git-svn-id: svn://db.shs.com.ru/pip@922 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5
This commit is contained in:
@@ -18,7 +18,7 @@
|
||||
*/
|
||||
|
||||
#include "piauth.h"
|
||||
|
||||
#define PIAUTH_NOISE_MAX_SIZE 256
|
||||
|
||||
PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
|
||||
setName("Client");
|
||||
@@ -29,6 +29,11 @@ PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
|
||||
}
|
||||
|
||||
|
||||
void PIAuth::setServerPassword(const PIString & ps) {
|
||||
pass_hash = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
|
||||
}
|
||||
|
||||
|
||||
void PIAuth::stop() {
|
||||
role = Client;
|
||||
state = NotConnected;
|
||||
@@ -51,8 +56,8 @@ PIByteArray PIAuth::startServer() {
|
||||
state = AuthProbe;
|
||||
PIByteArray ba;
|
||||
crypt.generateKeypair(my_pk, box_sk);
|
||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128);
|
||||
ba << (int)state << server_info << sign_pk << my_pk << noise;
|
||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE+128);
|
||||
ba << (int)state << custom_info << sign_pk << my_pk << noise;
|
||||
PIByteArray sign = crypt.signMessage(ba, sign_sk);
|
||||
ba << sign;
|
||||
return ba;
|
||||
@@ -98,7 +103,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
tba << sign;
|
||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||
state = AuthReply;
|
||||
noise = crypt.generateRandomBuff(randomi()%256);
|
||||
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
ba << (int)state << tba << my_pk << noise;
|
||||
sign = crypt.signMessage(ba, sign_sk);
|
||||
ba << sign;
|
||||
@@ -122,7 +127,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
PIByteArray ph;
|
||||
passwordRequest(&ps);
|
||||
if (ps.isEmpty()) return disconnect(ba, "Canceled by user");
|
||||
ph = crypt.passwordHash(ps, PIByteArray::fromHex("AABBCCDD"));
|
||||
ph = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
|
||||
ps.fill(0);
|
||||
tba.clear();
|
||||
tba << ph << auth_sign << sign_pk;
|
||||
@@ -148,15 +153,15 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key");
|
||||
ba.clear();
|
||||
state = Connected;
|
||||
connected();
|
||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
||||
connected(PIString());
|
||||
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
return state;
|
||||
}
|
||||
if (state == Connected && rstate == Connected) {
|
||||
ba.clear();
|
||||
state = Connected;
|
||||
connected();
|
||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
||||
connected(PIString());
|
||||
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
return state;
|
||||
}
|
||||
}
|
||||
@@ -192,7 +197,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
ba.clear();
|
||||
tba.clear();
|
||||
state = PassRequest;
|
||||
noise = crypt.generateRandomBuff(randomi()%256);
|
||||
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
tba << sign_pk << noise << box_pk;
|
||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||
ba << (int)state << tba;
|
||||
@@ -214,10 +219,11 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
ctba.clear();
|
||||
tba >> ctba >> mpk >> rsign_pk;
|
||||
if (rsign_pk != auth_sign || mpk != sign_pk) return disconnect(ba, "Invalid public key");
|
||||
bool auth = false;
|
||||
passwordCheck(ctba, &auth);
|
||||
bool auth = (ctba == pass_hash);
|
||||
if (ctba.isEmpty() || pass_hash.isEmpty()) auth = false;
|
||||
passwordCheck(auth);
|
||||
if (!auth) {
|
||||
piSleep(1);
|
||||
// piSleep(1);
|
||||
return disconnect(ba, "Invalid password");
|
||||
}
|
||||
state = KeyExchange;
|
||||
@@ -226,9 +232,14 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
||||
}
|
||||
if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) {
|
||||
ba.clear();
|
||||
PIByteArray rinfo;
|
||||
ba >> rinfo;
|
||||
bool ok = false;
|
||||
rinfo = crypt.decrypt(rinfo, secret_key, &ok);
|
||||
if (!ok) return disconnect(ba, "Error while exchange keys");
|
||||
state = Connected;
|
||||
connected();
|
||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
||||
connected(rinfo);
|
||||
ba << (int)state << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
return state;
|
||||
}
|
||||
}
|
||||
@@ -259,7 +270,7 @@ PIAuth::State PIAuth::disconnect(PIByteArray & ba, const PIString & error) {
|
||||
secret_key.clear();
|
||||
ba.clear();
|
||||
state = NotConnected;
|
||||
disconnected();
|
||||
disconnected(error);
|
||||
return state;
|
||||
}
|
||||
|
||||
@@ -275,7 +286,7 @@ bool PIAuth::isAuthorizedKey(const PIByteArray & pkey) {
|
||||
PIByteArray PIAuth::createSKMessage() {
|
||||
secret_key = crypt.generateKey();
|
||||
PIByteArray tba;
|
||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%256);
|
||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||
tba << secret_key << noise;
|
||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||
PIByteArray ret;
|
||||
|
||||
Reference in New Issue
Block a user