From 1374b0a66871949a74542fa124d589b16db2535c Mon Sep 17 00:00:00 2001 From: Michael Zanetti Date: Wed, 1 Aug 2018 00:56:14 +0200 Subject: [PATCH] one more step --- aws-sdk-qt | 2 +- libnymea-app-core/awsclient.cpp | 64 ++++++++++++++++++++++++++++++--- libnymea-app-core/awsclient.h | 3 ++ 3 files changed, 63 insertions(+), 6 deletions(-) diff --git a/aws-sdk-qt b/aws-sdk-qt index b071f32c..66a8ae91 160000 --- a/aws-sdk-qt +++ b/aws-sdk-qt @@ -1 +1 @@ -Subproject commit b071f32c22159e571e3f2881c0c3eca478fc29bd +Subproject commit 66a8ae91a61602bf3aa7d594728e45f7b5800500 diff --git a/libnymea-app-core/awsclient.cpp b/libnymea-app-core/awsclient.cpp index 1a82e596..e2f67263 100644 --- a/libnymea-app-core/awsclient.cpp +++ b/libnymea-app-core/awsclient.cpp @@ -107,7 +107,7 @@ void AWSClient::initiateAuthReply() params.insert("ChallengeName", challengeName.data()); QVariantMap challengeResponses; - challengeResponses.insert("PASSWORD_CLAIM_SIGNATURE", srpB.toHex().data()); + challengeResponses.insert("PASSWORD_CLAIM_SIGNATURE", QByteArray(bytes_M, len_M).toHex()); challengeResponses.insert("PASSWORD_CLAIM_SECRET_BLOCK", secretBlock.data()); challengeResponses.insert("USERNAME", username); challengeResponses.insert("TIMESTAMP", QLocale("en").toString(QDateTime::currentDateTime().toUTC(), "ddd MMM d HH:mm:ss UTC yyyy")); @@ -137,10 +137,64 @@ void AWSClient::respondToAuthChallengeReply() qDebug() << "RespondToAuthChallenge reply" << reply->error() << reply->errorString() << qUtf8Printable(data); } -void AWSClient::sign(QNetworkRequest &request) +QByteArray AWSClient::createClaim(const QByteArray &secretBlock, const QByteArray &srpB, const QByteArray &salt) { - QCryptographicHash::Algorithm algorithm = QCryptographicHash::Sha256; +// byte[] authSecretBlock = System.Convert.FromBase64String(secretBlock); + QByteArray authSecretBlock = QByteArray::fromBase64(secretBlock); - QByteArray data = "AWS4-HMAC-SHA256 Credential="; - request.setRawHeader("Authorization", data); +// BigInteger B = new BigInteger(srp_b, 16); +// if (B.Mod(AuthenticationHelper.N).Equals(BigInteger.Zero)) +// { +// throw new Exception("B cannot be zero"); +// } + bool ok; + qlonglong b = srpB.toLongLong(&ok, 16); + if (!ok) { + qWarning() << "Error converting srpB to number"; + return QByteArray(); + } + +// BigInteger salt = new BigInteger(saltString, 16); + qlonglong saltNumber = salt.toLongLong(&ok, 16); + if (!ok) { + qWarning() << "Error converting salt to number"; + return QByteArray(); + } + + // We need to generate the key to hash the response based on our A and what AWS sent back + byte[] key = getPasswordAuthenticationKey(username, password, poolName, TupleAa, B, salt); + + // HMAC our data with key (HKDF(S)) (the shared secret) + byte[] hmac; + try + { + HMAC mac = HMAC.Create("HMACSHA256"); + mac.Key = key; + + //bytes bytes bytes.... + byte[] poolNameByte = Encoding.UTF8.GetBytes(poolName); + byte[] name = Encoding.UTF8.GetBytes(username); + //secretBlock here + byte[] timeByte = Encoding.UTF8.GetBytes(formattedTimestamp); + byte[] content = new byte[poolNameByte.Length + name.Length + authSecretBlock.Length + timeByte.Length]; + + Buffer.BlockCopy(poolNameByte, 0, content, 0, poolNameByte.Length); + Buffer.BlockCopy(name, 0, content, poolNameByte.Length, name.Length); + Buffer.BlockCopy(authSecretBlock, 0, content, poolNameByte.Length + name.Length, authSecretBlock.Length); + Buffer.BlockCopy(timeByte, 0, content, poolNameByte.Length + name.Length + authSecretBlock.Length, timeByte.Length); + + hmac = mac.ComputeHash(content); + } + catch (Exception e) + { + throw new Exception("Exception in authentication", e); + } + + return hmac; } + +QByteArray AWSClient::getPasswordAuthenticationKey(const QByteArray &username, const QByteArray &password) +{ + +} + diff --git a/libnymea-app-core/awsclient.h b/libnymea-app-core/awsclient.h index 19ca94cd..a5da5396 100644 --- a/libnymea-app-core/awsclient.h +++ b/libnymea-app-core/awsclient.h @@ -19,6 +19,9 @@ private slots: void initiateAuthReply(); void respondToAuthChallengeReply(); +private: + QByteArray createClaim(const QByteArray &secretBlock, const QByteArray &srpB, const QByteArray &salt); + QByteArray getPasswordAuthenticationKey(const QByteArray &username, const QByteArray &password); private: QNetworkAccessManager *m_nam = nullptr; SRPUser *m_srpUser = nullptr;