Home Explore Help
Sign In
master
/
rustdesk-server-lejianwen
mirror of https://github.com/lejianwen/rustdesk-server.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Browse Source

Only ed25519

opentrade 4 years ago
parent
b1a37379c8
commit
c5e102fa6e
3 changed files with 33 additions and 79 deletions
Unified View Show Diff Stats
  1. 7 1
      Cargo.lock
  2. 1 1
      Cargo.toml
  3. 25 77
      src/lic.rs

+ 7 - 1
Cargo.lock
View File 

@@ -245,6 +245,12 @@ dependencies = [
245 
  "lazy_static",
 245 
  "lazy_static",
246 
 ]
 246 
 ]
247
247
248 
+[[package]]
249 
+name = "cryptoxide"
250 
+version = "0.3.2"
251 
+source = "registry+https://github.com/rust-lang/crates.io-index"
252 
+checksum = "46212f5d1792f89c3e866fb10636139464060110c568edd7f73ab5e9f736c26d"
253 
+
248 
 [[package]]
 254 
 [[package]]
249 
 name = "ct-logs"
 255 
 name = "ct-logs"
250 
 version = "0.6.0"
 256 
 version = "0.6.0"
 
@@ -620,11 +626,11 @@ version = "1.1.3"
620 
 dependencies = [
 626 
 dependencies = [
621 
  "base64 0.13.0",
 627 
  "base64 0.13.0",
622 
  "clap",
 628 
  "clap",
629 
+ "cryptoxide",
623 
  "hbb_common",
 630 
  "hbb_common",
624 
  "lazy_static",
 631 
  "lazy_static",
625 
  "mac_address",
 632 
  "mac_address",
626 
  "machine-uid",
 633 
  "machine-uid",
627 
- "rand 0.8.3",
628 
  "reqwest",
 634 
  "reqwest",
629 
  "rocksdb",
 635 
  "rocksdb",
630 
  "rust-ini",
 636 
  "rust-ini",

+ 1 - 1
Cargo.toml
View File 

@@ -24,7 +24,7 @@ machine-uid = "0.2"
24 
 mac_address = "1.1"
 24 
 mac_address = "1.1"
25 
 whoami = "0.9"
 25 
 whoami = "0.9"
26 
 base64 = "0.13"
 26 
 base64 = "0.13"
27 
-rand = "0.8"
27 
+cryptoxide = "0.3"
28
28
29 
 [build-dependencies]
 29 
 [build-dependencies]
30 
 hbb_common = { path = "libs/hbb_common" }
 30 
 hbb_common = { path = "libs/hbb_common" }

+ 25 - 77
src/lic.rs
View File 

@@ -1,12 +1,4 @@
1 
-use hbb_common::{
2 
-    bail, log,
3 
-    sodiumoxide::crypto::{
4 
-        secretbox::{self, Nonce},
5 
-        sign,
6 
-    },
7 
-    ResultType,
8 
-};
9 
-use rand::Rng;
1 
+use hbb_common::{bail, log, ResultType};
10 
 use serde_derive::{Deserialize, Serialize};
 2 
 use serde_derive::{Deserialize, Serialize};
11 
 use std::io::prelude::*;
 3 
 use std::io::prelude::*;
12 
 use std::path::Path;
 4 
 use std::path::Path;
 
@@ -24,13 +16,11 @@ pub struct Machine {
24 
 #[derive(Debug, PartialEq, Default, Serialize, Deserialize, Clone)]
 16 
 #[derive(Debug, PartialEq, Default, Serialize, Deserialize, Clone)]
25 
 pub struct Post {
 17 
 pub struct Post {
26 
     #[serde(default)]
 18 
     #[serde(default)]
27 
-    machine: Machine,
19 
+    machine: String,
28 
     #[serde(default)]
 20 
     #[serde(default)]
29 
     email: String,
 21 
     email: String,
30 
     #[serde(default)]
 22 
     #[serde(default)]
31 
     status: String,
 23 
     status: String,
32 
-    #[serde(default)]
33 
-    nonce: usize,
34 
 }
 24 
 }
35
25
36 
 const LICENSE_FILE: &'static str = ".license.txt";
 26 
 const LICENSE_FILE: &'static str = ".license.txt";
 
@@ -40,10 +30,8 @@ pub fn check_lic(email: &str) -> bool {
40 
     let path = Path::new(LICENSE_FILE);
 30 
     let path = Path::new(LICENSE_FILE);
41 
     if Path::is_file(&path) {
 31 
     if Path::is_file(&path) {
42 
         let contents = std::fs::read_to_string(&path).unwrap_or("".to_owned());
 32 
         let contents = std::fs::read_to_string(&path).unwrap_or("".to_owned());
43 
-        if let Ok(old_lic) = dec_machine(&contents) {
44 
-            if machine == old_lic {
45 
-                return true;
46 
-            }
33 
+        if verify(&contents, &machine) {
34 
+            return true;
47 
         }
 35 
         }
48 
     }
 36 
     }
49
37 
 
@@ -52,11 +40,8 @@ pub fn check_lic(email: &str) -> bool {
52 
         return false;
 40 
         return false;
53 
     }
 41 
     }
54
42
55 
-    match check_email(machine.clone(), email.to_owned()) {
43 
+    match check_email(machine, email.to_owned()) {
56 
         Ok(v) => {
 44 
         Ok(v) => {
57 
-            if v {
58 
-                write_lic(&machine);
59 
-            }
60 
             return v;
 45 
             return v;
61 
         }
 46 
         }
62 
         Err(err) => {
 47 
         Err(err) => {
 
@@ -66,95 +51,58 @@ pub fn check_lic(email: &str) -> bool {
66 
     }
 51 
     }
67 
 }
 52 
 }
68
53
69 
-fn write_lic(machine: &Machine) {
70 
-    if let Ok(s) = enc_machine(&machine) {
71 
-        if let Ok(mut f) = std::fs::File::create(LICENSE_FILE) {
72 
-            f.write_all(s.as_bytes()).ok();
73 
-            f.sync_all().ok();
74 
-        }
54 
+fn write_lic(lic: &str) {
55 
+    if let Ok(mut f) = std::fs::File::create(LICENSE_FILE) {
56 
+        f.write_all(lic.as_bytes()).ok();
57 
+        f.sync_all().ok();
75 
     }
 58 
     }
76 
 }
 59 
 }
77
60
78 
-fn check_email(machine: Machine, email: String) -> ResultType<bool> {
61 
+fn check_email(machine: String, email: String) -> ResultType<bool> {
79 
     log::info!("Checking email with the server ...");
 62 
     log::info!("Checking email with the server ...");
80 
-    let mut rng = rand::thread_rng();
81 
-    let nonce: usize = rng.gen();
82 
     use reqwest::blocking::Client;
 63 
     use reqwest::blocking::Client;
83 
     let resp = Client::new()
 64 
     let resp = Client::new()
84 
         .post("http://rustdesk.com/api/check-email")
 65 
         .post("http://rustdesk.com/api/check-email")
85 
         .json(&Post {
 66 
         .json(&Post {
86 
-            machine,
67 
+            machine: machine.clone(),
87 
             email,
 68 
             email,
88 
-            nonce,
89 
             ..Default::default()
 69 
             ..Default::default()
90 
         })
 70 
         })
91 
         .send()?;
 71 
         .send()?;
92 
     if resp.status().is_success() {
 72 
     if resp.status().is_success() {
93 
-        let text = base64::decode(resp.text()?)?;
94 
-        let p = dec_data(&text, nonce)?;
73 
+        let p: Post = resp.json()?;
74 
+        if !verify(&p.machine, &machine) {
75 
+            bail!("Verification failure");
76 
+        }
95 
         if !p.status.is_empty() {
 77 
         if !p.status.is_empty() {
96 
             bail!("{}", p.status);
 78 
             bail!("{}", p.status);
97 
         }
 79 
         }
80 
+        write_lic(&p.machine);
98 
     } else {
 81 
     } else {
99 
         bail!("Server error: {}", resp.status());
 82 
         bail!("Server error: {}", resp.status());
100 
     }
 83 
     }
101 
     Ok(true)
 84 
     Ok(true)
102 
 }
 85 
 }
103
86
104 
-fn get_lic() -> Machine {
87 
+fn get_lic() -> String {
105 
     let hostname = whoami::hostname();
 88 
     let hostname = whoami::hostname();
106 
     let uid = machine_uid::get().unwrap_or("".to_owned());
 89 
     let uid = machine_uid::get().unwrap_or("".to_owned());
107 
     let mac = if let Ok(Some(ma)) = mac_address::get_mac_address() {
 90 
     let mac = if let Ok(Some(ma)) = mac_address::get_mac_address() {
108 
-        base64::encode_config(ma.bytes(), base64::URL_SAFE_NO_PAD)
91 
+        base64::encode(ma.bytes())
109 
     } else {
 92 
     } else {
110 
         "".to_owned()
 93 
         "".to_owned()
111 
     };
 94 
     };
112 
-    Machine { hostname, uid, mac }
113 
-}
114 
-
115 
-fn enc_machine(machine: &Machine) -> ResultType<String> {
116 
-    let tmp = serde_json::to_vec::<Machine>(machine)?;
117 
-    const SK: &[u64] = &[
118 
-        139, 164, 88, 86, 6, 123, 221, 248, 96, 36, 106, 207, 99, 124, 27, 196, 5, 159, 58, 253,
119 
-        238, 94, 3, 184, 237, 236, 122, 59, 205, 95, 6, 189, 88, 168, 68, 104, 60, 5, 163, 198,
120 
-        165, 38, 12, 85, 114, 203, 96, 163, 70, 48, 0, 131, 57, 12, 46, 129, 83, 17, 84, 193, 119,
121 
-        197, 130, 103,
122 
-    ];
123 
-    let sk: Vec<u8> = SK.iter().map(|x| *x as u8).collect();
124 
-    let mut sk_ = [0u8; sign::SECRETKEYBYTES];
125 
-    sk_[..].copy_from_slice(&sk);
126 
-    let sk = sign::SecretKey(sk_);
127 
-    let tmp = base64::encode_config(sign::sign(&tmp, &sk), base64::URL_SAFE_NO_PAD);
128 
-    let tmp: String = tmp.chars().rev().collect();
129 
-    Ok(tmp)
95 
+    serde_json::to_string(&Machine { hostname, uid, mac }).unwrap()
130 
 }
 96 
 }
131
97
132 
-fn dec_machine(s: &str) -> ResultType<Machine> {
133 
-    let tmp: String = s.chars().rev().collect();
134 
-    const PK: &[u64] = &[
135 
-        88, 168, 68, 104, 60, 5, 163, 198, 165, 38, 12, 85, 114, 203, 96, 163, 70, 48, 0, 131, 57,
136 
-        12, 46, 129, 83, 17, 84, 193, 119, 197, 130, 103,
137 
-    ];
138 
-    let pk: Vec<u8> = PK.iter().map(|x| *x as u8).collect();
139 
-    let mut pk_ = [0u8; sign::PUBLICKEYBYTES];
140 
-    pk_[..].copy_from_slice(&pk);
141 
-    let pk = sign::PublicKey(pk_);
142 
-    if let Ok(data) = sign::verify(&base64::decode_config(tmp, base64::URL_SAFE_NO_PAD)?, &pk) {
143 
-        Ok(serde_json::from_slice::<Machine>(&data)?)
98 
+fn verify(enc_str: &str, msg: &str) -> bool {
99 
+    if let Ok(data) = base64::decode(enc_str) {
100 
+        let key =
101 
+            b"\xf1T\xc0\x1c\xffee\x86,S*\xd9.\x91\xcd\x85\x12:\xec\xa9 \x99:\x8a\xa2S\x1f Yy\x93R";
102 
+        cryptoxide::ed25519::verify(msg.as_bytes(), &key[..], &data)
144 
     } else {
 103 
     } else {
145 
-        bail!("sign:verify failed");
146 
-    }
147 
-}
148 
-
149 
-fn dec_data(data: &[u8], n: usize) -> ResultType<Post> {
150 
-    let key = b"\xa94\xb4\xb4\xda\xf82\x96\x8b\xb0\x9d\x04d\"\x94T\xa6\xdb\xf6\xd5i=Y.\xf5\xf5i\xa9\x14\x91\xa7\xa9";
151 
-    let mut nonce = Nonce([0u8; secretbox::NONCEBYTES]);
152 
-    nonce.0[..std::mem::size_of_val(&n)].copy_from_slice(&n.to_le_bytes());
153 
-    let key = secretbox::Key(*key);
154 
-    if let Ok(res) = secretbox::open(&data, &nonce, &key) {
155 
-        return Ok(serde_json::from_slice::<Post>(&res)?);
104 
+        false
156 
     }
 105 
     }
157 
-    bail!("Encryption error");
158 
 }
 106 
 }
159
107
160 
 pub const EMAIL_ARG: &'static str =
 108 
 pub const EMAIL_ARG: &'static str =