change key exchange to ED25519
This commit is contained in:
parent
256721aa12
commit
6afc26e601
GPG key ID:
3AC50A6F47D1B722
11 changed files with 148 additions and 105 deletions
|
|
@ -235,7 +235,7 @@ public final class Server implements IThreadListener, Executor {
|
|||
Log.IO.info("Config-Version: %s", version);
|
||||
Log.IO.info("Weltzeit: %d Ticks / %d Sekunden", time, time / 20L);
|
||||
Log.IO.info("Zuletzt geladen: %s", new SimpleDateFormat("dd.MM.yyyy HH:mm:ss").format(new Date(lastPlayed)));
|
||||
if(tag.hasByteArray("PrivateKey") && tag.hasByteArray("PublicKey")) {
|
||||
if(System.getProperty("server.regenkey") == null && tag.hasByteArray("PrivateKey") && tag.hasByteArray("PublicKey")) {
|
||||
PrivateKey key = EncryptUtil.decodePrivateKey(tag.getByteArray("PrivateKey"));
|
||||
PublicKey pubkey = EncryptUtil.decodePublicKey(tag.getByteArray("PublicKey"));
|
||||
if(key != null && pubkey != null)
|
||||
|
|
|
|||
|
|
@ -1,13 +1,9 @@
|
|||
package server.network;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
|
||||
import common.color.TextColor;
|
||||
import common.log.Log;
|
||||
import common.net.util.concurrent.Future;
|
||||
|
|
@ -39,6 +35,7 @@ public class LoginHandler implements ILoginHandler
|
|||
|
||||
private final Server server;
|
||||
public final NetConnection netManager;
|
||||
private final KeyPair tempKeys;
|
||||
|
||||
private LoginState state = LoginState.INIT;
|
||||
private int timer;
|
||||
|
|
@ -51,6 +48,7 @@ public class LoginHandler implements ILoginHandler
|
|||
{
|
||||
this.netManager = netManager;
|
||||
this.server = server;
|
||||
this.tempKeys = EncryptUtil.createDHKeypair();
|
||||
}
|
||||
|
||||
public void closeConnection(String reason)
|
||||
|
|
@ -139,9 +137,7 @@ public class LoginHandler implements ILoginHandler
|
|||
throw new IllegalStateException("Unerwartetes Handshake-Paket");
|
||||
if(SVars.encrypt) {
|
||||
this.state = LoginState.ENCRYPT;
|
||||
this.loginToken = new byte[4];
|
||||
TOKEN_RNG.nextBytes(this.loginToken);
|
||||
this.netManager.sendPacket(new RPacketRequestEncrypt(this.server.getPublicKey(), this.loginToken));
|
||||
this.netManager.sendPacket(new RPacketRequestEncrypt(this.server.getPublicKey(), this.tempKeys.getPublic()));
|
||||
}
|
||||
else {
|
||||
this.state = LoginState.PASSWORD;
|
||||
|
|
@ -152,11 +148,7 @@ public class LoginHandler implements ILoginHandler
|
|||
public void processEncryption(LPacketStartEncrypt packet) {
|
||||
if(this.state != LoginState.ENCRYPT)
|
||||
throw new IllegalStateException("Unerwartetes Verschlüsselungs-Paket");
|
||||
PrivateKey pkey = this.server.getPrivateKey();
|
||||
if(!Arrays.equals(this.loginToken, packet.getToken(pkey)))
|
||||
throw new IllegalStateException("Fehlerhaftes Token");
|
||||
SecretKey key = packet.getKey(pkey);
|
||||
this.netManager.startEncryption(key);
|
||||
this.netManager.startEncryption(EncryptUtil.makeKeyAgreement(this.tempKeys.getPrivate(), packet.getKey()));
|
||||
this.state = LoginState.PROOF;
|
||||
}
|
||||
|
||||
|
|
@ -164,7 +156,7 @@ public class LoginHandler implements ILoginHandler
|
|||
if(this.state != LoginState.PROOF)
|
||||
throw new IllegalStateException("Unerwartetes Anforderungs-Paket");
|
||||
this.state = LoginState.PASSWORD;
|
||||
this.netManager.sendPacket(new RPacketResponse(packet.getToken(this.server.getPrivateKey())), new GenericFutureListener < Future <? super Void >> () {
|
||||
this.netManager.sendPacket(new RPacketResponse(this.server.getPrivateKey(), packet.getToken()), new GenericFutureListener < Future <? super Void >> () {
|
||||
public void operationComplete(Future <? super Void > u) throws Exception {
|
||||
LoginHandler.this.netManager.sendPacket(new RPacketServerConfig(SVars.accessRequired, SVars.authenticate, SVars.authenticate && SVars.passwordAuth,
|
||||
SVars.authenticate && SVars.pubkeyAuth));
|
||||
|
|
@ -219,7 +211,7 @@ public class LoginHandler implements ILoginHandler
|
|||
this.loginKey = packet.getKey();
|
||||
this.loginToken = new byte[32];
|
||||
TOKEN_RNG.nextBytes(this.loginToken);
|
||||
this.netManager.sendPacket(new RPacketChallenge(this.loginKey, this.loginToken));
|
||||
this.netManager.sendPacket(new RPacketChallenge(this.loginToken));
|
||||
this.state = LoginState.CHALLENGE;
|
||||
}
|
||||
else {
|
||||
|
|
@ -230,7 +222,7 @@ public class LoginHandler implements ILoginHandler
|
|||
public void processResponse(LPacketResponse packet) {
|
||||
if(this.state != LoginState.CHALLENGE)
|
||||
throw new IllegalStateException("Unerwartetes Beweis-Paket");
|
||||
if(!Arrays.equals(this.loginToken, packet.getToken()))
|
||||
if(!packet.verifyToken(this.loginKey, this.loginToken))
|
||||
throw new IllegalStateException("Fehlerhaftes Beweis-Token");
|
||||
this.state = LoginState.AUTHENTICATED;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue