bool CNetTokenManager::CheckToken(const NETADDR *pAddr, TOKEN Token, TOKEN ResponseToken, bool Notify) { TOKEN CurrentToken = GenerateToken(pAddr, m_Seed); if(CurrentToken == Token) return true; if(GenerateToken(pAddr, m_PrevSeed) == Token) { if(Notify) CNetBase::SendControlMsgWithToken(m_Socket, (NETADDR *)pAddr, ResponseToken, 0, NET_CTRLMSG_TOKEN, CurrentToken); // notify the peer about the new token return true; } else if(Token == m_GlobalToken) return true; else if(Token == m_PrevGlobalToken) { if(Notify) CNetBase::SendControlMsgWithToken(m_Socket, (NETADDR *)pAddr, ResponseToken, 0, NET_CTRLMSG_TOKEN, m_GlobalToken); // notify the peer about the new token return true; } return false; }
bool CNetTokenManager::CheckToken(const NETADDR *pAddr, TOKEN Token, TOKEN ResponseToken, bool *BroadcastResponse) { TOKEN CurrentToken = GenerateToken(pAddr, m_Seed); if(CurrentToken == Token) return true; if(GenerateToken(pAddr, m_PrevSeed) == Token) { // no need to notify the peer, just a one time thing return true; } else if(Token == m_GlobalToken) { *BroadcastResponse = true; return true; } else if(Token == m_PrevGlobalToken) { // no need to notify the peer, just a broadcast token response *BroadcastResponse = true; return true; } return false; }
int CNetTokenManager::ProcessMessage(const NETADDR *pAddr, const CNetPacketConstruct *pPacket, bool Notify) { if(pPacket->m_Token != NET_TOKEN_NONE && !CheckToken(pAddr, pPacket->m_Token, pPacket->m_ResponseToken, Notify)) return 0; // wrong token, silent ignore bool Verified = pPacket->m_Token != NET_TOKEN_NONE; bool TokenMessage = (pPacket->m_Flags & NET_PACKETFLAG_CONTROL) && pPacket->m_aChunkData[0] == NET_CTRLMSG_TOKEN; if(pPacket->m_Flags&NET_PACKETFLAG_CONNLESS) return (Verified) ? 1 : 0; // connless packets without token are not allowed if(!TokenMessage) { if(Verified) return 1; // verified packet else // the only allowed not connless packet // without token is NET_CTRLMSG_TOKEN return 0; } if(Verified && TokenMessage) return 1; // everything is fine, token exchange complete // client requesting token CNetBase::SendControlMsgWithToken(m_Socket, (NETADDR *)pAddr, pPacket->m_ResponseToken, 0, NET_CTRLMSG_TOKEN, GenerateToken(pAddr)); return 0; // no need to process NET_CTRLMSG_TOKEN further }
EXPORT_C TInt RFTokenClient::GenerateToken(const TDesC& aFileName, const TSecurityPolicy& aSecurityPolicy, TDes8& aToken) const { // unefficient, but this way we can make _easily_ sure that client is actually allowed to open a file // Not sure if we were allowed to just change CEikonEnv's file server session to shared, so we could acutally save // this extra session.. RFs fs; TInt err = fs.Connect(); if (!err) { err = fs.ShareProtected(); if (!err) { RFile file; err = file.Open(fs, aFileName, EFileShareReadersOnly); // Todo: check the correct mode if (!err) { err = GenerateToken(file, aSecurityPolicy, aToken); } file.Close(); } fs.Close(); } return err; //return SendReceive(EGenerateTokenBasedOnName, TIpcArgs(&aFileName, aAllowedProcessUid.iUid, &aToken)); }
InputCallbackToken InputManager::AddMouseWheelCallback( InputCallbackMouseWheelFn callback ) { InputCallbackMouseWheelInfo info; info.callback = callback; info.token = GenerateToken(); m_MouseWheelCallbacks.push_back( info ); return info.token; }
InputCallbackToken InputManager::AddMouseCallback( InputCallbackMouseFn callback, MouseButton button, ButtonState buttonState ) { InputCallbackMouseInfo info; info.callback = callback; info.button = button; info.buttonState = buttonState; info.token = GenerateToken(); m_MouseCallbacks.push_back( info ); return info.token; }
InputCallbackToken InputManager::AddKeyboardCallback( InputCallbackKeyboardFn callback, SDL_Scancode button, ButtonState buttonState ) { InputCallbackKeyboardInfo info; info.callback = callback; info.button = button; info.buttonState = buttonState; info.token = GenerateToken(); m_KeyboardCallbacks.push_back( info ); return info.token; }
int CNetConnection::Connect(NETADDR *pAddr) { if(State() != NET_CONNSTATE_OFFLINE) return -1; // init connection Reset(); m_PeerAddr = *pAddr; m_PeerToken = NET_TOKEN_NONE; SetToken(GenerateToken(pAddr)); mem_zero(m_ErrorString, sizeof(m_ErrorString)); m_State = NET_CONNSTATE_TOKEN; SendControlWithToken(NET_CTRLMSG_TOKEN); return 0; }
void CNetTokenManager::GenerateSeed() { static const NETADDR NullAddr = { 0 }; m_PrevSeed = m_Seed; for(int i = 0; i < 2; i++) { m_Seed <<= 32; m_Seed ^= random_int(); } m_PrevGlobalToken = m_GlobalToken; m_GlobalToken = GenerateToken(&NullAddr); m_NextSeedTime = time_get() + time_freq() * m_SeedTime; }
TOKEN CNetTokenManager::GenerateToken(const NETADDR *pAddr, int64 Seed) { static const NETADDR NullAddr = { 0 }; NETADDR Addr; char aBuf[sizeof(NETADDR) + sizeof(int64)]; unsigned int Result; if(pAddr->type & NETTYPE_LINK_BROADCAST) return GenerateToken(&NullAddr, Seed); Addr = *pAddr; Addr.port = 0; mem_copy(aBuf, &Addr, sizeof(NETADDR)); mem_copy(aBuf + sizeof(NETADDR), &Seed, sizeof(int64)); Result = Hash(aBuf, sizeof(aBuf)) & NET_TOKEN_MASK; if(Result == NET_TOKEN_NONE) Result--; return Result; }
TOKEN CNetTokenManager::GenerateToken(const NETADDR *pAddr) const { return GenerateToken(pAddr, m_Seed); }
EXPORT_C TInt RFTokenClient::GenerateToken(const RFile& aOpenFile, const TUid& aConsumerUid,TDes8& aToken) const { TSecureId consumerUid(aConsumerUid); return GenerateToken(aOpenFile, TSecurityPolicy(consumerUid), aToken); }
EXPORT_C TInt RFTokenClient::GenerateToken(const TDesC8& aExistingToken, const TUid& aConsumerUid,TDes8& aToken) const { TSecureId consumerUid(aConsumerUid); return GenerateToken(aExistingToken, TSecurityPolicy(consumerUid), aToken); }
/// <summary> /// Authenticates cartridge by verifying its certificate and its signature of a random token. /// </summary> /// <param name="ucCartridgeNum">The cartridge number.</param> /// <param name="aucPubKS">Stratasys public key.</param> /// <param name="aucIdd">The tag identification data (output parameter).</param> /// <param name="usIddLength">The tag identification data length (output parameter).</param> /// <param name="uiCurrentVolume">The tag current volume (output parameter).</param> /// <returns>0 on success, non-zero for failures.</returns> int MaterialMonitor::AuthenticateCartridge(unsigned char ucCartridgeNum, const unsigned char *aucPubKS, unsigned char *aucIdd, unsigned short *usIddLength, unsigned int *uiCurrentVolume) { UniqueLock uniqueLock(m_mtx); int returnValue = IDTLIB_SUCCESS; if (aucPubKS == NULL && m_pubKS == NULL) { returnValue = INVALID_HOST_KEY; LOG_EXT(LEVEL_ERROR, "Invalid host key (error code 0x" << hex << (short)returnValue << ")."); return returnValue; } if (aucIdd == NULL || usIddLength == NULL || uiCurrentVolume == NULL) { returnValue = AUTHENTICATE_NULL_PARAMS; LOG_EXT(LEVEL_ERROR, "Invalid parameters (error code 0x" << hex << (short)returnValue << ")."); return returnValue; } if (!m_bInitialized) { returnValue = HW_NOT_INITIALIZED; LOG_EXT(LEVEL_ERROR, "Hardware not initialized (error code 0x" << hex << (short)returnValue << ")."); return returnValue; } try { LOG_EXT(LEVEL_INFO, "Cartridge #" << (unsigned short)ucCartridgeNum << " authentication started:"); LOG_EXT(LEVEL_INFO, "Reset cartridge #"<< (unsigned short)ucCartridgeNum << " info..."); int returnValue = ResetCartridgeInfo(ucCartridgeNum); if (returnValue != IDTLIB_SUCCESS) { LOG_EXT(LEVEL_ERROR, "Error resetting cartridge #"<< (unsigned short)ucCartridgeNum << " info (number of cartridges: " << (unsigned short)m_ucCartridgesCount << ", error code 0x" << hex << (short)returnValue << ")."); return returnValue; } LOG_EXT(LEVEL_INFO, "Switching to cartridge #"<< (unsigned short)ucCartridgeNum << "..."); returnValue = m_tagAdapter->SwitchToCartridge(ucCartridgeNum); if (returnValue != IDTLIB_SUCCESS) { LOG_EXT(LEVEL_ERROR, "Error switching to cartridge #"<< (unsigned short)ucCartridgeNum << " (number of cartridges: " << (unsigned short)m_ucCartridgesCount << ", error code 0x" << hex << (short)returnValue << ")."); return returnValue; } LOG_EXT(LEVEL_INFO, "Reading ID certificate..."); unsigned char aucBuffer[CERTIFICATE_SIZE]; memset(aucBuffer, 0, sizeof(aucBuffer)); returnValue = ReadIDCertificate(aucBuffer); if (returnValue != IDTLIB_SUCCESS) { LOG_EXT(LEVEL_ERROR, "Error reading ID certificate (error code 0x" << hex << (short)returnValue << ")."); return returnValue; } bool isEmpty = m_tagAdapter->IsCertificateEmpty(aucBuffer); if (isEmpty) { returnValue = EMPTY_CERTIFICATE_FILE; LOG_EXT(LEVEL_ERROR, "Tag is blank (error code 0x" << hex << (short)returnValue << ")."); return returnValue; } LOG_EXT(LEVEL_DEBUG, "Extracting cartridge #" << (unsigned short)ucCartridgeNum << " public key..."); IDCertificate *certificate = new IDCertificate(); unsigned short certificateSize; try { certificateSize = (unsigned short)certificate->Decode(aucBuffer); } catch (exception& e) { delete certificate; returnValue = INVALID_CERTIFICATE_FILE; LOG_EXT(LEVEL_ERROR, "Invalid certificate (error code 0x" << hex << (short)returnValue << "): " << e.what() << "."); return returnValue; } *usIddLength = certificateSize - SIGNATURE_SIZE - PUBLIC_KEY_SIZE; memcpy(aucIdd, aucBuffer, *usIddLength); ECDSA<EC2N, SHA256>::PublicKey* pubKS; if (aucPubKS != NULL) { pubKS = LoadPublicKey(aucPubKS); if (pubKS == NULL) { delete certificate; return INVALID_HOST_KEY; } } else { pubKS = m_pubKS; } LOG_EXT(LEVEL_INFO, "Verifying ID certificate..."); SetVerifier(pubKS); pthread_t verifierThread; VerifyParameters* verifyParameters = CreateVerifyParameters( m_veriferS, aucBuffer, certificateSize - SIGNATURE_SIZE, aucBuffer + (certificateSize - SIGNATURE_SIZE), SIGNATURE_SIZE); CreateVerifierThread(&verifierThread, verifyParameters); LOG_EXT(LEVEL_INFO, "Sending random token for IDT to sign..."); byte aucHostChallenge[TOKEN_SIZE]; GenerateToken(aucHostChallenge, TOKEN_SIZE); byte aucDeviceChallenge[64]; // expected device challenge length byte aucSignedDeviceChallenge[SIGNATURE_SIZE]; unsigned short usDeviceChallengeLength = sizeof(aucDeviceChallenge); unsigned short usSignedDeviceChallengeLength = sizeof(aucSignedDeviceChallenge); returnValue = ChallengeHostDevice(ucCartridgeNum, aucHostChallenge, TOKEN_SIZE, aucDeviceChallenge, &usDeviceChallengeLength, aucSignedDeviceChallenge, &usSignedDeviceChallengeLength); void* status; pthread_join(verifierThread, &status); delete verifyParameters; if (!m_bVerified) { returnValue = INVALID_CERTIFICATE_SIGNATURE; LOG_EXT(LEVEL_ERROR, "Error verifying ID certificate (error code 0x" << hex << (short)returnValue << ")."); delete certificate; return returnValue; } if (returnValue != IDTLIB_SUCCESS) { LOG_EXT(LEVEL_ERROR, "Error sending random token to IDT (error code 0x" << hex << (short)returnValue << ")."); delete certificate; return returnValue; } LOG_EXT(LEVEL_INFO, "Verifying IDT signature..."); verifyParameters = CreateVerifyParameters( certificate->IDD.GetVerifier(), aucDeviceChallenge, usDeviceChallengeLength, aucSignedDeviceChallenge, usSignedDeviceChallengeLength); CreateVerifierThread(&verifierThread, verifyParameters); LOG_EXT(LEVEL_INFO, "Getting current volume..."); returnValue = GetCurrentVolume(ucCartridgeNum, uiCurrentVolume); pthread_join(verifierThread, &status); delete verifyParameters; if (!m_bVerified) { returnValue = INVALID_TOKEN_SIGNATURE; LOG_EXT(LEVEL_ERROR, "Invalid signature (error code 0x" << hex << (short)returnValue << ")."); delete certificate; return returnValue; } if (returnValue != IDTLIB_SUCCESS) { LOG_EXT(LEVEL_ERROR, "Error getting current volume (error code 0x" << hex << (short)returnValue << ")."); delete certificate; return returnValue; } m_certificates[ucCartridgeNum] = certificate; LOG_EXT(LEVEL_INFO, "Cartridge #" << (unsigned short)ucCartridgeNum << " authentication ended successfully. Current weight: " << *uiCurrentVolume << " milligrams."); return returnValue; } catch (exception& e) { LOG_EXT(LEVEL_ERROR, "Exception caught: " << e.what() << "."); return EXCEPTION_CAUGHT; } }