git-svn-id: svn://db.shs.com.ru/pip@608 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5

main.cpp

@@ -21,6 +21,12 @@ public:
 		*password = "secret";
 		piCout << "[userEnterPassword]" << *password;
 	}
+	EVENT_HANDLER(void, clientConnect) {
+		piCout << "clientConnect OK!";
+	}
+	EVENT_HANDLER(void, serverConnect) {
+		piCout << "serverConnect OK!";
+	}
 };
 
 
@@ -60,10 +66,13 @@ int main(int argc, char *argv[]) {
 	server.setInfoData(msg.toUTF8());
 	PIAuth client(PIAuth::generateSign(pkey2));
 	client.setAuthorizedPublicKeys(PIVector<PIByteArray>() << server.getSignPublicKey());
+//	server.setAuthorizedPublicKeys(PIVector<PIByteArray>() << client.getSignPublicKey());
 	Obj o;
 	CONNECTU(&client, authorize, &o, authorizeServer);
 	CONNECTU(&client, passwordRequest, &o, userEnterPassword);
 	CONNECTU(&server, passwordCheck, &o, passwordCheck);
+	CONNECTU(&client, connected, &o, clientConnect);
+	CONNECTU(&server, connected, &o, serverConnect);
 	client.startClient();
 	ba = server.startServer();
 	int st = PIAuth::AuthProbe;
@@ -85,6 +94,14 @@ int main(int argc, char *argv[]) {
 //			rsign = crypt.signMessage(ba, sign2);
 //			ba << rsign;
 //		}
+	st = client.receive(ba);
+	piCout << "client" << st << ba.toHex() << ba.size();
+	st = server.receive(ba);
+	piCout << "server" << st << ba.toHex() << ba.size();
+	st = client.receive(ba);
+	piCout << "client" << st << ba.toHex() << ba.size();
+	st = server.receive(ba);
+	piCout << "server" << st << ba.toHex() << ba.size();
 	st = client.receive(ba);
 	piCout << "client" << st << ba.toHex() << ba.size();
 	st = server.receive(ba);

src_crypt/piauth.cpp

@@ -52,7 +52,7 @@ PIByteArray PIAuth::startServer() {
 	PIByteArray ba;
 	crypt.generateKeypair(my_pk, box_sk);
 	PIByteArray noise = crypt.generateRandomBuff(randomi()%256+128);
-	ba << (int)state << info << sign_pk << my_pk << noise;
+	ba << (int)state << server_info << sign_pk << my_pk << noise;
 	PIByteArray sign = crypt.signMessage(ba, sign_sk);
 	ba << sign;
 	return ba;
@@ -134,8 +134,30 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
 			ba << rsign;
 			return state;
 		}
-		if (state == AuthReply && rstate == KeyExchange) {
-
+		if ((state == AuthReply && rstate == KeyExchange) || (state == PassRequest && rstate == KeyExchange)) {
+			PIByteArray tba, ctba;
+			PIByteArray rsign;
+			ba >> ctba >> rsign;
+			bool ok = false;
+			tba = crypt.decrypt(ctba, box_pk, box_sk, &ok);
+			if (tba.isEmpty() || !ok) return disconnect(ba, "Message corrupted");
+			ba.clear();
+			ba << (int)rstate << ctba;
+			if (!crypt.verifySign(ba, rsign, auth_sign)) return disconnect(ba, "Incorrect sign");
+			tba >> secret_key;
+			if (secret_key.size() != crypt.sizeKey()) return disconnect(ba, "Invalid key");
+			ba.clear();
+			state = Connected;
+			connected();
+			ba << (int)state << crypt.generateRandomBuff(randomi()%256);
+			return state;
+		}
+		if (state == Connected && rstate == Connected) {
+			ba.clear();
+			state = Connected;
+			connected();
+			ba << (int)state << crypt.generateRandomBuff(randomi()%256);
+			return state;
 		}
 	}
 
@@ -202,6 +224,13 @@ PIAuth::State PIAuth::receive(PIByteArray & ba) {
 			ba = createSKMessage();
 			return state;
 		}
+		if ((state == KeyExchange && rstate == Connected) || (state == Connected && rstate == Connected)) {
+			ba.clear();
+			state = Connected;
+			connected();
+			ba << (int)state << crypt.generateRandomBuff(randomi()%256);
+			return state;
+		}
 	}
 
 	return disconnect(ba, "invalid state " + PIString::fromNumber((int)state));
@@ -247,7 +276,7 @@ PIByteArray PIAuth::createSKMessage() {
 	secret_key = crypt.generateKey();
 	PIByteArray tba;
 	PIByteArray noise = crypt.generateRandomBuff(randomi()%256);
-	tba << secret_key << noise << box_pk;
+	tba << secret_key << noise;
 	tba = crypt.crypt(tba, box_pk, box_sk);
 	PIByteArray ret;
 	ret << (int)state << tba;

src_main/crypt/piauth.h

@@ -34,27 +34,54 @@ public:
 	enum Role {Client, Server};
 	enum State {NotConnected, AuthProbe, PassRequest, AuthReply, KeyExchange, Connected};
 
+	//! Create PIAuth with your digital sign
 	PIAuth(const PIByteArray & sign);
 
-	void setInfoData(const PIByteArray & info_) {info = info_;}
+	//! Set server info data for client authorize event
+	void setInfoData(const PIByteArray & info) {server_info = info;}
+
+	//! Set list of trusted clients/servers public digital sign keys
 	void setAuthorizedPublicKeys(const PIVector<PIByteArray> & pkeys) {auth_pkeys = pkeys;}
+
+	//! Get list of trusted clients/servers public digital sign keys
 	PIVector<PIByteArray> getAuthorizedPublicKeys() {return auth_pkeys;}
+
+	//! Get your digital sign public key
 	PIByteArray getSignPublicKey() {return sign_pk;}
 
 
+	//! Stop authorization
 	void stop();
+
+	//! Start authorization as client
 	void startClient();
+
+	//! Start authorization as server, return first server message for client
 	PIByteArray startServer();
+
+	//! Process reseived message both for client and server, return current state and new message writed in "ba"
 	State receive(PIByteArray & ba);
+
+	//! Get session secret key, return key only when Connected state
 	PIByteArray getSecretKey();
 
-
+	//! Generate digital sign from seed
 	static PIByteArray generateSign(const PIByteArray & seed);
 
+
+	//! Disconneted event
 	EVENT(disconnected)
+
+	//! Conneted event
 	EVENT(connected)
-	EVENT2(authorize, PIByteArray, data, bool *, ok)
+
+	//! Client event for authorize new server
+	EVENT2(authorize, PIByteArray, info, bool *, ok)
+
+	//! Client event for input server password
 	EVENT1(passwordRequest, PIString *, pass)
+
+	//! Server event for check client password
 	EVENT2(passwordCheck, PIByteArray, phash, bool *, ok)
 
 
@@ -68,7 +95,7 @@ private:
 
 	Role role;
 	State state;
-	PIByteArray info;
+	PIByteArray server_info;
 	PICrypt crypt;
 	PIByteArray sign_sk, sign_pk;
 	PIByteArray auth_sign;