View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004647 | Spring engine | General | public | 2015-01-12 21:20 | 2015-03-01 11:45 |
| Reporter | gajop | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 99.0 | ||||
| Summary | 0004647: Equip Spring with the required encryption tools to connect to uberserver | ||||
| Description | Ever since security was added to the uberserver it's no longer possible to login to uberserver using liblobby because the HASH command was removed: https://github.com/spring/uberserver/commit/8561dac53482456cd7e02fcaaf0338557b4fa2bc I suggest we add basic security functions needed, maybe using a library such as this: https://code.google.com/p/keyczar/ ? It seems to contain AES, RSA and HMAC which is all we need. Is anyone interested in doing this or should I try? (not entirely sure on the when though) | ||||
| Tags | No tags attached. | ||||
| Checked infolog.txt for Errors | |||||
|
|
Oh, I forgot to mention, but I don't think we should bother adding MD5 that would give support for the old encryption system. We might as well do this right if we plan to add encryption to Spring. |
|
|
imo use libcrypto for that?! not sure if it could be reused for springlobby / flobby. https://github.com/springlobby/springlobby/issues/314 md5/base64 should be already contained in spring source, only the lua api is missing for that. |
|
|
Does it support AES? It doesn't seem listed there, is Python implementation the same? |
|
|
indeed, seems pretty unclear if it supports AES or not :-| i looked into examples and found this which looks like it supports AES: https://github.com/saju/misc/blob/master/misc/openssl_aes.c maybe we should list requirements first (imo): - (your points): AES, RSA and HMAC - c or c++ api - license is gpl2+ / allows static linking - should be in debian/ubuntu repositories at least - should be a lib in mxe http://mxe.cc/ - no / few external dependencies this makes it already very difficult to find a lib :-| libgcrypt maybe fit as well. keyczar isn't in mxe/debian/ubuntu, also it uses scons for build and uses libcrypto it seems: https://code.google.com/p/keyczar/wiki/CppTutorial |
|
|
i've asked in forum: http://springrts.com/phpbb/viewtopic.php?p=564550#p564550 |
|
|
for unencrypted login only md5 to encrypt the password is missing. for lua a simple base64 implemention exists: http://lua-users.org/wiki/BaseSixtyFour |
|
|
https://github.com/kikito/md5.lua ? (didn't tested, may need 64bit floats) |
|
|
hmm, aes in lua: https://github.com/bighil/aeslua |
|
|
md5 lua lib doesn't work i also doubt aes or b64 do either.. we are working with floats here, where double is the lua default |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-01-12 21:20 | gajop | New Issue | |
| 2015-01-12 21:24 | gajop | Note Added: 0013919 | |
| 2015-01-12 23:52 | abma | Note Added: 0013920 | |
| 2015-01-13 04:51 | gajop | Note Added: 0013921 | |
| 2015-01-13 10:56 | abma | Note Added: 0013922 | |
| 2015-01-13 10:56 | abma | Note Edited: 0013922 | |
| 2015-01-13 11:02 | abma | Note Edited: 0013922 | |
| 2015-01-13 11:39 | abma | Severity | minor => feature |
| 2015-01-13 19:08 | abma | Note Added: 0013923 | |
| 2015-01-27 21:47 | abma | Note Added: 0013950 | |
| 2015-01-27 22:21 | jK | Note Added: 0013951 | |
| 2015-01-27 22:22 | jK | Note Edited: 0013951 | |
| 2015-01-28 13:56 | abma | Note Added: 0013952 | |
| 2015-03-01 11:45 | gajop | Note Added: 0014101 |
