mirror of
https://github.com/Palakis/obs-websocket.git
synced 2024-08-30 18:12:16 +00:00
auth: get rid of mbedtls
This commit is contained in:
Stéphane L
parent
03db5bfd8d
commit
edc64b8336
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -1,3 +0,0 @@
|
||||
[submodule "deps/mbedtls"]
|
||||
path = deps/mbedtls
|
||||
url = https://github.com/ARMmbed/mbedtls
|
||||
@ -15,9 +15,6 @@ find_package(Qt5Core REQUIRED)
|
||||
find_package(Qt5WebSockets REQUIRED)
|
||||
find_package(Qt5Widgets REQUIRED)
|
||||
|
||||
add_subdirectory(deps/mbedtls EXCLUDE_FROM_ALL)
|
||||
set(ENABLE_PROGRAMS false)
|
||||
|
||||
set(obs-websocket_SOURCES
|
||||
src/obs-websocket.cpp
|
||||
src/WSServer.cpp
|
||||
@ -52,22 +49,17 @@ add_library(obs-websocket MODULE
|
||||
${obs-websocket_SOURCES}
|
||||
${obs-websocket_HEADERS})
|
||||
|
||||
add_dependencies(obs-websocket mbedcrypto)
|
||||
|
||||
include_directories(
|
||||
"${LIBOBS_INCLUDE_DIR}/../UI/obs-frontend-api"
|
||||
${Qt5Core_INCLUDES}
|
||||
${Qt5WebSockets_INCLUDES}
|
||||
${Qt5Widgets_INCLUDES}
|
||||
${mbedcrypto_INCLUDES}
|
||||
"${CMAKE_SOURCE_DIR}/deps/mbedtls/include")
|
||||
${Qt5Widgets_INCLUDES})
|
||||
|
||||
target_link_libraries(obs-websocket
|
||||
libobs
|
||||
Qt5::Core
|
||||
Qt5::WebSockets
|
||||
Qt5::Widgets
|
||||
mbedcrypto)
|
||||
Qt5::Widgets)
|
||||
|
||||
# --- End of section ---
|
||||
|
||||
@ -165,7 +157,6 @@ endif()
|
||||
if(UNIX AND NOT APPLE)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
|
||||
|
||||
target_compile_options(mbedcrypto PRIVATE -fPIC)
|
||||
set_target_properties(obs-websocket PROPERTIES PREFIX "")
|
||||
target_link_libraries(obs-websocket
|
||||
obs-frontend-api)
|
||||
|
||||
1
deps/mbedtls
vendored
1
deps/mbedtls
vendored
@ -1 +0,0 @@
|
||||
Subproject commit 1a6a15c795922f05bd2ea17addf27eddcd256a15
|
||||
@ -16,11 +16,11 @@ You should have received a copy of the GNU General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>
|
||||
*/
|
||||
|
||||
#include <mbedtls/base64.h>
|
||||
#include <mbedtls/sha256.h>
|
||||
#include <obs-frontend-api.h>
|
||||
#include <util/config-file.h>
|
||||
#include <string>
|
||||
|
||||
#include <QCryptographicHash>
|
||||
#include <QRandomGenerator>
|
||||
|
||||
#define SECTION_NAME "WebsocketAPI"
|
||||
#define PARAM_ENABLE "ServerEnabled"
|
||||
@ -69,19 +69,15 @@ Config::Config() :
|
||||
SECTION_NAME, PARAM_SALT, QT_TO_UTF8(Salt));
|
||||
}
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_ctr_drbg_init(&rng);
|
||||
mbedtls_ctr_drbg_seed(&rng, mbedtls_entropy_func, &entropy, nullptr, 0);
|
||||
|
||||
SessionChallenge = GenerateSalt();
|
||||
}
|
||||
|
||||
Config::~Config() {
|
||||
mbedtls_ctr_drbg_free(&rng);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
Config::~Config()
|
||||
{
|
||||
}
|
||||
|
||||
void Config::Load() {
|
||||
void Config::Load()
|
||||
{
|
||||
config_t* obsConfig = obs_frontend_get_global_config();
|
||||
|
||||
ServerEnabled = config_get_bool(obsConfig, SECTION_NAME, PARAM_ENABLE);
|
||||
@ -95,7 +91,8 @@ void Config::Load() {
|
||||
Salt = config_get_string(obsConfig, SECTION_NAME, PARAM_SALT);
|
||||
}
|
||||
|
||||
void Config::Save() {
|
||||
void Config::Save()
|
||||
{
|
||||
config_t* obsConfig = obs_frontend_get_global_config();
|
||||
|
||||
config_set_bool(obsConfig, SECTION_NAME, PARAM_ENABLE, ServerEnabled);
|
||||
@ -113,46 +110,41 @@ void Config::Save() {
|
||||
config_save(obsConfig);
|
||||
}
|
||||
|
||||
QString Config::GenerateSalt() {
|
||||
QString Config::GenerateSalt()
|
||||
{
|
||||
auto random = QRandomGenerator::global();
|
||||
|
||||
// Generate 32 random chars
|
||||
unsigned char* randomChars = (unsigned char*)bzalloc(32);
|
||||
mbedtls_ctr_drbg_random(&rng, randomChars, 32);
|
||||
QByteArray randomChars(32, '\0');
|
||||
random->fillRange((quint32*)randomChars.data(), randomChars.size() / 4);
|
||||
|
||||
// Convert the 32 random chars to a base64 string
|
||||
char* salt = (char*)bzalloc(64);
|
||||
size_t saltBytes;
|
||||
mbedtls_base64_encode(
|
||||
(unsigned char*)salt, 64, &saltBytes,
|
||||
randomChars, 32);
|
||||
QString salt = randomChars.toBase64();
|
||||
|
||||
bfree(randomChars);
|
||||
return salt;
|
||||
}
|
||||
|
||||
QString Config::GenerateSecret(QString password, QString salt) {
|
||||
QString Config::GenerateSecret(QString password, QString salt)
|
||||
{
|
||||
// Concatenate the password and the salt
|
||||
QString passAndSalt = "";
|
||||
passAndSalt += password;
|
||||
passAndSalt += salt;
|
||||
|
||||
// Generate a SHA256 hash of the password
|
||||
unsigned char* challengeHash = (unsigned char*)bzalloc(32);
|
||||
mbedtls_sha256(
|
||||
(unsigned char*)passAndSalt.toUtf8().constData(), passAndSalt.length(),
|
||||
challengeHash, 0);
|
||||
// Generate a SHA256 hash of the password and salt
|
||||
auto challengeHash = QCryptographicHash::hash(
|
||||
passAndSalt.toUtf8(),
|
||||
QCryptographicHash::Algorithm::Sha256
|
||||
);
|
||||
|
||||
// Encode SHA256 hash to Base64
|
||||
char* challenge = (char*)bzalloc(64);
|
||||
size_t challengeBytes = 0;
|
||||
mbedtls_base64_encode(
|
||||
(unsigned char*)challenge, 64, &challengeBytes,
|
||||
challengeHash, 32);
|
||||
QString challenge = challengeHash.toBase64();
|
||||
|
||||
bfree(challengeHash);
|
||||
return challenge;
|
||||
}
|
||||
|
||||
void Config::SetPassword(QString password) {
|
||||
void Config::SetPassword(QString password)
|
||||
{
|
||||
QString newSalt = GenerateSalt();
|
||||
QString newChallenge = GenerateSecret(password, newSalt);
|
||||
|
||||
@ -160,37 +152,32 @@ void Config::SetPassword(QString password) {
|
||||
this->Secret = newChallenge;
|
||||
}
|
||||
|
||||
bool Config::CheckAuth(QString response) {
|
||||
bool Config::CheckAuth(QString response)
|
||||
{
|
||||
// Concatenate auth secret with the challenge sent to the user
|
||||
QString challengeAndResponse = "";
|
||||
challengeAndResponse += Secret;
|
||||
challengeAndResponse += SessionChallenge;
|
||||
|
||||
// Generate a SHA256 hash of challengeAndResponse
|
||||
unsigned char* hash = (unsigned char*)bzalloc(32);
|
||||
mbedtls_sha256(
|
||||
(unsigned char*)challengeAndResponse.toUtf8().constData(),
|
||||
challengeAndResponse.length(),
|
||||
hash, 0);
|
||||
auto hash = QCryptographicHash::hash(
|
||||
challengeAndResponse.toUtf8(),
|
||||
QCryptographicHash::Algorithm::Sha256
|
||||
);
|
||||
|
||||
// Encode the SHA256 hash to Base64
|
||||
char* expectedResponse = (char*)bzalloc(64);
|
||||
size_t base64_size = 0;
|
||||
mbedtls_base64_encode(
|
||||
(unsigned char*)expectedResponse, 64, &base64_size,
|
||||
hash, 32);
|
||||
QString expectedResponse = hash.toBase64();
|
||||
|
||||
bool authSuccess = false;
|
||||
if (response == QString(expectedResponse)) {
|
||||
if (response == expectedResponse) {
|
||||
SessionChallenge = GenerateSalt();
|
||||
authSuccess = true;
|
||||
}
|
||||
|
||||
bfree(hash);
|
||||
bfree(expectedResponse);
|
||||
return authSuccess;
|
||||
}
|
||||
|
||||
Config* Config::Current() {
|
||||
Config* Config::Current()
|
||||
{
|
||||
return _instance;
|
||||
}
|
||||
|
||||
@ -21,9 +21,6 @@ with this program. If not, see <https://www.gnu.org/licenses/>
|
||||
|
||||
#include <QString>
|
||||
|
||||
#include <mbedtls/entropy.h>
|
||||
#include <mbedtls/ctr_drbg.h>
|
||||
|
||||
class Config {
|
||||
public:
|
||||
Config();
|
||||
@ -53,8 +50,6 @@ class Config {
|
||||
|
||||
private:
|
||||
static Config* _instance;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context rng;
|
||||
};
|
||||
|
||||
#endif // CONFIG_H
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user