Fix some d0_blind_id related bugs:

- Higher numbered CAs should have priority over lower numbered CAs,
  making CA 0 the "default" CA.
- Fix the "Authenticated connection to ..." message (no more -@- crap).

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12051 d7cf8633-e32d-0410-b094-e92efae38249

diff --git a/crypto.c b/crypto.c
index 622e5a392e5e4dc4f17f01c4599ea3c068db85a6..b9f214544b85a0b6dab582aa712dc15737ef43ea 100644 (file)
--- a/crypto.c
+++ b/crypto.c
@@ -1,4 +1,3 @@
-// TODO key loading, generating, saving
 #include "quakedef.h"
 #include "crypto.h"
 #include "common.h"
@@ -534,7 +533,7 @@ static crypto_t *Crypto_ServerFindInstance(lhnetaddress_t *peeraddress, qboolean
        return crypto;
 }
 
-qboolean Crypto_ServerFinishInstance(crypto_t *out, crypto_t *crypto)
+qboolean Crypto_FinishInstance(crypto_t *out, crypto_t *crypto)
 {
        // no check needed here (returned pointers are only used in prefilled fields)
        if(!crypto || !crypto->authenticated)
@@ -651,7 +650,7 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
 
                if(idend - idstart == FP64_SIZE && keyend - keystart == FP64_SIZE)
                {
-                       for(keyid = 0; keyid < MAX_PUBKEYS; ++keyid)
+                       for(keyid = MAX_PUBKEYS - 1; keyid >= 0; --keyid)
                                if(pubkeys[keyid])
                                        if(!memcmp(pubkeys_fp64[keyid], keystart, FP64_SIZE))
                                        {
@@ -659,8 +658,7 @@ static void Crypto_StoreHostKey(lhnetaddress_t *peeraddress, const char *keystri
                                                idfp[FP64_SIZE] = 0;
                                                break;
                                        }
-                       if(keyid >= MAX_PUBKEYS)
-                               keyid = -1;
+                       // If this failed, keyid will be -1.
                }
        }
 
@@ -1764,13 +1762,13 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in,
                        p = GetUntilNul(&data_in, &len_in);
                        if(p && *p)
                        {
+                               // Find the highest numbered matching key for p.
                                for(i = 0; i < MAX_PUBKEYS; ++i)
                                {
                                        if(pubkeys[i])
                                                if(!strcmp(p, pubkeys_fp64[i]))
                                                        if(pubkeys_havepriv[i])
-                                                               if(serverid < 0)
-                                                                       serverid = i;
+                                                               serverid = i;
                                }
                                if(serverid < 0)
                                        return Crypto_ServerError(data_out, len_out, "Invalid server key", NULL);
@@ -1778,12 +1776,12 @@ static int Crypto_ServerParsePacket_Internal(const char *data_in, size_t len_in,
                        p = GetUntilNul(&data_in, &len_in);
                        if(p && *p)
                        {
+                               // Find the highest numbered matching key for p.
                                for(i = 0; i < MAX_PUBKEYS; ++i)
                                {
                                        if(pubkeys[i])
                                                if(!strcmp(p, pubkeys_fp64[i]))
-                                                       if(clientid < 0)
-                                                               clientid = i;
+                                                       clientid = i;
                                }
                                if(clientid < 0)
                                        return Crypto_ServerError(data_out, len_out, "Invalid client key", NULL);
@@ -2236,22 +2234,20 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                                        break;
                                continue;
                        }
+                       // Find the highest numbered matching key for p.
                        for(i = 0; i < MAX_PUBKEYS; ++i)
                        {
                                if(pubkeys[i])
                                if(!strcmp(p, pubkeys_fp64[i]))
                                {
                                        if(pubkeys_havepriv[i])
-                                               if(clientid < 0)
-                                                       clientid = i;
+                                               clientid = i;
                                        if(server_can_auth)
-                                               if(serverid < 0)
-                                                       if(wantserverid < 0 || i == wantserverid)
-                                                               serverid = i;
+                                               if(wantserverid < 0 || i == wantserverid)
+                                                       serverid = i;
                                }
                        }
-                       if(clientid >= 0 && serverid >= 0)
-                               break;
+                       // Not breaking, as higher keys in the list always have priority.
                }
 
                // if stored host key is not found:
@@ -2260,7 +2256,6 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
 
                if(serverid >= 0 || clientid >= 0)
                {
-                       // TODO at this point, fill clientside crypto struct!
                        MAKE_CDATA;
                        CDATA->cdata_id = ++cdata_id;
                        CDATA->s = serverid;

diff --git a/crypto.h b/crypto.h
index ddc00a92cd24e00455e4a69b30acecd120ca7548..106e5a9a195a2e334762223586b5e0e2a9d41fad 100644 (file)
--- a/crypto.h
+++ b/crypto.h
@@ -48,7 +48,7 @@ int Crypto_ServerParsePacket(const char *data_in, size_t len_in, char *data_out,
 
 qboolean Crypto_ServerAppendToChallenge(const char *data_in, size_t len_in, char *data_out, size_t *len_out, size_t maxlen);
 crypto_t *Crypto_ServerGetInstance(lhnetaddress_t *peeraddress);
-qboolean Crypto_ServerFinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory
+qboolean Crypto_FinishInstance(crypto_t *out, crypto_t *in); // also clears allocated memory, and frees the instance received by ServerGetInstance
 const char *Crypto_GetInfoResponseDataString(void);
 
 // retrieves a host key for an address (can be exposed to menuqc, or used by the engine to look up stored keys e.g. for server bookmarking)

diff --git a/netconn.c b/netconn.c
index 707197b40589ecc65bb9e88d65b3e4b0747cd184..5f256cd9e29a76dbae604ef095988b3628b5736b 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -1516,10 +1516,10 @@ static void NetConn_ConnectionEstablished(lhnetsocket_t *mysocket, lhnetaddress_
        }
        // allocate a net connection to keep track of things
        cls.netcon = NetConn_Open(mysocket, peeraddress);
-       crypto = &cls.crypto;
-       if(crypto && crypto->authenticated)
+       crypto = &cls.netcon->crypto;
+       if(cls.crypto.authenticated)
        {
-               Crypto_ServerFinishInstance(&cls.netcon->crypto, crypto);
+               Crypto_FinishInstance(crypto, &cls.crypto);
                Con_Printf("%s connection to %s has been established: server is %s@%.*s, I am %.*s@%.*s\n",
                                crypto->use_aes ? "Encrypted" : "Authenticated",
                                cls.netcon->address,
@@ -3079,7 +3079,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                                                        Con_Printf("Datagram_ParseConnectionless: sending \"accept\" to %s.\n", addressstring2);
                                                NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
                                                if(crypto && crypto->authenticated)
-                                                       Crypto_ServerFinishInstance(&client->netconnection->crypto, crypto);
+                                                       Crypto_FinishInstance(&client->netconnection->crypto, crypto);
                                                SV_SendServerinfo(client);
                                        }
                                        else
@@ -3089,7 +3089,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                                                if (developer_extra.integer)
                                                        Con_Printf("Datagram_ParseConnectionless: sending duplicate accept to %s.\n", addressstring2);
                                                if(crypto && crypto->authenticated)
-                                                       Crypto_ServerFinishInstance(&client->netconnection->crypto, crypto);
+                                                       Crypto_FinishInstance(&client->netconnection->crypto, crypto);
                                                NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
                                        }
                                        return true;
@@ -3111,7 +3111,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                                        NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
                                        // now set up the client
                                        if(crypto && crypto->authenticated)
-                                               Crypto_ServerFinishInstance(&conn->crypto, crypto);
+                                               Crypto_FinishInstance(&conn->crypto, crypto);
                                        SV_ConnectClient(clientnum, conn);
                                        NetConn_Heartbeat(1);
                                        return true;