2025-10-31 00:49 CET
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004647Spring engineGeneralpublic2015-01-12 21:202015-03-01 11:45
Reportergajop 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusnewResolutionopen 
Product Version99.0 
Target VersionFixed in Version 
Summary0004647: Equip Spring with the required encryption tools to connect to uberserver
DescriptionEver since security was added to the uberserver it's no longer possible to login to uberserver using liblobby because the HASH command was removed: https://github.com/spring/uberserver/commit/8561dac53482456cd7e02fcaaf0338557b4fa2bc

I suggest we add basic security functions needed, maybe using a library such as this: https://code.google.com/p/keyczar/ ? It seems to contain AES, RSA and HMAC which is all we need.

Is anyone interested in doing this or should I try? (not entirely sure on the when though)
TagsNo tags attached.
Checked infolog.txt for Errors
Attached Files

-Relationships
+Relationships

-Notes

~0013919

gajop (developer)

2015-01-12 21:24

 Oh, I forgot to mention, but I don't think we should bother adding MD5 that would give support for the old encryption system. We might as well do this right if we plan to add encryption to Spring.

~0013920

abma (administrator)

2015-01-12 23:52

 imo use libcrypto for that?!

not sure if it could be reused for springlobby / flobby.

https://github.com/springlobby/springlobby/issues/314


md5/base64 should be already contained in spring source, only the lua api is missing for that.

~0013921

gajop (developer)

2015-01-13 04:51

 Does it support AES? It doesn't seem listed there, is Python implementation the same?

~0013922

abma (administrator)

2015-01-13 10:56

Last edited: 2015-01-13 11:02

View 3 revisions

 indeed, seems pretty unclear if it supports AES or not :-|

i looked into examples and found this which looks like it supports AES:

https://github.com/saju/misc/blob/master/misc/openssl_aes.c

maybe we should list requirements first (imo):
- (your points): AES, RSA and HMAC
- c or c++ api
- license is gpl2+ / allows static linking
- should be in debian/ubuntu repositories at least
- should be a lib in mxe http://mxe.cc/
- no / few external dependencies

this makes it already very difficult to find a lib :-|

libgcrypt maybe fit as well. keyczar isn't in mxe/debian/ubuntu, also it uses scons for build and uses libcrypto it seems: https://code.google.com/p/keyczar/wiki/CppTutorial

~0013923

abma (administrator)

2015-01-13 19:08

 i've asked in forum: http://springrts.com/phpbb/viewtopic.php?p=564550#p564550

~0013950

abma (administrator)

2015-01-27 21:47

 for unencrypted login only md5 to encrypt the password is missing.

for lua a simple base64 implemention exists:

http://lua-users.org/wiki/BaseSixtyFour

~0013951

jK (developer)

2015-01-27 22:21

Last edited: 2015-01-27 22:22

View 2 revisions

 https://github.com/kikito/md5.lua ?
(didn't tested, may need 64bit floats)

~0013952

abma (administrator)

2015-01-28 13:56

 hmm, aes in lua: https://github.com/bighil/aeslua

~0014101

gajop (developer)

2015-03-01 11:45

 md5 lua lib doesn't work
i also doubt aes or b64 do either.. we are working with floats here, where double is the lua default
+Notes

-Issue History
Date Modified Username Field Change
2015-01-12 21:20 gajop New Issue
2015-01-12 21:24 gajop Note Added: 0013919
2015-01-12 23:52 abma Note Added: 0013920
2015-01-13 04:51 gajop Note Added: 0013921
2015-01-13 10:56 abma Note Added: 0013922
2015-01-13 10:56 abma Note Edited: 0013922 View Revisions
2015-01-13 11:02 abma Note Edited: 0013922 View Revisions
2015-01-13 11:39 abma Severity minor => feature
2015-01-13 19:08 abma Note Added: 0013923
2015-01-27 21:47 abma Note Added: 0013950
2015-01-27 22:21 jK Note Added: 0013951
2015-01-27 22:22 jK Note Edited: 0013951 View Revisions
2015-01-28 13:56 abma Note Added: 0013952
2015-03-01 11:45 gajop Note Added: 0014101
+Issue History