91 lines
3.1 KiB
C++
91 lines
3.1 KiB
C++
#include "challenge.hpp"
|
|
|
|
#include "openssl_errors.hpp"
|
|
|
|
#include <mybase64.hpp>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
|
|
#include <boost/log/trivial.hpp>
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
Challenge::Challenge(EVP_PKEY_Ref key, Connection & connection)
|
|
: key_{std::move(key)}
|
|
, connection_{connection}
|
|
{}
|
|
|
|
|
|
auto Challenge::stop() -> void
|
|
{
|
|
slot_.disconnect();
|
|
buffer_.clear();
|
|
}
|
|
|
|
auto Challenge::on_ircmsg(IrcCommand cmd, const IrcMsg &msg) -> void {
|
|
switch (cmd) {
|
|
default: break;
|
|
case IrcCommand::RPL_RSACHALLENGE2:
|
|
buffer_ += msg.args[1];
|
|
break;
|
|
case IrcCommand::ERR_NOOPERHOST:
|
|
BOOST_LOG_TRIVIAL(error) << "Challenge: No oper host";
|
|
stop();
|
|
break;
|
|
case IrcCommand::RPL_YOUREOPER:
|
|
BOOST_LOG_TRIVIAL(error) << "Challenge: Already oper";
|
|
stop();
|
|
break;
|
|
case IrcCommand::RPL_ENDOFRSACHALLENGE2:
|
|
{
|
|
slot_.disconnect();
|
|
|
|
EVP_PKEY_CTX_Ref ctx;
|
|
unsigned int digestlen = EVP_MAX_MD_SIZE;
|
|
unsigned char digest[EVP_MAX_MD_SIZE];
|
|
size_t len = mybase64::decoded_size(buffer_.size());
|
|
std::vector<unsigned char> ciphertext(len, 0);
|
|
|
|
if (not mybase64::decode(buffer_, reinterpret_cast<char*>(ciphertext.data()), &len)) goto error;
|
|
ciphertext.resize(len);
|
|
|
|
// Setup decryption context
|
|
ctx.reset(EVP_PKEY_CTX_new(key_.get(), nullptr));
|
|
if (ctx.get() == nullptr) goto error;
|
|
if (1 != EVP_PKEY_decrypt_init(ctx.get())) goto error;
|
|
if (0 >= EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING)) goto error;
|
|
|
|
// Determine output size
|
|
if (1 != EVP_PKEY_decrypt(ctx.get(), nullptr, &len, ciphertext.data(), ciphertext.size())) goto error;
|
|
buffer_.resize(len);
|
|
|
|
// Decrypt ciphertext
|
|
if (1 != EVP_PKEY_decrypt(ctx.get(), reinterpret_cast<unsigned char*>(buffer_.data()), &len, ciphertext.data(), ciphertext.size())) goto error;
|
|
buffer_.resize(len);
|
|
|
|
// Hash the decrypted message
|
|
if (1 != EVP_Digest(buffer_.data(), buffer_.size(), digest, &digestlen, EVP_sha1(), nullptr)) goto error;
|
|
|
|
// Construct reply as '+' and base64 encoded digest
|
|
buffer_.resize(mybase64::encoded_size(digestlen) + 1);
|
|
buffer_[0] = '+';
|
|
mybase64::encode(std::string_view{(char*)digest, digestlen}, buffer_.data() + 1);
|
|
|
|
connection_.send_challenge(buffer_);
|
|
return;
|
|
|
|
error:
|
|
log_openssl_errors("Challenge: ");
|
|
}
|
|
}
|
|
}
|
|
|
|
auto Challenge::start(Connection &connection, const std::string_view user, EVP_PKEY_Ref ref) -> std::shared_ptr<Challenge>
|
|
{
|
|
auto self = std::make_shared<Challenge>(std::move(ref), connection);
|
|
connection.sig_ircmsg.connect([self](auto cmd, auto &msg) { self->on_ircmsg(cmd, msg); });
|
|
connection.send_challenge(user);
|
|
return self;
|
|
}
|