5 import java.util.Arrays;
7 import javax.crypto.spec.*;
8 import java.security.SecureRandom;
9 import java.nio.ByteBuffer;
12 * This class provides a communication API to the webserver. It also
13 * validates the HMACs on the slots and handles encryption.
14 * @author Brian Demsky <bdemsky@uci.edu>
20 private static final int SALT_SIZE = 8;
21 private static final int TIMEOUT_MILLIS = 2000; // 100
22 public static final int IV_SIZE = 16;
24 /** Sets the size for the HMAC. */
25 static final int HMAC_SIZE = 32;
27 private String baseurl;
28 private SecretKeySpec key;
30 private String password;
31 private SecureRandom random;
34 private int listeningPort = -1;
35 private Thread localServerThread = null;
36 private boolean doEnd = false;
38 private TimingSingleton timer = null;
41 * Empty Constructor needed for child class.
44 timer = TimingSingleton.getInstance();
48 * Constructor for actual use. Takes in the url and password.
50 CloudComm(Table _table, String _baseurl, String _password, int _listeningPort) {
51 timer = TimingSingleton.getInstance();
53 this.baseurl = _baseurl;
54 this.password = _password;
55 this.random = new SecureRandom();
56 this.listeningPort = _listeningPort;
58 if (this.listeningPort > 0) {
59 localServerThread = new Thread(new Runnable() {
61 localServerWorkerFunction();
64 localServerThread.start();
69 * Generates Key from password.
71 private SecretKeySpec initKey() {
73 PBEKeySpec keyspec = new PBEKeySpec(password.toCharArray(),
77 SecretKey tmpkey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(keyspec);
78 return new SecretKeySpec(tmpkey.getEncoded(), "AES");
79 } catch (Exception e) {
81 throw new Error("Failed generating key.");
86 * Inits all the security stuff
88 public void initSecurity() throws ServerException {
89 // try to get the salt and if one does not exist set one
99 * Inits the HMAC generator.
101 private void initCrypt() {
103 if (password == null) {
109 password = null; // drop password
110 mac = Mac.getInstance("HmacSHA256");
112 } catch (Exception e) {
114 throw new Error("Failed To Initialize Ciphers");
119 * Builds the URL for the given request.
121 private URL buildRequest(boolean isput, long sequencenumber, long maxentries) throws IOException {
122 String reqstring = isput ? "req=putslot" : "req=getslot";
123 String urlstr = baseurl + "?" + reqstring + "&seq=" + sequencenumber;
125 urlstr += "&max=" + maxentries;
126 return new URL(urlstr);
129 private void setSalt() throws ServerException {
132 // Salt already sent to server so dont set it again
137 byte[] saltTmp = new byte[SALT_SIZE];
138 random.nextBytes(saltTmp);
140 for (int i = 0; i < SALT_SIZE; i++) {
141 System.out.println((int)saltTmp[i] & 255);
145 URL url = new URL(baseurl + "?req=setsalt");
148 URLConnection con = url.openConnection();
149 HttpURLConnection http = (HttpURLConnection) con;
151 http.setRequestMethod("POST");
152 http.setFixedLengthStreamingMode(saltTmp.length);
153 http.setDoOutput(true);
154 http.setConnectTimeout(TIMEOUT_MILLIS);
159 OutputStream os = http.getOutputStream();
163 int responsecode = http.getResponseCode();
164 if (responsecode != HttpURLConnection.HTTP_OK) {
165 // TODO: Remove this print
166 System.out.println(responsecode);
167 throw new Error("Invalid response");
173 } catch (Exception e) {
174 // e.printStackTrace();
176 throw new ServerException("Failed setting salt", ServerException.TypeConnectTimeout);
180 private boolean getSalt() throws ServerException {
182 URLConnection con = null;
183 HttpURLConnection http = null;
186 url = new URL(baseurl + "?req=getsalt");
187 } catch (Exception e) {
188 // e.printStackTrace();
189 throw new Error("getSlot failed");
194 con = url.openConnection();
195 http = (HttpURLConnection) con;
196 http.setRequestMethod("POST");
197 http.setConnectTimeout(TIMEOUT_MILLIS);
198 http.setReadTimeout(TIMEOUT_MILLIS);
203 } catch (SocketTimeoutException e) {
205 throw new ServerException("getSalt failed", ServerException.TypeConnectTimeout);
206 } catch (Exception e) {
207 // e.printStackTrace();
208 throw new Error("getSlot failed");
215 int responsecode = http.getResponseCode();
216 if (responsecode != HttpURLConnection.HTTP_OK) {
217 // TODO: Remove this print
218 // System.out.println(responsecode);
219 throw new Error("Invalid response");
222 InputStream is = http.getInputStream();
223 if (is.available() > 0) {
224 DataInputStream dis = new DataInputStream(is);
225 int salt_length = dis.readInt();
226 byte [] tmp = new byte[salt_length];
237 } catch (SocketTimeoutException e) {
240 throw new ServerException("getSalt failed", ServerException.TypeInputTimeout);
241 } catch (Exception e) {
242 // e.printStackTrace();
243 throw new Error("getSlot failed");
247 private byte[] createIV(long machineId, long localSequenceNumber) {
248 ByteBuffer buffer = ByteBuffer.allocate(IV_SIZE);
249 buffer.putLong(machineId);
250 long localSequenceNumberShifted = localSequenceNumber << 16;
251 buffer.putLong(localSequenceNumberShifted);
252 return buffer.array();
256 private byte[] encryptSlotAndPrependIV(byte[] rawData, byte[] ivBytes) {
258 IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
259 Cipher cipher = Cipher.getInstance("AES/CTR/PKCS5Padding");
260 cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
262 byte[] encryptedBytes = cipher.doFinal(rawData);
264 byte[] bytes = new byte[encryptedBytes.length + IV_SIZE];
265 System.arraycopy(ivBytes, 0, bytes, 0, ivBytes.length);
266 System.arraycopy(encryptedBytes, 0, bytes, IV_SIZE, encryptedBytes.length);
270 } catch (Exception e) {
272 throw new Error("Failed To Encrypt");
277 private byte[] stripIVAndDecryptSlot(byte[] rawData) {
279 byte[] ivBytes = new byte[IV_SIZE];
280 byte[] encryptedBytes = new byte[rawData.length - IV_SIZE];
281 System.arraycopy(rawData, 0, ivBytes, 0, IV_SIZE);
282 System.arraycopy(rawData, IV_SIZE, encryptedBytes, 0 , encryptedBytes.length);
284 IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
286 Cipher cipher = Cipher.getInstance("AES/CTR/PKCS5Padding");
287 cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
289 return cipher.doFinal(encryptedBytes);
291 } catch (Exception e) {
293 throw new Error("Failed To Decrypt");
299 * API for putting a slot into the queue. Returns null on success.
300 * On failure, the server will send slots with newer sequence
303 public Slot[] putSlot(Slot slot, int max) throws ServerException {
305 URLConnection con = null;
306 HttpURLConnection http = null;
311 throw new ServerException("putSlot failed", ServerException.TypeSalt);
316 long sequencenumber = slot.getSequenceNumber();
317 byte[] slotBytes = slot.encode(mac);
318 // slotBytes = encryptCipher.doFinal(slotBytes);
320 // byte[] iVBytes = slot.getSlotCryptIV();
322 // byte[] bytes = new byte[slotBytes.length + IV_SIZE];
323 // System.arraycopy(iVBytes, 0, bytes, 0, iVBytes.length);
324 // System.arraycopy(slotBytes, 0, bytes, IV_SIZE, slotBytes.length);
327 byte[] bytes = encryptSlotAndPrependIV(slotBytes, slot.getSlotCryptIV());
329 url = buildRequest(true, sequencenumber, max);
332 con = url.openConnection();
333 http = (HttpURLConnection) con;
335 http.setRequestMethod("POST");
336 http.setFixedLengthStreamingMode(bytes.length);
337 http.setDoOutput(true);
338 http.setConnectTimeout(TIMEOUT_MILLIS);
339 http.setReadTimeout(TIMEOUT_MILLIS);
342 OutputStream os = http.getOutputStream();
349 // System.out.println("Bytes Sent: " + bytes.length);
350 } catch (ServerException e) {
354 } catch (SocketTimeoutException e) {
357 throw new ServerException("putSlot failed", ServerException.TypeConnectTimeout);
358 } catch (Exception e) {
359 // e.printStackTrace();
360 throw new Error("putSlot failed");
367 InputStream is = http.getInputStream();
368 DataInputStream dis = new DataInputStream(is);
369 byte[] resptype = new byte[7];
370 dis.readFully(resptype);
373 if (Arrays.equals(resptype, "getslot".getBytes())) {
374 return processSlots(dis);
375 } else if (Arrays.equals(resptype, "putslot".getBytes())) {
378 throw new Error("Bad response to putslot");
380 } catch (SocketTimeoutException e) {
382 throw new ServerException("putSlot failed", ServerException.TypeInputTimeout);
383 } catch (Exception e) {
384 // e.printStackTrace();
385 throw new Error("putSlot failed");
390 * Request the server to send all slots with the given
391 * sequencenumber or newer.
393 public Slot[] getSlots(long sequencenumber) throws ServerException {
395 URLConnection con = null;
396 HttpURLConnection http = null;
401 throw new ServerException("getSlots failed", ServerException.TypeSalt);
406 url = buildRequest(false, sequencenumber, 0);
408 con = url.openConnection();
409 http = (HttpURLConnection) con;
410 http.setRequestMethod("POST");
411 http.setConnectTimeout(TIMEOUT_MILLIS);
412 http.setReadTimeout(TIMEOUT_MILLIS);
419 } catch (SocketTimeoutException e) {
422 throw new ServerException("getSlots failed", ServerException.TypeConnectTimeout);
423 } catch (ServerException e) {
427 } catch (Exception e) {
428 // e.printStackTrace();
429 throw new Error("getSlots failed");
435 InputStream is = http.getInputStream();
436 DataInputStream dis = new DataInputStream(is);
437 byte[] resptype = new byte[7];
439 dis.readFully(resptype);
442 if (!Arrays.equals(resptype, "getslot".getBytes()))
443 throw new Error("Bad Response: " + new String(resptype));
445 return processSlots(dis);
446 } catch (SocketTimeoutException e) {
449 throw new ServerException("getSlots failed", ServerException.TypeInputTimeout);
450 } catch (Exception e) {
451 // e.printStackTrace();
452 throw new Error("getSlots failed");
457 * Method that actually handles building Slot objects from the
458 * server response. Shared by both putSlot and getSlots.
460 private Slot[] processSlots(DataInputStream dis) throws Exception {
461 int numberofslots = dis.readInt();
462 int[] sizesofslots = new int[numberofslots];
464 Slot[] slots = new Slot[numberofslots];
465 for (int i = 0; i < numberofslots; i++)
466 sizesofslots[i] = dis.readInt();
468 for (int i = 0; i < numberofslots; i++) {
470 byte[] rawData = new byte[sizesofslots[i]];
471 dis.readFully(rawData);
474 // byte[] data = new byte[rawData.length - IV_SIZE];
475 // System.arraycopy(rawData, IV_SIZE, data, 0, data.length);
478 byte[] data = stripIVAndDecryptSlot(rawData);
480 // data = decryptCipher.doFinal(data);
482 slots[i] = Slot.decode(table, data, mac);
488 public byte[] sendLocalData(byte[] sendData, long localSequenceNumber, String host, int port) {
494 System.out.println("Passing Locally");
496 mac.update(sendData);
497 byte[] genmac = mac.doFinal();
498 byte[] totalData = new byte[sendData.length + genmac.length];
499 System.arraycopy(sendData, 0, totalData, 0, sendData.length);
500 System.arraycopy(genmac, 0, totalData, sendData.length, genmac.length);
502 // Encrypt the data for sending
503 // byte[] encryptedData = encryptCipher.doFinal(totalData);
504 // byte[] encryptedData = encryptCipher.doFinal(totalData);
505 byte[] iv = createIV(table.getMachineId(), table.getLocalSequenceNumber());
506 byte[] encryptedData = encryptSlotAndPrependIV(totalData, iv);
508 // Open a TCP socket connection to a local device
509 Socket socket = new Socket(host, port);
510 socket.setReuseAddress(true);
511 DataOutputStream output = new DataOutputStream(socket.getOutputStream());
512 DataInputStream input = new DataInputStream(socket.getInputStream());
516 // Send data to output (length of data, the data)
517 output.writeInt(encryptedData.length);
518 output.write(encryptedData, 0, encryptedData.length);
521 int lengthOfReturnData = input.readInt();
522 byte[] returnData = new byte[lengthOfReturnData];
523 input.readFully(returnData);
527 // returnData = decryptCipher.doFinal(returnData);
528 returnData = stripIVAndDecryptSlot(returnData);
529 // returnData = decryptCipher.doFinal(returnData);
531 // We are done with this socket
534 mac.update(returnData, 0, returnData.length - HMAC_SIZE);
535 byte[] realmac = mac.doFinal();
536 byte[] recmac = new byte[HMAC_SIZE];
537 System.arraycopy(returnData, returnData.length - realmac.length, recmac, 0, realmac.length);
539 if (!Arrays.equals(recmac, realmac))
540 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
542 byte[] returnData2 = new byte[lengthOfReturnData - recmac.length];
543 System.arraycopy(returnData, 0, returnData2, 0, returnData2.length);
546 } catch (Exception e) {
548 // throw new Error("Local comms failure...");
555 private void localServerWorkerFunction() {
557 ServerSocket inputSocket = null;
560 // Local server socket
561 inputSocket = new ServerSocket(listeningPort);
562 inputSocket.setReuseAddress(true);
563 inputSocket.setSoTimeout(TIMEOUT_MILLIS);
564 } catch (Exception e) {
566 throw new Error("Local server setup failure...");
572 // Accept incoming socket
573 Socket socket = inputSocket.accept();
575 DataInputStream input = new DataInputStream(socket.getInputStream());
576 DataOutputStream output = new DataOutputStream(socket.getOutputStream());
578 // Get the encrypted data from the server
579 int dataSize = input.readInt();
580 byte[] readData = new byte[dataSize];
581 input.readFully(readData);
586 // readData = decryptCipher.doFinal(readData);
587 readData = stripIVAndDecryptSlot(readData);
589 mac.update(readData, 0, readData.length - HMAC_SIZE);
590 byte[] genmac = mac.doFinal();
591 byte[] recmac = new byte[HMAC_SIZE];
592 System.arraycopy(readData, readData.length - recmac.length, recmac, 0, recmac.length);
594 if (!Arrays.equals(recmac, genmac))
595 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
597 byte[] returnData = new byte[readData.length - recmac.length];
598 System.arraycopy(readData, 0, returnData, 0, returnData.length);
601 // byte[] sendData = table.acceptDataFromLocal(readData);
602 byte[] sendData = table.acceptDataFromLocal(returnData);
605 mac.update(sendData);
606 byte[] realmac = mac.doFinal();
607 byte[] totalData = new byte[sendData.length + realmac.length];
608 System.arraycopy(sendData, 0, totalData, 0, sendData.length);
609 System.arraycopy(realmac, 0, totalData, sendData.length, realmac.length);
611 // Encrypt the data for sending
612 // byte[] encryptedData = encryptCipher.doFinal(totalData);
613 byte[] iv = createIV(table.getMachineId(), table.getLocalSequenceNumber());
614 byte[] encryptedData = encryptSlotAndPrependIV(totalData, iv);
618 // Send data to output (length of data, the data)
619 output.writeInt(encryptedData.length);
620 output.write(encryptedData, 0, encryptedData.length);
625 } catch (Exception e) {
630 if (inputSocket != null) {
633 } catch (Exception e) {
635 throw new Error("Local server close failure...");
640 public void close() {
643 if (localServerThread != null) {
645 localServerThread.join();
646 } catch (Exception e) {
648 throw new Error("Local Server thread join issue...");
652 // System.out.println("Done Closing Cloud Comm");
655 protected void finalize() throws Throwable {
657 close(); // close open files