diff options
| author | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-04-18 17:28:11 +0200 |
|---|---|---|
| committer | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-04-18 17:28:11 +0200 |
| commit | 0fde2440b1eb9431b3b7fe464a7aaf7ac2f5698b (patch) | |
| tree | 7137634068e8af5b8229953009bfdd920108b133 | |
| parent | 1bc494fbd8770329afdcc98c7ae666f3e71e88fd (diff) | |
refactor(warteraum): move authentication code into its own file
| -rw-r--r-- | warteraum/GNUmakefile | 8 | ||||
| -rw-r--r-- | warteraum/auth.c | 28 | ||||
| -rw-r--r-- | warteraum/auth.h (renamed from warteraum/scrypt.h) | 11 | ||||
| -rw-r--r-- | warteraum/hashtoken.c | 2 | ||||
| -rw-r--r-- | warteraum/main.c | 29 | ||||
| -rw-r--r-- | warteraum/tokens.h | 2 |
6 files changed, 45 insertions, 35 deletions
diff --git a/warteraum/GNUmakefile b/warteraum/GNUmakefile index 39842e7..6ad1ce4 100644 --- a/warteraum/GNUmakefile +++ b/warteraum/GNUmakefile @@ -20,20 +20,22 @@ TEST_BINS = test/emitjson.test test/queue.test test/form.test test/routing.test all: warteraum hashtoken -warteraum: emitjson.o queue.o routing.o form.o main.o +warteraum: emitjson.o queue.o routing.o form.o auth.o main.o $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) hashtoken: hashtoken.o $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) main.o: main.c queue.h routing.h form.h v1_static.h emitjson.h \ - scrypt.h tokens.h http_string.h $(HTTPSERVER) + auth.h http_string.h $(HTTPSERVER) form.o: form.c http_string.h $(HTTPSERVER) routing.o: routing.c $(HTTPSERVER) -hashtoken.o: hashtoken.c scrypt.h +hashtoken.o: hashtoken.c auth.h + +auth.o: auth.h tokens.h http_string.h $(HTTPSERVER) install: all install -Dm755 hashtoken -t $(BINDIR) diff --git a/warteraum/auth.c b/warteraum/auth.c new file mode 100644 index 0000000..dcf0454 --- /dev/null +++ b/warteraum/auth.c @@ -0,0 +1,28 @@ +#include "tokens.h" +#include "auth.h" + +#define HASH_TOKEN(token, size, output) \ + scrypt_kdf((const uint8_t *) token, size, salt, sizeof(salt), \ + SCRYPT_N, SCRYPT_r, SCRYPT_p, output, SCRYPT_OUTPUT_LEN) + +bool auth_verify(struct http_string_s token) { + uint8_t hashed[SCRYPT_OUTPUT_LEN]; + + int hash_result = HASH_TOKEN(token.buf, token.len, hashed); + + if(hash_result != 0) { + return false; + } + + bool token_matches = false; + size_t token_count = sizeof(tokens) / (sizeof(uint8_t) * SCRYPT_OUTPUT_LEN); + + for(size_t i = 0; i < token_count && !token_matches; i++) { + token_matches = true; + for(size_t j = 0; j < SCRYPT_OUTPUT_LEN && token_matches; j++) { + token_matches = tokens[i][j] == hashed[j]; + } + } + + return token_matches; +} diff --git a/warteraum/scrypt.h b/warteraum/auth.h index 1959d57..8379694 100644 --- a/warteraum/scrypt.h +++ b/warteraum/auth.h @@ -1,9 +1,12 @@ -#ifndef WARTERAUM_SCRYPT_H -#define WARTERAUM_SCRYPT_H +#ifndef WARTERAUM_AUTH_H +#define WARTERAUM_AUTH_H +#include <stdbool.h> #include <stdint.h> #include <scrypt-kdf.h> +#include "../third_party/httpserver.h/httpserver.h" + #define SCRYPT_OUTPUT_LEN 32 #define SCRYPT_N 16384 @@ -11,7 +14,7 @@ #define SCRYPT_p 1 // FIXME change for production -const uint8_t salt[] = { +static const uint8_t salt[] = { 0x56, 0x02, 0xe9, 0xda, 0x68, 0x60, 0xfb, 0x20, 0xde, 0xa2, 0x6c, 0x9d, 0x68, 0xb4, 0x48, 0x28, 0x42, 0x83, 0x38, 0xff, 0x5b, 0x5a, 0xb3, 0x87, 0x90, 0x8d, 0xff, 0xb5, 0x7e, 0x3c, 0x37, 0x2b, 0x9b, 0x40, 0x18, 0x70, 0x94, 0x18, 0x86, 0x91, 0x9d, 0xa9, 0xda, 0x2e, 0x36, 0xdc, 0xd3, 0x56, @@ -22,4 +25,6 @@ const uint8_t salt[] = { scrypt_kdf((const uint8_t *) token, size, salt, sizeof(salt), \ SCRYPT_N, SCRYPT_r, SCRYPT_p, output, SCRYPT_OUTPUT_LEN) +bool auth_verify(struct http_string_s token); + #endif diff --git a/warteraum/hashtoken.c b/warteraum/hashtoken.c index 633ce46..24ac225 100644 --- a/warteraum/hashtoken.c +++ b/warteraum/hashtoken.c @@ -1,7 +1,7 @@ #include <stdio.h> #include <stdint.h> #include <string.h> -#include "scrypt.h" +#include "auth.h" int main(int argc, char **argv) { if(argc != 2) { diff --git a/warteraum/main.c b/warteraum/main.c index d2c40b8..d4be5df 100644 --- a/warteraum/main.c +++ b/warteraum/main.c @@ -14,10 +14,9 @@ #include "queue.h" #include "routing.h" #include "form.h" -#include "scrypt.h" +#include "auth.h" #include "v1_static.h" /* static strings for v1 api */ -#include "tokens.h" /* valid api tokens */ #define LISTEN_PORT 9000 /* port to listen on */ #define MAX_BODY_LEN 8192 /* max body size we'll parse */ @@ -78,30 +77,6 @@ void trim_whitespace(struct http_string_s *s) { } } -// authentication - -bool authenticate(http_string_t token) { - uint8_t hashed[SCRYPT_OUTPUT_LEN]; - - int hash_result = HASH_TOKEN(token.buf, token.len, hashed); - - if(hash_result != 0) { - return false; - } - - bool token_matches = false; - size_t token_count = sizeof(tokens) / (sizeof(uint8_t) * SCRYPT_OUTPUT_LEN); - - for(size_t i = 0; i < token_count && !token_matches; i++) { - token_matches = true; - for(size_t j = 0; j < SCRYPT_OUTPUT_LEN && token_matches; j++) { - token_matches = tokens[i][j] == hashed[j]; - } - } - - return token_matches; -} - // main routing logic enum warteraum_result { @@ -360,7 +335,7 @@ enum warteraum_result response_queue_del(http_string_t id_str, enum warteraum_ve } errno = 0; - bool token_matches = authenticate(token); + bool token_matches = auth_verify(token); if(errno != 0) { // scrypt failed diff --git a/warteraum/tokens.h b/warteraum/tokens.h index 383b9b0..37da0a5 100644 --- a/warteraum/tokens.h +++ b/warteraum/tokens.h @@ -1,4 +1,4 @@ -#include "scrypt.h" +#include "auth.h" const uint8_t tokens[][SCRYPT_OUTPUT_LEN] = { { 0x2f, 0x75, 0x87, 0xa2, 0xbe, 0x1, 0x0, 0xe7, 0x1, 0xee, 0x15, 0x71, 0xd6, 0xc3, 0xf3, 0x9b, 0x44, 0x31, 0xaa, 0x11, 0x8e, 0x38, 0xa7, 0x90, 0xf8, 0xcd, 0xfc, 0x9d, 0xed, 0x5, 0x82, 0x8e }, |