-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.nim
194 lines (135 loc) · 5.52 KB
/
auth.nim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# nimble install pixie qrgen base32 otp
import otp,os
import base32
import QRgen
import QRgen/renderer
import pkg/pixie
import strutils
import nimAES
import strutils
var debug = false
type
Auth = ref object of RootObj
secret: string # 关键校验基准key,用于生成Google动态key
# 下面的aes cbc 加密key是,只能是16、24、32字节。如果密码字符串长度不够,
# 可以在字符串末尾追加一些特定的字符,或者重复密码字符串,直到满足最少的长度
communicationKey: string # 网络流量对称解密key
communicationIV: string # AES 的 IV
# interval: int # 检测频率
# whiteips: seq[(string,int)] # 白名单
# blackips: seq[(string,int)] # 黑名单
# proc at*(self: HOTP, count: int): int =
# return self.generate(count)
proc adjustAesCbcEncryptionKey(key: string): string =
const desiredLengths = @[16, 24, 32]
let keyLength = key.len
if keyLength > desiredLengths[2]:
result = key[0 ..< desiredLengths[2]]
else:
for desiredLength in desiredLengths:
if keyLength <= desiredLength:
result = key & " ".repeat(desiredLength - keyLength)
break
return result
# padding 字符串长度到指定长度的倍数,
proc padStringToMultiple(str: string, desiredLength: int = 16, paddingChar: char = ' '): string =
var strLength = len(str)
var paddingLength = desiredLength - (strLength mod desiredLength)
return str & paddingChar.repeat(paddingLength)
# padding 字符串长度到指定长度的倍数,这里默认16的倍数
proc adjustAesCbcInput(text: string): string =
return padStringToMultiple(text)
#CBC的IV必须是16字节
proc adjustAesCbcIV(iv: string): string =
return padStringToMultiple(iv)[0..15]
# 初始化
# 默认每30秒检测一次白名单,超过10min未心跳的ip加入黑名单(后期复杂了,再加黑白名单)
# proc newAuth*(secret: string , interval: int = 30 , whiteips:seq[(string,int)] = @[] , blackips:seq[(string,int)] = @[]) : Auth =
proc newAuth*(secret: string,communicationKey: string , communicationIV: string) : Auth =
new(result)
result.secret = secret
#
result.communicationKey = adjustAesCbcEncryptionKey(communicationKey)
result.communicationIV = adjustAesCbcIV(communicationIV)
# echo "[newAuth] result->",result.communicationKey.len
# echo repr(result)
return result
# result.interval = interval
# result.whiteips = whiteips
# result.blackips = blackips
#
# Google动态认证码生成
proc gen*(self: Auth): string =
return intToStr(newTotp(encode(self.secret)).now(),6)
# 当前使用的方法
# 六位数的google动态认证码比对
proc check*(self: Auth , client_token:string): bool =
# echo "Beging Auth.check->",repr(intToStr(newTotp(encode(self.secret)).now(),6))
# echo "client_token->",repr(client_token)
# 因为encryptCBC的加密内容必须是16字节的倍数,所以客户端生成的6位Google动态码,padding10位的空格
# aes解密回来的client_token必须删除结尾的空格
return intToStr(newTotp(encode(self.secret)).now(),6) == client_token.strip()
# 加密网络加密包
# 这里用aes来做网络传输数据的加密
proc encryptNetworkPackets*(self: Auth, packets: string ): string =
var aes = initAES()
try:
# echo "Befor setEncodeKey=>[",self.communicationKey,"]",self.communicationKey.len,"-",self.secret.len
if aes.setEncodeKey(self.communicationKey):
# echo "[encryptNetworkPackets]=>",aes.encryptCBC("abcd"),"<="
# echo "self.communicationIV=>",self.communicationIV
# encryptCBC will change communicationIV. so must use a tmp copy
var tmpIV = self.communicationIV
result = aes.encryptCBC(tmpIV, adjustAesCbcInput(packets))
# echo "self.communicationIV=>",self.communicationIV
# echo "result->",result
# echo "packets->",packets
except:
echo getCurrentExceptionMsg()
discard
# 解密网络加密包
# 这里用aes来做网络传输数据的加解密
proc decryptNetworkPackets*(self: Auth, packets: string ): string =
var aes = initAES()
try:
if aes.setDecodeKey(self.communicationKey):
# echo "self.communicationKey=>",self.communicationKey
# echo "self.communicationIV=>",self.communicationIV
var tmpIV = self.communicationIV
result = aes.decryptCBC(tmpIV, packets)
# echo "self.communicationIV=>",self.communicationIV
except:
discard
# return result
# test demo
# var t = newAuth("shithacking")
# echo "Checking resutl:=> ", t.check("632623")
# echo t.whiteips.len
# echo t.blackips.len
# debug = true
if debug:
#let totp = newTotp("abcdefgabcdefghijk123")
let totp = newTotp(encode("shithacking"))
# let totp = newTotp(encode("12323abcds"))
#echo totp.provisioning_uri()
echo totp.provisioning_uri("[email protected]")
echo totp.provisioning_uri("[email protected]")
let myQR = newQR(totp.provisioning_uri("[email protected]"))
myQR.printTerminal
let myQRImg = myQR.renderImg("#1d2021","#98971a",100,100,25)
writeFile( myQRImg , "t1.png")
echo intToStr(totp.now(),6)
sleep(5000)
echo intToStr(totp.now(),6)
sleep(5000)
echo intToStr(totp.now(),6)
sleep(5000)
echo totp.now()
sleep(5000)
echo intToStr(totp.now(),6)
sleep(5000)
echo intToStr(totp.now(),6)
sleep(5000)
echo intToStr(totp.now(),6)
sleep(5000)
echo intToStr(totp.now(),6)