2 #include "TimingSingleton.h"
3 #include "SecureRandom.h"
11 #include "ByteBuffer.h"
13 #include <sys/types.h>
14 #include <sys/socket.h>
15 #include <arpa/inet.h>
16 #include <netinet/tcp.h>
21 * Empty Constructor needed for child class.
23 CloudComm::CloudComm() :
33 timer(TimingSingleton_getInstance()),
34 getslot(new Array<char>("getslot", 7)),
35 putslot(new Array<char>("putslot", 7))
39 void *threadWrapper(void *cloud) {
40 CloudComm *c = (CloudComm *) cloud;
41 c->localServerWorkerFunction();
46 * Constructor for actual use. Takes in the url and password.
48 CloudComm::CloudComm(Table *_table, IoTString *_baseurl, IoTString *_password, int _listeningPort) :
53 random(new SecureRandom()),
56 listeningPort(_listeningPort),
58 timer(TimingSingleton_getInstance()),
59 getslot(new Array<char>("getslot", 7)),
60 putslot(new Array<char>("putslot", 7)) {
61 if (listeningPort > 0) {
62 pthread_create(&localServerThread, NULL, threadWrapper, this);
66 CloudComm::~CloudComm() {
73 * Generates Key from password.
75 AESKey *CloudComm::initKey() {
77 AESKey *key = new AESKey(password->internalBytes(),
82 } catch (Exception *e) {
83 throw new Error("Failed generating key.");
88 * Inits all the security stuff
91 void CloudComm::initSecurity() {
92 // try to get the salt and if one does not exist set one
102 * Inits the HMAC generator.
104 void CloudComm::initCrypt() {
105 if (password == NULL) {
110 password = NULL;// drop password
113 } catch (Exception *e) {
114 throw new Error("Failed To Initialize Ciphers");
119 * Builds the URL for the given request.
121 IoTString *CloudComm::buildRequest(bool isput, int64_t sequencenumber, int64_t maxentries) {
122 const char *reqstring = isput ? "req=putslot" : "req=getslot";
123 char *buffer = (char *) malloc(baseurl->length() + 200);
124 memcpy(buffer, baseurl->internalBytes()->internalArray(), baseurl->length());
125 int offset = baseurl->length();
126 offset += sprintf(&buffer[offset], "?%s&seq=%" PRId64, reqstring, sequencenumber);
128 sprintf(&buffer[offset], "&max=%" PRId64, maxentries);
129 IoTString *urlstr = new IoTString(buffer);
133 void loopWrite(int fd, char * array, int bytestowrite) {
134 int byteswritten = 0;
135 while (bytestowrite) {
136 int bytes = write(fd, & array[byteswritten], bytestowrite);
138 byteswritten += bytes;
139 bytestowrite -= bytes;
141 printf("Error in write\n");
147 void loopRead(int fd, char * array, int bytestoread) {
149 while (bytestoread) {
150 int bytes = read(fd, & array[bytesread], bytestoread);
153 bytestoread -= bytes;
155 printf("Error in read\n");
161 int openURL(IoTString *url) {
162 if (url->length() < 7 || memcmp(url->internalBytes()->internalArray(), "http://", 7)) {
163 printf("BOGUS URL\n");
167 for(; i < url->length(); i++)
168 if (url->get(i) == '/')
171 if ( i == url->length()) {
172 printf("ERROR in openURL\n");
176 char * host = (char *) malloc(i - 6);
177 memcpy(host, &url->internalBytes()->internalArray()[7], i-7);
179 printf("%s\n", host);
181 char * message = (char *)malloc(sizeof("POST HTTP/1.1\r\n") + sizeof("Host: \r\n") + 2*url->length());
183 /* fill in the parameters */
184 int post = sprintf(message,"POST ");
186 memcpy(&message[post], &url->internalBytes()->internalArray()[i], url->length()-i);
187 int endpost = sprintf(&message[post+url->length()-i], " HTTP/1.1\r\n");
189 int hostlen = sprintf(&message[endpost + post + url->length()-i], "Host: ");
190 memcpy(&message[endpost + post + url->length()+hostlen-i], host, i-7);
191 sprintf(&message[endpost + post + url->length()+hostlen-7], "\r\n");
193 /* create the socket */
194 int sockfd = socket(AF_INET, SOCK_STREAM, 0);
195 if (sockfd < 0) {printf("ERROR opening socket\n"); exit(-1);}
197 /* lookup the ip address */
198 struct hostent *server = gethostbyname(host);
201 if (server == NULL) {printf("ERROR, no such host"); exit(-1);}
203 /* fill in the structure */
204 struct sockaddr_in serv_addr;
206 memset(&serv_addr,0,sizeof(serv_addr));
207 serv_addr.sin_family = AF_INET;
208 serv_addr.sin_port = htons(80);
209 memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length);
211 /* connect the socket */
212 if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) {
213 printf("ERROR connecting");
217 /* send the request */
218 int total = strlen(message);
219 loopWrite(sockfd, message, total);
223 int createSocket(IoTString *name, int port) {
224 char * host = (char *) malloc(name->length()+1);
225 memcpy(host, name->internalBytes()->internalArray(), name->length());
226 host[name->length()] = 0;
227 printf("%s\n", host);
228 /* How big is the message? */
230 /* create the socket */
231 int sockfd = socket(AF_INET, SOCK_STREAM, 0);
232 if (sockfd < 0) {printf("ERROR opening socket\n"); exit(-1);}
234 /* lookup the ip address */
235 struct hostent *server = gethostbyname(host);
238 if (server == NULL) {printf("ERROR, no such host"); exit(-1);}
240 /* fill in the structure */
241 struct sockaddr_in serv_addr;
243 memset(&serv_addr,0,sizeof(serv_addr));
244 serv_addr.sin_family = AF_INET;
245 serv_addr.sin_port = htons(port);
246 memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length);
248 /* connect the socket */
249 if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) {
250 printf("ERROR connecting");
257 int createSocket(int port) {
259 struct sockaddr_in sin;
261 bzero(&sin, sizeof(sin));
262 sin.sin_family = AF_INET;
263 sin.sin_port = htons(port);
264 sin.sin_addr.s_addr = htonl(INADDR_ANY);
265 fd=socket(AF_INET, SOCK_STREAM, 0);
267 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&n, sizeof (n)) < 0) {
269 printf("Create Socket Error\n");
272 if (bind(fd, (struct sockaddr *) &sin, sizeof(sin))<0) {
276 if (listen(fd, 5)<0) {
283 int acceptSocket(int socket) {
284 struct sockaddr_in sin;
285 unsigned int sinlen=sizeof(sin);
286 int newfd = accept(socket, (struct sockaddr *)&sin, &sinlen);
288 setsockopt(newfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(flag));
290 printf("Accept Error\n");
296 void writeSocketData(int fd, Array<char> *data) {
297 loopWrite(fd, data->internalArray(), data->length());
300 void writeSocketInt(int fd, int32_t value) {
302 array[0] = value >> 24;
303 array[1] = (value >> 16) & 0xff;
304 array[2] = (value >> 8) & 0xff;
305 array[3] = (value >> 8) & 0xff;
306 loopWrite(fd, array, 4);
309 int readSocketInt(int fd) {
311 loopRead(fd, array, 4);
312 return (((int32_t) array[0]) << 24) |
313 (((int32_t) array[1]) << 16) |
314 (((int32_t) array[2]) << 8) |
315 ((int32_t) array[3]);
318 void readSocketData(int fd, Array<char> *data) {
319 loopRead(fd, data->internalArray(), data->length());
322 void writeURLDataAndClose(int fd, Array<char> *data) {
323 dprintf(fd, "Content-Length: %d\r\n\r\n", data->length());
324 loopWrite(fd, data->internalArray(), data->length());
327 void closeURLReq(int fd) {
331 void readURLData(int fd, Array<char> *output) {
332 loopRead(fd, output->internalArray(), output->length());
335 int readURLInt(int fd) {
337 loopRead(fd, array, 4);
338 return (((int32_t) array[0]) << 24) |
339 (((int32_t) array[1]) << 16) |
340 (((int32_t) array[2]) << 8) |
341 ((int32_t) array[3]);
344 int getResponseCode(int fd) {
349 int bytes = read(fd, &newchar, 1);
352 if (offset == (sizeof(response) - 1)) {
353 printf("Response too long");
356 response[offset++] = newchar;
360 response[offset] = 0;
361 int ver1 = 0, ver2 = 0, respcode = 0;
362 sscanf(response, "HTTP/%d.%d %d", &ver1, &ver2, &respcode);
363 printf("Response code %d\n", respcode);
367 void readHeaders(int fd) {
372 int bytes = read(fd, &newchar, 1);
374 throw new Error("Headers malformed!");
399 printf("ERROR in readHeaders\n");
407 void CloudComm::setSalt() {
409 // Salt already sent to server so don't set it again
415 Array<char> *saltTmp = new Array<char>(CloudComm_SALT_SIZE);
416 random->nextBytes(saltTmp);
418 char *buffer = (char *) malloc(baseurl->length() + 100);
419 memcpy(buffer, baseurl->internalBytes()->internalArray(), baseurl->length());
420 int offset = baseurl->length();
421 offset += sprintf(&buffer[offset], "?req=setsalt");
422 IoTString *urlstr = new IoTString(buffer);
426 fd = openURL(urlstr);
427 writeURLDataAndClose(fd, saltTmp);
429 int responsecode = getResponseCode(fd);
430 if (responsecode != HttpURLConnection_HTTP_OK) {
431 throw new Error("Invalid response");
437 } catch (Exception *e) {
439 throw new ServerException("Failed setting salt", ServerException_TypeConnectTimeout);
443 bool CloudComm::getSalt() {
445 IoTString *urlstr = NULL;
448 char *buffer = (char *) malloc(baseurl->length() + 100);
449 memcpy(buffer, baseurl->internalBytes()->internalArray(), baseurl->length());
450 int offset = baseurl->length();
451 offset += sprintf(&buffer[offset], "?req=getsalt");
452 urlstr = new IoTString(buffer);
454 } catch (Exception *e) {
455 throw new Error("getSlot failed");
459 fd = openURL(urlstr);
462 } catch (SocketTimeoutException *e) {
464 throw new ServerException("getSalt failed", ServerException_TypeConnectTimeout);
465 } catch (Exception *e) {
466 throw new Error("getSlot failed");
471 int responsecode = getResponseCode(fd);
473 if (responsecode != HttpURLConnection_HTTP_OK) {
474 throw new Error("Invalid response");
476 int salt_length = readURLInt(fd);
477 Array<char> *tmp = new Array<char>(salt_length);
478 readURLData(fd, tmp);
484 } catch (SocketTimeoutException *e) {
486 throw new ServerException("getSalt failed", ServerException_TypeInputTimeout);
487 } catch (Exception *e) {
488 throw new Error("getSlot failed");
492 Array<char> *CloudComm::createIV(int64_t machineId, int64_t localSequenceNumber) {
493 ByteBuffer *buffer = ByteBuffer_allocate(CloudComm_IV_SIZE);
494 buffer->putLong(machineId);
495 int64_t localSequenceNumberShifted = localSequenceNumber << 16;
496 buffer->putLong(localSequenceNumberShifted);
497 return buffer->array();
500 Array<char> *AESEncrypt(Array<char> *ivBytes, AESKey *key, Array<char> *data) {
501 Array<char> * output=new Array<char>(data->length());
502 aes_encrypt_ctr((BYTE *)data->internalArray(), data->length(), (BYTE *) output->internalArray(), (WORD *)key->getKey()->internalArray(), key->getKey()->length()/(sizeof(WORD)/sizeof(BYTE)), (BYTE *)ivBytes->internalArray());
506 Array<char> *AESDecrypt(Array<char> *ivBytes, AESKey *key, Array<char> *data) {
507 Array<char> * output=new Array<char>(data->length());
508 aes_decrypt_ctr((BYTE *)data->internalArray(), data->length(), (BYTE *)output->internalArray(), (WORD *)key->getKey()->internalArray(), key->getKey()->length()/(sizeof(WORD)/sizeof(BYTE)), (BYTE *)ivBytes->internalArray());
512 Array<char> *CloudComm::encryptSlotAndPrependIV(Array<char> *rawData, Array<char> *ivBytes) {
514 Array<char> *encryptedBytes = AESEncrypt(ivBytes, key, rawData);
515 Array<char> *chars = new Array<char>(encryptedBytes->length() + CloudComm_IV_SIZE);
516 System_arraycopy(ivBytes, 0, chars, 0, ivBytes->length());
517 System_arraycopy(encryptedBytes, 0, chars, CloudComm_IV_SIZE, encryptedBytes->length());
520 } catch (Exception *e) {
521 throw new Error("Failed To Encrypt");
525 Array<char> *CloudComm::stripIVAndDecryptSlot(Array<char> *rawData) {
527 Array<char> *ivBytes = new Array<char>(CloudComm_IV_SIZE);
528 Array<char> *encryptedBytes = new Array<char>(rawData->length() - CloudComm_IV_SIZE);
529 System_arraycopy(rawData, 0, ivBytes, 0, CloudComm_IV_SIZE);
530 System_arraycopy(rawData, CloudComm_IV_SIZE, encryptedBytes, 0, encryptedBytes->length());
531 return AESDecrypt(ivBytes, key, encryptedBytes);
532 } catch (Exception *e) {
533 throw new Error("Failed To Decrypt");
538 * API for putting a slot into the queue. Returns NULL on success.
539 * On failure, the server will send slots with newer sequence
542 Array<Slot *> *CloudComm::putSlot(Slot *slot, int max) {
547 throw new ServerException("putSlot failed", ServerException_TypeSalt);
552 int64_t sequencenumber = slot->getSequenceNumber();
553 Array<char> *slotBytes = slot->encode(mac);
554 Array<char> *chars = encryptSlotAndPrependIV(slotBytes, slot->getSlotCryptIV());
555 IoTString *url = buildRequest(true, sequencenumber, max);
558 writeURLDataAndClose(fd, chars);
560 } catch (ServerException *e) {
563 } catch (SocketTimeoutException *e) {
565 throw new ServerException("putSlot failed", ServerException_TypeConnectTimeout);
566 } catch (Exception *e) {
567 throw new Error("putSlot failed");
571 int respcode = getResponseCode(fd);
574 Array<char> *resptype = new Array<char>(7);
575 readURLData(fd, resptype);
578 if (resptype->equals(getslot)) {
579 Array<Slot *> * tmp =processSlots(fd);
582 } else if (resptype->equals(putslot)) {
587 throw new Error("Bad response to putslot");
589 } catch (SocketTimeoutException *e) {
592 throw new ServerException("putSlot failed", ServerException_TypeInputTimeout);
593 } catch (Exception *e) {
594 throw new Error("putSlot failed");
599 * Request the server to send all slots with the given
600 * sequencenumber or newer->
602 Array<Slot *> *CloudComm::getSlots(int64_t sequencenumber) {
607 throw new ServerException("getSlots failed", ServerException_TypeSalt);
612 IoTString *url = buildRequest(false, sequencenumber, 0);
617 } catch (SocketTimeoutException *e) {
619 throw new ServerException("getSlots failed", ServerException_TypeConnectTimeout);
620 } catch (ServerException *e) {
624 } catch (Exception *e) {
625 throw new Error("getSlots failed");
630 int responsecode = getResponseCode(fd);
632 Array<char> *resptype = new Array<char>(7);
633 readURLData(fd, resptype);
635 if (!resptype->equals(getslot))
636 throw new Error("Bad Response: ");
638 Array<Slot*> * tmp=processSlots(fd);
641 } catch (SocketTimeoutException *e) {
644 throw new ServerException("getSlots failed", ServerException_TypeInputTimeout);
645 } catch (Exception *e) {
646 throw new Error("getSlots failed");
651 * Method that actually handles building Slot objects from the
652 * server response. Shared by both putSlot and getSlots.
654 Array<Slot *> *CloudComm::processSlots(int fd) {
655 int numberofslots = readURLInt(fd);
656 Array<int> *sizesofslots = new Array<int>(numberofslots);
657 Array<Slot *> *slots = new Array<Slot *>(numberofslots);
659 for (int i = 0; i < numberofslots; i++)
660 sizesofslots->set(i, readURLInt(fd));
661 for (int i = 0; i < numberofslots; i++) {
662 Array<char> *rawData = new Array<char>(sizesofslots->get(i));
663 readURLData(fd, rawData);
664 Array<char> *data = stripIVAndDecryptSlot(rawData);
665 slots->set(i, Slot_decode(table, data, mac));
670 Array<char> *CloudComm::sendLocalData(Array<char> *sendData, int64_t localSequenceNumber, IoTString *host, int port) {
674 printf("Passing Locally\n");
675 mac->update(sendData, 0, sendData->length());
676 Array<char> *genmac = mac->doFinal();
677 Array<char> *totalData = new Array<char>(sendData->length() + genmac->length());
678 System_arraycopy(sendData, 0, totalData, 0, sendData->length());
679 System_arraycopy(genmac, 0, totalData, sendData->length(), genmac->length());
681 // Encrypt the data for sending
682 Array<char> *iv = createIV(table->getMachineId(), table->getLocalSequenceNumber());
683 Array<char> *encryptedData = encryptSlotAndPrependIV(totalData, iv);
685 // Open a TCP socket connection to a local device
686 int socket = createSocket(host, port);
689 // Send data to output (length of data, the data)
690 writeSocketInt(socket, encryptedData->length());
691 writeSocketData(socket, encryptedData);
693 int lengthOfReturnData = readSocketInt(socket);
694 Array<char> *returnData = new Array<char>(lengthOfReturnData);
695 readSocketData(socket, returnData);
697 returnData = stripIVAndDecryptSlot(returnData);
699 // We are done with this socket
701 mac->update(returnData, 0, returnData->length() - CloudComm_HMAC_SIZE);
702 Array<char> *realmac = mac->doFinal();
703 Array<char> *recmac = new Array<char>(CloudComm_HMAC_SIZE);
704 System_arraycopy(returnData, returnData->length() - realmac->length(), recmac, 0, realmac->length());
706 if (!recmac->equals(realmac))
707 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
709 Array<char> *returnData2 = new Array<char>(lengthOfReturnData - recmac->length());
710 System_arraycopy(returnData, 0, returnData2, 0, returnData2->length());
713 } catch (Exception *e) {
714 printf("Exception\n");
720 void CloudComm::localServerWorkerFunction() {
721 int inputSocket = -1;
724 // Local server socket
725 inputSocket = createSocket(listeningPort);
726 } catch (Exception *e) {
727 throw new Error("Local server setup failure...");
732 // Accept incoming socket
733 int socket = acceptSocket(inputSocket);
735 // Get the encrypted data from the server
736 int dataSize = readSocketInt(socket);
737 Array<char> *readData = new Array<char>(dataSize);
738 readSocketData(socket, readData);
742 readData = stripIVAndDecryptSlot(readData);
743 mac->update(readData, 0, readData->length() - CloudComm_HMAC_SIZE);
744 Array<char> *genmac = mac->doFinal();
745 Array<char> *recmac = new Array<char>(CloudComm_HMAC_SIZE);
746 System_arraycopy(readData, readData->length() - recmac->length(), recmac, 0, recmac->length());
748 if (!recmac->equals(genmac))
749 throw new Error("Local Error: Invalid HMAC! Potential Attack!");
751 Array<char> *returnData = new Array<char>(readData->length() - recmac->length());
752 System_arraycopy(readData, 0, returnData, 0, returnData->length());
755 Array<char> *sendData = table->acceptDataFromLocal(returnData);
756 mac->update(sendData, 0, sendData->length());
757 Array<char> *realmac = mac->doFinal();
758 Array<char> *totalData = new Array<char>(sendData->length() + realmac->length());
759 System_arraycopy(sendData, 0, totalData, 0, sendData->length());
760 System_arraycopy(realmac, 0, totalData, sendData->length(), realmac->length());
762 // Encrypt the data for sending
763 Array<char> *iv = createIV(table->getMachineId(), table->getLocalSequenceNumber());
764 Array<char> *encryptedData = encryptSlotAndPrependIV(totalData, iv);
767 // Send data to output (length of data, the data)
768 writeSocketInt(socket, encryptedData->length());
769 writeSocketData(socket, encryptedData);
771 } catch (Exception *e) {
775 if (inputSocket != -1) {
778 } catch (Exception *e) {
779 throw new Error("Local server close failure...");
784 void CloudComm::closeCloud() {
787 if (listeningPort > 0) {
788 if (pthread_join(localServerThread, NULL) != 0)
789 throw new Error("Local Server thread join issue...");