def dynamicauth_api2(request):
"""
动态二维码验证的第二步
:param request: 一个有效的请求应该包含形如以下的 POST 数据:
{"data": sm4_{DH_key}( id.ljust(64, '\x00') + H(IMEI) + r3 )}
:return: 如果所有检查成功,则会返回 0 表示登录成功,但是这个信号并不会传递到手机上
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64 * 3:
return json_response_zh(get_json_ret(41))
plain = decrypt_ecb(request.DH_key, data)
user_name = plain[:64].decode()
user = UserModel.objects.filter(user_name=user_name).first()
if user is None:
return json_response_zh(get_json_ret(41))
request.session['user_name'] = user_name
if user.hash_IMEI != plain[64:64 * 2].decode():
return json_response_zh(get_json_ret(50, msg="手机 IMEI 码验证失败"))
if user.random_value3.encode() != plain[64 * 2:64 * 3]:
return json_response_zh(get_json_ret(50, msg="随机数验证错误"))
user.random_value3 = None
user.login_status = True
user.save()
return json_response_zh(get_json_ret(0, msg='登录成功'))
def register_api(request):
"""
实现注册功能的 API
:param request: 有效的请求应该包含一个形如以下实例的 post 数据:
{"data": sm4( id.ljust(64, '\x00') + salt.ljust(64, '\x00') + A_pwd + B_pwd + sm3(IMEI) )}
:return: 如果失败,则会返回相对应的错误码;如果成功返回 0
"""
data = long_to_bytes(int(request.data, 16))
plain = decrypt_ecb(request.DH_key, data).decode()
if len(plain) != 64 * 5:
return json_response_zh(get_json_ret(41))
if UserModel.objects.filter(user_name=plain[:64]).exists():
from AuthServer.settings import DEBUG
if DEBUG:
user = UserModel.objects.get(user_name=plain[:64])
user.salt = plain[64:64 * 2]
user.A_pwd = plain[64 * 2:64 * 3]
user.B_pwd = plain[64 * 3:64 * 4]
user.save()
return json_response_zh(get_json_ret(0 if DEBUG else 52))
UserModel.objects.create(user_name=plain[:64],
salt=plain[64:64 * 2],
A_pwd=plain[64 * 2:64 * 3],
B_pwd=plain[64 * 3:64 * 4],
hash_IMEI=plain[64 * 4:64 * 5])
return json_response_zh(get_json_ret(0))
def pcauth_api1(request):
"""
PC 端验证口令的第一步
:param request: 一个有效的请求应该包含形如以下的 POST 数据:
{"data": sm4_{DH_key}( id.ljust(64, '\x00') ) + sm4_{salt}( hex(r1) ) }
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64 * 2:
return json_response_zh(get_json_ret(41))
user_name = decrypt_ecb(request.DH_key, data[:64]).decode()
user = UserModel.objects.filter(user_name=user_name).first()
if user is None:
return json_response_zh(get_json_ret(41))
user.random_value1 = decrypt_ecb(user.get_salt_sm4_key(),
data[64:]).decode()
user.save()
return json_response_zh(get_json_ret(0))
def mobileauth_api2(request):
"""
移动端验证口令的第二步
:param request: 一个有效的请求应该包含形如以下的 POST 数据
{"data": sm4_{DH_key}( hex(r2) + B_pwd* )}
:return: B_pwd* 与 B_pwd 是否相等
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64 * 2:
return json_response_zh(get_json_ret(41))
plain = decrypt_ecb(request.DH_key, data).decode()
if plain[:64] != request.user.random_value2:
return json_response_zh(get_json_ret(50, msg="随机数错误"))
if plain[64:] != request.user.B_pwd:
return json_response_zh(get_json_ret(50))
request.user.random_value2 = None
request.user.login_status = True
request.user.save()
return json_response_zh(
get_json_ret(0 if plain[64:] == request.user.B_pwd else 50))
def pcauth_api3(request):
"""
PC 端验证口令的第三步
:param request: 一个有效的请求应该包含形如以下的 POST 数据
{"data": sm4_{DH_key}( hex(r1) + B_pwd* )}
:return: B_pwd* 与 B_pwd 是否相等
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64 * 2:
return json_response_zh(get_json_ret(41))
plain = decrypt_ecb(request.DH_key, data).decode()
if plain[:64] != request.user.random_value1:
return json_response_zh(get_json_ret(50, msg="随机数错误"))
assert isinstance(request.user, UserModel)
if plain[64:] != request.user.B_pwd:
return json_response_zh(get_json_ret(50))
request.user.random_value1 = None
request.user.login_status = True
request.user.save()
return json_response_zh(get_json_ret(0))
def pcauth_api2(request):
"""
pc 端验证口令的第二步,PC 端不断请求服务器,查看第一步是否完成
:param request: 一个正常的请求应该包含如下的 POST 数据:
{"data": sm4_{DH_key}( id.ljust(64, '\x00') )}
:return:
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64:
return json_response_zh(get_json_ret(41))
user_name = decrypt_ecb(request.DH_key, data).decode()
user = UserModel.objects.filter(user_name=user_name).first()
if user is None:
return json_response_zh(get_json_ret(41))
if user.random_value1 is None:
return json_response_zh(get_json_ret(42))
request.session['user_name'] = user_name
ret_data = encrypt_ecb(request.DH_key,
(user.random_value1 + user.A_pwd).encode())
return json_response_zh(get_json_ret(0, data=ret_data.hex()))
def dynamicauth_api1(request):
"""
动态二维码验证的第一步
:param request: 一个有效的请求应该包含形如以下的 POST 数据:
{"data": sm4_{DH_key}( id.ljust(64, '\x00') )}
:return: {data: sm4_{salt}(r3)}
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64:
return json_response_zh(get_json_ret(41))
user_name = decrypt_ecb(request.DH_key, data).decode()
user = UserModel.objects.filter(user_name=user_name).first()
if user is None:
return json_response_zh(get_json_ret(41))
request.session['user_name'] = user_name
from Crypto.Util.number import getRandomNBitInteger
user.random_value3 = hex(getRandomNBitInteger(256))[2:].ljust(64, '\x00')
user.save()
ret_data = encrypt_ecb(user.get_salt_sm4_key(),
user.random_value3.encode())
return json_response_zh(get_json_ret(0, data=ret_data.hex()))
def mobileauth_api1(request):
"""
移动端进行验证的第一步
:param request: 一个有效的请求应该包含形如以下的 POST 数据
{"data": sm4_{DH_key}( id.ljust(64, '\x00') )}
:return: 如果一切验证成功,则正常应该返回下面的内容:
{"data": sm4_{salt}( r2 + A_pwd )}
"""
data = long_to_bytes(int(request.data, 16))
if len(data) != 64:
return json_response_zh(get_json_ret(41))
user_name = decrypt_ecb(request.DH_key, data).decode()
user = UserModel.objects.filter(user_name=user_name).first()
if user is None:
return json_response_zh(get_json_ret(41))
request.session['user_name'] = user_name
user.random_value2 = hex(getRandomNBitInteger(256))[2:].ljust(64, '\x00')
user.save()
ret_data = encrypt_ecb(user.get_salt_sm4_key(),
(user.random_value2 + user.A_pwd).encode())
return json_response_zh(get_json_ret(0, data=ret_data.hex()))
def dynamicauth_api3(request):
"""
动态二维码验证的第三步,PC 端检查自己是否登录成功
"""
return json_response_zh(
get_json_ret(0 if request.user.login_status else 51))
