forked from Novators/libsqrl
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSqrlServer.cpp
More file actions
184 lines (167 loc) · 5.64 KB
/
SqrlServer.cpp
File metadata and controls
184 lines (167 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
/** \file SqrlServer.cpp
*
* \author Adam Comley
*
* This file is part of libsqrl. It is released under the MIT license.
* For more details, see the LICENSE file included with this package.
**/
#include "sqrl_internal.h"
#include "SqrlServer.h"
#include "aes.h"
#include "SqrlUri.h"
#include "SqrlBase64.h"
namespace libsqrl
{
SqrlServer::SqrlServer(
const char *uri,
const char *sfn,
const char *passcode,
size_t passcode_len ) {
SqrlInit();
memset( this, 0, sizeof( class SqrlServer ) );
SqrlString ssuri = SqrlString( uri );
if( sfn ) {
this->sfn = new SqrlString( sfn );
} else {
SqrlUri tmpUri = SqrlUri( &ssuri );
if( tmpUri.isValid() ) {
this->sfn = tmpUri.getSiteKey();
} else {
this->sfn = new SqrlString( "Invalid Server Configuration" );
}
}
if( uri ) {
const char *p, *pp;
p = strstr( uri, SQRL_SERVER_TOKEN_SFN );
if( p ) {
SqrlBase64 b64 = SqrlBase64();
pp = p + strlen( SQRL_SERVER_TOKEN_SFN );
SqrlString str = SqrlString( (uint8_t*)uri, p - uri );
b64.encode( &str, this->sfn, true );
str.append( pp );
this->uri = new SqrlUri( &str );
} else {
this->uri = new SqrlUri( &ssuri );
}
}
if( passcode ) {
crypto_hash_sha256( this->key, (unsigned char*)passcode, passcode_len );
} else {
sqrl_randombytes( this->key, 32 );
}
this->nut_expires = SQRL_DEFAULT_NUT_LIFE * 1000000;
}
SqrlServer::~SqrlServer() {
if( this->uri ) { delete this->uri; }
if( this->sfn ) { delete(this->sfn); }
int i;
for( i = 0; i < CONTEXT_KV_COUNT; i++ ) {
if( this->context_strings[i] )
delete this->context_strings[i];
}
for( i = 0; i < CLIENT_KV_COUNT; i++ ) {
if( this->client_strings[i] )
delete this->client_strings[i];
}
for( i = 0; i < SERVER_KV_COUNT; i++ ) {
if( this->server_strings[i] )
delete this->server_strings[i];
}
if( this->reply ) delete this->reply;
sqrl_memzero( this, sizeof( this ) );
}
bool SqrlServer::createNut( Sqrl_Nut *nut, uint32_t ip ) {
if( !nut ) return false;
Sqrl_Nut pt;
pt.ip = ip;
pt.timestamp = sqrl_get_timestamp();
pt.random = sqrl_random();
aes_context ctx;
if( 0 != aes_setkey( &ctx, ENCRYPT, this->key, 16 ) ) {
return false;
}
if( 0 != aes_cipher( &ctx, (unsigned char*)&pt, (unsigned char*)nut ) ) {
sqrl_memzero( &ctx, sizeof( aes_context ) );
return false;
}
sqrl_memzero( &ctx, sizeof( aes_context ) );
return true;
}
bool SqrlServer::decryptNut( Sqrl_Nut *nut ) {
if( !nut ) return false;
Sqrl_Nut pt;
memset( &pt, 0, sizeof( Sqrl_Nut ) );
aes_context ctx;
if( 0 != aes_setkey( &ctx, DECRYPT, this->key, 16 ) ) {
return false;
}
if( 0 != aes_cipher( &ctx, (unsigned char*)nut, (unsigned char*)&pt ) ) {
sqrl_memzero( &ctx, sizeof( aes_context ) );
return false;
}
sqrl_memzero( &ctx, sizeof( aes_context ) );
memcpy( nut, &pt, sizeof( Sqrl_Nut ) );
return true;
}
void SqrlServer::addMAC( SqrlString *str, char sep ) {
if( !str ) return;
uint8_t mac[crypto_auth_BYTES];
crypto_auth( mac, (unsigned char *)str->data(), str->length(), this->key );
if( sep > 0 ) {
str->push_back( sep );
str->append( "mac=" );
} else {
str->append( "mac=" );
}
SqrlString m = SqrlString( mac, SQRL_SERVER_MAC_LENGTH );
SqrlBase64().encode( str, &m, true );
}
bool SqrlServer::verifyMAC( SqrlString *str ) {
if( !str ) return false;
size_t len = 0;
const char *cstr = str->cstring();
const char *m = strstr( cstr, "&mac=" );
if( m ) {
len = m - cstr;
m += 5;
} else {
m = strstr( cstr, "mac=" );
if( m ) {
len = m - cstr;
m += 4;
}
}
if( m ) {
uint8_t mac[crypto_auth_BYTES];
crypto_auth( mac, (unsigned char *)cstr, len, this->key );
SqrlString *v = SqrlBase64().decode( NULL, &(SqrlString( m )) );
if( v ) {
if( 0 == memcmp( mac, v->data(), SQRL_SERVER_MAC_LENGTH ) ) {
delete v;
return true;
}
delete v;
}
}
return false;
}
SqrlString *SqrlServer::createLink( uint32_t ip ) {
SqrlString *retVal = NULL;
Sqrl_Nut nut;
if( this->createNut( &nut, ip ) ) {
SqrlString challenge = SqrlString();
this->uri->getChallenge( &challenge );
char *p, *pp;
p = strstr( challenge.string(), SQRL_SERVER_TOKEN_NUT );
if( p ) {
retVal = new SqrlString( challenge.string(), p - challenge.string() );
SqrlString nutString( (uint8_t*)&nut, sizeof( Sqrl_Nut ) );
SqrlBase64().encode( retVal, &nutString, true );
pp = p + strlen( SQRL_SERVER_TOKEN_NUT );
retVal->append( pp );
this->addMAC( retVal, '&' );
}
}
return retVal;
}
}