PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
2
0
Fork 0
Code Issues Releases Activity
Browse Source

Generate random I2PControl tokens.

pull/242/head
EinMByte 9 years ago
parent
c7f4a79b2c
commit
109127a39e
2 changed files with 29 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      i2pcontrol/I2PControl.cpp
  2. 6
      i2pcontrol/I2PControl.h

27
i2pcontrol/I2PControl.cpp
Unescape View File

@ -3,11 +3,16 @@
// TODO: handle this somewhere, but definitely not here // TODO: handle this somewhere, but definitely not here
#include "I2PControl.h" #include "I2PControl.h"
#include "util/Log.h"
#include <iomanip> #include <iomanip>
#include <sstream> #include <sstream>
#include "util/Timestamp.h"
#include <cryptopp/osrng.h>
#include <cryptopp/hex.h>
#include <cryptopp/filters.h>
#include <boost/property_tree/json_parser.hpp> #include <boost/property_tree/json_parser.hpp>
#include "util/Log.h"
#include "util/Timestamp.h"
#include "transport/Transports.h" #include "transport/Transports.h"
#include "tunnel/Tunnel.h" #include "tunnel/Tunnel.h"
#include "NetDb.h" #include "NetDb.h"
@ -183,6 +188,21 @@ bool I2PControlSession::authenticate(const PropertyTree& pt, Response& response)
return true; return true;
} }
std::string I2PControlSession::generateToken() const
{
const std::size_t token_size = 8; // 64 bits of security
byte random_data[token_size] = {};
CryptoPP::AutoSeededRandomPool rng;
rng.GenerateBlock(random_data, token_size);
std::string token;
CryptoPP::StringSource ss(
random_data, token_size, true,
new CryptoPP::HexEncoder(new CryptoPP::StringSink(token))
);
return token;
}
void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& response) void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& response)
{ {
const int api = pt.get<int>(I2P_CONTROL_PARAM_API); const int api = pt.get<int>(I2P_CONTROL_PARAM_API);
@ -196,8 +216,7 @@ void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& res
response.setError(ErrorCode::InvalidPassword); response.setError(ErrorCode::InvalidPassword);
return; return;
} }
// TODO: generate a secure token const std::string token = generateToken();
const std::string token = std::to_string(i2p::util::GetSecondsSinceEpoch());
response.setParam(I2P_CONTROL_PARAM_API, api); response.setParam(I2P_CONTROL_PARAM_API, api);
response.setParam(I2P_CONTROL_PARAM_TOKEN, token); response.setParam(I2P_CONTROL_PARAM_TOKEN, token);
tokens.insert(token); tokens.insert(token);

6
i2pcontrol/I2PControl.h
Unescape View File

@ -137,6 +137,12 @@ private:
*/ */
bool authenticate(const PropertyTree& pt, Response& response); bool authenticate(const PropertyTree& pt, Response& response);
/**
* Generate a random authentication token.
* @return 8 random bytes as a hexadecimal string
*/
std::string generateToken() const;
// Method handlers // Method handlers
void handleAuthenticate(const PropertyTree& pt, Response& response); void handleAuthenticate(const PropertyTree& pt, Response& response);
void handleEcho(const PropertyTree& pt, Response& response); void handleEcho(const PropertyTree& pt, Response& response);

Write Preview
Loading…
Cancel
Save