndef NO_ENCRYPTION
         if (bytes <= 2048)
             // byte count is small, use stack-based buffer
             temp = ALLOCA(byte, bytes);
@@ -187,7 +184,6 @@ static void PutBufferOnWire (NetCli * cli, void * data, unsigned bytes) {
         MemCopy(temp, data, bytes);
         CryptEncrypt(cli->cryptOut, bytes, temp);
         data = temp;
-#endif
     }
     if (cli->sock)
         AsyncSocketSend(cli->sock, data, bytes);
@@ -644,7 +640,7 @@ static void ClientConnect (NetCli * cli) {
     if (cli->sock) {
         unsigned bytes;
         NetCli_Cli2Srv_Connect msg;
-        unsigned char * data = serverSeed.GetData_LE(&bytes);
+        unsigned char * data = serverSeed.GetData_LE(&bytes); // will be 0 if encryption is disabled, and thereby send an empty seed
         ASSERTMSG(bytes <= sizeof(msg.dh_y_data), "4");
         msg.message    = kNetCliCli2SrvConnect;
         msg.length     = (byte) (sizeof(msg) - sizeof(msg.dh_y_data) +  bytes);
@@ -668,23 +664,29 @@ static bool ServerRecvConnect (
         * (const NetCli_Cli2Srv_Connect *) &pkt;
     if (pkt.length < sizeof(msg))
         return false;
+    int seedLength = msg.length - sizeof(pkt);
 
     // Send the server seed to the client (unencrypted)
     if (cli->sock) {
         NetCli_Srv2Cli_Encrypt reply;
         reply.message   = kNetCliSrv2CliEncrypt;
-        reply.length    = sizeof(reply);
+        reply.length    = seedLength == 0 ? 0 : sizeof(reply); // reply with empty seed if we got empty seed (this means: no encryption)
         MemCopy(reply.serverSeed, cli->seed, sizeof(reply.serverSeed));
-        AsyncSocketSend(cli->sock, &reply, sizeof(reply));
+        AsyncSocketSend(cli->sock, &reply, reply.length);
     }
 
+    if (seedLength == 0) { // client wishes no encryption (that's okay, nobody else can "fake" us as nobody has the private key, so if the client actually wants encryption it will only work with the correct peer)
+        cli->cryptIn = nil;
+        cli->cryptOut = nil;
+    }
+    else {
         // Compute client seed
         byte clientSeed[kNetMaxSymmetricSeedBytes];
-    {
         BigNum clientSeedValue;
+        {
             NetMsgCryptServerConnect(
                 cli->channel,
-            msg.length - sizeof(pkt),
+                seedLength,
                 msg.dh_y_data,
                 &clientSeedValue
             );
@@ -706,10 +708,11 @@ static bool ServerRecvConnect (
         );
 
         // Switch to encrypted mode
-    cli->mode = kNetCliModeEncrypted;
         cli->cryptIn  = CryptKeyCreate(kCryptRc4, sizeof(sharedSeed), sharedSeed);
         cli->cryptOut = CryptKeyCreate(kCryptRc4, sizeof(sharedSeed), sharedSeed);
+    }
     
+    cli->mode = kNetCliModeEncrypted; // should rather be called "established", but whatever
     return cli->encryptFcn(kNetSuccess, cli->encryptParam);
 }
 
@@ -722,9 +725,15 @@ static bool ClientRecvEncrypt (
     if (cli->mode != kNetCliModeClientStart)
         return false;
 
-    // Validate message size
+    // find out if we want encryption
+    const BigNum * DH_N;
+    NetMsgChannelGetDhConstants(cli->channel, nil, nil, &DH_N);
+    bool encrypt = !DH_N->isZero();
+
+    // Process message
     const NetCli_Srv2Cli_Encrypt & msg =
         * (const NetCli_Srv2Cli_Encrypt *) &pkt;
+    if (encrypt) { // we insist on encryption, don't let some MitM decide for us!
         if (pkt.length != sizeof(msg))
             return false;
 
@@ -738,10 +747,17 @@ static bool ClientRecvEncrypt (
         );
 
         // Switch to encrypted mode
-    cli->mode = kNetCliModeEncrypted;
         cli->cryptIn  = CryptKeyCreate(kCryptRc4, sizeof(sharedSeed), sharedSeed);
         cli->cryptOut = CryptKeyCreate(kCryptRc4, sizeof(sharedSeed), sharedSeed);
+    }
+    else { // honestly we do not care what the other side sends, we will send plaintext
+        if (pkt.length != sizeof(pkt))
+            return false;
+        cli->cryptIn = nil;
+        cli->cryptOut = nil;
+    }
 
+    cli->mode = kNetCliModeEncrypted; // should rather be called "established", but whatever
     return cli->encryptFcn(kNetSuccess, cli->encryptParam);
 }
 
@@ -1061,7 +1077,7 @@ bool NetCliDispatch (
             // Decrypt data...
             byte * temp, * heap = NULL;
 
-#ifndef NO_ENCRYPTION
+            if (cli->cryptIn) {
                 if (bytes <= 2048)
                     // byte count is small, use stack-based buffer
                     temp = ALLOCA(byte, bytes);
@@ -1072,7 +1088,7 @@ bool NetCliDispatch (
                 MemCopy(temp, data, bytes);
                 CryptDecrypt(cli->cryptIn, bytes, temp);
                 data = temp;
-#endif
+            }
 
             // Add data to accumulator and dispatch
             cli->input.Add(bytes, data);

Sources/Plasma/NucleusLib/pnNetCli/pnNcEncrypt.cpp

@@ -83,6 +83,7 @@ static void GetCachedServerKey (
     const BigNum *  DH_A;
     const BigNum *  DH_N;
     NetMsgChannelGetDhConstants(channel, &DH_G, &DH_A, &DH_N);
+    hsAssert(!DH_N->isZero(), "DH_N must not be zero in encrypted mode");
 
     // Compute the result
     ka->PowMod(dh_y, *DH_A, *DH_N);
@@ -107,7 +108,11 @@ void NetMsgCryptClientStart (
     const BigNum * DH_X;
     const BigNum * DH_N;
     NetMsgChannelGetDhConstants(channel, &DH_G, &DH_X, &DH_N);
-
+    if (DH_N->isZero()) { // no actual encryption, but the caller expects a seed
+        clientSeed->SetZero();
+        serverSeed->SetZero();
+    }
+    else {
         // Client chooses b and y on connect
         BigNum g(DH_G);
         BigNum seed(seedBytes, seedData);
@@ -119,6 +124,7 @@ void NetMsgCryptClientStart (
         // Client sends y to server
         serverSeed->PowMod(g, b, *DH_N);
     }
+}
 
 //============================================================================
 void NetMsgCryptServerConnect (

Sources/Plasma/NucleusLib/pnUtils/Private/pnUtBigNum.h

@@ -89,6 +89,10 @@ public:
     {
         return BN_cmp(&m_number, &a.m_number);
     }
+    bool isZero() const
+    {
+        return BN_is_zero(&m_number);
+    }
 
     void Div (const BigNum & a, dword b, dword * remainder)
     {

Sources/Plasma/PubUtilLib/plNetClientComm/plNetClientComm.cpp

@@ -91,8 +91,10 @@ static NetCommAge           s_age;
 static NetCommAge           s_startupAge;
 static bool                 s_needAvatarLoad = true;
 static bool                 s_loginComplete = false;
+static bool                 s_hasAuthSrvIpAddress = false;
 static bool                 s_hasFileSrvIpAddress = false;
 static ENetError            s_authResult = kNetErrAuthenticationFailed;
+static wchar                s_authSrvAddr[256];
 static wchar                s_fileSrvAddr[256];
 
 static wchar                s_iniServerAddr[256];
@@ -829,6 +831,16 @@ static void IReadNetIni() {
     IniClose(ini);
 }
 
+//============================================================================
+static void AuthSrvIpAddressCallback (
+    ENetError       result,
+    void *          param,
+    const wchar     addr[]
+) {
+    StrCopy(s_authSrvAddr, addr, arrsize(s_authSrvAddr)); 
+    s_hasAuthSrvIpAddress = true;
+}
+
 //============================================================================
 static void FileSrvIpAddressCallback (
     ENetError       result,
@@ -979,21 +991,47 @@ void NetCommConnect () {
 
     const wchar ** addrs;
     unsigned count;
+    hsBool connectedToKeeper = false;
 
-    count = GetAuthSrvHostnames(&addrs);
+    // if a console override was specified for a authserv, connect directly to the authserver rather than going through the gatekeeper
+    if((count = GetAuthSrvHostnames(&addrs)) && wcslen(addrs[0]))
+    {
         NetCliAuthStartConnect(addrs, count);
+    }
+    else
+    {
+        count = GetGateKeeperSrvHostnames(&addrs);
+        NetCliGateKeeperStartConnect(addrs, count);
+        connectedToKeeper = true;
+
+        // request an auth server ip address
+        NetCliGateKeeperAuthSrvIpAddressRequest(AuthSrvIpAddressCallback, nil);
+
+        while(!s_hasAuthSrvIpAddress && !s_netError) {
+            NetClientUpdate();
+            AsyncSleep(10);
+        }
+            
+        const wchar * authSrv[] = {
+            s_authSrvAddr
+        };
+        NetCliAuthStartConnect(authSrv, 1);
+    }
 
     if (!gDataServerLocal) {
 
         // if a console override was specified for a filesrv, connect directly to the fileserver rather than going through the gatekeeper
-        if(GetFileSrvHostnames(&addrs) && wcslen(addrs[0]))
+        if((count = GetFileSrvHostnames(&addrs)) && wcslen(addrs[0]))
         {
             NetCliFileStartConnect(addrs, count);
         }
         else
         {
+            if (!connectedToKeeper) {
                 count = GetGateKeeperSrvHostnames(&addrs);
                 NetCliGateKeeperStartConnect(addrs, count);
+                connectedToKeeper = true;
+            }
 
             // request a file server ip address
             NetCliGateKeeperFileSrvIpAddressRequest(FileSrvIpAddressCallback, nil, false);
@@ -1009,6 +1047,9 @@ void NetCommConnect () {
             NetCliFileStartConnect(fileSrv, 1);
         }
     }
+
+    if (connectedToKeeper)
+        NetCliGateKeeperDisconnect();
 }
 
 //============================================================================

Sources/Plasma/PubUtilLib/plNetGameLib/Private/plNglGateKeeper.cpp

@@ -735,6 +735,7 @@ static NetMsgInitSend s_send[] = {
 static NetMsgInitRecv s_recv[] = {
     { MSG(PingReply)                },
     { MSG(FileSrvIpAddressReply)    },
+    { MSG(AuthSrvIpAddressReply)    },
 };
 #undef MSG
 
@@ -1116,3 +1117,12 @@ void NetCliGateKeeperFileSrvIpAddressRequest (
     FileSrvIpAddressRequestTrans * trans = NEW(FileSrvIpAddressRequestTrans)(callback, param, isPatcher);
     NetTransSend(trans);
 }
+
+//============================================================================
+void NetCliGateKeeperAuthSrvIpAddressRequest (
+    FNetCliGateKeeperAuthSrvIpAddressRequestCallback    callback,
+    void *                                              param
+) {
+    AuthSrvIpAddressRequestTrans * trans = NEW(AuthSrvIpAddressRequestTrans)(callback, param);
+    NetTransSend(trans);
+}