Rim/iw4x-client
Rim/iw4x-client
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Rewrote node system to register using ECDSA signatures.

Browse Source
This commit is contained in:
momo5502 2016-02-09 22:13:49 +01:00
parent 87c239a1dc
commit 40d6c6d715
7 changed files with 548 additions and 387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

822
src/Components/Modules/Node.cpp
View File

@ -3,9 +3,8 @@
namespace Components
{
Utils::Cryptography::ECDSA::Key Node::SignatureKey;
std::vector<Node::NodeEntry> Node::Nodes;
std::vector<Node::DediEntry> Node::Dedis;
std::vector<Node::ClientSession> Node::Sessions;
void Node::LoadNodes()
{
@ -22,7 +21,6 @@ namespace Components
Node::AddNode(addresses[i].toNetAddress());
}
}
void Node::StoreNodes(bool force)
{
static int lastStorage = 0;
@ -33,12 +31,12 @@ namespace Components
std::vector<Node::AddressEntry> entries;
for (auto entry : Node::Nodes)
for (auto node : Node::Nodes)
{
if (entry.state == Node::STATE_VALID)
if (node.state == Node::STATE_VALID && node.registered)
{
Node::AddressEntry thisAddress;
thisAddress.fromNetAddress(entry.address);
thisAddress.fromNetAddress(node.address);
entries.push_back(thisAddress);
}
@ -50,7 +48,34 @@ namespace Components
Utils::WriteFile("players/nodes.dat", nodeStream);
}
void Node::AddNode(Network::Address address, bool valid)
Node::NodeEntry* Node::FindNode(Network::Address address)
{
for (auto i = Node::Nodes.begin(); i != Node::Nodes.end(); i++)
{
if (i->address == address)
{
// I don't know if that's safe, but we'll see that later...
return &*i;
}
}
return nullptr;
}
Node::ClientSession* Node::FindSession(Network::Address address)
{
for (auto i = Node::Sessions.begin(); i != Node::Sessions.end(); i++)
{
if (i->address == address)
{
// I don't know if that's safe, but we'll see that later...
return &*i;
}
}
return nullptr;
}
void Node::AddNode(Network::Address address)
{
#ifdef DEBUG
if (address.IsSelf()) return;
@ -58,95 +83,35 @@ namespace Components
if (address.IsLocal() || address.IsSelf()) return;
#endif
Node::NodeEntry entry;
entry.lastHeard = Game::Com_Milliseconds();
entry.lastHeartbeat = 0;
entry.lastTime = (valid ? Game::Com_Milliseconds() : 0);
entry.state = (valid ? Node::STATE_VALID : Node::STATE_UNKNOWN);
entry.address = address;
// Search if we already know that node
bool duplicate = false;
for (auto &ourEntry : Node::Nodes)
Node::NodeEntry* existingEntry = Node::FindNode(address);
if (existingEntry)
{
if (ourEntry.address == entry.address)
{
ourEntry.lastHeard = Game::Com_Milliseconds();
// if (ourEntry.state == Node::STATE_INVALID)
// {
// Logger::Print("Node %s was invalidated, but we still received a reference from another node. Suspicous...\n", address.GetString());
// }
// Validate it
if (valid)
{
ourEntry.state = Node::STATE_VALID;
ourEntry.lastTime = Game::Com_Milliseconds();
}
duplicate = true;
break;
}
existingEntry->lastHeard = Game::Com_Milliseconds();
}
// Insert if we don't
if (!duplicate)
else
{
Node::NodeEntry entry;
entry.lastHeard = Game::Com_Milliseconds();
entry.lastTime = 0;
entry.lastListQuery = 0;
entry.registered = false;
entry.state = Node::STATE_UNKNOWN;
entry.address = address;
Node::Nodes.push_back(entry);
}
}
void Node::AddDedi(Network::Address address, bool dirty)
void Node::SendNodeList(Network::Address address)
{
Node::DediEntry entry;
entry.lastHeard = Game::Com_Milliseconds();
entry.lastTime = 0;
entry.state = Node::STATE_UNKNOWN;
entry.address = address;
// Search if we already know that node
bool duplicate = false;
for (auto &ourEntry : Node::Dedis)
{
if (ourEntry.address == entry.address)
{
ourEntry.lastHeard = Game::Com_Milliseconds();
// if (ourEntry.state == Node::STATE_INVALID)
// {
// Logger::Print("Dedi %s was invalidated, but we still received a reference from another node. Suspicous...\n", address.GetString());
// }
if (dirty)
{
ourEntry.lastTime = Game::Com_Milliseconds();
ourEntry.state = Node::STATE_UNKNOWN;
}
duplicate = true;
break;
}
}
// Insert if we don't
if (!duplicate)
{
Node::Dedis.push_back(entry);
}
}
void Node::SendNodeList(Network::Address target)
{
if (target.IsSelf()) return;
if (address.IsSelf() || !Dedicated::IsDedicated()) return;
std::vector<Node::AddressEntry> entries;
for (auto entry : Node::Nodes)
{
if (entry.state == Node::STATE_VALID) // Only send valid nodes, or shall we send invalid ones as well?
if (entry.state == Node::STATE_VALID && entry.registered) // Only send valid nodes, or shall we send invalid ones as well?
{
Node::AddressEntry thisAddress;
thisAddress.fromNetAddress(entry.address);
@ -156,90 +121,43 @@ namespace Components
if (entries.size() >= NODE_PACKET_LIMIT)
{
std::string packet = "nodeNodeList\n";
std::string packet = "nodeListResponse\n";
packet.append("\x01", 1); // Yes, we are a dedi
packet.append(reinterpret_cast<char*>(entries.data()), entries.size() * sizeof(Node::AddressEntry));
Network::SendRaw(target, packet);
Network::SendRaw(address, packet);
entries.clear();
}
}
std::string packet = "nodeNodeList\n";
std::string packet = "nodeListResponse\n";
packet.append("\x01", 1); // Yes, we are a dedi
packet.append(reinterpret_cast<char*>(entries.data()), entries.size() * sizeof(Node::AddressEntry));
Network::SendRaw(target, packet);
Network::SendRaw(address, packet);
}
void Node::SendDediList(Network::Address target)
void Node::DeleteInvalidSessions()
{
if (target.IsSelf()) return;
std::vector<Node::ClientSession> cleanSessions;
std::vector<Node::AddressEntry> entries;
for (auto entry : Node::Dedis)
for (auto session : Node::Sessions)
{
if (entry.state == Node::STATE_VALID) // Only send valid dedis
{
Node::AddressEntry thisAddress;
thisAddress.fromNetAddress(entry.address);
if (session.terminated) continue;
if ((Game::Com_Milliseconds() - session.lastTime) > SESSION_TIMEOUT) return;
entries.push_back(thisAddress);
}
if (entries.size() >= DEDI_PACKET_LIMIT)
{
std::string packet = "nodeDediList\n";
packet.append(reinterpret_cast<char*>(entries.data()), entries.size() * sizeof(Node::AddressEntry));
Network::SendRaw(target, packet);
entries.clear();
}
cleanSessions.push_back(session);
}
std::string packet = "nodeDediList\n";
packet.append(reinterpret_cast<char*>(entries.data()), entries.size() * sizeof(Node::AddressEntry));
Network::SendRaw(target, packet);
}
void Node::ValidateDedi(Network::Address address, Utils::InfoString info)
{
for (auto &dedi : Node::Dedis)
if (cleanSessions.size() != Node::Sessions.size())
{
if (dedi.address == address)
{
if (dedi.state == Node::STATE_QUERYING)
{
dedi.state = (info.Get("challenge") == dedi.challenge ? Node::STATE_VALID : Node::STATE_INVALID);
dedi.lastTime = Game::Com_Milliseconds();
if (dedi.state == Node::STATE_VALID)
{
Logger::Print("Validated dedi %s\n", address.GetString());
}
}
break;
}
//Node::Sessions.clear();
//Utils::Merge(&Node::Sessions, cleanSessions);
Node::Sessions = cleanSessions;
}
}
std::vector<Network::Address> Node::GetDediList()
{
std::vector<Network::Address> dedis;
for (auto dedi : Node::Dedis)
{
if (dedi.state == Node::STATE_VALID)
{
dedis.push_back(dedi.address);
}
}
return dedis;
}
void Node::DeleteInvalidNodes()
{
std::vector<Node::NodeEntry> cleanNodes;
@ -258,119 +176,96 @@ namespace Components
if (cleanNodes.size() != Node::Nodes.size())
{
Node::Nodes.clear();
Utils::Merge(&Node::Nodes, cleanNodes);
//Node::Nodes.clear();
//Utils::Merge(&Node::Nodes, cleanNodes);
Node::Nodes = cleanNodes;
}
}
std::vector<Network::Address> Node::GetDediList()
{
std::vector<Network::Address> dedis;
for (auto node : Node::Nodes)
{
if (node.state == Node::STATE_VALID && node.registered && node.isDedi)
{
dedis.push_back(node.address);
}
}
return dedis;
}
void Node::FrameHandler()
{
int heartbeatCount = 0;
int count = 0;
int registerCount = 0;
int listQueryCount = 0;
// Send requests
for (auto &node : Node::Nodes)
{
if (count < NODE_FRAME_QUERY_LIMIT && (node.state == Node::STATE_UNKNOWN || (/*node.state != Node::STATE_INVALID && */node.state != Node::STATE_QUERYING && (Game::Com_Milliseconds() - node.lastTime) >(NODE_VALIDITY_EXPIRE))))
{
count++;
node.lastTime = Game::Com_Milliseconds();
node.state = Node::STATE_QUERYING;
Logger::Print("Syncing with node %s...\n", node.address.GetString());
// Request new lists
Network::Send(node.address, "nodeRequestLists");
// Send our lists (only if dedi)
if (Dedicated::IsDedicated())
{
Node::SendNodeList(node.address);
Node::SendDediList(node.address);
}
}
if (node.state == Node::STATE_QUERYING && (Game::Com_Milliseconds() - node.lastTime) > (NODE_QUERY_TIMEOUT))
// TODO: Decide how to handle nodes that were already registered, but timed out re-registering.
if (node.state == STATE_NEGOTIATING && (Game::Com_Milliseconds() - node.lastTime) > (NODE_QUERY_TIMEOUT))
{
node.registered = false; // Definitely unregister here!
node.state = Node::STATE_INVALID;
node.lastHeard = Game::Com_Milliseconds();
node.lastTime = Game::Com_Milliseconds();
Logger::Print("Node negotiation timed out. Invalidating %s\n", node.address.GetString());
}
if (Dedicated::IsDedicated() && node.state == Node::STATE_VALID)
if (registerCount < NODE_FRAME_QUERY_LIMIT)
{
if (heartbeatCount < HEARTBEATS_FRAME_LIMIT && (!node.lastHeartbeat || (Game::Com_Milliseconds() - node.lastHeartbeat) > (HEARTBEAT_INTERVAL)))
// Register when unregistered and in UNKNOWN state (I doubt it's possible to be unregistered and in VALID state)
if (!node.registered && (node.state != Node::STATE_NEGOTIATING && node.state != Node::STATE_INVALID))
{
heartbeatCount++;
registerCount++;
node.state = Node::STATE_NEGOTIATING;
node.lastTime = Game::Com_Milliseconds();
Logger::Print("Sending heartbeat to node %s...\n", node.address.GetString());
node.lastHeartbeat = Game::Com_Milliseconds();
Network::Send(node.address, "heartbeat\n");
if (Dedicated::IsDedicated())
{
node.challenge = Utils::VA("%X", Utils::Cryptography::Rand::GenerateInt());
std::string data;
Utils::Message::WriteBuffer(data, node.challenge);
Logger::Print("Sending registration request to %s\n", node.address.GetString());
Network::SendRaw(node.address, "nodeRegisterRequest\n" + data); }
else
{
Logger::Print("Sending session request to %s\n", node.address.GetString());
Network::Send(node.address, "sessionRequest\n");
}
}
}
if (listQueryCount < NODE_FRAME_QUERY_LIMIT)
{
if (node.registered && node.state == Node::STATE_VALID && (!node.lastListQuery || (Game::Com_Milliseconds() - node.lastListQuery) > NODE_QUERY_INTERVAL))
{
listQueryCount++;
node.state = Node::STATE_NEGOTIATING;
node.lastTime = Game::Com_Milliseconds();
if (Dedicated::IsDedicated())
{
Network::Send(node.address, "nodeListRequest\n");
}
else
{
Network::Send(node.address, "sessionRequest\n");
}
}
}
}
count = 0;
for (auto &dedi : Node::Dedis)
{
if (count < DEDI_FRAME_QUERY_LIMIT && (dedi.state == Node::STATE_UNKNOWN || (/*node.state != Node::STATE_INVALID && */dedi.state != Node::STATE_QUERYING && (Game::Com_Milliseconds() - dedi.lastTime) >(DEDI_VALIDITY_EXPIRE))))
{
count++;
dedi.lastTime = Game::Com_Milliseconds();
dedi.challenge = Utils::VA("%d", Utils::Cryptography::Rand::GenerateInt());
dedi.state = Node::STATE_QUERYING;
Logger::Print("Verifying dedi %s...\n", dedi.address.GetString());
// Request new lists
Network::Send(dedi.address, Utils::VA("getinfo %s\n", dedi.challenge.data()));
}
// No query response
if (dedi.state == Node::STATE_QUERYING && (Game::Com_Milliseconds() - dedi.lastTime) > (DEDI_QUERY_TIMEOUT))
{
dedi.state = Node::STATE_INVALID;
dedi.lastTime = Game::Com_Milliseconds();
}
// Lack of heartbeats
if (dedi.state == Node::STATE_VALID && (Game::Com_Milliseconds() - dedi.lastTime) > (HEARTBEAT_DEADLINE))
{
Logger::Print("Invalidating dedi %s\n", dedi.address.GetString());
dedi.state = Node::STATE_INVALID;
}
}
Node::DeleteInvalidSessions();
Node::DeleteInvalidNodes();
Node::DeleteInvalidDedis();
Node::StoreNodes(false);
}
void Node::DeleteInvalidDedis()
{
std::vector<Node::DediEntry> cleanDedis;
for (auto dedi : Node::Dedis)
{
if (dedi.state == Node::STATE_INVALID && (Game::Com_Milliseconds() - dedi.lastHeard) > DEDI_INVALID_DELETE)
{
Logger::Print("Removing invalid dedi %s\n", dedi.address.GetString());
}
else
{
cleanDedis.push_back(dedi);
}
}
if (cleanDedis.size() != Node::Dedis.size())
{
Node::Dedis.clear();
Utils::Merge(&Node::Dedis, cleanDedis);
}
}
const char* Node::GetStateName(EntryState state)
{
switch (state)
@ -378,8 +273,8 @@ namespace Components
case Node::STATE_UNKNOWN:
return "Unknown";
case Node::STATE_QUERYING:
return "Querying";
case Node::STATE_NEGOTIATING:
return "Negotiating";
case Node::STATE_INVALID:
return "Invalid";
@ -401,110 +296,316 @@ namespace Components
// Generate our ECDSA key
Node::SignatureKey = Utils::Cryptography::ECDSA::GenerateKey(512);
// Load stored nodes
Dvar::OnInit([] ()
{
Node::Dedis.clear();
Node::Nodes.clear();
Node::LoadNodes();
});
// Send deadline when shutting down
if (Dedicated::IsDedicated())
{
QuickPatch::OnShutdown([] ()
{
std::string data, challenge;
challenge = Utils::VA("X", Utils::Cryptography::Rand::GenerateInt());
Utils::Message::WriteBuffer(data, challenge);
Utils::Message::WriteBuffer(data, Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, challenge));
for (auto node : Node::Nodes)
{
Network::Send(node.address, "deadline\n");
Network::SendRaw(node.address, "nodeDeregister\n" + data);
}
});
// This is the handler that accepts registration requests from other nodes
// If you want to get accepted as node, you have to send a request to this handler
Network::Handle("nodeRegisterRequest", [] (Network::Address address, std::string data)
{
Node::NodeEntry* entry = Node::FindNode(address);
// Create a new entry, if we don't already know it
if (!entry)
{
Node::AddNode(address);
entry = Node::FindNode(address);
if (!entry) return;
}
Logger::Print("Received registration request from %s\n", address.GetString());
std::string response, challenge;
if (!Utils::Message::ReadBuffer(data, challenge)) return;
std::string publicKey = Node::SignatureKey.GetPublicKey();
std::string signature = Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, challenge);
challenge = Utils::VA("%X", Utils::Cryptography::Rand::GenerateInt());
Utils::Message::WriteBuffer(response, signature);
Utils::Message::WriteBuffer(response, publicKey);
Utils::Message::WriteBuffer(response, challenge);
entry->lastTime = Game::Com_Milliseconds();
entry->challenge = challenge;
entry->state = Node::STATE_NEGOTIATING;
Network::SendRaw(address, "nodeRegisterSynchronize\n" + response);
});
Network::Handle("nodeRegisterSynchronize", [] (Network::Address address, std::string data)
{
Node::NodeEntry* entry = Node::FindNode(address);
if (!entry || entry->state != Node::STATE_NEGOTIATING) return;
Logger::Print("Received synchronization data for registration from %s!\n", address.GetString());
std::string challenge, publicKey, signature;
if (!Utils::Message::ReadBuffer(data, signature)) return;
if (!Utils::Message::ReadBuffer(data, publicKey)) return;
if (!Utils::Message::ReadBuffer(data, challenge)) return;
// Verify signature
entry->publicKey.Set(publicKey);
if (!Utils::Cryptography::ECDSA::VerifyMessage(entry->publicKey, entry->challenge, signature))
{
Logger::Print("Signature from %s for challenge '%s' is invalid!\n", address.GetString(), entry->challenge.data());
return;
}
Logger::Print("Signature from %s for challenge '%s' is valid!\n", address.GetString(), entry->challenge.data());
// Mark as registered
entry->lastTime = Game::Com_Milliseconds();
entry->state = Node::STATE_VALID;
entry->registered = true;
Logger::Print("Node %s registered\n", address.GetString());
// Build response
data.clear();
publicKey = Node::SignatureKey.GetPublicKey();
signature = Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, challenge);
Utils::Message::WriteBuffer(data, signature);
Utils::Message::WriteBuffer(data, publicKey);
Network::SendRaw(address, "nodeRegisterAcknowledge\n" + data);
});
Network::Handle("nodeRegisterAcknowledge", [] (Network::Address address, std::string data)
{
// Ignore requests from nodes we don't know
Node::NodeEntry* entry = Node::FindNode(address);
if (!entry || entry->state != Node::STATE_NEGOTIATING) return;
Logger::Print("Received acknowledgment from %s\n", address.GetString());
std::string publicKey, signature;
if (!Utils::Message::ReadBuffer(data, signature)) return;
if (!Utils::Message::ReadBuffer(data, publicKey)) return;
entry->publicKey.Set(publicKey);
if (Utils::Cryptography::ECDSA::VerifyMessage(entry->publicKey, entry->challenge, signature))
{
entry->lastTime = Game::Com_Milliseconds();
entry->state = Node::STATE_VALID;
entry->registered = true;
Logger::Print("Signature from %s for challenge '%s' is valid!\n", address.GetString(), entry->challenge.data());
Logger::Print("Node %s registered\n", address.GetString());
}
else
{
Logger::Print("Signature from %s for challenge '%s' is invalid!\n", address.GetString(), entry->challenge.data());
}
});
Network::Handle("nodeListRequest", [] (Network::Address address, std::string data)
{
// Requesting a list is either possible, by being registered as node
// Or having a valid client session
// Client sessions do expire after some time or when having received a list
bool allowed = false;
Node::NodeEntry* entry = Node::FindNode(address);
if (entry && entry->registered)
{
entry->lastTime = Game::Com_Milliseconds();
allowed = true;
}
// Check if there is any open session
if (!allowed)
{
Node::ClientSession* session = Node::FindSession(address);
if (session)
{
allowed = (session->valid && !session->terminated);
session->terminated = true;
}
}
if (allowed)
{
Node::SendNodeList(address);
}
else
{
// Unallowed connection
Network::Send(address, "nodeListError\n");
}
});
Network::Handle("sessionRequest", [] (Network::Address address, std::string data)
{
// Return if we already have a session for this address
if (Node::FindSession(address)) return;
Logger::Print("Client %s is requesting a new session\n", address.GetString());
Node::ClientSession session;
session.address = address;
session.challenge = Utils::VA("%X", Utils::Cryptography::Rand::GenerateInt());
session.lastTime = Game::Com_Milliseconds();
session.terminated = false;
session.valid = false;
Node::Sessions.push_back(session);
Network::Send(address, "sessionInitialize\n" + session.challenge);
});
Network::Handle("sessionSynchronize", [] (Network::Address address, std::string data)
{
// Return if we don't have a session for this address
Node::ClientSession* session = Node::FindSession(address);
if (!session || session->terminated || session->valid) return;
if (session->challenge == data)
{
Logger::Print("Session for %s validated.\n", address.GetString());
session->valid = true;
Network::Send(address, "sessionAcknowledge\n");
}
else
{
Logger::Print("Challenge mismatch. Validating session for %s failed.\n", address.GetString());
session->terminated = true;
}
});
}
// Only dedis act as nodes!
if (Dedicated::IsDedicated())
else
{
Network::Handle("nodeRequestLists", [] (Network::Address address, std::string data)
Network::Handle("sessionInitialize", [] (Network::Address address, std::string data)
{
Logger::Print("Sending our lists to %s\n", address.GetString());
Node::NodeEntry* entry = Node::FindNode(address);
if (!entry) return;
Node::SendNodeList(address);
Node::SendDediList(address);
Logger::Print("Session initialization received. Synchronizing...\n", address.GetString());
// Send our heartbeat as well :P
// Otherwise, if there's only 1 node in the network (us), we might not get listed as dedi
Network::Send(address, "heartbeat\n");
entry->lastTime = Game::Com_Milliseconds();
Network::Send(address, "sessionSynchronize\n" + data);
});
Network::Handle("sessionAcknowledge", [] (Network::Address address, std::string data)
{
Node::NodeEntry* entry = Node::FindNode(address);
if (!entry) return;
Logger::Print("Session acknowledged, requesting node list...\n", address.GetString());
entry->state = Node::STATE_VALID;
entry->registered = true;
entry->lastTime = Game::Com_Milliseconds();
Network::Send(address, "nodeListRequest\n");
});
}
Network::Handle("nodeNodeList", [] (Network::Address address, std::string data)
Network::Handle("nodeListResponse", [] (Network::Address address, std::string data)
{
if (data.size() % sizeof(Node::AddressEntry))
if (data.size() % sizeof(Node::AddressEntry) != 1)
{
Logger::Print("Received invalid node list from %s!\n", address.GetString());
return;
}
unsigned int size = (data.size() / sizeof(Node::AddressEntry));
unsigned int size = ((data.size() - 1) / sizeof(Node::AddressEntry));
Node::AddressEntry* addresses = reinterpret_cast<Node::AddressEntry*>(const_cast<char*>(data.data() + 1));
bool isDedicated = (*data.data() != 0);
Logger::Print("Received valid node list with %d entries from %s\n", size, address.GetString());
// Insert the node itself and mark it as valid
Node::AddNode(address, true);
Node::AddressEntry* addresses = reinterpret_cast<Node::AddressEntry*>(const_cast<char*>(data.data()));
for (unsigned int i = 0; i < size; ++i)
Node::NodeEntry* entry = Node::FindNode(address);
if (entry)
{
Node::AddNode(addresses[i].toNetAddress());
}
});
Network::Handle("nodeDediList", [] (Network::Address address, std::string data)
{
if (data.size() % sizeof(Node::AddressEntry))
{
Logger::Print("Received invalid dedi list from %s!\n", address.GetString());
return;
}
unsigned int size = (data.size() / sizeof(Node::AddressEntry));
Logger::Print("Received valid dedi list with %d entries from %s\n", size, address.GetString());
// Insert the node and mark it as valid
Node::AddNode(address, true);
Node::AddressEntry* addresses = reinterpret_cast<Node::AddressEntry*>(const_cast<char*>(data.data()));
for (unsigned int i = 0; i < size; ++i)
{
Node::AddDedi(addresses[i].toNetAddress());
}
});
Network::Handle("heartbeat", [] (Network::Address address, std::string data)
{
Logger::Print("Received heartbeat from %s\n", address.GetString());
Node::AddDedi(address, true);
});
Network::Handle("deadline", [] (Network::Address address, std::string data)
{
Logger::Print("Invalidation message received from %s\n", address.GetString());
for (auto &dedi : Node::Dedis)
{
if (dedi.address == address)
if (entry->registered)
{
dedi.state = Node::STATE_INVALID;
dedi.lastTime = Game::Com_Milliseconds();
Logger::Print("Received valid node list with %d entries from %s\n", size, address.GetString());
entry->isDedi = isDedicated;
entry->state = Node::STATE_VALID;
entry->lastTime = Game::Com_Milliseconds();
entry->lastListQuery = Game::Com_Milliseconds();
for (unsigned int i = 0; i < size; ++i)
{
Node::AddNode(addresses[i].toNetAddress());
}
}
}
for (auto &node : Node::Nodes)
else
{
if (node.address == address)
Node::AddNode(address);
}
});
// If we receive that response, our request was not permitted
// So we either have to register as node, or register a remote session
Network::Handle("nodeListError", [] (Network::Address address, std::string data)
{
if (Dedicated::IsDedicated())
{
Node::NodeEntry* entry = Node::FindNode(address);
if (entry)
{
node.state = Node::STATE_INVALID;
node.lastTime = Game::Com_Milliseconds();
// Set to unregistered to perform registration later on
entry->lastTime = Game::Com_Milliseconds();
entry->registered = false;
entry->state = Node::STATE_UNKNOWN;
}
else
{
// Add as new entry to perform registration
Node::AddNode(address);
}
}
else
{
// TODO: Implement client handshake stuff
// Nvm, clients can simply ignore that i guess
}
});
Network::Handle("nodeDeregister", [] (Network::Address address, std::string data)
{
Node::NodeEntry* entry = Node::FindNode(address);
if (!entry || !entry->registered) return;
std::string challenge, signature;
if (!Utils::Message::ReadBuffer(data, challenge)) return;
if (!Utils::Message::ReadBuffer(data, signature)) return;
if (Utils::Cryptography::ECDSA::VerifyMessage(entry->publicKey, challenge, signature))
{
entry->lastHeard = Game::Com_Milliseconds();
entry->lastTime = Game::Com_Milliseconds();
entry->registered = false;
entry->state = Node::STATE_INVALID;
Logger::Print("Node %s unregistered\n", address.GetString());
}
else
{
Logger::Print("Node %s tried to unregister using an invalid signature!\n", address.GetString());
}
});
@ -518,54 +619,12 @@ namespace Components
}
});
Command::Add("listdedis", [] (Command::Params params)
{
Logger::Print("Dedi: %d\n", Node::Dedis.size());
for (auto dedi : Node::Dedis)
{
Logger::Print("%s\t(%s)\n", dedi.address.GetString(), Node::GetStateName(dedi.state));
}
});
Command::Add("addnode", [] (Command::Params params)
{
if (params.Length() < 2) return;
Network::Address address(params[1]);
Node::AddNode(address);
// Invalidate it
for (auto &node : Node::Nodes)
{
if (node.address == address)
{
node.state = Node::STATE_UNKNOWN;
break;
}
}
});
Command::Add("syncnodes", [] (Command::Params params)
{
for (auto &node : Node::Nodes)
{
if (node.state != Node::STATE_INVALID)
{
node.state = Node::STATE_UNKNOWN;
}
}
});
Command::Add("syncdedis", [] (Command::Params params)
{
for (auto &dedi : Node::Dedis)
{
if (dedi.state != Node::STATE_INVALID)
{
dedi.state = Node::STATE_UNKNOWN;
}
}
});
// Install frame handlers
@ -579,6 +638,73 @@ namespace Components
Node::StoreNodes(true);
Node::Nodes.clear();
Node::Dedis.clear();
Node::Sessions.clear();
}
bool Node::UnitTest()
{
printf("Testing ECDSA key...");
if (!Node::SignatureKey.IsValid())
{
printf("Error\n");
printf("ECDSA key seems invalid!\n");
return false;
}
printf("Success\n");
printf("Testing 10 valid signatures...");
for (int i = 0; i < 10; i++)
{
std::string message = Utils::VA("%d", Utils::Cryptography::Rand::GenerateInt());
std::string signature = Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, message);
if (!Utils::Cryptography::ECDSA::VerifyMessage(Node::SignatureKey, message, signature))
{
printf("Error\n");
printf("Signature for '%s' (%d) was invalid!\n", message.data(), i);
return false;
}
}
printf("Success\n");
printf("Testing 10 invalid signatures...");
for (int i = 0; i < 10; i++)
{
std::string message = Utils::VA("%d", Utils::Cryptography::Rand::GenerateInt());
std::string signature = Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, message);
// Invalidate the message...
message[Utils::Cryptography::Rand::GenerateInt() % message.size()]++;
if (Utils::Cryptography::ECDSA::VerifyMessage(Node::SignatureKey, message, signature))
{
printf("Error\n");
printf("Signature for '%s' (%d) was valid? What the fuck? That is absolutely impossible...\n", message.data(), i);
return false;
}
}
printf("Success\n");
printf("Testing ECDSA key import...");
std::string pubKey = Node::SignatureKey.GetPublicKey();
std::string message = Utils::VA("%d", Utils::Cryptography::Rand::GenerateInt());
std::string signature = Utils::Cryptography::ECDSA::SignMessage(Node::SignatureKey, message);
Utils::Cryptography::ECDSA::Key testKey;
testKey.Set(pubKey);
if (!Utils::Cryptography::ECDSA::VerifyMessage(Node::SignatureKey, message, signature))
{
printf("Error\n");
printf("Verifying signature for message '%s' using imported keys failed!\n", message.data());
return false;
}
printf("Success\n");
return true;
}
}

65
src/Components/Modules/Node.hpp
View File

@ -1,23 +1,10 @@
#define HEARTBEAT_DEADLINE 1000 * 60 * 10 // Invalidate servers after 10 minutes without heartbeat
#define HEARTBEAT_INTERVAL 1000 * 60 * 3 // Send heartbeats to each node every 3 minutes
#define NODE_VALIDITY_EXPIRE 1000 * 60 * 2 // Revalidate nodes after 2 minutes
#define DEDI_VALIDITY_EXPIRE 1000 * 60 * 2 // Revalidate dedis after 2 minutes
#define NODE_QUERY_TIMEOUT 1000 * 30 * 1 // Invalidate nodes after 30 seconds without query response
#define DEDI_QUERY_TIMEOUT 1000 * 10 * 1 // Invalidate dedis after 10 seconds without query response
#define NODE_INVALID_DELETE 1000 * 60 * 10 // Delete invalidated nodes after 10 minutes
#define DEDI_INVALID_DELETE 1000 * 60 * 10 // Delete invalidated dedis after 10 minutes
#define HEARTBEATS_FRAME_LIMIT 1 // Limit of heartbeats sent to nodes per frame
#define NODE_FRAME_QUERY_LIMIT 1 // Limit of nodes to be queried per frame
#define DEDI_FRAME_QUERY_LIMIT 1 // Limit of dedis to be queried per frame
#define NODE_PACKET_LIMIT 111 // Send 111 nodes per synchronization packet
#define DEDI_PACKET_LIMIT 111 // Send 111 dedis per synchronization packet
#define NODE_STORE_INTERVAL 1000 * 60* 1 // Store nodes every minute
#define NODE_QUERY_INTERVAL 1000 * 60 * 2 // Query nodelist from nodes evry 2 minutes
#define NODE_QUERY_TIMEOUT 1000 * 30 * 1 // Invalidate nodes after 30 seconds without query response
#define NODE_INVALID_DELETE 1000 * 60 * 10 // Delete invalidated nodes after 10 minutes
#define NODE_FRAME_QUERY_LIMIT 1 // Limit of nodes to be queried per frame
#define NODE_PACKET_LIMIT 111 // Send 111 nodes per synchronization packet
#define NODE_STORE_INTERVAL 1000 * 60* 1 // Store nodes every minute
#define SESSION_TIMEOUT 1000 * 10 // 10 seconds session timeout
namespace Components
{
@ -27,8 +14,7 @@ namespace Components
Node();
~Node();
const char* GetName() { return "Node"; };
static void ValidateDedi(Network::Address address, Utils::InfoString info);
bool UnitTest();
static std::vector<Network::Address> GetDediList();
@ -36,7 +22,7 @@ namespace Components
enum EntryState
{
STATE_UNKNOWN,
STATE_QUERYING,
STATE_NEGOTIATING,
STATE_VALID,
STATE_INVALID,
};
@ -44,20 +30,28 @@ namespace Components
struct NodeEntry
{
Network::Address address;
std::string challenge;
Utils::Cryptography::ECDSA::Key publicKey;
EntryState state;
int lastTime; // Last time we heard anything from the server itself
int lastHeartbeat; // Last time we got a heartbeat from it
int lastHeard; // Last time we heard something of the server at all (refs form other nodes)
bool registered; // Do we consider this node as registered?
int lastTime; // Last time we heard anything from the server itself
int lastHeard; // Last time we heard something of the server at all (refs form other nodes)
int lastListQuery; // Last time we got the list of the node
// This is only relevant for clients
// Other nodes or dedis don't need to know if the entry is a dedi or not.
bool isDedi;
};
struct DediEntry
struct ClientSession
{
Network::Address address;
std::string challenge;
EntryState state;
bool valid;
bool terminated;
int lastTime;
int lastHeard;
};
#pragma pack(push, 1)
@ -88,19 +82,18 @@ namespace Components
static Utils::Cryptography::ECDSA::Key SignatureKey;
static std::vector<NodeEntry> Nodes;
static std::vector<DediEntry> Dedis;
static std::vector<ClientSession> Sessions;
static void LoadNodes();
static void StoreNodes(bool force);
static void AddNode(Network::Address address, bool valid = false);
static void AddDedi(Network::Address address, bool dirty = false);
static void SendNodeList(Network::Address target);
static void SendDediList(Network::Address target);
static void AddNode(Network::Address address);
static void SendNodeList(Network::Address address);
static NodeEntry* FindNode(Network::Address address);
static ClientSession* FindSession(Network::Address address);
static void DeleteInvalidNodes();
static void DeleteInvalidDedis();
static void DeleteInvalidSessions();
static void FrameHandler();

1
src/Components/Modules/Party.cpp
View File

@ -375,7 +375,6 @@ namespace Components
}
}
Node::ValidateDedi(address, info);
ServerList::Insert(address, info);
});
}

8
src/Utils/Cryptography.cpp
View File

@ -40,6 +40,8 @@ namespace Utils
std::string ECDSA::SignMessage(Key key, std::string message)
{
if (!key.IsValid()) return "";
uint8_t buffer[512];
DWORD length = sizeof(buffer);
@ -54,6 +56,8 @@ namespace Utils
bool ECDSA::VerifyMessage(Key key, std::string message, std::string signature)
{
if (!key.IsValid()) return false;
ltc_mp = ltm_desc;
int result = 0;
@ -80,6 +84,8 @@ namespace Utils
std::string RSA::SignMessage(RSA::Key key, std::string message)
{
if (!key.IsValid()) return "";
uint8_t buffer[512];
DWORD length = sizeof(buffer);
@ -95,6 +101,8 @@ namespace Utils
bool RSA::VerifyMessage(Key key, std::string message, std::string signature)
{
if (!key.IsValid()) return false;
register_hash(&sha1_desc);
ltc_mp = ltm_desc;

4
src/Utils/Cryptography.hpp
View File

@ -18,7 +18,7 @@ namespace Utils
{
ZeroMemory(this->KeyStorage.get(), sizeof(*this->KeyStorage.get()));
};
Key(ecc_key* key) : Key() { std::memmove(this->KeyStorage.get(), key, sizeof(*key)); };
Key(ecc_key* key) : Key() { if(key) std::memmove(this->KeyStorage.get(), key, sizeof(*key)); };
Key(ecc_key key) : Key(&key) {};
~Key()
{
@ -90,7 +90,7 @@ namespace Utils
{
ZeroMemory(this->KeyStorage.get(), sizeof(*this->KeyStorage.get()));
};
Key(rsa_key* key) : Key() { std::memmove(this->KeyStorage.get(), key, sizeof(*key)); };
Key(rsa_key* key) : Key() { if (key) std::memmove(this->KeyStorage.get(), key, sizeof(*key)); };
Key(rsa_key key) : Key(&key) {};
~Key()
{

27
src/Utils/Utils.cpp
View File

@ -246,4 +246,31 @@ namespace Utils
this->KeyValuePairs[KeyValues[i]] = KeyValues[i + 1];
}
}
namespace Message
{
void WriteBuffer(std::string& message, std::string buffer)
{
DWORD length = buffer.size();
message.append(reinterpret_cast<char*>(&length), 4);
message.append(buffer);
}
bool ReadBuffer(std::string& message, std::string& buffer)
{
if (message.size() < 4) return false;
char* messagePtr = const_cast<char*>(message.data());
DWORD length = *reinterpret_cast<DWORD*>(messagePtr);
if (message.size() < (length + 4)) return false;
buffer.clear();
buffer.append(messagePtr + 4, length);
message = std::string(messagePtr + 4 + length, message.size() - (4 + length));
return true;
}
}
}

8
src/Utils/Utils.hpp
View File

@ -59,4 +59,12 @@ namespace Utils
target->push_back(entry);
}
}
// TODO: Implement a bytebuffer class
// Maybe convery's or protobuf
namespace Message
{
void WriteBuffer(std::string& message, std::string buffer);
bool ReadBuffer(std::string& message, std::string& buffer);
}
}