SHS/pip
4
3
Fork 0
Code Issues 67 Pull Requests 1 Actions Releases Wiki Activity

git-svn-id: svn://db.shs.com.ru/pip@922 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5

Browse Source
This commit is contained in:
Бычков Андрей
2020-03-06 20:27:01 +00:00
parent 6e4a7ed1ff
commit 69bb6e1845
2 changed files with 38 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src_crypt/piauth.cpp
View File

@@ -18,7 +18,7 @@
*/
#include "piauth.h"
#define PIAUTH_NOISE_MAX_SIZE 256
PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
setName("Client");
@@ -29,6 +29,11 @@ PIAuth::PIAuth(const PIByteArray & sign) : PIObject() {
}
void PIAuth::setServerPassword(const PIString & ps) {
pass_hash = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
}
void PIAuth::stop() {
role = Client;
state = NotConnected;
@@ -51,8 +56,8 @@ PIByteArray PIAuth::startServer() {
state = AuthProbe;
PIByteArray ba;
crypt.generateKeypair(my_pk, box_sk);
PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128);
ba << (int)state << server_info << sign_pk << my_pk << noise;
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE+128);
ba << (int)state << custom_info << sign_pk << my_pk << noise;
PIByteArray sign = crypt.signMessage(ba, sign_sk);
ba << sign;
return ba;
@@ -98,7 +103,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
tba << sign;
tba = crypt.crypt(tba, box_pk, box_sk);
state = AuthReply;
noise = crypt.generateRandomBuff(randomi()%256);
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
ba << (int)state << tba << my_pk << noise;
sign = crypt.signMessage(ba, sign_sk);
ba << sign;
@@ -122,7 +127,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
PIByteArray ph;
passwordRequest(&ps);
if (ps.isEmpty()) return disconnect(ba, "Canceled by user");
ph = crypt.passwordHash(ps, PIByteArray::fromHex("AABBCCDD"));
ph = crypt.passwordHash(ps, PIByteArray::fromHex("PIAuth"));
ps.fill(0);
tba.clear();
tba << ph << auth_sign << sign_pk;
@@ -148,15 +153,15 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key");
ba.clear();
state = Connected;
connected();
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
connected(PIString());
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
return state;
}
if (state == Connected && rstate == Connected) {
ba.clear();
state = Connected;
connected();
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
connected(PIString());
ba << (int)state << crypt.crypt(custom_info, secret_key) << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
return state;
}
}
@@ -192,7 +197,7 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
ba.clear();
tba.clear();
state = PassRequest;
noise = crypt.generateRandomBuff(randomi()%256);
noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
tba << sign_pk << noise << box_pk;
tba = crypt.crypt(tba, box_pk, box_sk);
ba << (int)state << tba;
@@ -214,10 +219,11 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
ctba.clear();
tba >> ctba >> mpk >> rsign_pk;
if (rsign_pk != auth_sign || mpk != sign_pk) return disconnect(ba, "Invalid public key");
bool auth = false;
passwordCheck(ctba, &auth);
bool auth = (ctba == pass_hash);
if (ctba.isEmpty() || pass_hash.isEmpty()) auth = false;
passwordCheck(auth);
if (!auth) {
piSleep(1);
// piSleep(1);
return disconnect(ba, "Invalid password");
}
state = KeyExchange;
@@ -226,9 +232,14 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
}
if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) {
ba.clear();
PIByteArray rinfo;
ba >> rinfo;
bool ok = false;
rinfo = crypt.decrypt(rinfo, secret_key, &ok);
if (!ok) return disconnect(ba, "Error while exchange keys");
state = Connected;
connected();
ba << (int)state << crypt.generateRandomBuff(randomi()%256);
connected(rinfo);
ba << (int)state << crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
return state;
}
}
@@ -259,7 +270,7 @@ PIAuth::State PIAuth::disconnect(PIByteArray & ba, const PIString & error) {
secret_key.clear();
ba.clear();
state = NotConnected;
disconnected();
disconnected(error);
return state;
}
@@ -275,7 +286,7 @@ bool PIAuth::isAuthorizedKey(const PIByteArray & pkey) {
PIByteArray PIAuth::createSKMessage() {
secret_key = crypt.generateKey();
PIByteArray tba;
PIByteArray noise = crypt.generateRandomBuff(randomi()%256);
PIByteArray noise = crypt.generateRandomBuff(randomi()%PIAUTH_NOISE_MAX_SIZE);
tba << secret_key << noise;
tba = crypt.crypt(tba, box_pk, box_sk);
PIByteArray ret;

16
src_main/crypt/piauth.h
View File

@@ -38,7 +38,10 @@ public:
PIAuth(const PIByteArray & sign);
//! Set server info data for client authorize event
void setInfoData(const PIByteArray & info) {server_info = info;}
void setInfoData(const PIByteArray & info) {custom_info = info;}
//! Set server password for check
void setServerPassword(const PIString & ps);
//! Set list of trusted clients/servers public digital sign keys
void setAuthorizedPublicKeys(const PIVector<PIByteArray> & pkeys) {auth_pkeys = pkeys;}
@@ -70,10 +73,10 @@ public:
//! Disconneted event
EVENT(disconnected)
EVENT1(disconnected, PIString, reason)
//! Conneted event
EVENT(connected)
EVENT1(connected, PIString, info)
//! Client event for authorize new server
EVENT2(authorize, PIByteArray, info, bool *, ok)
@@ -81,8 +84,8 @@ public:
//! Client event for input server password
EVENT1(passwordRequest, PIString *, pass)
//! Server event for check client password
EVENT2(passwordCheck, PIByteArray, phash, bool *, ok)
//! Server event on check client password
EVENT1(passwordCheck, bool, result)
//EVENT_HANDLER1(void, received, PIByteArray, data);
@@ -95,13 +98,14 @@ private:
Role role;
State state;
PIByteArray server_info;
PIByteArray custom_info;
PICrypt crypt;
PIByteArray sign_sk, sign_pk;
PIByteArray auth_sign;
PIByteArray box_sk, box_pk;
PIByteArray my_pk;
PIByteArray secret_key;
PIByteArray pass_hash;
PIVector<PIByteArray> auth_pkeys;
};