diff --git a/main.cpp b/main.cpp index 28f999b1..5b82da8c 100644 --- a/main.cpp +++ b/main.cpp @@ -21,6 +21,12 @@ public: *password = "secret"; piCout << "[userEnterPassword]" << *password; } + EVENT_HANDLER(void, clientConnect) { + piCout << "clientConnect OK!"; + } + EVENT_HANDLER(void, serverConnect) { + piCout << "serverConnect OK!"; + } }; @@ -60,10 +66,13 @@ int main(int argc, char *argv[]) { server.setInfoData(msg.toUTF8()); PIAuth client(PIAuth::generateSign(pkey2)); client.setAuthorizedPublicKeys(PIVector() << server.getSignPublicKey()); +// server.setAuthorizedPublicKeys(PIVector() << client.getSignPublicKey()); Obj o; CONNECTU(&client, authorize, &o, authorizeServer); CONNECTU(&client, passwordRequest, &o, userEnterPassword); CONNECTU(&server, passwordCheck, &o, passwordCheck); + CONNECTU(&client, connected, &o, clientConnect); + CONNECTU(&server, connected, &o, serverConnect); client.startClient(); ba = server.startServer(); int st = PIAuth::AuthProbe; @@ -85,6 +94,14 @@ int main(int argc, char *argv[]) { // rsign = crypt.signMessage(ba, sign2); // ba << rsign; // } + st = client.receive(ba); + piCout << "client" << st << ba.toHex() << ba.size(); + st = server.receive(ba); + piCout << "server" << st << ba.toHex() << ba.size(); + st = client.receive(ba); + piCout << "client" << st << ba.toHex() << ba.size(); + st = server.receive(ba); + piCout << "server" << st << ba.toHex() << ba.size(); st = client.receive(ba); piCout << "client" << st << ba.toHex() << ba.size(); st = server.receive(ba); diff --git a/src_crypt/piauth.cpp b/src_crypt/piauth.cpp index 9db6cec3..8fe0494a 100644 --- a/src_crypt/piauth.cpp +++ b/src_crypt/piauth.cpp @@ -52,7 +52,7 @@ PIByteArray PIAuth::startServer() { PIByteArray ba; crypt.generateKeypair(my_pk, box_sk); PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128); - ba << (int)state << info << sign_pk << my_pk << noise; + ba << (int)state << server_info << sign_pk << my_pk << noise; PIByteArray sign = crypt.signMessage(ba, sign_sk); ba << sign; return ba; @@ -134,8 +134,30 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { ba << rsign; return state; } - if (state == AuthReply && rstate == KeyExchange) { - + if ((state == AuthReply && rstate == KeyExchange) || (state == PassRequest && rstate == KeyExchange)) { + PIByteArray tba, ctba; + PIByteArray rsign; + ba >> ctba >> rsign; + bool ok = false; + tba = crypt.decrypt(ctba, box_pk, box_sk, &ok); + if (tba.isEmpty() || !ok) return disconnect(ba, "Message corrupted"); + ba.clear(); + ba << (int)rstate << ctba; + if (!crypt.verifySign(ba, rsign, auth_sign)) return disconnect(ba, "Incorrect sign"); + tba >> secret_key; + if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key"); + ba.clear(); + state = Connected; + connected(); + ba << (int)state << crypt.generateRandomBuff(randomi()%256); + return state; + } + if (state == Connected && rstate == Connected) { + ba.clear(); + state = Connected; + connected(); + ba << (int)state << crypt.generateRandomBuff(randomi()%256); + return state; } } @@ -202,6 +224,13 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) { ba = createSKMessage(); return state; } + if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) { + ba.clear(); + state = Connected; + connected(); + ba << (int)state << crypt.generateRandomBuff(randomi()%256); + return state; + } } return disconnect(ba, "invalid state " + PIString::fromNumber((int)state)); @@ -247,7 +276,7 @@ PIByteArray PIAuth::createSKMessage() { secret_key = crypt.generateKey(); PIByteArray tba; PIByteArray noise = crypt.generateRandomBuff(randomi()%256); - tba << secret_key << noise << box_pk; + tba << secret_key << noise; tba = crypt.crypt(tba, box_pk, box_sk); PIByteArray ret; ret << (int)state << tba; diff --git a/src_main/crypt/piauth.h b/src_main/crypt/piauth.h index 87960419..e6c2c06f 100644 --- a/src_main/crypt/piauth.h +++ b/src_main/crypt/piauth.h @@ -34,27 +34,54 @@ public: enum Role {Client, Server}; enum State {NotConnected, AuthProbe, PassRequest, AuthReply, KeyExchange, Connected}; + //! Create PIAuth with your digital sign PIAuth(const PIByteArray & sign); - void setInfoData(const PIByteArray & info_) {info = info_;} + //! Set server info data for client authorize event + void setInfoData(const PIByteArray & info) {server_info = info;} + + //! Set list of trusted clients/servers public digital sign keys void setAuthorizedPublicKeys(const PIVector & pkeys) {auth_pkeys = pkeys;} + + //! Get list of trusted clients/servers public digital sign keys PIVector getAuthorizedPublicKeys() {return auth_pkeys;} + + //! Get your digital sign public key PIByteArray getSignPublicKey() {return sign_pk;} + //! Stop authorization void stop(); + + //! Start authorization as client void startClient(); + + //! Start authorization as server, return first server message for client PIByteArray startServer(); + + //! Process reseived message both for client and server, return current state and new message writed in "ba" State receive(PIByteArray & ba); + + //! Get session secret key, return key only when Connected state PIByteArray getSecretKey(); - + //! Generate digital sign from seed static PIByteArray generateSign(const PIByteArray & seed); + + //! Disconneted event EVENT(disconnected) + + //! Conneted event EVENT(connected) - EVENT2(authorize, PIByteArray, data, bool *, ok) + + //! Client event for authorize new server + EVENT2(authorize, PIByteArray, info, bool *, ok) + + //! Client event for input server password EVENT1(passwordRequest, PIString *, pass) + + //! Server event for check client password EVENT2(passwordCheck, PIByteArray, phash, bool *, ok) @@ -68,7 +95,7 @@ private: Role role; State state; - PIByteArray info; + PIByteArray server_info; PICrypt crypt; PIByteArray sign_sk, sign_pk; PIByteArray auth_sign;