diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/auth.cpp | 104 | ||||
-rw-r--r-- | src/util/auth.h | 35 |
2 files changed, 80 insertions, 59 deletions
diff --git a/src/util/auth.cpp b/src/util/auth.cpp index 0c17a9237..912987259 100644 --- a/src/util/auth.cpp +++ b/src/util/auth.cpp @@ -1,6 +1,6 @@ /* Minetest -Copyright (C) 2015 est31 <MTest31@outlook.com> +Copyright (C) 2015, 2016 est31 <MTest31@outlook.com> This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -31,7 +31,7 @@ with this program; if not, write to the Free Software Foundation, Inc., // their password. (Exception : if the password field is // blank, we send a blank password - this is for backwards // compatibility with password-less players). -std::string translatePassword(const std::string &name, +std::string translate_password(const std::string &name, const std::string &password) { if (password.length() == 0) @@ -46,7 +46,11 @@ std::string translatePassword(const std::string &name, return pwd; } -void getSRPVerifier(const std::string &name, +// Call lower level SRP code to generate a verifier with the +// given pointers. Contains the preparations, call parameters +// and error checking common to all srp verifier generation code. +// See docs of srp_create_salted_verification_key for more info. +static inline void gen_srp_v(const std::string &name, const std::string &password, char **salt, size_t *salt_len, char **bytes_v, size_t *len_v) { @@ -58,72 +62,76 @@ void getSRPVerifier(const std::string &name, FATAL_ERROR_IF(res != SRP_OK, "Couldn't create salted SRP verifier"); } -// Get a db-ready SRP verifier -// If the salt param is NULL, one is automatically generated. -// Please free() it afterwards. You shouldn't use it for other purposes, -// as you will need the contents of salt_len too. -inline static std::string getSRPVerifier(const std::string &name, - const std::string &password, char ** salt, size_t salt_len) +/// Creates a verification key with given salt and password. +std::string generate_srp_verifier(const std::string &name, + const std::string &password, const std::string &salt) { - char * bytes_v = NULL; - size_t len_v; - getSRPVerifier(name, password, salt, &salt_len, - &bytes_v, &len_v); - assert(*salt); // usually, srp_create_salted_verification_key promises us to return SRP_ERR when *salt == NULL - std::string ret_val = encodeSRPVerifier(std::string(bytes_v, len_v), - std::string(*salt, salt_len)); + size_t salt_len = salt.size(); + // The API promises us that the salt doesn't + // get modified if &salt_ptr isn't NULL. + char *salt_ptr = (char *)salt.c_str(); + + char *bytes_v = NULL; + size_t verifier_len = 0; + gen_srp_v(name, password, &salt_ptr, &salt_len, &bytes_v, &verifier_len); + std::string verifier = std::string(bytes_v, verifier_len); free(bytes_v); - return ret_val; + return verifier; } -// Get a db-ready SRP verifier -std::string getSRPVerifier(const std::string &name, - const std::string &password) +/// Creates a verification key and salt with given password. +void generate_srp_verifier_and_salt(const std::string &name, + const std::string &password, std::string *verifier, + std::string *salt) { - char * salt = NULL; - std::string ret_val = getSRPVerifier(name, - password, &salt, 0); - free(salt); - return ret_val; + char *bytes_v = NULL; + size_t verifier_len; + char *salt_ptr = NULL; + size_t salt_len; + gen_srp_v(name, password, &salt_ptr, &salt_len, &bytes_v, &verifier_len); + *verifier = std::string(bytes_v, verifier_len); + *salt = std::string(salt_ptr, salt_len); + free(bytes_v); + free(salt_ptr); } -// Get a db-ready SRP verifier -std::string getSRPVerifier(const std::string &name, - const std::string &password, const std::string &salt) +/// Gets an SRP verifier, generating a salt, +/// and encodes it as DB-ready string. +std::string get_encoded_srp_verifier(const std::string &name, + const std::string &password) { - // The implementation won't change the salt if its set, - // therefore we can cast. - char *salt_cstr = (char *)salt.c_str(); - return getSRPVerifier(name, password, - &salt_cstr, salt.size()); + std::string verifier; + std::string salt; + generate_srp_verifier_and_salt(name, password, &verifier, &salt); + return encode_srp_verifier(verifier, salt); } -// Make a SRP verifier db-ready -std::string encodeSRPVerifier(const std::string &verifier, +/// Converts the passed SRP verifier into a DB-ready format. +std::string encode_srp_verifier(const std::string &verifier, const std::string &salt) { std::ostringstream ret_str; ret_str << "#1#" - << base64_encode((unsigned char*) salt.c_str(), salt.size()) << "#" - << base64_encode((unsigned char*) verifier.c_str(), verifier.size()); + << base64_encode((unsigned char *)salt.c_str(), salt.size()) << "#" + << base64_encode((unsigned char *)verifier.c_str(), verifier.size()); return ret_str.str(); } -bool decodeSRPVerifier(const std::string &enc_pwd, - std::string *salt, std::string *bytes_v) +/// Reads the DB-formatted SRP verifier and gets the verifier +/// and salt components. +bool decode_srp_verifier_and_salt(const std::string &encoded, + std::string *verifier, std::string *salt) { - std::vector<std::string> pwd_components = str_split(enc_pwd, '#'); + std::vector<std::string> components = str_split(encoded, '#'); - if ((pwd_components.size() != 4) - || (pwd_components[1] != "1") // 1 means srp - || !base64_is_valid(pwd_components[2]) - || !base64_is_valid(pwd_components[3])) + if ((components.size() != 4) + || (components[1] != "1") // 1 means srp + || !base64_is_valid(components[2]) + || !base64_is_valid(components[3])) return false; - std::string salt_str = base64_decode(pwd_components[2]); - std::string bytes_v_str = base64_decode(pwd_components[3]); - *salt = salt_str; - *bytes_v = bytes_v_str; + *salt = base64_decode(components[2]); + *verifier = base64_decode(components[3]); return true; } diff --git a/src/util/auth.h b/src/util/auth.h index 36d8c20a4..1fd6ab453 100644 --- a/src/util/auth.h +++ b/src/util/auth.h @@ -1,6 +1,6 @@ /* Minetest -Copyright (C) 2015 est31 <MTest31@outlook.com> +Copyright (C) 2015, 2016 est31 <MTest31@outlook.com> This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -20,18 +20,31 @@ with this program; if not, write to the Free Software Foundation, Inc., #ifndef AUTH_H #define AUTH_H -std::string translatePassword(const std::string &name, +/// Gets the base64 encoded legacy password db entry. +std::string translate_password(const std::string &name, const std::string &password); -void getSRPVerifier(const std::string &name, - const std::string &password, char **salt, size_t *salt_len, - char **bytes_v, size_t *len_v); -std::string getSRPVerifier(const std::string &name, - const std::string &password); -std::string getSRPVerifier(const std::string &name, + +/// Creates a verification key with given salt and password. +std::string generate_srp_verifier(const std::string &name, const std::string &password, const std::string &salt); -std::string encodeSRPVerifier(const std::string &verifier, + +/// Creates a verification key and salt with given password. +void generate_srp_verifier_and_salt(const std::string &name, + const std::string &password, std::string *verifier, + std::string *salt); + +/// Gets an SRP verifier, generating a salt, +/// and encodes it as DB-ready string. +std::string get_encoded_srp_verifier(const std::string &name, + const std::string &password); + +/// Converts the passed SRP verifier into a DB-ready format. +std::string encode_srp_verifier(const std::string &verifier, const std::string &salt); -bool decodeSRPVerifier(const std::string &enc_pwd, + +/// Reads the DB-formatted SRP verifier and gets the verifier +/// and salt components. +bool decode_srp_verifier_and_salt(const std::string &encoded, std::string *salt, std::string *bytes_v); -#endif
\ No newline at end of file +#endif |