This repository has been archived by the owner on Jul 27, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Core/Auth: Implement time-based token for user login as described in …
…RFC 6238. New column in account table is a base32 of token key bytes, coincidentally it is the same format Google's Authenticator Android app uses. If you want that to work, set system time on server correctly and use ntpd.
- Loading branch information
zamalaev
committed
Nov 25, 2013
1 parent
2d70eb0
commit 5161634
Showing
9 changed files
with
164 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
ALTER TABLE `account` ADD COLUMN `token_key` varchar(100) NOT NULL DEFAULT '' AFTER `s`; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
/* | ||
* Copyright (C) 2011-2013 Project SkyFire <http://www.projectskyfire.org/> | ||
* Copyright (C) 2008-2013 TrinityCore <http://www.trinitycore.org/> | ||
* Copyright (C) 2005-2013 MaNGOS <http://getmangos.com/> | ||
* | ||
* This program is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU General Public License as published by the | ||
* Free Software Foundation; either version 3 of the License, or (at your | ||
* option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but WITHOUT | ||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | ||
* more details. | ||
* | ||
* You should have received a copy of the GNU General Public License along | ||
* with this program. If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
#include "TOTP.h" | ||
#include <cstring> | ||
|
||
int base32_decode(const char* encoded, char* result, int bufSize) | ||
{ | ||
// Base32 implementation | ||
// Copyright 2010 Google Inc. | ||
// Author: Markus Gutschke | ||
// Licensed under the Apache License, Version 2.0 | ||
int buffer = 0; | ||
int bitsLeft = 0; | ||
int count = 0; | ||
for (const char *ptr = encoded; count < bufSize && *ptr; ++ptr) | ||
{ | ||
char ch = *ptr; | ||
if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n' || ch == '-') | ||
continue; | ||
buffer <<= 5; | ||
|
||
// Deal with commonly mistyped characters | ||
if (ch == '0') | ||
ch = 'O'; | ||
else if (ch == '1') | ||
ch = 'L'; | ||
else if (ch == '8') | ||
ch = 'B'; | ||
|
||
// Look up one base32 digit | ||
if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z')) | ||
ch = (ch & 0x1F) - 1; | ||
else if (ch >= '2' && ch <= '7') | ||
ch -= '2' - 26; | ||
else | ||
return -1; | ||
|
||
buffer |= ch; | ||
bitsLeft += 5; | ||
if (bitsLeft >= 8) | ||
{ | ||
result[count++] = buffer >> (bitsLeft - 8); | ||
bitsLeft -= 8; | ||
} | ||
} | ||
|
||
if (count < bufSize) | ||
result[count] = '\000'; | ||
return count; | ||
} | ||
|
||
#define HMAC_RES_SIZE 20 | ||
|
||
namespace TOTP | ||
{ | ||
unsigned int GenerateToken(const char* b32key) | ||
{ | ||
size_t keySize = strlen(b32key); | ||
int bufsize = (keySize + 7)/8*5; | ||
char* encoded = new char[bufsize]; | ||
memset(encoded, 0, bufsize); | ||
unsigned int hmacResSize = HMAC_RES_SIZE; | ||
unsigned char hmacRes[HMAC_RES_SIZE]; | ||
unsigned long timestamp = time(NULL)/30; | ||
unsigned char challenge[8]; | ||
|
||
for (int i = 8; i--;timestamp >>= 8) | ||
challenge[i] = timestamp; | ||
|
||
base32_decode(b32key, encoded, bufsize); | ||
HMAC(EVP_sha1(), encoded, bufsize, challenge, 8, hmacRes, &hmacResSize); | ||
unsigned int offset = hmacRes[19] & 0xF; | ||
unsigned int truncHash = (hmacRes[offset] << 24) | (hmacRes[offset+1] << 16 )| (hmacRes[offset+2] << 8) | (hmacRes[offset+3]); | ||
truncHash &= 0x7FFFFFFF; | ||
|
||
delete[] encoded; | ||
|
||
return truncHash % 1000000; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
/* | ||
* Copyright (C) 2011-2013 Project SkyFire <http://www.projectskyfire.org/> | ||
* Copyright (C) 2008-2013 TrinityCore <http://www.trinitycore.org/> | ||
* Copyright (C) 2005-2013 MaNGOS <http://getmangos.com/> | ||
* | ||
* This program is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU General Public License as published by the | ||
* Free Software Foundation; either version 3 of the License, or (at your | ||
* option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but WITHOUT | ||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | ||
* more details. | ||
* | ||
* You should have received a copy of the GNU General Public License along | ||
* with this program. If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
#ifndef _TOTP_H | ||
#define _TOPT_H | ||
|
||
#include "openssl/hmac.h" | ||
#include "openssl/evp.h" | ||
|
||
namespace TOTP | ||
{ | ||
unsigned int GenerateToken(const char* b32key); | ||
} | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters