2 #include "TimingSingleton.h"
3 #include "SecureRandom.h"
11 #include "ByteBuffer.h"
13 #include <sys/types.h>
14 #include <sys/socket.h>
15 #include <arpa/inet.h>
16 #include <netinet/tcp.h>
21 * Empty Constructor needed for child class.
23 CloudComm::CloudComm() :
33 timer(TimingSingleton_getInstance()),
34 getslot(new Array<char>("getslot", 7)),
35 putslot(new Array<char>("putslot", 7))
39 void *threadWrapper(void *cloud) {
40 CloudComm *c = (CloudComm *) cloud;
41 c->localServerWorkerFunction();
46 * Constructor for actual use. Takes in the url and password.
48 CloudComm::CloudComm(Table *_table, IoTString *_baseurl, IoTString *_password, int _listeningPort) :
53 random(new SecureRandom()),
56 listeningPort(_listeningPort),
58 timer(TimingSingleton_getInstance()),
59 getslot(new Array<char>("getslot", 7)),
60 putslot(new Array<char>("putslot", 7)) {
61 if (listeningPort > 0) {
62 pthread_create(&localServerThread, NULL, threadWrapper, this);
66 CloudComm::~CloudComm() {
73 * Generates Key from password.
75 AESKey *CloudComm::initKey() {
77 AESKey *key = new AESKey(password->internalBytes(),
82 } catch (Exception *e) {
83 throw new Error("Failed generating key.");
88 * Inits all the security stuff
91 void CloudComm::initSecurity() {
92 // try to get the salt and if one does not exist set one
102 * Inits the HMAC generator.
104 void CloudComm::initCrypt() {
105 if (password == NULL) {
110 password = NULL;// drop password
113 } catch (Exception *e) {
114 throw new Error("Failed To Initialize Ciphers");
119 * Builds the URL for the given request.
121 IoTString *CloudComm::buildRequest(bool isput, int64_t sequencenumber, int64_t maxentries) {
122 const char *reqstring = isput ? "req=putslot" : "req=getslot";
123 char *buffer = (char *) malloc(baseurl->length() + 200);
124 memcpy(buffer, baseurl->internalBytes(), baseurl->length());
125 int offset = baseurl->length();
126 offset += sprintf(&buffer[offset], "?%s&seq=%" PRId64, reqstring, sequencenumber);
128 sprintf(&buffer[offset], "&max=%" PRId64, maxentries);
129 IoTString *urlstr = new IoTString(buffer);
133 void loopWrite(int fd, char * array, int bytestowrite) {
134 int byteswritten = 0;
135 while (bytestowrite) {
136 int bytes = write(fd, & array[byteswritten], bytestowrite);
138 byteswritten += bytes;
139 bytestowrite -= bytes;
141 printf("Error in write\n");
147 void loopRead(int fd, char * array, int bytestoread) {
149 while (bytestoread) {
150 int bytes = read(fd, & array[bytesread], bytestoread);
153 bytestoread -= bytes;
155 printf("Error in read\n");
161 int openURL(IoTString *url) {
162 if (url->length() < 7 || memcmp(url->internalBytes()->internalArray(), "http://", 7)) {
163 printf("BOGUS URL\n");
167 for(; i < url->length(); i++)
168 if (url->get(i) == '/')
171 if ( i == url->length()) {
172 printf("ERROR in openURL\n");
176 char * host = (char *) malloc(i - 6);
177 memcpy(host, &url->internalBytes()->internalArray()[7], i-7);
179 printf("%s\n", host);
181 char * message = (char *)malloc(sizeof("POST HTTP/1.1\r\n") + sizeof("Host: \r\n") + 2*url->length());
183 /* fill in the parameters */
184 int post = sprintf(message,"POST ");
186 memcpy(&message[post], url->internalBytes()->internalArray(), url->length());
187 int endpost = sprintf(&message[post+url->length()], " HTTP/1.1\r\n");
189 int hostlen = sprintf(&message[endpost + post + url->length()], "Host: ");
190 memcpy(&message[endpost + post + url->length()+hostlen], url->internalBytes()->internalArray(), url->length());
191 sprintf(&message[endpost + post + 2*url->length()+hostlen], "\r\n");
193 /* create the socket */
194 int sockfd = socket(AF_INET, SOCK_STREAM, 0);
195 if (sockfd < 0) {printf("ERROR opening socket\n"); exit(-1);}
197 /* lookup the ip address */
198 struct hostent *server = gethostbyname(host);
201 if (server == NULL) {printf("ERROR, no such host"); exit(-1);}
203 /* fill in the structure */
204 struct sockaddr_in serv_addr;
206 memset(&serv_addr,0,sizeof(serv_addr));
207 serv_addr.sin_family = AF_INET;
208 serv_addr.sin_port = htons(80);
209 memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length);
211 /* connect the socket */
212 if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) {
213 printf("ERROR connecting");
217 /* send the request */
218 int total = strlen(message);
219 loopWrite(sockfd, message, total);
224 int createSocket(IoTString *name, int port) {
225 char * host = (char *) malloc(name->length()+1);
226 memcpy(host, name->internalBytes()->internalArray(), name->length());
227 host[name->length()] = 0;
228 printf("%s\n", host);
229 /* How big is the message? */
231 /* create the socket */
232 int sockfd = socket(AF_INET, SOCK_STREAM, 0);
233 if (sockfd < 0) {printf("ERROR opening socket\n"); exit(-1);}
235 /* lookup the ip address */
236 struct hostent *server = gethostbyname(host);
239 if (server == NULL) {printf("ERROR, no such host"); exit(-1);}
241 /* fill in the structure */
242 struct sockaddr_in serv_addr;
244 memset(&serv_addr,0,sizeof(serv_addr));
245 serv_addr.sin_family = AF_INET;
246 serv_addr.sin_port = htons(port);
247 memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length);
249 /* connect the socket */
250 if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) {
251 printf("ERROR connecting");
258 int createSocket(int port) {
260 struct sockaddr_in sin;
262 bzero(&sin, sizeof(sin));
263 sin.sin_family = AF_INET;
264 sin.sin_port = htons(port);
265 sin.sin_addr.s_addr = htonl(INADDR_ANY);
266 fd=socket(AF_INET, SOCK_STREAM, 0);
268 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&n, sizeof (n)) < 0) {
270 printf("Create Socket Error\n");
273 if (bind(fd, (struct sockaddr *) &sin, sizeof(sin))<0) {
277 if (listen(fd, 5)<0) {
284 int acceptSocket(int socket) {
285 struct sockaddr_in sin;
286 unsigned int sinlen=sizeof(sin);
287 int newfd = accept(socket, (struct sockaddr *)&sin, &sinlen);
289 setsockopt(newfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(flag));
291 printf("Accept Error\n");
297 void writeSocketData(int fd, Array<char> *data) {
298 loopWrite(fd, data->internalArray(), data->length());
301 void writeSocketInt(int fd, int32_t value) {
303 array[0] = value >> 24;
304 array[1] = (value >> 16) & 0xff;
305 array[2] = (value >> 8) & 0xff;
306 array[3] = (value >> 8) & 0xff;
307 loopWrite(fd, array, 4);
310 int readSocketInt(int fd) {
312 loopRead(fd, array, 4);
313 return (((int32_t) array[0]) << 24) |
314 (((int32_t) array[1]) << 16) |
315 (((int32_t) array[2]) << 8) |
316 ((int32_t) array[3]);
319 void readSocketData(int fd, Array<char> *data) {
320 loopRead(fd, data->internalArray(), data->length());
323 void writeURLDataAndClose(int fd, Array<char> *data) {
324 dprintf(fd, "Content-Length: %d\r\n\r\n", data->length());
325 loopWrite(fd, data->internalArray(), data->length());
328 void closeURLReq(int fd) {
332 void readURLData(int fd, Array<char> *output) {
333 loopRead(fd, output->internalArray(), output->length());
336 int readURLInt(int fd) {
338 loopRead(fd, array, 4);
339 return (((int32_t) array[0]) << 24) |
340 (((int32_t) array[1]) << 16) |
341 (((int32_t) array[2]) << 8) |
342 ((int32_t) array[3]);
345 int getResponseCode(int fd) {
350 int bytes = read(fd, &newchar, 1);
353 if (offset == (sizeof(response) - 1)) {
354 printf("Response too long");
357 response[offset++] = newchar;
361 response[offset] = 0;
362 int ver1 = 0, ver2 = 0, respcode = 0;
363 sscanf(response, "HTTP/%d.%d %d", &ver1, &ver2, &respcode);
364 printf("Response code %d\n", respcode);
368 void CloudComm::setSalt() {
370 // Salt already sent to server so don't set it again
376 Array<char> *saltTmp = new Array<char>(CloudComm_SALT_SIZE);
377 random->nextBytes(saltTmp);
379 char *buffer = (char *) malloc(baseurl->length() + 100);
380 memcpy(buffer, baseurl->internalBytes(), baseurl->length());
381 int offset = baseurl->length();
382 offset += sprintf(&buffer[offset], "?req=setsalt");
383 IoTString *urlstr = new IoTString(buffer);
387 fd = openURL(urlstr);
388 writeURLDataAndClose(fd, saltTmp);
390 int responsecode = getResponseCode(fd);
391 if (responsecode != HttpURLConnection_HTTP_OK) {
392 throw new Error("Invalid response");
397 } catch (Exception *e) {
399 throw new ServerException("Failed setting salt", ServerException_TypeConnectTimeout);
403 bool CloudComm::getSalt() {
405 IoTString *urlstr = NULL;
408 char *buffer = (char *) malloc(baseurl->length() + 100);
409 memcpy(buffer, baseurl->internalBytes(), baseurl->length());
410 int offset = baseurl->length();
411 offset += sprintf(&buffer[offset], "?req=getsalt");
412 urlstr = new IoTString(buffer);
414 } catch (Exception *e) {
415 throw new Error("getSlot failed");
419 fd = openURL(urlstr);
422 } catch (SocketTimeoutException *e) {
424 throw new ServerException("getSalt failed", ServerException_TypeConnectTimeout);
425 } catch (Exception *e) {
426 throw new Error("getSlot failed");
431 int responsecode = getResponseCode(fd);
432 if (responsecode != HttpURLConnection_HTTP_OK) {
433 throw new Error("Invalid response");
435 int salt_length = readURLInt(fd);
436 Array<char> *tmp = new Array<char>(salt_length);
437 readURLData(fd, tmp);
441 } catch (SocketTimeoutException *e) {
443 throw new ServerException("getSalt failed", ServerException_TypeInputTimeout);
444 } catch (Exception *e) {
445 throw new Error("getSlot failed");
449 Array<char> *CloudComm::createIV(int64_t machineId, int64_t localSequenceNumber) {
450 ByteBuffer *buffer = ByteBuffer_allocate(CloudComm_IV_SIZE);
451 buffer->putLong(machineId);
452 int64_t localSequenceNumberShifted = localSequenceNumber << 16;
453 buffer->putLong(localSequenceNumberShifted);
454 return buffer->array();
457 Array<char> *AESEncrypt(Array<char> *ivBytes, AESKey *key, Array<char> *data) {
458 Array<char> * output=new Array<char>(data->length());
459 aes_encrypt_ctr((BYTE *)data->internalArray(), data->length(), (BYTE *) output->internalArray(), (WORD *)key->getKey()->internalArray(), key->getKey()->length()/(sizeof(WORD)/sizeof(BYTE)), (BYTE *)ivBytes->internalArray());
463 Array<char> *AESDecrypt(Array<char> *ivBytes, AESKey *key, Array<char> *data) {
464 Array<char> * output=new Array<char>(data->length());
465 aes_decrypt_ctr((BYTE *)data->internalArray(), data->length(), (BYTE *)output->internalArray(), (WORD *)key->getKey()->internalArray(), key->getKey()->length()/(sizeof(WORD)/sizeof(BYTE)), (BYTE *)ivBytes->internalArray());
469 Array<char> *CloudComm::encryptSlotAndPrependIV(Array<char> *rawData, Array<char> *ivBytes) {
471 Array<char> *encryptedBytes = AESEncrypt(ivBytes, key, rawData);
472 Array<char> *chars = new Array<char>(encryptedBytes->length() + CloudComm_IV_SIZE);
473 System_arraycopy(ivBytes, 0, chars, 0, ivBytes->length());
474 System_arraycopy(encryptedBytes, 0, chars, CloudComm_IV_SIZE, encryptedBytes->length());
477 } catch (Exception *e) {
478 throw new Error("Failed To Encrypt");
482 Array<char> *CloudComm::stripIVAndDecryptSlot(Array<char> *rawData) {
484 Array<char> *ivBytes = new Array<char>(CloudComm_IV_SIZE);
485 Array<char> *encryptedBytes = new Array<char>(rawData->length() - CloudComm_IV_SIZE);
486 System_arraycopy(rawData, 0, ivBytes, 0, CloudComm_IV_SIZE);
487 System_arraycopy(rawData, CloudComm_IV_SIZE, encryptedBytes, 0, encryptedBytes->length());
488 return AESDecrypt(ivBytes, key, encryptedBytes);
489 } catch (Exception *e) {
490 throw new Error("Failed To Decrypt");
495 * API for putting a slot into the queue. Returns NULL on success.
496 * On failure, the server will send slots with newer sequence
499 Array<Slot *> *CloudComm::putSlot(Slot *slot, int max) {
504 throw new ServerException("putSlot failed", ServerException_TypeSalt);
509 int64_t sequencenumber = slot->getSequenceNumber();
510 Array<char> *slotBytes = slot->encode(mac);
511 Array<char> *chars = encryptSlotAndPrependIV(slotBytes, slot->getSlotCryptIV());
512 IoTString *url = buildRequest(true, sequencenumber, max);
515 writeURLDataAndClose(fd, chars);
517 } catch (ServerException *e) {
520 } catch (SocketTimeoutException *e) {
522 throw new ServerException("putSlot failed", ServerException_TypeConnectTimeout);
523 } catch (Exception *e) {
524 throw new Error("putSlot failed");
528 int respcode = getResponseCode(fd);
530 Array<char> *resptype = new Array<char>(7);
531 readURLData(fd, resptype);
534 if (resptype->equals(getslot)) {
535 return processSlots(fd);
536 } else if (resptype->equals(putslot)) {
539 throw new Error("Bad response to putslot");
540 } catch (SocketTimeoutException *e) {
542 throw new ServerException("putSlot failed", ServerException_TypeInputTimeout);
543 } catch (Exception *e) {
544 throw new Error("putSlot failed");
549 * Request the server to send all slots with the given
550 * sequencenumber or newer->
552 Array<Slot *> *CloudComm::getSlots(int64_t sequencenumber) {
557 throw new ServerException("getSlots failed", ServerException_TypeSalt);
562 IoTString *url = buildRequest(false, sequencenumber, 0);
567 } catch (SocketTimeoutException *e) {
569 throw new ServerException("getSlots failed", ServerException_TypeConnectTimeout);
570 } catch (ServerException *e) {
574 } catch (Exception *e) {
575 throw new Error("getSlots failed");
580 int responsecode = getResponseCode(fd);
581 Array<char> *resptype = new Array<char>(7);
582 readURLData(fd, resptype);
584 if (!resptype->equals(getslot))
585 throw new Error("Bad Response: ");
587 return processSlots(fd);
588 } catch (SocketTimeoutException *e) {
590 throw new ServerException("getSlots failed", ServerException_TypeInputTimeout);
591 } catch (Exception *e) {
592 throw new Error("getSlots failed");
597 * Method that actually handles building Slot objects from the
598 * server response. Shared by both putSlot and getSlots.
600 Array<Slot *> *CloudComm::processSlots(int fd) {
601 int numberofslots = readURLInt(fd);
602 Array<int> *sizesofslots = new Array<int>(numberofslots);
603 Array<Slot *> *slots = new Array<Slot *>(numberofslots);
605 for (int i = 0; i < numberofslots; i++)
606 sizesofslots->set(i, readURLInt(fd));
607 for (int i = 0; i < numberofslots; i++) {
608 Array<char> *rawData = new Array<char>(sizesofslots->get(i));
609 readURLData(fd, rawData);
610 Array<char> *data = stripIVAndDecryptSlot(rawData);
611 slots->set(i, Slot_decode(table, data, mac));
616 Array<char> *CloudComm::sendLocalData(Array<char> *sendData, int64_t localSequenceNumber, IoTString *host, int port) {
620 printf("Passing Locally\n");
621 mac->update(sendData, 0, sendData->length());
622 Array<char> *genmac = mac->doFinal();
623 Array<char> *totalData = new Array<char>(sendData->length() + genmac->length());
624 System_arraycopy(sendData, 0, totalData, 0, sendData->length());
625 System_arraycopy(genmac, 0, totalData, sendData->length(), genmac->length());
627 // Encrypt the data for sending
628 Array<char> *iv = createIV(table->getMachineId(), table->getLocalSequenceNumber());
629 Array<char> *encryptedData = encryptSlotAndPrependIV(totalData, iv);
631 // Open a TCP socket connection to a local device
632 int socket = createSocket(host, port);
635 // Send data to output (length of data, the data)
636 writeSocketInt(socket, encryptedData->length());
637 writeSocketData(socket, encryptedData);
639 int lengthOfReturnData = readSocketInt(socket);
640 Array<char> *returnData = new Array<char>(lengthOfReturnData);
641 readSocketData(socket, returnData);
643 returnData = stripIVAndDecryptSlot(returnData);
645 // We are done with this socket
647 mac->update(returnData, 0, returnData->length() - CloudComm_HMAC_SIZE);
648 Array<char> *realmac = mac->doFinal();
649 Array<char> *recmac = new Array<char>(CloudComm_HMAC_SIZE);
650 System_arraycopy(returnData, returnData->length() - realmac->length(), recmac, 0, realmac->length());
652 if (!recmac->equals(realmac))
653 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
655 Array<char> *returnData2 = new Array<char>(lengthOfReturnData - recmac->length());
656 System_arraycopy(returnData, 0, returnData2, 0, returnData2->length());
659 } catch (Exception *e) {
660 printf("Exception\n");
666 void CloudComm::localServerWorkerFunction() {
667 int inputSocket = -1;
670 // Local server socket
671 inputSocket = createSocket(listeningPort);
672 } catch (Exception *e) {
673 throw new Error("Local server setup failure...");
678 // Accept incoming socket
679 int socket = acceptSocket(inputSocket);
681 // Get the encrypted data from the server
682 int dataSize = readSocketInt(socket);
683 Array<char> *readData = new Array<char>(dataSize);
684 readSocketData(socket, readData);
688 readData = stripIVAndDecryptSlot(readData);
689 mac->update(readData, 0, readData->length() - CloudComm_HMAC_SIZE);
690 Array<char> *genmac = mac->doFinal();
691 Array<char> *recmac = new Array<char>(CloudComm_HMAC_SIZE);
692 System_arraycopy(readData, readData->length() - recmac->length(), recmac, 0, recmac->length());
694 if (!recmac->equals(genmac))
695 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
697 Array<char> *returnData = new Array<char>(readData->length() - recmac->length());
698 System_arraycopy(readData, 0, returnData, 0, returnData->length());
701 Array<char> *sendData = table->acceptDataFromLocal(returnData);
702 mac->update(sendData, 0, sendData->length());
703 Array<char> *realmac = mac->doFinal();
704 Array<char> *totalData = new Array<char>(sendData->length() + realmac->length());
705 System_arraycopy(sendData, 0, totalData, 0, sendData->length());
706 System_arraycopy(realmac, 0, totalData, sendData->length(), realmac->length());
708 // Encrypt the data for sending
709 Array<char> *iv = createIV(table->getMachineId(), table->getLocalSequenceNumber());
710 Array<char> *encryptedData = encryptSlotAndPrependIV(totalData, iv);
713 // Send data to output (length of data, the data)
714 writeSocketInt(socket, encryptedData->length());
715 writeSocketData(socket, encryptedData);
717 } catch (Exception *e) {
721 if (inputSocket != -1) {
724 } catch (Exception *e) {
725 throw new Error("Local server close failure...");
730 void CloudComm::closeCloud() {
733 if (listeningPort > 0) {
734 if (pthread_join(localServerThread, NULL) != 0)
735 throw new Error("Local Server thread join issue...");