Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-23 05:47:17 +01:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Generate random I2PControl tokens.

Browse source
This commit is contained in:
EinMByte 2015-08-02 14:46:39 +02:00
parent c7f4a79b2c
commit 109127a39e
2 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
i2pcontrol/I2PControl.cpp
View file

@ -3,11 +3,16 @@
// TODO: handle this somewhere, but definitely not here // TODO: handle this somewhere, but definitely not here
#include "I2PControl.h" #include "I2PControl.h"
#include "util/Log.h"
#include <iomanip> #include <iomanip>
#include <sstream> #include <sstream>
#include "util/Timestamp.h"
#include <cryptopp/osrng.h>
#include <cryptopp/hex.h>
#include <cryptopp/filters.h>
#include <boost/property_tree/json_parser.hpp> #include <boost/property_tree/json_parser.hpp>
#include "util/Log.h"
#include "util/Timestamp.h"
#include "transport/Transports.h" #include "transport/Transports.h"
#include "tunnel/Tunnel.h" #include "tunnel/Tunnel.h"
#include "NetDb.h" #include "NetDb.h"
@ -183,6 +188,21 @@ bool I2PControlSession::authenticate(const PropertyTree& pt, Response& response)
return true; return true;
} }
std::string I2PControlSession::generateToken() const
{
const std::size_t token_size = 8; // 64 bits of security
byte random_data[token_size] = {};
CryptoPP::AutoSeededRandomPool rng;
rng.GenerateBlock(random_data, token_size);
std::string token;
CryptoPP::StringSource ss(
random_data, token_size, true,
new CryptoPP::HexEncoder(new CryptoPP::StringSink(token))
);
return token;
}
void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& response) void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& response)
{ {
const int api = pt.get<int>(I2P_CONTROL_PARAM_API); const int api = pt.get<int>(I2P_CONTROL_PARAM_API);
@ -196,8 +216,7 @@ void I2PControlSession::handleAuthenticate(const PropertyTree& pt, Response& res
response.setError(ErrorCode::InvalidPassword); response.setError(ErrorCode::InvalidPassword);
return; return;
} }
// TODO: generate a secure token const std::string token = generateToken();
const std::string token = std::to_string(i2p::util::GetSecondsSinceEpoch());
response.setParam(I2P_CONTROL_PARAM_API, api); response.setParam(I2P_CONTROL_PARAM_API, api);
response.setParam(I2P_CONTROL_PARAM_TOKEN, token); response.setParam(I2P_CONTROL_PARAM_TOKEN, token);
tokens.insert(token); tokens.insert(token);

6
i2pcontrol/I2PControl.h
View file

@ -137,6 +137,12 @@ private:
*/ */
bool authenticate(const PropertyTree& pt, Response& response); bool authenticate(const PropertyTree& pt, Response& response);
/**
* Generate a random authentication token.
* @return 8 random bytes as a hexadecimal string
*/
std::string generateToken() const;
// Method handlers // Method handlers
void handleAuthenticate(const PropertyTree& pt, Response& response); void handleAuthenticate(const PropertyTree& pt, Response& response);
void handleEcho(const PropertyTree& pt, Response& response); void handleEcho(const PropertyTree& pt, Response& response);