From 69bb6e1845807909994cc6fcac59bf692d8b0dad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=91=D1=8B=D1=87=D0=BA=D0=BE=D0=B2=20=D0=90=D0=BD=D0=B4?= =?UTF-8?q?=D1=80=D0=B5=D0=B9?= Date: Fri, 6 Mar 2020 20:27:01 +0000 Subject: [PATCH] git-svn-id: svn://db.shs.com.ru/pip@922 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5 --- src_crypt/piauth.cpp | 45 +++++++++++++++++++++++++---------------- src_main/crypt/piauth.h | 16 +++++++++------ 2 files changed, 38 insertions(+), 23 deletions(-) diff --git a/src_crypt/piauth.cpp b/src_crypt/piauth.cpp index 357d30bb..f3209f7b 100644 --- a/src_crypt/piauth.cpp +++ b/src_crypt/piauth.cpp @@ -18,7 +18,7 @@ */ #include "piauth.h" - +#define PIAUTH_NOISE_MAX_SIZE 256 PIAuth::PIAuth(const PIByteArray & sign) : PIObject() { setName("Client"); @@ -29,6 +29,11 @@ PIAuth::PIAuth(const PIByteArray & sign) : PIObject() { } +void PIAuth::setServerPassword(const PIString & ps) { + pass_hash = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth")); +} + + void PIAuth::stop() { role = Client; state = NotConnected; @@ -51,8 +56,8 @@ PIByteArray PIAuth::startServer() { state = AuthProbe; PIByteArray ba; crypt.generateKeypair(my_pk, box_sk); - PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128); - ba << (int)state << server_info << sign_pk << my_pk << noise; + PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE+128); + ba << (int)state << custom_info << sign_pk << my_pk << noise; PIByteArray sign = crypt.signMessage(ba, sign_sk); ba << sign; return ba; @@ -98,7 +103,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { tba << sign; tba = crypt.crypt(tba, box_pk, box_sk); state = AuthReply; - noise = crypt.generateRandomBuff(randomi()%256); + noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); ba << (int)state << tba << my_pk << noise; sign = crypt.signMessage(ba, sign_sk); ba << sign; @@ -122,7 +127,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { PIByteArray ph; passwordRequest(&ps); if (ps.isEmpty()) return disconnect(ba, "Canceled by user"); - ph = crypt.passwordHash(ps, PIByteArray::fromHex("AABBCCDD")); + ph = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth")); ps.fill(0); tba.clear(); tba << ph << auth_sign << sign_pk; @@ -148,15 +153,15 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key"); ba.clear(); state = Connected; - connected(); - ba << (int)state << crypt.generateRandomBuff(randomi()%256); + connected(PIString()); + ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); return state; } if (state == Connected && rstate == Connected) { ba.clear(); state = Connected; - connected(); - ba << (int)state << crypt.generateRandomBuff(randomi()%256); + connected(PIString()); + ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); return state; } } @@ -192,7 +197,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { ba.clear(); tba.clear(); state = PassRequest; - noise = crypt.generateRandomBuff(randomi()%256); + noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); tba << sign_pk << noise << box_pk; tba = crypt.crypt(tba, box_pk, box_sk); ba << (int)state << tba; @@ -214,10 +219,11 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { ctba.clear(); tba >> ctba >> mpk >> rsign_pk; if (rsign_pk != auth_sign || mpk != sign_pk) return disconnect(ba, "Invalid public key"); - bool auth = false; - passwordCheck(ctba, &auth); + bool auth = (ctba == pass_hash); + if (ctba.isEmpty() || pass_hash.isEmpty()) auth = false; + passwordCheck(auth); if (!auth) { - piSleep(1); +// piSleep(1); return disconnect(ba, "Invalid password"); } state = KeyExchange; @@ -226,9 +232,14 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { } if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) { ba.clear(); + PIByteArray rinfo; + ba >> rinfo; + bool ok = false; + rinfo = crypt.decrypt(rinfo, secret_key, &ok); + if (!ok) return disconnect(ba, "Error while exchange keys"); state = Connected; - connected(); - ba << (int)state << crypt.generateRandomBuff(randomi()%256); + connected(rinfo); + ba << (int)state << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); return state; } } @@ -259,7 +270,7 @@ PIAuth::State PIAuth::disconnect(PIByteArray & ba, const PIString & error) { secret_key.clear(); ba.clear(); state = NotConnected; - disconnected(); + disconnected(error); return state; } @@ -275,7 +286,7 @@ bool PIAuth::isAuthorizedKey(const PIByteArray & pkey) { PIByteArray PIAuth::createSKMessage() { secret_key = crypt.generateKey(); PIByteArray tba; - PIByteArray noise = crypt.generateRandomBuff(randomi()%256); + PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE); tba << secret_key << noise; tba = crypt.crypt(tba, box_pk, box_sk); PIByteArray ret; diff --git a/src_main/crypt/piauth.h b/src_main/crypt/piauth.h index 94dadbbb..eec4ede4 100644 --- a/src_main/crypt/piauth.h +++ b/src_main/crypt/piauth.h @@ -38,7 +38,10 @@ public: PIAuth(const PIByteArray & sign); //! Set server info data for client authorize event - void setInfoData(const PIByteArray & info) {server_info = info;} + void setInfoData(const PIByteArray & info) {custom_info = info;} + + //! Set server password for check + void setServerPassword(const PIString & ps); //! Set list of trusted clients/servers public digital sign keys void setAuthorizedPublicKeys(const PIVector & pkeys) {auth_pkeys = pkeys;} @@ -70,10 +73,10 @@ public: //! Disconneted event - EVENT(disconnected) + EVENT1(disconnected, PIString, reason) //! Conneted event - EVENT(connected) + EVENT1(connected, PIString, info) //! Client event for authorize new server EVENT2(authorize, PIByteArray, info, bool *, ok) @@ -81,8 +84,8 @@ public: //! Client event for input server password EVENT1(passwordRequest, PIString *, pass) - //! Server event for check client password - EVENT2(passwordCheck, PIByteArray, phash, bool *, ok) + //! Server event on check client password + EVENT1(passwordCheck, bool, result) //EVENT_HANDLER1(void, received, PIByteArray, data); @@ -95,13 +98,14 @@ private: Role role; State state; - PIByteArray server_info; + PIByteArray custom_info; PICrypt crypt; PIByteArray sign_sk, sign_pk; PIByteArray auth_sign; PIByteArray box_sk, box_pk; PIByteArray my_pk; PIByteArray secret_key; + PIByteArray pass_hash; PIVector auth_pkeys; };