diff --git a/Client/Program.cs b/Client/Program.cs index 23a7622..3012cd1 100644 --- a/Client/Program.cs +++ b/Client/Program.cs @@ -1,6 +1,8 @@ using System; using System.Net; using System.Text; +using System.Threading; +using System.Threading.Tasks; using Tofvesson.Crypto; namespace Client @@ -9,66 +11,162 @@ namespace Client { static void Main(string[] args) { + Console.Write("Enter your personal password: "); + string key = ReadLineHidden(); + + Console.WriteLine("Generating authentication code..."); + + // Generate a password-based Message Authentication Code (with salt to prevent rainbowtables) to verify the user identity against the server + // This string will be used as our database key: a (pseudo-)unique identifier which, for all intents and purposes, can be as public as we like since it doesn't do an attacker any good to know it + string auth = Support.ToHexString(KDF.PBKDF2(KDF.HMAC_SHA1, key.ToUTF8Bytes(), "NoRainbow".ToUTF8Bytes(), 8192, 128)); + + // Create private encryption/decryption algorithm for processing private (encrypted) data stored on server + Rijndael128 privCrypt = new Rijndael128(key); RandomProvider provider = new CryptoRandomProvider(); - Rijndael128 symcrypt = new Rijndael128("Eyy"); - - Console.WriteLine(symcrypt.DecryptString(symcrypt.EncryptString("test"), 4)); - - GenericCBC cbc = new CFB(symcrypt, provider); - Console.WriteLine(cbc.Decrypt(cbc.Encrypt("Hello".ToUTF8Bytes())).SubArray(0, 5).ToUTF8String()); - - byte[] testMSG = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }; - string cryptres = symcrypt.DecryptString(symcrypt.EncryptString("Hello!"), 6); - - byte[] test = KDF.PBKDF2(KDF.HMAC_SHA1, Encoding.UTF8.GetBytes("Hello there!"), new byte[] { 1, 2, 3, 4 }, 4096, 128); - Console.WriteLine(Support.ToHexString(test)); - Galois2 gal = Galois2.FromValue(33); - Console.WriteLine(gal.ToString()); - Console.WriteLine(gal.InvMul().Multiply(gal).ToString()); bool connected = false; - - AES symCrypto = LoadAES(); - if (symCrypto == null) + bool load = false; + // AES key used for communication is randomly chosen by generating anywhere between 1 and 511 random bytes as the password for PBKDF2-HMAC-SHA1 + NetClient client = new NetClient(new Rijndael128(provider.GetBytes(provider.NextInt(511)+1).ToUTF8String()), ParseIP(), ParsePort(), (string message, out bool keepAlive) => { - Console.Write("Enter AES password: "); - symCrypto = new AES(Console.ReadLine()); - Console.Write("Would you like to save the generated AES keys? (y/N): "); - if (Console.In.ReadYNBool("y")) + if (message.StartsWith("M-")) { - Console.Write("Enter the base file name to be used: "); - try + // Handle a blank response + if (message.Length == 2) Console.WriteLine("No messages exist with your password"); + else { - symCrypto.Save(Console.ReadLine(), true); - } - catch (Exception) { Console.WriteLine("An error ocurred while attempting to save keys!"); } - } - } + string[] msgs = null; + try + { + msgs = Support.DeserializeString(message.Substring(2)); + } + catch (Exception) { Console.WriteLine("The server seems to have sent an incorrect message. The stored messages could not be read!"); } - NetClient client = new NetClient(symCrypto, ParseIP(), ParsePort(), (string message, out bool keepAlive) => - { - Console.Write("Got message: "+message+"\nResponse (blank to exit): "); - string response = Console.ReadLine(); - keepAlive = response.Length!=0; - return keepAlive?response:null; + foreach(var cmsg in msgs) + try + { + // Decrypt each message with the supplied decryptor + byte[] messages_pad = privCrypt.Decrypt(Convert.FromBase64String(cmsg)); + int len = Support.ReadInt(messages_pad, 0); + string messages = messages_pad.SubArray(4, len + 4).ToUTF8String(); + Console.WriteLine(messages); + } + catch (Exception) { /* Ignore corrupt message (maybe do something else here?) */ } + + + Console.WriteLine("\nPress any key to continue..."); + Console.ReadKey(); + Console.Clear(); + } + load = false; + } + + // Tell the client object to keep the connection alive + keepAlive = true; + + // Don't respond + return null; }, cli => { Console.WriteLine("Connected to server!"); connected = true; }); - client.Connect(); - Console.WriteLine("Connecting..."); - while (!connected) System.Threading.Thread.Sleep(125); + // Server-connection-attempt loop (mostly just UI/UX stuff) + do + { + try + { + Console.WriteLine("Connecting to server..."); + client.Connect(); // <----- Only important line in this entire loop + break; + } + catch (Exception) + { + Console.Write("The server rejected the connection (probably because the server isn't running). Try again? (Y/n): "); + if (Console.In.ReadYNBool("n")) + { + Console.WriteLine("OK. Exiting..."); + Thread.Sleep(2500); + Environment.Exit(0); + } + Console.Clear(); + } + } while (true); - Console.Write("Message to send to server: "); - string s = Console.ReadLine(); - if (s.Length == 0) s += '\0'; - client.Send(s); + while (!connected) Thread.Sleep(125); - while (client.IsAlive) System.Threading.Thread.Sleep(250); + Console.WriteLine(); + + bool alive = true; + while(alive) + // Show selection menu + switch (DoSelect()) + { + case 1: + { + // Get and send a message to the server + Console.Clear(); + Console.Write("Message to send to server: "); + string message = Console.ReadLine(); + if (message.Length == 0) message = "\0"; // Blank messages are parsed as a null byte + + // Encrypt the message with our personal AES object (which hopefully only we know) + byte[] toSend = privCrypt.Encrypt(NetSupport.WithHeader(message.ToUTF8Bytes())); + + // Send to the server + if (!client.TrySend("S-"+auth+"-"+Convert.ToBase64String(toSend))) Console.WriteLine("Unfortunately, an error ocurred when attempting to send your message to the server :("); + break; + } + + case 2: + { + // Send a request to the server for a list of all messages associated with the hex key we generated in the beginning + Console.Clear(); + Console.WriteLine("Loading messages..."); + + // Send the "Load" command along with our db key + if (!client.TrySend("L-" + auth)) Console.WriteLine("Unfortunately, an error ocurred when attempting to send your message to the server :("); + load = true; + while (load) Thread.Sleep(125); + break; + } + case 3: + Console.WriteLine("Exiting..."); + + // Await client disconnection + try { client.Disconnect(); } + catch (Exception) { } + + // Stop program + Environment.Exit(0); + break; + } + + while (client.IsAlive) Thread.Sleep(250); } + /// + /// Show action selection menu + /// + /// The selection + static int DoSelect() + { + int read = -1; + Console.WriteLine("What would you like to do?\n1: Store a message on the server\n2: Show all messages\n3: Exit"); + do + { + Console.Write("Selection: "); + int.TryParse(Console.ReadLine(), out read); + } while (read < 1 && read < 4); + return read; + + } + + /// + /// Read an ip from the standard input stream + /// + /// A parsed IP public static IPAddress ParseIP() { IPAddress addr = IPAddress.None; @@ -79,6 +177,10 @@ namespace Client return addr; } + /// + /// Read a port number from the standard input stream + /// + /// Internet protocol port number public static short ParsePort() { short s; @@ -89,27 +191,44 @@ namespace Client return s; } - - - static AES LoadAES() + /// + /// Read a single keystroke from the keyboard and cover it up so that shoulder-surfers don't collect sensitive information + /// + /// Backspace tracking + /// The typed character + static char ReadKeyHidden(ref int backMax) { - AES sym = null; - Console.Write("Would you like to load AES keys from files? (y/N): "); - while (Console.In.ReadYNBool("y")) + char c = Console.ReadKey().KeyChar; + if (c != '\b') { - try + if (c != '\n' && c!='\r') { - Console.Write("Enter base file name: "); - sym = AES.Load(Console.ReadLine()); - Console.WriteLine("Sucessfully loaded keys!"); - break; - } - catch (Exception) - { - Console.Write("One or more of the required key files could not be located. Would you like to retry? (y/N): "); + ++backMax; + Console.CursorLeft -= 1; + Console.Write('*'); } } - return sym; + else if (backMax > 0) + { + --backMax; + Console.Write(' '); + Console.CursorLeft -= 1; + } + else Console.CursorLeft += 1; + return c; + } + + // Same as above but for a whole line :) + static string ReadLineHidden() + { + StringBuilder builder = new StringBuilder(); + char read; + int backMax = 0; + while ((read = ReadKeyHidden(ref backMax)) != '\r') + if (read == '\b' && builder.Length > 0) builder.Remove(builder.Length - 1, 1); + else if(read!='\b') builder.Append(read); + Console.Clear(); + return builder.ToString(); } } } diff --git a/Common/AES.cs b/Common/AES.cs index 3d55581..9f91aaf 100644 --- a/Common/AES.cs +++ b/Common/AES.cs @@ -1,135 +1,10 @@ using System; using System.Collections.Generic; using System.IO; -using System.Security.Cryptography; using System.Text; namespace Tofvesson.Crypto { - public sealed class AES - { - public static readonly byte[] DEFAULT_SALT = new byte[] { 3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5 }; - public static readonly Encoding DEFAULT_ENCODING = Encoding.UTF8; - public static readonly CryptoPadding DEFAULT_PADDING = new PassthroughPadding(); - private const int BUFFER_SIZE = 2048; - - public byte[] Key { get; private set; } - public byte[] IV { get; private set; } - - public AES() { - using (RijndaelManaged r = new RijndaelManaged()) { - r.GenerateKey(); - r.GenerateIV(); - Key = r.Key; - IV = r.IV; - } - if (Key.Length == 0 || IV.Length == 0) throw new SystemException("Invalid parameter length!"); - } - - public AES(byte[] seed, byte[] salt) - { - var keyGenerator = new Rfc2898DeriveBytes(seed, salt, 300); - using (RijndaelManaged r = new RijndaelManaged()) - { - r.GenerateIV(); - Key = keyGenerator.GetBytes(32); - IV = r.IV; - } - if (Key.Length == 0 || IV.Length == 0) throw new SystemException("Invalid parameter length!"); - } - public static AES Load(byte[] key, byte[] iv) => new AES(key, iv, false); - public AES(byte[] seed) : this(seed, DEFAULT_SALT) { } - public AES(string password, Encoding e) : this(e.GetBytes(password)) { } - public AES(string password) : this(DEFAULT_ENCODING.GetBytes(password), DEFAULT_SALT) { } - private AES(byte[] k, byte[] i, bool b) - { - Key = k; - IV = i; - if (Key.Length == 0 || IV.Length == 0) throw new SystemException("Invalid parameter length!"); - } - - - public byte[] Encrypt(string message) => Encrypt(message, DEFAULT_ENCODING, DEFAULT_PADDING); - public byte[] Encrypt(string message, Encoding e, CryptoPadding padding) => Encrypt(e.GetBytes(message), padding); - public byte[] Encrypt(byte[] data, CryptoPadding padding) - { - data = padding.Pad(data); - if (data.Length == 0) throw new SystemException("Invalid message length"); - byte[] result; - using (RijndaelManaged rijAlg = new RijndaelManaged()) - { - rijAlg.Key = Key; - rijAlg.IV = IV; - - using (MemoryStream msEncrypt = new MemoryStream()) - { - using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV), CryptoStreamMode.Write)) - { - using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) - { - swEncrypt.Write(DEFAULT_ENCODING.GetChars(data)); - } - result = msEncrypt.ToArray(); - } - } - } - return result; - } - - public string DecryptString(byte[] data) => DecryptString(data, DEFAULT_ENCODING, DEFAULT_PADDING); - public string DecryptString(byte[] data, Encoding e, CryptoPadding padding) => new string(e.GetChars(Decrypt(data, padding))); - public byte[] Decrypt(byte[] data, CryptoPadding padding) - { - if (data.Length == 0) throw new SystemException("Invalid message length"); - List read = new List(); - using (RijndaelManaged rijAlg = new RijndaelManaged()) - { - rijAlg.Key = Key; - rijAlg.IV = IV; - using (MemoryStream msDecrypt = new MemoryStream(data)) - { - using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, rijAlg.CreateDecryptor(Key, IV), CryptoStreamMode.Read)) - { - byte[] buf = new byte[BUFFER_SIZE]; - int test; - int count; - do - { - count = csDecrypt.Read(buf, 0, buf.Length); - if (count == 0) - { - if ((test = csDecrypt.ReadByte()) == -1) break; - read.Add((byte)test); - } - else for (int i = 0; i < count; ++i) read.Add(buf[i]); - } while (true); - } - } - } - return padding.Unpad(read.ToArray()); - } - - public void Save(string baseName, bool force = false) - { - if (force || !File.Exists(baseName + ".key")) File.WriteAllBytes(baseName + ".key", Key); - if (force || !File.Exists(baseName + ".iv")) File.WriteAllBytes(baseName + ".iv", IV); - } - - public byte[] Serialize() => Support.SerializeBytes(new byte[][] { Key, IV }); - public static AES Deserialize(byte[] message, out int read) - { - byte[][] output = Support.DeserializeBytes(message, 2); - read = output[0].Length + output[1].Length + 8; - return new AES(output[0], output[1], false); - } - - public static AES Load(string baseName) - { - if (!File.Exists(baseName + ".iv") || !File.Exists(baseName + ".key")) throw new SystemException("Required files could not be located"); - return new AES(File.ReadAllBytes(baseName + ".key"), File.ReadAllBytes(baseName + ".iv"), false); - } - } - public class Rijndael128 : BlockCipher { protected readonly byte[] roundKeys; @@ -138,7 +13,7 @@ namespace Tofvesson.Crypto public Rijndael128(string key) : base(16) { // Derive a proper key - var t = DeriveKey(key); + var t = DeriveKey(key, "PlsNoRainbowz"); this.key = t.Item1; // Expand the derived key @@ -153,9 +28,11 @@ namespace Tofvesson.Crypto } + // Encrypt/Decrypt a string by just converting it to bytes and passing it along to the byte-based encryption/decryption methods public byte[] EncryptString(string message) => Encrypt(Encoding.UTF8.GetBytes(message)); public string DecryptString(byte[] message, int length) => new string(Encoding.UTF8.GetChars(Decrypt(message, length, false))).Substring(0, length); + // Encrypt a message (this one jsut splits the message into blocks and passes it along) public override byte[] Encrypt(byte[] message) { byte[] result = new byte[message.Length + ((16 - (message.Length % 16))%16)]; @@ -165,8 +42,8 @@ namespace Tofvesson.Crypto return result; } + // Decrypt a message (these just pass the message along) public override byte[] Decrypt(byte[] ciphertext) => Decrypt(ciphertext, -1, false); - public byte[] Decrypt(byte[] message, int messageLength) => Decrypt(message, messageLength, true); protected byte[] Decrypt(byte[] message, int messageLength, bool doTruncate) { @@ -178,24 +55,29 @@ namespace Tofvesson.Crypto return doTruncate ? result.SubArray(0, messageLength) : result; } + // The actual AES encryption implementation protected virtual byte[] AES128_Encrypt(byte[] input) { + // The "state" is the name given the the 4x4 matrix that AES encrypts. The state is known as the "state" no matter what stage of AES it has gone through or how many left it has byte[] state = new byte[16]; Array.Copy(input, state, 16); - // Initial round + + // Initial round. Just just xor the key for this round input the input state = AddRoundKey(state, roundKeys, 0); // Rounds 1 - 9 for (int rounds = 1; rounds < 10; ++rounds) { - state = ShiftRows(SubBytes(state, false)); - if (rounds != 9) state = MixColumns(state, true); - state = AddRoundKey(state, roundKeys, rounds * 16); + state = ShiftRows(SubBytes(state, false)); // Shift the rows of the column-major matrix + if (rounds != 9) state = MixColumns(state, true); // Mix the columns (gonna be honest, I don't remember what this does, but it has something to do with galois fields, so just check Galois2 out) + state = AddRoundKey(state, roundKeys, rounds * 16); // Xor the key into the mess } + // Now this matrix is encrypted! return state; } + // Literally just the inverse functions of the Encrypt-process run in reverse. protected virtual byte[] AES128_Decrypt(byte[] input) { byte[] state = new byte[16]; @@ -211,25 +93,28 @@ namespace Tofvesson.Crypto return AddRoundKey(state, roundKeys, 0); } + // Save the key to a file public void Save(string baseName, bool force = false) { if (force || !File.Exists(baseName + ".key")) File.WriteAllBytes(baseName + ".key", key); } - public byte[] Serialize() => Support.SerializeBytes(new byte[][] { key }); - public static Rijndael128 Deserialize(byte[] message, out int read) - { - byte[][] output = Support.DeserializeBytes(message, 1); - read = output[0].Length + output[1].Length + 8; - return new Rijndael128(output[0]); - } - + // Load the key from a file (gonna be honest, I think I just copy-pasted this from the RSA file and renamed some stuff) public static Rijndael128 Load(string baseName) { if (!File.Exists(baseName + ".key")) throw new SystemException("Required files could not be located"); return new Rijndael128(File.ReadAllBytes(baseName + ".key")); } + // De/-serializes the key (the method is just here for compatibility) + public byte[] Serialize() => Support.SerializeBytes(new byte[][] { key }); + public static Rijndael128 Deserialize(byte[] message, out int read) + { + byte[][] output = Support.DeserializeBytes(message, 1); + read = output[0].Length + 8; + return new Rijndael128(output[0]); + } + // Internal methods for encryption :) private static uint KSchedCore(uint input, int iteration) @@ -241,6 +126,7 @@ namespace Tofvesson.Crypto return (uint)Support.ReadInt(bytes, 0); } + // Rijndael key schedule: implemented for the three common implementations because I'm thorough or something public enum BitMode { Bit128, Bit192, Bit256 } private static byte[] KeySchedule(byte[] key, BitMode mode) { @@ -290,8 +176,6 @@ namespace Tofvesson.Crypto } } - Console.WriteLine(Support.ArrayToString(output)); - return output; } @@ -354,6 +238,7 @@ namespace Tofvesson.Crypto return state; } + // Reverse ShiftRows private static byte[] UnShiftRows(byte[] state) { for (int i = 1; i < 4; ++i) @@ -365,6 +250,7 @@ namespace Tofvesson.Crypto return state; } + // Helper method, really private static void WriteToRow(uint value, byte[] to, int row) { to[row] = (byte)(value & 255); @@ -373,6 +259,7 @@ namespace Tofvesson.Crypto to[row + 12] = (byte)((value >> 24) & 255); } + // Boring helper method private static uint GetRow(byte[] from, int row) => (uint)(from[row] | (from[row + 4] << 8) | (from[row + 8] << 16) | (from[row + 12] << 24)); /// @@ -428,16 +315,26 @@ namespace Tofvesson.Crypto /// /// Input string to derive key from /// A key and an IV - private static Tuple DeriveKey(string message) + private static Tuple DeriveKey(string message, string salt) { - byte[] salt = new CryptoRandomProvider().GetBytes(16); // Get a random 16-byte salt - byte[] key = KDF.PBKDF2(KDF.HMAC_SHA1, Encoding.UTF8.GetBytes(message), salt, 4096, 16); // Generate a 16-byte (128-bit) key from salt over 4096 iterations of HMAC-SHA1 - return new Tuple(key, salt); + byte[] key = KDF.PBKDF2(KDF.HMAC_SHA1, Encoding.UTF8.GetBytes(message), salt.ToUTF8Bytes(), 4096, 16); // Generate a 16-byte (128-bit) key from salt over 4096 iterations of HMAC-SHA1 + return new Tuple(key, salt.ToUTF8Bytes()); } private static byte RCON(int i) => i <= 0 ? (byte)0x8d : new Galois2(i - 1).ToByteArray()[0]; } + + + // If you genuinely care what this does, to which I would under regular circumstances call you a nerd but alas I researched this, soooooo here: + // https://en.wikipedia.org/wiki/Finite_field_arithmetic + // http://www.cs.utsa.edu/~wagner/laws/FFM.html + // https://www.wolframalpha.com/examples/math/algebra/finite-fields/ + // https://www.youtube.com/watch?v=x1v2tX4_dkQ + // That YouTube link explains it the best imo, but the others really help and solidify the concept. + // Essentially, if you're genuinely going to torture yourself by trying to learn this stuff, at least do yourself a favour and start with the video. + // Also, I'm not gonna comment the code down there because it's a hellhole and it's late and I have a headache and ooooooooohhhhh I don't want to spend more time that I already have on that stuff. + // You get the comments that I put there when I made this; no more than that! Honestly, they're still plenty so just make do! /// /// Object representation of a Galois Field with characteristic 2 /// @@ -563,6 +460,9 @@ namespace Tofvesson.Crypto } + // Just internal stuff from here on out boiiiiiiis! + + protected static bool _ArraysEquals(byte[] v1, byte[] v2) { diff --git a/Common/CBC.cs b/Common/CBC.cs index ab97311..f35e0f4 100644 --- a/Common/CBC.cs +++ b/Common/CBC.cs @@ -1,37 +1,37 @@ using System; -using System.Collections.Generic; using System.Linq; -using System.Text; -using System.Threading.Tasks; +using System.Reflection; namespace Tofvesson.Crypto { + // Specifies the basic structure of a block cipher public abstract class BlockCipher { public Int32 BlockSize { get; private set; } - public BlockCipher(int blockSize) - { - this.BlockSize = blockSize; - } + + public BlockCipher(int blockSize) { this.BlockSize = blockSize; } + public abstract byte[] Encrypt(byte[] message); public abstract byte[] Decrypt(byte[] ciphertext); } - + // Base structure of a cipher block chaining algorithm + // For an in-depth explanation of what this is (as well as visuals of the implementations that are a bit futher down), visit https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation public abstract class GenericCBC : BlockCipher { + private static readonly byte[] splitter = ":".ToUTF8Bytes(); + + private readonly byte[] iv_e; public byte[] IV { get => (byte[])iv_e.Clone(); } protected readonly byte[] currentIV_e; protected readonly byte[] currentIV_d; protected readonly BlockCipher cipher; - protected readonly RandomProvider provider; public GenericCBC(BlockCipher cipher, RandomProvider provider) : base(cipher.BlockSize) { this.cipher = cipher; - this.provider = provider; // Generate initialization vector and set it as the current iv iv_e = provider.GetBytes(new byte[cipher.BlockSize]); @@ -41,6 +41,18 @@ namespace Tofvesson.Crypto Array.Copy(iv_e, currentIV_d, iv_e.Length); } + public GenericCBC(BlockCipher cipher, byte[] iv_e) : base(cipher.BlockSize) + { + this.iv_e = iv_e; + this.cipher = cipher; + + currentIV_e = new byte[cipher.BlockSize]; + currentIV_d = new byte[cipher.BlockSize]; + Array.Copy(iv_e, currentIV_e, iv_e.Length); + Array.Copy(iv_e, currentIV_d, iv_e.Length); + } + + // Separate a given messae into blocks for processing protected byte[][] SplitBlocks(byte[] message) { byte[][] blocks = new byte[(message.Length / cipher.BlockSize) + (message.Length % cipher.BlockSize == 0 ? 0 : 1)][]; @@ -57,6 +69,7 @@ namespace Tofvesson.Crypto return blocks; } + // Recombine blocks that have been split back into a single string of bytes protected byte[] CollectBlocks(byte[][] result) { byte[] collected = new byte[result.Length * cipher.BlockSize]; @@ -75,11 +88,16 @@ namespace Tofvesson.Crypto /// /// Standard cipher block chaining implementation (not recommended, but available nonetheless) /// - public class CBC : GenericCBC + public sealed class CBC : GenericCBC { public CBC(BlockCipher cipher, RandomProvider provider) : base(cipher, provider) { } + public CBC(BlockCipher cipher, byte[] iv_e) : base(cipher, iv_e) + { } + + + // This entire method is pretty self-explanatory. All you need to know is: currentIV_e represents the IV currently being used for encryption public override byte[] Encrypt(byte[] message) { byte[][] blocks = SplitBlocks(message); @@ -110,13 +128,18 @@ namespace Tofvesson.Crypto return CollectBlocks(blocks); } + } - public class PCBC : GenericCBC + // Propogating CBC + public sealed class PCBC : GenericCBC { public PCBC(BlockCipher cipher, RandomProvider provider) : base(cipher, provider) { } + public PCBC(BlockCipher cipher, byte[] iv_e) : base(cipher, iv_e) + { } + public override byte[] Encrypt(byte[] message) { byte[][] blocks = SplitBlocks(message); @@ -162,11 +185,14 @@ namespace Tofvesson.Crypto } } - public class CFB : GenericCBC + public sealed class CFB : GenericCBC { public CFB(BlockCipher cipher, RandomProvider provider) : base(cipher, provider) { } + public CFB(BlockCipher cipher, byte[] iv_e) : base(cipher, iv_e) + { } + public override byte[] Encrypt(byte[] message) { byte[][] blocks = SplitBlocks(message); diff --git a/Common/KDF.cs b/Common/KDF.cs index e955701..f286f76 100644 --- a/Common/KDF.cs +++ b/Common/KDF.cs @@ -10,6 +10,8 @@ namespace Tofvesson.Crypto public static class KDF { public delegate byte[] HashFunction(byte[] message); + + // Hash-based Message Authentication Codes: generates a code for verifying the sender of a message and the like public static byte[] HMAC(byte[] key, byte[] message, HashFunction func, int blockSizeBytes) { if (key.Length > blockSizeBytes) key = func(key); @@ -20,40 +22,50 @@ namespace Tofvesson.Crypto key = b; } - byte[] o_key_pad = new byte[blockSizeBytes]; - byte[] i_key_pad = new byte[blockSizeBytes]; + byte[] o_key_pad = new byte[blockSizeBytes]; // Outer padding + byte[] i_key_pad = new byte[blockSizeBytes]; // Inner padding for (int i = 0; i < blockSizeBytes; ++i) { + // Combine padding with key o_key_pad[i] = (byte)(key[i] ^ 0x5c); i_key_pad[i] = (byte)(key[i] ^ 0x36); } return func(Support.Concatenate(o_key_pad, func(Support.Concatenate(i_key_pad, message)))); } - public static byte[] HMAC_SHA1(byte[] key, byte[] message) => HMAC(key, message, SHA.SHA1, 64); + // Perform HMAC using SHA1 + public static byte[] HMAC_SHA1(byte[] key, byte[] message) => HMAC(key, message, SHA.SHA1, 20); + // Pseudorandom function delegate public delegate byte[] PRF(byte[] key, byte[] salt); + + // Password-Based Key Derivation Function 2. Used to generate "pseudorandom" keys from a given password and salt using a certain PRF applied a certain amount of times (iterations). + // dklen specified the "derived key length" in bytes. It is recommended to use a high number for the iterations variable (somewhere around 4096 is the standard for SHA1 currently) public static byte[] PBKDF2(PRF function, byte[] password, byte[] salt, int iterations, int dklen) { - byte[] dk = new byte[0]; - uint iter = 1; + byte[] dk = new byte[0]; // Create a placeholder for the derived key + uint iter = 1; // Track the iterations while (dk.Length < dklen) { // F-function + // The F-function (PRF) takes the amount of iterations performed in the opposite endianness format from what C# uses, so we have to swap the endianness byte[] u = function(password, Support.Concatenate(salt, Support.WriteToArray(new byte[4], Support.SwapEndian(iter), 0))); byte[] ures = new byte[u.Length]; Array.Copy(u, ures, u.Length); for(int i = 1; i { bool cryptoEstablished = false; @@ -260,7 +264,7 @@ namespace Tofvesson.Crypto Queue ibuf = new Queue(); byte[] buffer = new byte[bufSize]; while (Running) - if (SyncListener(cryptoEstablished, mLen, out cryptoEstablished, out mLen, out bool _, ibuf, buffer)) + if (SyncListener(ref cryptoEstablished, ref mLen, out bool _, ibuf, buffer)) break; if (ibuf.Count != 0) Console.WriteLine("Client socket closed with unread data!"); }) @@ -271,10 +275,8 @@ namespace Tofvesson.Crypto eventListener.Start(); } - protected internal bool SyncListener(bool cryptoEstablished, int mLen, out bool cE, out int mL, out bool acceptedData, Queue ibuf, byte[] buffer) + protected internal bool SyncListener(ref bool cryptoEstablished, ref int mLen, out bool acceptedData, Queue ibuf, byte[] buffer) { - cE = cryptoEstablished; - mL = mLen; if (cryptoEstablished) { lock (messageBuffer) @@ -289,7 +291,7 @@ namespace Tofvesson.Crypto ibuf.EnqueueAll(buffer, 0, read); } if (mLen == 0 && ibuf.Count >= 4) - mL = mLen = Support.ReadInt(ibuf.Dequeue(4), 0); + mLen = Support.ReadInt(ibuf.Dequeue(4), 0); if (mLen != 0 && ibuf.Count >= mLen) { // Got a full message. Parse! @@ -299,21 +301,43 @@ namespace Tofvesson.Crypto { if (ServerSide) { - Crypto = AES.Deserialize(decrypt.Decrypt(message), out int _); + try + { + if (Crypto == null) Crypto = Rijndael128.Deserialize(decrypt.Decrypt(message), out int _); + else CBC = new PCBC(Crypto, decrypt.Decrypt(message)); + } + catch (Exception) { + Console.WriteLine("A fatal error ocurrd when attempting to establish a secure channel! Stopping..."); + Thread.Sleep(5000); + Environment.Exit(-1); + } } else { // Reconstruct RSA object from remote public keys and use it to encrypt our serialized AES key/iv - byte[] b1 = NetSupport.WithHeader(RSA.Deserialize(message, out int _).Encrypt(Crypto.Serialize())); - Connection.Send(b1); + RSA asymm = RSA.Deserialize(message, out int _); + Connection.Send(NetSupport.WithHeader(asymm.Encrypt(Crypto.Serialize()))); + Connection.Send(NetSupport.WithHeader(asymm.Encrypt(CBC.IV))); + } + if (CBC != null) + { + cryptoEstablished = true; + onConn(this); } - cE = true; - onConn(this); } else { - string response = handler(Crypto.DecryptString(message), out bool live); - if (response != null) Connection.Send(NetSupport.WithHeader(Crypto.Encrypt(response))); + // Decrypt the incoming message + byte[] read = Crypto.Decrypt(message); + + // Read the decrypted message length + int mlenInner = Support.ReadInt(read, 0); + + // Send the message to the handler and get a response + string response = handler(read.SubArray(4, 4+mlenInner).ToUTF8String(), out bool live); + + // Send the response (if given one) and drop the connection if the handler tells us to + if (response != null) Connection.Send(NetSupport.WithHeader(Crypto.Encrypt(NetSupport.WithHeader(response.ToUTF8Bytes())))); if (!live) { Running = false; @@ -327,11 +351,15 @@ namespace Tofvesson.Crypto } // Reset expexted message length - mL = 0; + mLen = 0; } return false; } + /// + /// Disconnect from server + /// + /// public virtual async Task Disconnect() { NetSupport.DoStateCheck(IsAlive, true); @@ -341,6 +369,7 @@ namespace Tofvesson.Crypto return await new TaskFactory().StartNew(() => { eventListener.Join(); return null; }); } + // Methods for sending data to the server public bool TrySend(string message) => TrySend(Encoding.UTF8.GetBytes(message)); public bool TrySend(byte[] message) { @@ -354,14 +383,15 @@ namespace Tofvesson.Crypto public virtual void Send(string message) => Send(Encoding.UTF8.GetBytes(message)); public virtual void Send(byte[] message) { NetSupport.DoStateCheck(IsAlive, true); - lock (messageBuffer) messageBuffer.Enqueue(Crypto.Encrypt(message, new PassthroughPadding())); + lock (messageBuffer) messageBuffer.Enqueue(Crypto.Encrypt(NetSupport.WithHeader(message))); } } + // Helper methods. WithHeader() should really just be in Support.cs public static class NetSupport { - internal static byte[] WithHeader(string message) => WithHeader(Encoding.UTF8.GetBytes(message)); - internal static byte[] WithHeader(byte[] message) + public static byte[] WithHeader(string message) => WithHeader(Encoding.UTF8.GetBytes(message)); + public static byte[] WithHeader(byte[] message) { byte[] nmsg = new byte[message.Length + 4]; Support.WriteToArray(nmsg, message.Length, 0); @@ -369,6 +399,8 @@ namespace Tofvesson.Crypto return nmsg; } + public static byte[] FromHeaded(byte[] msg, int offset) => msg.SubArray(offset + 4, offset + 4 + Support.ReadInt(msg, offset)); + internal static void DoStateCheck(bool state, bool target) { if (state != target) throw new InvalidOperationException("Bad state!"); } diff --git a/Common/RSA.cs b/Common/RSA.cs index abfb8ef..b75612e 100644 --- a/Common/RSA.cs +++ b/Common/RSA.cs @@ -48,6 +48,7 @@ namespace Tofvesson.Crypto CanDecrypt = true; } + // Load necessary values from files private RSA(string e_file, string n_file, string d_file) { if (!File.Exists(e_file)) throw new SystemException($"Could not load from file \"{e_file}\""); @@ -60,6 +61,8 @@ namespace Tofvesson.Crypto CanDecrypt = true; } + // Create a shallow copy of the given object because it's really just wasteful to perform a deep copy + // unless the person modifying this code is a madman, in which case I highly doubt they'd willfully leave this code alone anyway... public RSA(RSA copy) { e = copy.e; @@ -69,6 +72,7 @@ namespace Tofvesson.Crypto CanDecrypt = copy.CanDecrypt; } + // Create a "remote" instance of the rsa object. This means that we do not know the private exponent private RSA(byte[] e, byte[] n) { this.e = new BigInteger(e); @@ -78,6 +82,7 @@ namespace Tofvesson.Crypto CanDecrypt = false; } + // Encrypt (duh) public byte[] EncryptString(string message) => Encrypt(DEFAULT_ENCODING.GetBytes(message)); public byte[] EncryptString(string message, Encoding encoding) => Encrypt(encoding.GetBytes(message)); public byte[] EncryptString(string message, CryptoPadding padding) => Encrypt(DEFAULT_ENCODING.GetBytes(message), padding); @@ -104,6 +109,7 @@ namespace Tofvesson.Crypto return cryptomessage.ToByteArray(); } + // Decrypt (duh) public string DecryptString(byte[] message) => new string(DEFAULT_ENCODING.GetChars(Decrypt(message, NO_PADDING))); public string DecryptString(byte[] message, Encoding encoding) => new string(encoding.GetChars(Decrypt(message, NO_PADDING))); public string DecryptString(byte[] message, Encoding encoding, CryptoPadding padding) => new string(encoding.GetChars(Decrypt(message, padding))); @@ -128,8 +134,10 @@ namespace Tofvesson.Crypto return message; } - public byte[] GetPK() => e.ToByteArray(); + // Gives you the public key + public byte[] GetPubK() => e.ToByteArray(); + // Save this RSA instance to correspondingly named files public void Save(string fileNameBase, bool force = false) { if (force || !File.Exists(fileNameBase + ".e")) File.WriteAllBytes(fileNameBase + ".e", e.ToByteArray()); @@ -137,14 +145,18 @@ namespace Tofvesson.Crypto if (force || !File.Exists(fileNameBase + ".d")) File.WriteAllBytes(fileNameBase + ".d", d.ToByteArray()); } + // Serialize (for public key distribution) public byte[] Serialize() => Support.SerializeBytes(new byte[][] { e.ToByteArray(), n.ToByteArray() }); + // Deserialize RSA data (for key distribution (but the other end (how many parentheses deep can I go?))) public static RSA Deserialize(byte[] function, out int read) { byte[][] rd = Support.DeserializeBytes(function, 2); read = rd[0].Length + rd[1].Length + 8; return new RSA(rd[0], rd[1]); } + + // Check if the data we want to convert into an RSA-instance will cause a crash if we try to parse it public static bool CanDeserialize(IEnumerable data) { try @@ -158,6 +170,8 @@ namespace Tofvesson.Crypto catch (Exception) { } return false; } + + // Safely attempt to load RSA keys from files public static RSA TryLoad(string fileNameBase) => TryLoad(fileNameBase + ".e", fileNameBase + ".n", fileNameBase + ".d"); public static RSA TryLoad(string e_file, string n_file, string d_file) { diff --git a/Common/Support.cs b/Common/Support.cs index f6cdcba..3f335f1 100644 --- a/Common/Support.cs +++ b/Common/Support.cs @@ -4,6 +4,7 @@ using System.IO; using System.Linq; using System.Net; using System.Numerics; +using System.Reflection; using System.Security.Cryptography; using System.Text; using System.Threading.Tasks; @@ -11,6 +12,9 @@ using System.Xml; namespace Tofvesson.Crypto { + + // Just a ton of support methods to make life easier. Almost aboslutely nothing of notable value here + // Honestly, just continue on to the next file of whatever, unless you have some unbearable desire to give yourself a headache and be completely disappointed by the end of reading this public static class Support { // -- Math -- @@ -375,19 +379,98 @@ namespace Tofvesson.Crypto } public static bool ReadYNBool(this TextReader reader, string nonDefault) => reader.ReadLine().ToLower().Equals(nonDefault); + + public static string SerializeStrings(string[] data) + { + StringBuilder builder = new StringBuilder(); + foreach (var datum in data) builder.Append(datum.Replace("&", "&").Replace("\n", "&nl;")).Append("&nm;"); + if (builder.Length > 0) builder.Remove(builder.Length - 4, 4); + return builder.ToString(); + } + + public static string[] DeserializeString(string message) + { + List collect = new List(); + const string target = "&nm;"; + int found = 0; + int prev = 0; + for(int i = 0; i= pastFirst) + return i; + return -1; + } } - public static class RandomSupport + + public abstract class RandomProvider { - public static BigInteger GenerateBoundedRandom(BigInteger max, RandomProvider provider) + public abstract byte[] GetBytes(int count); + public abstract byte[] GetBytes(byte[] buffer); + + // Randomly generates a shortinteger bounded by the supplied integer. If bounding value is <= 0, it will be ignored + public ushort NextUShort(ushort bound = 0) { - byte[] b = max.ToByteArray(); - byte maxLast = b[b.Length - 1]; - provider.GetBytes(b); - if(maxLast!=0) b[b.Length - 1] %= maxLast; - b[b.Length - 1] |= 127; - return new BigInteger(b); + byte[] raw = GetBytes(2); + ushort result = 0; + for (byte s = 0; s < 2; ++s) + { + result <<= 8; + result |= raw[s]; + } + return (ushort)(bound > 0 ? result % bound : result); } + + // Randomly generates an integer bounded by the supplied integer. If bounding value is <= 0, it will be ignored + public uint NextUInt(uint bound = 0) + { + byte[] raw = GetBytes(4); + uint result = 0; + for (byte s = 0; s < 4; ++s) + { + result <<= 8; + result |= raw[s]; + } + return bound > 0 ? result % bound : result; + } + + // Randomly generates a long integer bounded by the supplied integer. If bounding value is <= 0, it will be ignored + public ulong NextULong(ulong bound = 0) + { + byte[] raw = GetBytes(8); + ulong result = 0; + for (byte s = 0; s < 8; ++s) + { + result <<= 8; + result |= raw[s]; + } + return bound > 0 ? result % bound : result; + } + + public short NextShort(short bound = 0) => (short)NextUInt((ushort)bound); + public int NextInt(int bound = 0) => (int)NextUInt((uint)bound); + public long NextLong(long bound = 0) => (long)NextULong((ulong)bound); } public sealed class RegularRandomProvider : RandomProvider @@ -437,52 +520,16 @@ namespace Tofvesson.Crypto } } - public abstract class RandomProvider + public static class RandomSupport { - public abstract byte[] GetBytes(int count); - public abstract byte[] GetBytes(byte[] buffer); - - // Randomly generates a shortinteger bounded by the supplied integer. If bounding value is <= 0, it will be ignored - public ushort NextUShort(ushort bound = 0) + public static BigInteger GenerateBoundedRandom(BigInteger max, RandomProvider provider) { - byte[] raw = GetBytes(2); - ushort result = 0; - for (byte s = 0; s < 2; ++s) - { - result <<= 8; - result |= raw[s]; - } - return (ushort) (bound > 0 ? result % bound : result); + byte[] b = max.ToByteArray(); + byte maxLast = b[b.Length - 1]; + provider.GetBytes(b); + if (maxLast != 0) b[b.Length - 1] %= maxLast; + b[b.Length - 1] |= 127; + return new BigInteger(b); } - - // Randomly generates an integer bounded by the supplied integer. If bounding value is <= 0, it will be ignored - public uint NextUInt(uint bound = 0) - { - byte[] raw = GetBytes(4); - uint result = 0; - for (byte s = 0; s < 4; ++s) - { - result <<= 8; - result |= raw[s]; - } - return bound > 0 ? result % bound : result; - } - - // Randomly generates a long integer bounded by the supplied integer. If bounding value is <= 0, it will be ignored - public ulong NextULong(ulong bound = 0) - { - byte[] raw = GetBytes(8); - ulong result = 0; - for (byte s = 0; s < 8; ++s) - { - result <<= 8; - result |=raw[s]; - } - return bound > 0 ? result % bound : result; - } - - public short NextShort(short bound = 0) => (short)NextUInt((ushort)bound); - public int NextInt(int bound = 0) => (int) NextUInt((uint) bound); - public long NextLong(long bound = 0) => (long)NextULong((ulong)bound); } } diff --git a/Server/Program.cs b/Server/Program.cs index 3816274..eed12da 100644 --- a/Server/Program.cs +++ b/Server/Program.cs @@ -1,13 +1,21 @@ using Tofvesson.Crypto; using System; +using System.Xml; +using System.Collections.Generic; namespace Server { class Program { + // Constants used for the server (duh) + private const string db = "db.xml"; + private const short port = 1337; + + static void Main(string[] args) { - bool verbose = false; + bool verbose = true; + // Prepare crypto RandomProvider provider = new RegularRandomProvider(); RSA func = LoadRSA(provider); @@ -15,18 +23,106 @@ namespace Server Console.WriteLine("Server starting!\nType \"help\" for a list of serverside commands"); - NetServer server = new NetServer(func, 1337, (string message, out bool keepAlive) => + XmlDocument doc = new XmlDocument(); + try { doc.Load(db); } // Attempt to load the xml document + catch (Exception) + { + // If the xml-document doesn't exist, start building one + XmlDeclaration declaration = doc.CreateXmlDeclaration("1.0", "utf-8", null); + doc.AppendChild(declaration); + } + + + // Create a server with the given RSA function + NetServer server = new NetServer(func, port, (string message, out bool keepAlive) => { if(verbose) Console.WriteLine("Got message from client: " + message); keepAlive = true; - return "Alright!"; + + // Check if the message sent was a "Store" command + if (message.StartsWith("S-") && message.Substring(2).Contains("-")) + { + // Split up the message into its relevant parts: Sender and Message + string data = message.Substring(2); + string auth = data.Substring(0, data.IndexOf('-')); + string msg = data.Substring(data.IndexOf('-') + 1); + + // Look up some stuff + XmlNodeList lst_u = doc.SelectNodes("users"); + XmlElement users; + if (lst_u.Count == 0) + { + users = doc.CreateElement("users"); + doc.AppendChild(users); + } + else users = (XmlElement) lst_u.Item(0); + + XmlElement userSet = null; + foreach (var child in users.ChildNodes) + if (child is XmlElement && ((XmlElement)child).Name.Equals("U"+auth)) + { + userSet = (XmlElement) child; + break; + } + + // If a node doesn't exist for the user, create it + if (userSet == null) + { + userSet = doc.CreateElement("U"+auth); + users.AppendChild(userSet); + } + + // Store the message and save + XmlElement messageNode = doc.CreateElement("msg"); + messageNode.InnerText = msg; + userSet.AppendChild(messageNode); + + if (verbose) Console.WriteLine("Saving document..."); + doc.Save(db); + } + // Check if the message was a "Load" command + else if (message.StartsWith("L-")) + { + // Get the authentication code + string auth = message.Substring(2); + + // Load some xml stuff + XmlNode users = doc.SelectSingleNode("users"); + + XmlNodeList elements = null; + foreach(var user in users.ChildNodes) + if(user is XmlElement && ((XmlElement) user).Name.Equals("U"+auth)) + { + elements = ((XmlElement) user).ChildNodes; + break; + } + + // There are no stored messages for the given auth. code: respond with a blank message + if (elements == null) return "M-"; + + if (elements.Count != 0) + { + List collect = new List(); + foreach(var element in elements) + if (element is XmlElement) + collect.Add(((XmlElement)element).InnerText); + + // Respond with all the elements (conveniently serialized) + return "M-"+Support.SerializeStrings(collect.ToArray()); + } + } + + // No response + return null; }, client => { + // Notify the console of the new client if (verbose) Console.WriteLine($"Client has connected: {client.ToString()}"); }); server.StartListening(); + // Server terminal command loop while (server.Running) { string s = Console.ReadLine().ToLower(); @@ -44,7 +140,7 @@ namespace Server } } - + // Load RSA data from a file public static RSA LoadRSA(RandomProvider provider) { RSA func = null; @@ -55,7 +151,7 @@ namespace Server { Console.Write("Enter base file name: "); func = RSA.TryLoad(Console.ReadLine()); - if (func.GetPK() == null) throw new NullReferenceException(); + if (func.GetPubK() == null) throw new NullReferenceException(); Console.WriteLine("Sucessfully loaded keys!"); break; } @@ -67,6 +163,7 @@ namespace Server return func; } + // Generate RSA data public static RSA GenerateRSA() { RSA func; @@ -78,6 +175,7 @@ namespace Server Console.WriteLine("Generating keys..."); + // Always use 8 thread to generate the primes and whatnot. Use a certainty of 20 to minimize any posibility of false primes. 20 is pretty good... func = new RSA(read, 4, 8, 20); Console.Write("Done! Would you like to save the keys? (y/N): ");