import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.SecureRandom;
+import java.nio.ByteBuffer;
+
+
+import java.util.*;
/**
* This class provides a communication API to the webserver. It also
class CloudComm {
private static final int SALT_SIZE = 8;
- private static final int TIMEOUT_MILLIS = 100;
+ private static final int TIMEOUT_MILLIS = 5000; // 100
+ public static final int IV_SIZE = 16;
+
+ /** Sets the size for the HMAC. */
+ static final int HMAC_SIZE = 32;
private String baseurl;
- private Cipher encryptCipher;
- private Cipher decryptCipher;
+ private SecretKeySpec key;
private Mac mac;
private String password;
private SecureRandom random;
private Thread localServerThread = null;
private boolean doEnd = false;
+ private TimingSingleton timer = null;
+
/**
* Empty Constructor needed for child class.
*/
CloudComm() {
+ timer = TimingSingleton.getInstance();
}
/**
* Constructor for actual use. Takes in the url and password.
*/
CloudComm(Table _table, String _baseurl, String _password, int _listeningPort) {
+ timer = TimingSingleton.getInstance();
this.table = _table;
this.baseurl = _baseurl;
this.password = _password;
}
try {
- SecretKeySpec key = initKey();
+ key = initKey();
password = null; // drop password
mac = Mac.getInstance("HmacSHA256");
mac.init(key);
- encryptCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- encryptCipher.init(Cipher.ENCRYPT_MODE, key);
- decryptCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- decryptCipher.init(Cipher.DECRYPT_MODE, key);
} catch (Exception e) {
e.printStackTrace();
throw new Error("Failed To Initialize Ciphers");
byte[] saltTmp = new byte[SALT_SIZE];
random.nextBytes(saltTmp);
+ for (int i = 0; i < SALT_SIZE; i++) {
+ System.out.println((int)saltTmp[i] & 255);
+ }
+
+
URL url = new URL(baseurl + "?req=setsalt");
+
+ timer.startTime();
URLConnection con = url.openConnection();
HttpURLConnection http = (HttpURLConnection) con;
http.setFixedLengthStreamingMode(saltTmp.length);
http.setDoOutput(true);
http.setConnectTimeout(TIMEOUT_MILLIS);
+
+
http.connect();
OutputStream os = http.getOutputStream();
throw new Error("Invalid response");
}
+ timer.endTime();
+
salt = saltTmp;
} catch (Exception e) {
// e.printStackTrace();
+ timer.endTime();
throw new ServerException("Failed setting salt", ServerException.TypeConnectTimeout);
}
}
}
try {
+ timer.startTime();
con = url.openConnection();
http = (HttpURLConnection) con;
http.setRequestMethod("POST");
http.setConnectTimeout(TIMEOUT_MILLIS);
http.setReadTimeout(TIMEOUT_MILLIS);
+
+
http.connect();
+ timer.endTime();
} catch (SocketTimeoutException e) {
+ timer.endTime();
throw new ServerException("getSalt failed", ServerException.TypeConnectTimeout);
} catch (Exception e) {
// e.printStackTrace();
try {
+ timer.startTime();
+
int responsecode = http.getResponseCode();
if (responsecode != HttpURLConnection.HTTP_OK) {
// TODO: Remove this print
byte [] tmp = new byte[salt_length];
dis.readFully(tmp);
salt = tmp;
+ timer.endTime();
+
return true;
} else {
+ timer.endTime();
+
return false;
}
} catch (SocketTimeoutException e) {
+ timer.endTime();
+
throw new ServerException("getSalt failed", ServerException.TypeInputTimeout);
} catch (Exception e) {
// e.printStackTrace();
}
}
+ private byte[] createIV(long machineId, long localSequenceNumber) {
+ ByteBuffer buffer = ByteBuffer.allocate(IV_SIZE);
+ buffer.putLong(machineId);
+ long localSequenceNumberShifted = localSequenceNumber << 16;
+ buffer.putLong(localSequenceNumberShifted);
+ return buffer.array();
+
+ }
+
+ private byte[] encryptSlotAndPrependIV(byte[] rawData, byte[] ivBytes) {
+ try {
+ IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
+ Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
+ cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+
+ byte[] encryptedBytes = cipher.doFinal(rawData);
+
+ byte[] bytes = new byte[encryptedBytes.length + IV_SIZE];
+ System.arraycopy(ivBytes, 0, bytes, 0, ivBytes.length);
+ System.arraycopy(encryptedBytes, 0, bytes, IV_SIZE, encryptedBytes.length);
+
+ return bytes;
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new Error("Failed To Encrypt");
+ }
+ }
+
+
+ private byte[] stripIVAndDecryptSlot(byte[] rawData) {
+ try {
+ byte[] ivBytes = new byte[IV_SIZE];
+ byte[] encryptedBytes = new byte[rawData.length - IV_SIZE];
+ System.arraycopy(rawData, 0, ivBytes, 0, IV_SIZE);
+ System.arraycopy(rawData, IV_SIZE, encryptedBytes, 0 , encryptedBytes.length);
+
+ IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
+
+ Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
+ cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
+ return cipher.doFinal(encryptedBytes);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new Error("Failed To Decrypt");
+ }
+ }
+
+
/*
* API for putting a slot into the queue. Returns null on success.
* On failure, the server will send slots with newer sequence
}
long sequencenumber = slot.getSequenceNumber();
- byte[] bytes = slot.encode(mac);
- bytes = encryptCipher.doFinal(bytes);
+ byte[] slotBytes = slot.encode(mac);
+ // slotBytes = encryptCipher.doFinal(slotBytes);
+
+ // byte[] iVBytes = slot.getSlotCryptIV();
+
+ // byte[] bytes = new byte[slotBytes.length + IV_SIZE];
+ // System.arraycopy(iVBytes, 0, bytes, 0, iVBytes.length);
+ // System.arraycopy(slotBytes, 0, bytes, IV_SIZE, slotBytes.length);
+
+
+ byte[] bytes = encryptSlotAndPrependIV(slotBytes, slot.getSlotCryptIV());
url = buildRequest(true, sequencenumber, max);
+
+ timer.startTime();
con = url.openConnection();
http = (HttpURLConnection) con;
os.write(bytes);
os.flush();
+ timer.endTime();
+
+
// System.out.println("Bytes Sent: " + bytes.length);
} catch (ServerException e) {
+ timer.endTime();
+
throw e;
} catch (SocketTimeoutException e) {
+ timer.endTime();
+
throw new ServerException("putSlot failed", ServerException.TypeConnectTimeout);
} catch (Exception e) {
// e.printStackTrace();
try {
+ timer.startTime();
InputStream is = http.getInputStream();
DataInputStream dis = new DataInputStream(is);
byte[] resptype = new byte[7];
dis.readFully(resptype);
+ timer.endTime();
- if (Arrays.equals(resptype, "getslot".getBytes()))
+ if (Arrays.equals(resptype, "getslot".getBytes())) {
return processSlots(dis);
- else if (Arrays.equals(resptype, "putslot".getBytes()))
+ } else if (Arrays.equals(resptype, "putslot".getBytes())) {
return null;
- else
+ } else
throw new Error("Bad response to putslot");
} catch (SocketTimeoutException e) {
+ timer.endTime();
throw new ServerException("putSlot failed", ServerException.TypeInputTimeout);
} catch (Exception e) {
// e.printStackTrace();
}
url = buildRequest(false, sequencenumber, 0);
+ timer.startTime();
con = url.openConnection();
http = (HttpURLConnection) con;
http.setRequestMethod("POST");
http.setConnectTimeout(TIMEOUT_MILLIS);
http.setReadTimeout(TIMEOUT_MILLIS);
+
+
+
http.connect();
+ timer.endTime();
+
} catch (SocketTimeoutException e) {
+ timer.endTime();
+
throw new ServerException("getSlots failed", ServerException.TypeConnectTimeout);
} catch (ServerException e) {
+ timer.endTime();
+
throw e;
} catch (Exception e) {
// e.printStackTrace();
}
try {
+
+ timer.startTime();
InputStream is = http.getInputStream();
DataInputStream dis = new DataInputStream(is);
byte[] resptype = new byte[7];
+
dis.readFully(resptype);
+ timer.endTime();
+
if (!Arrays.equals(resptype, "getslot".getBytes()))
throw new Error("Bad Response: " + new String(resptype));
- else
- return processSlots(dis);
+
+ return processSlots(dis);
} catch (SocketTimeoutException e) {
+ timer.endTime();
+
throw new ServerException("getSlots failed", ServerException.TypeInputTimeout);
} catch (Exception e) {
// e.printStackTrace();
for (int i = 0; i < numberofslots; i++) {
- byte[] data = new byte[sizesofslots[i]];
- dis.readFully(data);
+ byte[] rawData = new byte[sizesofslots[i]];
+ dis.readFully(rawData);
+
+
+ // byte[] data = new byte[rawData.length - IV_SIZE];
+ // System.arraycopy(rawData, IV_SIZE, data, 0, data.length);
+
+
+ byte[] data = stripIVAndDecryptSlot(rawData);
- data = decryptCipher.doFinal(data);
+ // data = decryptCipher.doFinal(data);
slots[i] = Slot.decode(table, data, mac);
}
return slots;
}
- public byte[] sendLocalData(byte[] sendData, String host, int port) {
+ public byte[] sendLocalData(byte[] sendData, long localSequenceNumber, String host, int port) {
if (salt == null) {
return null;
}
try {
+ System.out.println("Passing Locally");
+
+ mac.update(sendData);
+ byte[] genmac = mac.doFinal();
+ byte[] totalData = new byte[sendData.length + genmac.length];
+ System.arraycopy(sendData, 0, totalData, 0, sendData.length);
+ System.arraycopy(genmac, 0, totalData, sendData.length, genmac.length);
+
// Encrypt the data for sending
- byte[] encryptedData = encryptCipher.doFinal(sendData);
+ // byte[] encryptedData = encryptCipher.doFinal(totalData);
+ // byte[] encryptedData = encryptCipher.doFinal(totalData);
+ byte[] iv = createIV(table.getMachineId(), table.getLocalSequenceNumber());
+ byte[] encryptedData = encryptSlotAndPrependIV(totalData, iv);
// Open a TCP socket connection to a local device
Socket socket = new Socket(host, port);
DataOutputStream output = new DataOutputStream(socket.getOutputStream());
DataInputStream input = new DataInputStream(socket.getInputStream());
+
+ timer.startTime();
// Send data to output (length of data, the data)
output.writeInt(encryptedData.length);
output.write(encryptedData, 0, encryptedData.length);
int lengthOfReturnData = input.readInt();
byte[] returnData = new byte[lengthOfReturnData];
input.readFully(returnData);
- returnData = decryptCipher.doFinal(returnData);
- // We are dont with this socket
- socket.close();
+ timer.endTime();
- return returnData;
- } catch (SocketTimeoutException e) {
+ // returnData = decryptCipher.doFinal(returnData);
+ returnData = stripIVAndDecryptSlot(returnData);
+ // returnData = decryptCipher.doFinal(returnData);
- } catch (BadPaddingException e) {
+ // We are done with this socket
+ socket.close();
- } catch (IllegalBlockSizeException e) {
+ mac.update(returnData, 0, returnData.length - HMAC_SIZE);
+ byte[] realmac = mac.doFinal();
+ byte[] recmac = new byte[HMAC_SIZE];
+ System.arraycopy(returnData, returnData.length - realmac.length, recmac, 0, realmac.length);
- } catch (UnknownHostException e) {
+ if (!Arrays.equals(recmac, realmac))
+ throw new Error("Local Error: Invalid HMAC! Potential Attack!");
- } catch (IOException e) {
+ byte[] returnData2 = new byte[lengthOfReturnData - recmac.length];
+ System.arraycopy(returnData, 0, returnData2, 0, returnData2.length);
+
+ return returnData2;
+ } catch (Exception e) {
+ e.printStackTrace();
+ // throw new Error("Local comms failure...");
}
byte[] readData = new byte[dataSize];
input.readFully(readData);
+ timer.endTime();
+
// Decrypt the data
- readData = decryptCipher.doFinal(readData);
+ // readData = decryptCipher.doFinal(readData);
+ readData = stripIVAndDecryptSlot(readData);
+
+ mac.update(readData, 0, readData.length - HMAC_SIZE);
+ byte[] genmac = mac.doFinal();
+ byte[] recmac = new byte[HMAC_SIZE];
+ System.arraycopy(readData, readData.length - recmac.length, recmac, 0, recmac.length);
+
+ if (!Arrays.equals(recmac, genmac))
+ throw new Error("Local Error: Invalid HMAC! Potential Attack!");
+
+ byte[] returnData = new byte[readData.length - recmac.length];
+ System.arraycopy(readData, 0, returnData, 0, returnData.length);
// Process the data
- byte[] sendData = table.acceptDataFromLocal(readData);
+ // byte[] sendData = table.acceptDataFromLocal(readData);
+ byte[] sendData = table.acceptDataFromLocal(returnData);
+
+
+ mac.update(sendData);
+ byte[] realmac = mac.doFinal();
+ byte[] totalData = new byte[sendData.length + realmac.length];
+ System.arraycopy(sendData, 0, totalData, 0, sendData.length);
+ System.arraycopy(realmac, 0, totalData, sendData.length, realmac.length);
// Encrypt the data for sending
- sendData = encryptCipher.doFinal(sendData);
+ // byte[] encryptedData = encryptCipher.doFinal(totalData);
+ byte[] iv = createIV(table.getMachineId(), table.getLocalSequenceNumber());
+ byte[] encryptedData = encryptSlotAndPrependIV(totalData, iv);
+
+ timer.startTime();
// Send data to output (length of data, the data)
- output.writeInt(sendData.length);
- output.write(sendData, 0, sendData.length);
+ output.writeInt(encryptedData.length);
+ output.write(encryptedData, 0, encryptedData.length);
output.flush();
// close the socket
socket.close();
- } catch (SocketTimeoutException e) {
-
- } catch (BadPaddingException e) {
-
- } catch (IllegalBlockSizeException e) {
-
- } catch (UnknownHostException e) {
-
- } catch (IOException e) {
+ } catch (Exception e) {
}
}
super.finalize();
}
}
-
}