def dynamicauth_api2(request): """ 动态二维码验证的第二步 :param request: 一个有效的请求应该包含形如以下的 POST 数据: {"data": sm4_{DH_key}( id.ljust(64, '\x00') + H(IMEI) + r3 )} :return: 如果所有检查成功,则会返回 0 表示登录成功,但是这个信号并不会传递到手机上 """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64 * 3: return json_response_zh(get_json_ret(41)) plain = decrypt_ecb(request.DH_key, data) user_name = plain[:64].decode() user = UserModel.objects.filter(user_name=user_name).first() if user is None: return json_response_zh(get_json_ret(41)) request.session['user_name'] = user_name if user.hash_IMEI != plain[64:64 * 2].decode(): return json_response_zh(get_json_ret(50, msg="手机 IMEI 码验证失败")) if user.random_value3.encode() != plain[64 * 2:64 * 3]: return json_response_zh(get_json_ret(50, msg="随机数验证错误")) user.random_value3 = None user.login_status = True user.save() return json_response_zh(get_json_ret(0, msg='登录成功'))
def register_api(request): """ 实现注册功能的 API :param request: 有效的请求应该包含一个形如以下实例的 post 数据: {"data": sm4( id.ljust(64, '\x00') + salt.ljust(64, '\x00') + A_pwd + B_pwd + sm3(IMEI) )} :return: 如果失败,则会返回相对应的错误码;如果成功返回 0 """ data = long_to_bytes(int(request.data, 16)) plain = decrypt_ecb(request.DH_key, data).decode() if len(plain) != 64 * 5: return json_response_zh(get_json_ret(41)) if UserModel.objects.filter(user_name=plain[:64]).exists(): from AuthServer.settings import DEBUG if DEBUG: user = UserModel.objects.get(user_name=plain[:64]) user.salt = plain[64:64 * 2] user.A_pwd = plain[64 * 2:64 * 3] user.B_pwd = plain[64 * 3:64 * 4] user.save() return json_response_zh(get_json_ret(0 if DEBUG else 52)) UserModel.objects.create(user_name=plain[:64], salt=plain[64:64 * 2], A_pwd=plain[64 * 2:64 * 3], B_pwd=plain[64 * 3:64 * 4], hash_IMEI=plain[64 * 4:64 * 5]) return json_response_zh(get_json_ret(0))
def pcauth_api1(request): """ PC 端验证口令的第一步 :param request: 一个有效的请求应该包含形如以下的 POST 数据: {"data": sm4_{DH_key}( id.ljust(64, '\x00') ) + sm4_{salt}( hex(r1) ) } """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64 * 2: return json_response_zh(get_json_ret(41)) user_name = decrypt_ecb(request.DH_key, data[:64]).decode() user = UserModel.objects.filter(user_name=user_name).first() if user is None: return json_response_zh(get_json_ret(41)) user.random_value1 = decrypt_ecb(user.get_salt_sm4_key(), data[64:]).decode() user.save() return json_response_zh(get_json_ret(0))
def mobileauth_api2(request): """ 移动端验证口令的第二步 :param request: 一个有效的请求应该包含形如以下的 POST 数据 {"data": sm4_{DH_key}( hex(r2) + B_pwd* )} :return: B_pwd* 与 B_pwd 是否相等 """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64 * 2: return json_response_zh(get_json_ret(41)) plain = decrypt_ecb(request.DH_key, data).decode() if plain[:64] != request.user.random_value2: return json_response_zh(get_json_ret(50, msg="随机数错误")) if plain[64:] != request.user.B_pwd: return json_response_zh(get_json_ret(50)) request.user.random_value2 = None request.user.login_status = True request.user.save() return json_response_zh( get_json_ret(0 if plain[64:] == request.user.B_pwd else 50))
def pcauth_api3(request): """ PC 端验证口令的第三步 :param request: 一个有效的请求应该包含形如以下的 POST 数据 {"data": sm4_{DH_key}( hex(r1) + B_pwd* )} :return: B_pwd* 与 B_pwd 是否相等 """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64 * 2: return json_response_zh(get_json_ret(41)) plain = decrypt_ecb(request.DH_key, data).decode() if plain[:64] != request.user.random_value1: return json_response_zh(get_json_ret(50, msg="随机数错误")) assert isinstance(request.user, UserModel) if plain[64:] != request.user.B_pwd: return json_response_zh(get_json_ret(50)) request.user.random_value1 = None request.user.login_status = True request.user.save() return json_response_zh(get_json_ret(0))
def pcauth_api2(request): """ pc 端验证口令的第二步,PC 端不断请求服务器,查看第一步是否完成 :param request: 一个正常的请求应该包含如下的 POST 数据: {"data": sm4_{DH_key}( id.ljust(64, '\x00') )} :return: """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64: return json_response_zh(get_json_ret(41)) user_name = decrypt_ecb(request.DH_key, data).decode() user = UserModel.objects.filter(user_name=user_name).first() if user is None: return json_response_zh(get_json_ret(41)) if user.random_value1 is None: return json_response_zh(get_json_ret(42)) request.session['user_name'] = user_name ret_data = encrypt_ecb(request.DH_key, (user.random_value1 + user.A_pwd).encode()) return json_response_zh(get_json_ret(0, data=ret_data.hex()))
def dynamicauth_api1(request): """ 动态二维码验证的第一步 :param request: 一个有效的请求应该包含形如以下的 POST 数据: {"data": sm4_{DH_key}( id.ljust(64, '\x00') )} :return: {data: sm4_{salt}(r3)} """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64: return json_response_zh(get_json_ret(41)) user_name = decrypt_ecb(request.DH_key, data).decode() user = UserModel.objects.filter(user_name=user_name).first() if user is None: return json_response_zh(get_json_ret(41)) request.session['user_name'] = user_name from Crypto.Util.number import getRandomNBitInteger user.random_value3 = hex(getRandomNBitInteger(256))[2:].ljust(64, '\x00') user.save() ret_data = encrypt_ecb(user.get_salt_sm4_key(), user.random_value3.encode()) return json_response_zh(get_json_ret(0, data=ret_data.hex()))
def mobileauth_api1(request): """ 移动端进行验证的第一步 :param request: 一个有效的请求应该包含形如以下的 POST 数据 {"data": sm4_{DH_key}( id.ljust(64, '\x00') )} :return: 如果一切验证成功,则正常应该返回下面的内容: {"data": sm4_{salt}( r2 + A_pwd )} """ data = long_to_bytes(int(request.data, 16)) if len(data) != 64: return json_response_zh(get_json_ret(41)) user_name = decrypt_ecb(request.DH_key, data).decode() user = UserModel.objects.filter(user_name=user_name).first() if user is None: return json_response_zh(get_json_ret(41)) request.session['user_name'] = user_name user.random_value2 = hex(getRandomNBitInteger(256))[2:].ljust(64, '\x00') user.save() ret_data = encrypt_ecb(user.get_salt_sm4_key(), (user.random_value2 + user.A_pwd).encode()) return json_response_zh(get_json_ret(0, data=ret_data.hex()))