int main()
{
//H2();
//H3();
//H3_1();
//H3_2();
//H3_3();
//H4();
H5();
return 0;
}
void tSecureStream::m_setupClient(const tRSA& rsa, string appGreeting)
{
// This block is protected by constant timing in case
// there is a man-in-the-middle who is causing the client
// connection to fail over-and-over and analysing the time
// it takes for the client to re-start the connection.
// This block prevents info from being leaked about the
// particular pre_secret that is being used by the current
// connection attempt.
vector<u8> rand_c, pre_secret, enc;
{
tConstTimeBlock ctb(&gClientInitTimingHistory);
// Generate the client random vector.
rand_c = s_genRand(kRandVectLen);
// Generate the pre-secret random vector.
pre_secret = s_genRand(kPreSecretLen);
// Encrypt the pre-secret under the server's RSA public key.
enc = rsa.encrypt(pre_secret);
}
// Send all this to the server.
pack(m_internal_writable, kLibrhoGreeting);
pack(m_internal_writable, appGreeting);
pack(m_internal_writable, rand_c);
pack(m_internal_writable, enc);
s_flush(m_internal_writable);
// Read the greeting from the server.
// We don't care if timing info is leaked here
// because 'kSuccessfulGreeting' is not a secret.
string greetingResponse;
try {
unpack(m_internal_readable, greetingResponse,
(u32)(std::max(kSuccessfulGreeting.length(), kFailedGreeting.length())));
} catch (ebObject& e) {
throw eRuntimeError("The secure server didn't reply with its greeting.");
}
if (greetingResponse != kSuccessfulGreeting)
throw eRuntimeError("The secure server sent a failure greeting.");
// Read the random server bytes.
// Again, we don't care about leaking timing info here.
vector<u8> rand_s;
try {
unpack(m_internal_readable, rand_s, kRandVectLen);
} catch (ebObject& e) {
throw eRuntimeError("The secure server sent a random vector of the wrong length.");
}
if (rand_s.size() != kRandVectLen)
throw eRuntimeError("The secure server sent a random vector of the wrong length.");
// Another const timing block.
vector<u8> secret, fPrime, g;
{
tConstTimeBlock ctb(&gClientProcessResponseTimingHistory);
// Calculated the shared secret (from the pre-secret).
secret = H1(pre_secret, rand_c, rand_s);
// Calculate the correct response from the server.
fPrime = H2(secret, rand_c, rand_s);
// Calculate the proof-of-client.
g = H3(secret, rand_c, rand_s);
}
// Read the proof-of-server hash.
vector<u8> f;
try {
unpack(m_internal_readable, f, (u32)fPrime.size());
} catch (ebObject& e) {
throw eRuntimeError("The secure server failed to verify itself.");
}
if (!s_constTimeIsEqual(f, fPrime))
throw eRuntimeError("The secure server failed to verify itself.");
// Send the proof-of-client. (That is, prove we are not just replaying some other connection.)
pack(m_internal_writable, g);
s_flush(m_internal_writable);
// Setup secure streams with the server.
vector<u8> ksw = H4(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Server Writer
vector<u8> kcw = H5(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Client Writer
m_readable = new tReadableAES(m_internal_readable, kOpModeCBC,
&ksw[0], s_toKeyLen(ksw.size()));
m_writable = new tWritableAES(m_internal_writable, kOpModeCBC,
&kcw[0], s_toKeyLen(kcw.size()));
}
Molecule C6H6()
{
int nAtoms = 12;
// These are in Angstrom
Eigen::Vector3d C1(5.274, 1.999, -8.568);
Eigen::Vector3d C2(6.627, 2.018, -8.209);
Eigen::Vector3d C3(7.366, 0.829, -8.202);
Eigen::Vector3d C4(6.752, -0.379, -8.554);
Eigen::Vector3d C5(5.399, -0.398, -8.912);
Eigen::Vector3d C6(4.660, 0.791, -8.919);
Eigen::Vector3d H1(4.704, 2.916, -8.573);
Eigen::Vector3d H2(7.101, 2.950, -7.938);
Eigen::Vector3d H3(8.410, 0.844, -7.926);
Eigen::Vector3d H4(7.322, -1.296, -8.548);
Eigen::Vector3d H5(4.925, -1.330, -9.183);
Eigen::Vector3d H6(3.616, 0.776, -9.196);
// Scale
C1 /= convertBohrToAngstrom;
C2 /= convertBohrToAngstrom;
C3 /= convertBohrToAngstrom;
C4 /= convertBohrToAngstrom;
C5 /= convertBohrToAngstrom;
C6 /= convertBohrToAngstrom;
H1 /= convertBohrToAngstrom;
H2 /= convertBohrToAngstrom;
H3 /= convertBohrToAngstrom;
H4 /= convertBohrToAngstrom;
H5 /= convertBohrToAngstrom;
H6 /= convertBohrToAngstrom;
Eigen::MatrixXd geom(3, nAtoms);
geom.col(0) = C1.transpose();
geom.col(1) = C2.transpose();
geom.col(2) = C3.transpose();
geom.col(3) = C4.transpose();
geom.col(4) = C5.transpose();
geom.col(5) = C6.transpose();
geom.col(6) = H1.transpose();
geom.col(7) = H2.transpose();
geom.col(8) = H3.transpose();
geom.col(9) = H4.transpose();
geom.col(10) = H5.transpose();
geom.col(11) = H6.transpose();
Eigen::VectorXd charges(12), masses(12);
charges << 6.0, 6.0, 6.0, 6.0, 6.0, 6.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0;
masses << 12.00, 12.0, 12.0, 12.0, 12.0, 12.0, 1.0078250, 1.0078250, 1.0078250,
1.0078250, 1.0078250, 1.0078250;
double radiusC = 1.70 / convertBohrToAngstrom;
double radiusH = 1.20 / convertBohrToAngstrom;
std::vector<Atom> atoms;
atoms.push_back( Atom("Carbon", "C", charges(0), masses(0), radiusC, C1, 1.0) );
atoms.push_back( Atom("Carbon", "C", charges(1), masses(1), radiusC, C2, 1.0) );
atoms.push_back( Atom("Carbon", "C", charges(2), masses(2), radiusC, C3, 1.0) );
atoms.push_back( Atom("Carbon", "C", charges(3), masses(3), radiusC, C4, 1.0) );
atoms.push_back( Atom("Carbon", "C", charges(4), masses(4), radiusC, C5, 1.0) );
atoms.push_back( Atom("Carbon", "C", charges(5), masses(5), radiusC, C6, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(6), masses(6), radiusH, H1, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(7), masses(7), radiusH, H2, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(8), masses(8), radiusH, H3, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(9), masses(9), radiusH, H4, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(10), masses(10), radiusH, H5, 1.0) );
atoms.push_back( Atom("Hydrogen", "H", charges(11), masses(11), radiusH, H6, 1.0) );
std::vector<Sphere> spheres;
Sphere sph1(C1, radiusC);
Sphere sph2(C2, radiusC);
Sphere sph3(C3, radiusC);
Sphere sph4(C4, radiusC);
Sphere sph5(C5, radiusC);
Sphere sph6(C6, radiusC);
Sphere sph7(H1, radiusH);
Sphere sph8(H2, radiusH);
Sphere sph9(H3, radiusH);
Sphere sph10(H4, radiusH);
Sphere sph11(H5, radiusH);
Sphere sph12(H6, radiusH);
spheres.push_back(sph1);
spheres.push_back(sph2);
spheres.push_back(sph3);
spheres.push_back(sph4);
spheres.push_back(sph5);
spheres.push_back(sph6);
spheres.push_back(sph7);
spheres.push_back(sph8);
spheres.push_back(sph9);
spheres.push_back(sph10);
spheres.push_back(sph11);
spheres.push_back(sph12);
// D2h as generated by Oxy, Oxz, Oyz
Symmetry pGroup = buildGroup(0, 0, 0, 0);
return Molecule(nAtoms, charges, masses, geom, atoms, spheres, pGroup);
};
void tSecureStream::m_setupServer(const tRSA& rsa, string appGreeting)
{
// Read the greeting (part 1) from the client.
// Note: The following DOES leak timing information, but we don't
// care because 'kLibrhoGreeting' isn't a secret.
string receivedLibrhoGreeting;
try {
unpack(m_internal_readable, receivedLibrhoGreeting, (u32)kLibrhoGreeting.size());
} catch (ebObject& e) {
s_failConnection(m_internal_writable, "The secure client did not greet me properly.");
}
if (receivedLibrhoGreeting != kLibrhoGreeting)
s_failConnection(m_internal_writable, "The secure client did not greet me properly.");
// Read the greeting (part 2) from the client.
// Note: The following DOES leak timing information, but we don't
// care because 'appGreeting' isn't a secret.
string receivedAppGreeting;
try {
unpack(m_internal_readable, receivedAppGreeting, (u32)appGreeting.size());
} catch (ebObject& e) {
s_failConnection(m_internal_writable, "The secure client requested a different application.");
}
if (receivedAppGreeting != appGreeting)
s_failConnection(m_internal_writable, "The secure client requested a different application.");
// Read the client's random bytes.
// Again, we don't care about the leaked info here because the correct
// random vector length is not a secret.
vector<u8> rand_c;
try {
unpack(m_internal_readable, rand_c, kRandVectLen);
} catch (ebObject& e) {
s_failConnection(m_internal_writable, "The secure client sent a random byte vector of the wrong length.");
}
if (rand_c.size() != kRandVectLen)
s_failConnection(m_internal_writable, "The secure client sent a random byte vector of the wrong length.");
// Read the encrypted pre-secret from the client.
// (No info is leaked by this section.)
vector<u8> enc;
try {
unpack(m_internal_readable, enc, rsa.maxMessageLength()+5);
} catch (ebObject& e) {
s_failConnection(m_internal_writable, "The secure client failed to send an encrypted pre-secret.");
}
// Now that the server has read everything from the client, it
// will do some calculations.
// We will protect this section with a const time block to
// protect against timing side-channel attacks.
vector<u8> pre_secret, rand_s, secret, f, gPrime;
{
// This object is constructed in this code block, and it
// will be destructed when this block ends. The d'tor of
// this class calls sleep() in order to enforce consistent
// timing of the execution of this block.
tConstTimeBlock ctb(&gServerProcessGreetingTimingHistory);
// Decrypt the pre-secret and make sure it looks okay.
pre_secret = rsa.decrypt(enc);
if (pre_secret.size() != kPreSecretLen)
s_failConnection(m_internal_writable, "The secure client gave a pre-secret that is the wrong length.");
// Generate the server random byte vector.
rand_s = s_genRand(kRandVectLen);
// Calculated the shared secret (from the pre-secret).
secret = H1(pre_secret, rand_c, rand_s);
// Calculate the proof-of-server hash. (The convinces the client that we are the actual server.)
f = H2(secret, rand_c, rand_s);
// Calculate what the client correct response would be.
gPrime = H3(secret, rand_c, rand_s);
}
// Write back to the client all this stuff.
pack(m_internal_writable, kSuccessfulGreeting);
pack(m_internal_writable, rand_s);
pack(m_internal_writable, f);
s_flush(m_internal_writable);
// Have the client prove that it is a real client, not a reply attack.
vector<u8> g;
try {
unpack(m_internal_readable, g, (u32)gPrime.size());
} catch (ebObject& e) {
throw eRuntimeError("The secure client failed to show proof that it is real.");
}
if (!s_constTimeIsEqual(g, gPrime))
throw eRuntimeError("The secure client failed to show proof that it is real.");
// Setup secure streams with the client.
vector<u8> ksw = H4(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Server Writer
vector<u8> kcw = H5(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Client Writer
m_readable = new tReadableAES(m_internal_readable, kOpModeCBC,
&kcw[0], s_toKeyLen(kcw.size()));
m_writable = new tWritableAES(m_internal_writable, kOpModeCBC,
&ksw[0], s_toKeyLen(ksw.size()));
}
