git-svn-id: svn://db.shs.com.ru/pip@922 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5
This commit is contained in:
@@ -18,7 +18,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "piauth.h"
|
#include "piauth.h"
|
||||||
|
#define PIAUTH_NOISE_MAX_SIZE 256
|
||||||
|
|
||||||
PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
|
PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
|
||||||
setName("Client");
|
setName("Client");
|
||||||
@@ -29,6 +29,11 @@ PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void PIAuth::setServerPassword(const PIString & ps) {
|
||||||
|
pass_hash = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void PIAuth::stop() {
|
void PIAuth::stop() {
|
||||||
role = Client;
|
role = Client;
|
||||||
state = NotConnected;
|
state = NotConnected;
|
||||||
@@ -51,8 +56,8 @@ PIByteArray PIAuth::startServer() {
|
|||||||
state = AuthProbe;
|
state = AuthProbe;
|
||||||
PIByteArray ba;
|
PIByteArray ba;
|
||||||
crypt.generateKeypair(my_pk, box_sk);
|
crypt.generateKeypair(my_pk, box_sk);
|
||||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128);
|
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE+128);
|
||||||
ba << (int)state << server_info << sign_pk << my_pk << noise;
|
ba << (int)state << custom_info << sign_pk << my_pk << noise;
|
||||||
PIByteArray sign = crypt.signMessage(ba, sign_sk);
|
PIByteArray sign = crypt.signMessage(ba, sign_sk);
|
||||||
ba << sign;
|
ba << sign;
|
||||||
return ba;
|
return ba;
|
||||||
@@ -98,7 +103,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
tba << sign;
|
tba << sign;
|
||||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||||
state = AuthReply;
|
state = AuthReply;
|
||||||
noise = crypt.generateRandomBuff(randomi()%256);
|
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
ba << (int)state << tba << my_pk << noise;
|
ba << (int)state << tba << my_pk << noise;
|
||||||
sign = crypt.signMessage(ba, sign_sk);
|
sign = crypt.signMessage(ba, sign_sk);
|
||||||
ba << sign;
|
ba << sign;
|
||||||
@@ -122,7 +127,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
PIByteArray ph;
|
PIByteArray ph;
|
||||||
passwordRequest(&ps);
|
passwordRequest(&ps);
|
||||||
if (ps.isEmpty()) return disconnect(ba, "Canceled by user");
|
if (ps.isEmpty()) return disconnect(ba, "Canceled by user");
|
||||||
ph = crypt.passwordHash(ps, PIByteArray::fromHex("AABBCCDD"));
|
ph = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
|
||||||
ps.fill(0);
|
ps.fill(0);
|
||||||
tba.clear();
|
tba.clear();
|
||||||
tba << ph << auth_sign << sign_pk;
|
tba << ph << auth_sign << sign_pk;
|
||||||
@@ -148,15 +153,15 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key");
|
if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key");
|
||||||
ba.clear();
|
ba.clear();
|
||||||
state = Connected;
|
state = Connected;
|
||||||
connected();
|
connected(PIString());
|
||||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
if (state == Connected && rstate == Connected) {
|
if (state == Connected && rstate == Connected) {
|
||||||
ba.clear();
|
ba.clear();
|
||||||
state = Connected;
|
state = Connected;
|
||||||
connected();
|
connected(PIString());
|
||||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -192,7 +197,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
ba.clear();
|
ba.clear();
|
||||||
tba.clear();
|
tba.clear();
|
||||||
state = PassRequest;
|
state = PassRequest;
|
||||||
noise = crypt.generateRandomBuff(randomi()%256);
|
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
tba << sign_pk << noise << box_pk;
|
tba << sign_pk << noise << box_pk;
|
||||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||||
ba << (int)state << tba;
|
ba << (int)state << tba;
|
||||||
@@ -214,10 +219,11 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
ctba.clear();
|
ctba.clear();
|
||||||
tba >> ctba >> mpk >> rsign_pk;
|
tba >> ctba >> mpk >> rsign_pk;
|
||||||
if (rsign_pk != auth_sign || mpk != sign_pk) return disconnect(ba, "Invalid public key");
|
if (rsign_pk != auth_sign || mpk != sign_pk) return disconnect(ba, "Invalid public key");
|
||||||
bool auth = false;
|
bool auth = (ctba == pass_hash);
|
||||||
passwordCheck(ctba, &auth);
|
if (ctba.isEmpty() || pass_hash.isEmpty()) auth = false;
|
||||||
|
passwordCheck(auth);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
piSleep(1);
|
// piSleep(1);
|
||||||
return disconnect(ba, "Invalid password");
|
return disconnect(ba, "Invalid password");
|
||||||
}
|
}
|
||||||
state = KeyExchange;
|
state = KeyExchange;
|
||||||
@@ -226,9 +232,14 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
|
|||||||
}
|
}
|
||||||
if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) {
|
if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) {
|
||||||
ba.clear();
|
ba.clear();
|
||||||
|
PIByteArray rinfo;
|
||||||
|
ba >> rinfo;
|
||||||
|
bool ok = false;
|
||||||
|
rinfo = crypt.decrypt(rinfo, secret_key, &ok);
|
||||||
|
if (!ok) return disconnect(ba, "Error while exchange keys");
|
||||||
state = Connected;
|
state = Connected;
|
||||||
connected();
|
connected(rinfo);
|
||||||
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
|
ba << (int)state << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -259,7 +270,7 @@ PIAuth::State PIAuth::disconnect(PIByteArray & ba, const PIString & error) {
|
|||||||
secret_key.clear();
|
secret_key.clear();
|
||||||
ba.clear();
|
ba.clear();
|
||||||
state = NotConnected;
|
state = NotConnected;
|
||||||
disconnected();
|
disconnected(error);
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -275,7 +286,7 @@ bool PIAuth::isAuthorizedKey(const PIByteArray & pkey) {
|
|||||||
PIByteArray PIAuth::createSKMessage() {
|
PIByteArray PIAuth::createSKMessage() {
|
||||||
secret_key = crypt.generateKey();
|
secret_key = crypt.generateKey();
|
||||||
PIByteArray tba;
|
PIByteArray tba;
|
||||||
PIByteArray noise = crypt.generateRandomBuff(randomi()%256);
|
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
|
||||||
tba << secret_key << noise;
|
tba << secret_key << noise;
|
||||||
tba = crypt.crypt(tba, box_pk, box_sk);
|
tba = crypt.crypt(tba, box_pk, box_sk);
|
||||||
PIByteArray ret;
|
PIByteArray ret;
|
||||||
|
|||||||
@@ -38,7 +38,10 @@ public:
|
|||||||
PIAuth(const PIByteArray & sign);
|
PIAuth(const PIByteArray & sign);
|
||||||
|
|
||||||
//! Set server info data for client authorize event
|
//! Set server info data for client authorize event
|
||||||
void setInfoData(const PIByteArray & info) {server_info = info;}
|
void setInfoData(const PIByteArray & info) {custom_info = info;}
|
||||||
|
|
||||||
|
//! Set server password for check
|
||||||
|
void setServerPassword(const PIString & ps);
|
||||||
|
|
||||||
//! Set list of trusted clients/servers public digital sign keys
|
//! Set list of trusted clients/servers public digital sign keys
|
||||||
void setAuthorizedPublicKeys(const PIVector<PIByteArray> & pkeys) {auth_pkeys = pkeys;}
|
void setAuthorizedPublicKeys(const PIVector<PIByteArray> & pkeys) {auth_pkeys = pkeys;}
|
||||||
@@ -70,10 +73,10 @@ public:
|
|||||||
|
|
||||||
|
|
||||||
//! Disconneted event
|
//! Disconneted event
|
||||||
EVENT(disconnected)
|
EVENT1(disconnected, PIString, reason)
|
||||||
|
|
||||||
//! Conneted event
|
//! Conneted event
|
||||||
EVENT(connected)
|
EVENT1(connected, PIString, info)
|
||||||
|
|
||||||
//! Client event for authorize new server
|
//! Client event for authorize new server
|
||||||
EVENT2(authorize, PIByteArray, info, bool *, ok)
|
EVENT2(authorize, PIByteArray, info, bool *, ok)
|
||||||
@@ -81,8 +84,8 @@ public:
|
|||||||
//! Client event for input server password
|
//! Client event for input server password
|
||||||
EVENT1(passwordRequest, PIString *, pass)
|
EVENT1(passwordRequest, PIString *, pass)
|
||||||
|
|
||||||
//! Server event for check client password
|
//! Server event on check client password
|
||||||
EVENT2(passwordCheck, PIByteArray, phash, bool *, ok)
|
EVENT1(passwordCheck, bool, result)
|
||||||
|
|
||||||
|
|
||||||
//EVENT_HANDLER1(void, received, PIByteArray, data);
|
//EVENT_HANDLER1(void, received, PIByteArray, data);
|
||||||
@@ -95,13 +98,14 @@ private:
|
|||||||
|
|
||||||
Role role;
|
Role role;
|
||||||
State state;
|
State state;
|
||||||
PIByteArray server_info;
|
PIByteArray custom_info;
|
||||||
PICrypt crypt;
|
PICrypt crypt;
|
||||||
PIByteArray sign_sk, sign_pk;
|
PIByteArray sign_sk, sign_pk;
|
||||||
PIByteArray auth_sign;
|
PIByteArray auth_sign;
|
||||||
PIByteArray box_sk, box_pk;
|
PIByteArray box_sk, box_pk;
|
||||||
PIByteArray my_pk;
|
PIByteArray my_pk;
|
||||||
PIByteArray secret_key;
|
PIByteArray secret_key;
|
||||||
|
PIByteArray pass_hash;
|
||||||
PIVector<PIByteArray> auth_pkeys;
|
PIVector<PIByteArray> auth_pkeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user