got login working

2025-01-02 18:49:58 +02:00 · 2025-01-02 18:49:58 +02:00 · 2aa4a86e5f
commit 2aa4a86e5f
parent 04a4f7ece8
5 changed files with 108 additions and 100 deletions
--- a/server/Program.cs
+++ b/server/Program.cs
@ -7,6 +7,7 @@ using System.Net;
 using System.Net.Sockets;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.Json.Serialization;
 using System.Threading.Tasks;
 using lib;
 using server;
@ -18,7 +19,7 @@ public class Program
    const int MSG_LEN = 16; // msg len is 128 bits = 16 bytes

    static readonly Data Data = new();
-    static readonly Random Rnd = new((int)DateTime.Now.Ticks);
+    static readonly Random Rand = new((int)DateTime.Now.Ticks);

    static async Task Main()
    {
@ -110,12 +111,12 @@ public class Program
            Write(id, $"Imported key is: \n {pub.ExportRSAPublicKeyPem()}\n");
            // generate the 6 digit code and send it
            byte[] code = [
-                (byte)Rnd.Next(10),
-                (byte)Rnd.Next(10),
-                (byte)Rnd.Next(10),
-                (byte)Rnd.Next(10),
-                (byte)Rnd.Next(10),
-                (byte)Rnd.Next(10),
+                (byte)Rand.Next(10),
+                (byte)Rand.Next(10),
+                (byte)Rand.Next(10),
+                (byte)Rand.Next(10),
+                (byte)Rand.Next(10),
+                (byte)Rand.Next(10),
                ];
            await Send6DigitCodeInSecureChannel(stream, code);
            // wait for the code to be back with a key
@ -170,7 +171,47 @@ public class Program
        else if (msg[1] == (byte)RequestType.Login)
        {
            // verify login
-            // TODO: Login
+            clientPhone = Utils.BytesToNumber(msg[3..11]);
+            counter = IncrementCounter(msg[2]);
+            if (!Data.Keys.TryGetValue(clientPhone, out RSA? clientKey))
+            {
+                stream.Close();
+                client.Close();
+                Write(id, $"Client claims to be {clientPhone}, but could not find key in records");
+                return;
+            }
+            byte[] challenge = new byte[16];
+            Rand.NextBytes(challenge);
+            Write(id, $"Sending challenge: {Convert.ToBase64String(challenge)}");
+            byte[] response = sk.EncryptCfb(challenge, sk.IV, PaddingMode.None);
+            await stream.WriteAsync(response);
+            len = await stream.ReadAsync(buffer);
+            msg = sk.DecryptCfb(buffer[..MSG_LEN], sk.IV, PaddingMode.None);
+            Write(id, Request.RequestToString(msg));
+            if (msg[2] != counter)
+            {
+                client.Close();
+                Write(id, $"Invalid counter in login response, quitting");
+                return;
+            }
+            counter = IncrementCounter(counter);
+            byte[] sig = buffer[MSG_LEN..len];
+            Write(id, $"Got challenge signature, length: {len - MSG_LEN}, client says: {BitConverter.ToInt32(msg, 3)}");
+            Write(id, $"Sig: {Convert.ToBase64String(sig)}");
+            bool valid = clientKey.VerifyData(challenge, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            if (valid)
+            {
+                response = sk.EncryptCfb(Encoding.UTF8.GetBytes("OK"), sk.IV, PaddingMode.PKCS7);
+                await stream.WriteAsync(response);
+            }
+            else
+            {
+                Write(id, "Client failed verification, invalid signature");
+                response = sk.EncryptCfb(Encoding.UTF8.GetBytes("INVALID SIG"), sk.IV, PaddingMode.PKCS7);
+                await stream.WriteAsync(response);
+                client.Close();
+                return;
+            }
        }
        else
        {