metin-server/m2dev-client-src
3
0
Fork 1
Code Issues Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity

Networking Overhaul: Modern packets, buffers, handshake, dispatch & security hardening

Browse Source 
See Readme
This commit is contained in:
rtw1x1
2026-02-08 07:36:07 +00:00
parent 058589ca1b
commit cda1c73bd3
72 changed files with 3612 additions and 6155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/EterBase/Debug.cpp
View File

@@ -345,9 +345,8 @@ static struct TSyserrBuffer
memcpy(buffer + pos, msg, len);
pos += len;
DWORD now = ELTimer_GetMSec();
if (now - lastFlushMs > 500 || pos > BUFFER_SIZE * 3 / 4)
Flush();
// DEBUG: Force flush every write to capture crash traces
Flush();
}
void Flush()

61
src/EterBase/SecureCipher.cpp
View File

@@ -1,5 +1,6 @@
#include "StdAfx.h"
#include "SecureCipher.h"
#include "Debug.h"
// Static initialization flag for libsodium
static bool s_sodiumInitialized = false;
@@ -57,6 +58,7 @@ bool SecureCipher::Initialize()
void SecureCipher::CleanUp()
{
// Securely erase all sensitive key material
sodium_memzero(m_pk, sizeof(m_pk));
sodium_memzero(m_sk, sizeof(m_sk));
sodium_memzero(m_tx_key, sizeof(m_tx_key));
sodium_memzero(m_rx_key, sizeof(m_rx_key));
@@ -95,6 +97,7 @@ bool SecureCipher::ComputeClientKeys(const uint8_t* server_pk)
sodium_memzero(m_rx_stream_nonce, NONCE_SIZE);
m_rx_stream_nonce[0] = 0x01;
Tracef("[CIPHER] Client keys computed\n");
return true;
}
@@ -172,64 +175,6 @@ void SecureCipher::ApplyStreamCipher(void* buffer, size_t len,
}
}
size_t SecureCipher::Encrypt(const void* plaintext, size_t plaintext_len, void* ciphertext)
{
if (!m_activated)
{
return 0;
}
// AEAD encryption uses a random nonce (not the stream nonce)
uint8_t nonce[NONCE_SIZE];
randombytes_buf(nonce, NONCE_SIZE);
unsigned long long ciphertext_len = 0;
if (crypto_aead_xchacha20poly1305_ietf_encrypt(
(uint8_t*)ciphertext, &ciphertext_len,
(const uint8_t*)plaintext, plaintext_len,
nullptr, 0,
nullptr,
nonce,
m_tx_key) != 0)
{
return 0;
}
return (size_t)ciphertext_len;
}
size_t SecureCipher::Decrypt(const void* ciphertext, size_t ciphertext_len, void* plaintext)
{
if (!m_activated)
{
return 0;
}
if (ciphertext_len < TAG_SIZE)
{
return 0;
}
uint8_t nonce[NONCE_SIZE];
randombytes_buf(nonce, NONCE_SIZE);
unsigned long long plaintext_len = 0;
if (crypto_aead_xchacha20poly1305_ietf_decrypt(
(uint8_t*)plaintext, &plaintext_len,
nullptr,
(const uint8_t*)ciphertext, ciphertext_len,
nullptr, 0,
nonce,
m_rx_key) != 0)
{
return 0;
}
return (size_t)plaintext_len;
}
void SecureCipher::EncryptInPlace(void* buffer, size_t len)
{
if (!m_activated || len == 0)

16
src/EterBase/SecureCipher.h
View File

@@ -37,14 +37,6 @@ public:
void ComputeChallengeResponse(const uint8_t* challenge, uint8_t* out_response);
bool VerifyChallengeResponse(const uint8_t* challenge, const uint8_t* response);
// AEAD encryption - output is len + TAG_SIZE bytes
// Returns actual ciphertext length (plaintext_len + TAG_SIZE)
size_t Encrypt(const void* plaintext, size_t plaintext_len, void* ciphertext);
// AEAD decryption - input must be ciphertext_len bytes (includes TAG_SIZE)
// Returns actual plaintext length, or 0 on failure
size_t Decrypt(const void* ciphertext, size_t ciphertext_len, void* plaintext);
// In-place stream encryption for network buffers (XChaCha20, no tag overhead)
// Same length in/out. Nonce counter prevents replay.
void EncryptInPlace(void* buffer, size_t len);
@@ -69,14 +61,8 @@ public:
uint64_t GetTxNonce() const { return m_tx_nonce; }
uint64_t GetRxNonce() const { return m_rx_nonce; }
// Access keys directly (for special decrypt operations like session token)
// Direct key access (for session token decryption)
const uint8_t* GetRxKey() const { return m_rx_key; }
const uint8_t* GetTxKey() const { return m_tx_key; }
// Alias for convenience
void ComputeResponse(const uint8_t* challenge, uint8_t* out_response) {
ComputeChallengeResponse(challenge, out_response);
}
private:
bool m_initialized = false;