Added session key to ServerConnection
This commit is contained in:
parent
b1ca05759e
commit
60bc501227
@ -32,14 +32,14 @@ Result(ClientCredential*) ClientCredential_create(str username, str password){
|
||||
StringBuilder_append_str(&sb, password);
|
||||
StringBuilder_append_str(&sb, username);
|
||||
Array(u8) password_and_username = str_castTo_Array(StringBuilder_getStr(&sb));
|
||||
cred->aes_key = Array_alloc(u8, password_hash_size);
|
||||
cred->aes_key = Array_alloc(u8, PASSWORD_HASH_SIZE);
|
||||
Defer(
|
||||
if(!success){
|
||||
free(cred->aes_key.data);
|
||||
}
|
||||
);
|
||||
// lvl 1 hash - is used as AES key for user data
|
||||
hash_password(password_and_username, cred->aes_key.data, __passhash_lvl_iter);
|
||||
hash_password(password_and_username, cred->aes_key.data, __PASSWORD_HASH_LVL_ITERATIONS);
|
||||
|
||||
DecryptorAES_construct(&cred->user_data_aes_dec, cred->aes_key);
|
||||
EncryptorAES_construct(&cred->user_data_aes_enc, cred->aes_key);
|
||||
|
||||
@ -6,6 +6,7 @@ void ServerConnection_close(ServerConnection* conn){
|
||||
socket_close(conn->system_socket);
|
||||
socket_close(conn->content_socket);
|
||||
RSA_destroyPublicKey(&conn->server_pk);
|
||||
free(conn->session_key.data);
|
||||
free(conn);
|
||||
}
|
||||
|
||||
@ -51,15 +52,22 @@ Result(ServerConnection*) ServerConnection_open(ClientCredential* client_credent
|
||||
ServerConnection_close(conn);
|
||||
);
|
||||
|
||||
try_void(ServerLink_parse(server_link_cstr, &conn->server_end, &conn->server_pk));
|
||||
|
||||
conn->session_key = Array_alloc_size(__AES_SESSION_KEY_SIZE);
|
||||
br_hmac_drbg_context key_rng = { .vtable = &br_hmac_drbg_vtable };
|
||||
rng_init_sha256_seedFromTime(&key_rng.vtable);
|
||||
br_hmac_drbg_generate(&key_rng, conn->session_key.data, conn->session_key.size);
|
||||
// TODO: add more entropy to the key to prevent easy key cracking when attacker knows the time when connection request was sent to a server
|
||||
|
||||
printf("connecting to server %s\n", server_link_cstr);
|
||||
try(conn->system_socket, i, socket_open_TCP());
|
||||
try_void(socket_connect(conn->system_socket, conn->server_end));
|
||||
|
||||
// send client public key to server
|
||||
// send session key to server
|
||||
// request server info
|
||||
// show server info
|
||||
// save server info to user's db
|
||||
// hash password more times
|
||||
// request log in
|
||||
// if not registered, request registration and then log in
|
||||
|
||||
|
||||
@ -20,7 +20,8 @@ static const str farewell_art = STR(
|
||||
"\\(_,J J L l`,)/\n"
|
||||
);
|
||||
|
||||
static ClientCredential* client_credential = NULL;
|
||||
static ClientCredential* _client_credential = NULL;
|
||||
static ServerConnection* _server_connection = NULL;
|
||||
|
||||
static Result(void) commandExec(str command, bool* stop);
|
||||
|
||||
@ -48,7 +49,7 @@ Result(void) client_run() {
|
||||
using_history();
|
||||
|
||||
fputs(greeting_art.data, stdout);
|
||||
try_void(askUserNameAndPassword(&client_credential));
|
||||
try_void(askUserNameAndPassword(&_client_credential));
|
||||
|
||||
char* command_input_prev = NULL;
|
||||
char* command_input_raw = NULL;
|
||||
@ -73,7 +74,8 @@ Result(void) client_run() {
|
||||
}
|
||||
}
|
||||
|
||||
ClientCredential_free(client_credential);
|
||||
ClientCredential_free(_client_credential);
|
||||
ServerConnection_close(_server_connection);
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
@ -104,8 +106,8 @@ static Result(void) commandExec(str command, bool* stop){
|
||||
fgets(answer_buf, answer_buf_size, stdin);
|
||||
str new_server_link = str_from_cstr(answer_buf);
|
||||
str_trim(&new_server_link, true);
|
||||
try(ServerConnection* conn, p, ServerConnection_open(client_credential, new_server_link.data));
|
||||
// TODO: store server connection somewhere
|
||||
ServerConnection_close(_server_connection);
|
||||
try(_server_connection, p, ServerConnection_open(_client_credential, new_server_link.data));
|
||||
}
|
||||
else if(is_alias("c") || is_alias("connect")){
|
||||
// TODO: read saved servers from database
|
||||
|
||||
@ -20,6 +20,7 @@ typedef struct ServerConnection {
|
||||
Socket content_socket;
|
||||
br_rsa_public_key server_pk;
|
||||
EncryptorRSA rsa_enc;
|
||||
Array(u8) session_key;
|
||||
EncryptorAES session_aes_enc;
|
||||
DecryptorAES session_aes_dec;
|
||||
} ServerConnection;
|
||||
|
||||
@ -13,12 +13,12 @@
|
||||
|
||||
/// @brief hashes password multiple times using its own hash as salt
|
||||
/// @param password some byte array
|
||||
/// @param out_buffer u8[password_hash_size]
|
||||
/// @param out_buffer u8[PASSWORD_HASH_SIZE]
|
||||
/// @param iterations number of iterations
|
||||
void hash_password(Array(u8) password, u8* out_buffer, i32 iterations);
|
||||
#define password_hash_size 32
|
||||
#define PASSWORD_HASH_SIZE 32
|
||||
|
||||
#define __passhash_lvl_iter 1e5
|
||||
#define __PASSWORD_HASH_LVL_ITERATIONS 1e5
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
// rng.c //
|
||||
@ -38,6 +38,9 @@ void rng_init_sha256_seedFromTime(const br_prng_class** rng_vtable_ptr);
|
||||
// AES.c //
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#define __AES_SESSION_KEY_SIZE 32
|
||||
#define __AES_DB_KEY_SIZE 32
|
||||
|
||||
typedef struct EncryptedBlockInfo {
|
||||
u8 padding_size;
|
||||
u32 _reserved;
|
||||
@ -87,7 +90,7 @@ void DecryptorAES_decrypt(DecryptorAES* ptr, Array(u8) src, Array(u8) dst, u32*
|
||||
// RSA.c //
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#define __rsa_key_size_default 3072
|
||||
#define __RSA_DEFAULT_KEY_SIZE 3072
|
||||
|
||||
/// @brief generate random key pair based on system time
|
||||
/// @param key_size size of public key in bits (2048/3072/4096)
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#include "assert.h"
|
||||
|
||||
void hash_password(Array(u8) password, u8* out_buffer, i32 iterations){
|
||||
assert(password_hash_size == br_sha256_SIZE);;
|
||||
assert(PASSWORD_HASH_SIZE == br_sha256_SIZE);;
|
||||
memset(out_buffer, 0, br_sha256_SIZE);
|
||||
br_sha256_context sha256_ctx;
|
||||
br_sha256_init(&sha256_ctx);
|
||||
@ -11,7 +11,7 @@ void hash_password(Array(u8) password, u8* out_buffer, i32 iterations){
|
||||
for(i32 i = 0; i < iterations; i++){
|
||||
br_sha256_update(&sha256_ctx, password.data, password.size);
|
||||
br_sha256_out(&sha256_ctx, out_buffer);
|
||||
br_sha256_update(&sha256_ctx, out_buffer, password_hash_size);
|
||||
br_sha256_update(&sha256_ctx, out_buffer, PASSWORD_HASH_SIZE);
|
||||
}
|
||||
br_sha256_out(&sha256_ctx, out_buffer);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user