int main() { //H2(); //H3(); //H3_1(); //H3_2(); //H3_3(); //H4(); H5(); return 0; }
void tSecureStream::m_setupClient(const tRSA& rsa, string appGreeting) { // This block is protected by constant timing in case // there is a man-in-the-middle who is causing the client // connection to fail over-and-over and analysing the time // it takes for the client to re-start the connection. // This block prevents info from being leaked about the // particular pre_secret that is being used by the current // connection attempt. vector<u8> rand_c, pre_secret, enc; { tConstTimeBlock ctb(&gClientInitTimingHistory); // Generate the client random vector. rand_c = s_genRand(kRandVectLen); // Generate the pre-secret random vector. pre_secret = s_genRand(kPreSecretLen); // Encrypt the pre-secret under the server's RSA public key. enc = rsa.encrypt(pre_secret); } // Send all this to the server. pack(m_internal_writable, kLibrhoGreeting); pack(m_internal_writable, appGreeting); pack(m_internal_writable, rand_c); pack(m_internal_writable, enc); s_flush(m_internal_writable); // Read the greeting from the server. // We don't care if timing info is leaked here // because 'kSuccessfulGreeting' is not a secret. string greetingResponse; try { unpack(m_internal_readable, greetingResponse, (u32)(std::max(kSuccessfulGreeting.length(), kFailedGreeting.length()))); } catch (ebObject& e) { throw eRuntimeError("The secure server didn't reply with its greeting."); } if (greetingResponse != kSuccessfulGreeting) throw eRuntimeError("The secure server sent a failure greeting."); // Read the random server bytes. // Again, we don't care about leaking timing info here. vector<u8> rand_s; try { unpack(m_internal_readable, rand_s, kRandVectLen); } catch (ebObject& e) { throw eRuntimeError("The secure server sent a random vector of the wrong length."); } if (rand_s.size() != kRandVectLen) throw eRuntimeError("The secure server sent a random vector of the wrong length."); // Another const timing block. vector<u8> secret, fPrime, g; { tConstTimeBlock ctb(&gClientProcessResponseTimingHistory); // Calculated the shared secret (from the pre-secret). secret = H1(pre_secret, rand_c, rand_s); // Calculate the correct response from the server. fPrime = H2(secret, rand_c, rand_s); // Calculate the proof-of-client. g = H3(secret, rand_c, rand_s); } // Read the proof-of-server hash. vector<u8> f; try { unpack(m_internal_readable, f, (u32)fPrime.size()); } catch (ebObject& e) { throw eRuntimeError("The secure server failed to verify itself."); } if (!s_constTimeIsEqual(f, fPrime)) throw eRuntimeError("The secure server failed to verify itself."); // Send the proof-of-client. (That is, prove we are not just replaying some other connection.) pack(m_internal_writable, g); s_flush(m_internal_writable); // Setup secure streams with the server. vector<u8> ksw = H4(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Server Writer vector<u8> kcw = H5(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Client Writer m_readable = new tReadableAES(m_internal_readable, kOpModeCBC, &ksw[0], s_toKeyLen(ksw.size())); m_writable = new tWritableAES(m_internal_writable, kOpModeCBC, &kcw[0], s_toKeyLen(kcw.size())); }
Molecule C6H6() { int nAtoms = 12; // These are in Angstrom Eigen::Vector3d C1(5.274, 1.999, -8.568); Eigen::Vector3d C2(6.627, 2.018, -8.209); Eigen::Vector3d C3(7.366, 0.829, -8.202); Eigen::Vector3d C4(6.752, -0.379, -8.554); Eigen::Vector3d C5(5.399, -0.398, -8.912); Eigen::Vector3d C6(4.660, 0.791, -8.919); Eigen::Vector3d H1(4.704, 2.916, -8.573); Eigen::Vector3d H2(7.101, 2.950, -7.938); Eigen::Vector3d H3(8.410, 0.844, -7.926); Eigen::Vector3d H4(7.322, -1.296, -8.548); Eigen::Vector3d H5(4.925, -1.330, -9.183); Eigen::Vector3d H6(3.616, 0.776, -9.196); // Scale C1 /= convertBohrToAngstrom; C2 /= convertBohrToAngstrom; C3 /= convertBohrToAngstrom; C4 /= convertBohrToAngstrom; C5 /= convertBohrToAngstrom; C6 /= convertBohrToAngstrom; H1 /= convertBohrToAngstrom; H2 /= convertBohrToAngstrom; H3 /= convertBohrToAngstrom; H4 /= convertBohrToAngstrom; H5 /= convertBohrToAngstrom; H6 /= convertBohrToAngstrom; Eigen::MatrixXd geom(3, nAtoms); geom.col(0) = C1.transpose(); geom.col(1) = C2.transpose(); geom.col(2) = C3.transpose(); geom.col(3) = C4.transpose(); geom.col(4) = C5.transpose(); geom.col(5) = C6.transpose(); geom.col(6) = H1.transpose(); geom.col(7) = H2.transpose(); geom.col(8) = H3.transpose(); geom.col(9) = H4.transpose(); geom.col(10) = H5.transpose(); geom.col(11) = H6.transpose(); Eigen::VectorXd charges(12), masses(12); charges << 6.0, 6.0, 6.0, 6.0, 6.0, 6.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0; masses << 12.00, 12.0, 12.0, 12.0, 12.0, 12.0, 1.0078250, 1.0078250, 1.0078250, 1.0078250, 1.0078250, 1.0078250; double radiusC = 1.70 / convertBohrToAngstrom; double radiusH = 1.20 / convertBohrToAngstrom; std::vector<Atom> atoms; atoms.push_back( Atom("Carbon", "C", charges(0), masses(0), radiusC, C1, 1.0) ); atoms.push_back( Atom("Carbon", "C", charges(1), masses(1), radiusC, C2, 1.0) ); atoms.push_back( Atom("Carbon", "C", charges(2), masses(2), radiusC, C3, 1.0) ); atoms.push_back( Atom("Carbon", "C", charges(3), masses(3), radiusC, C4, 1.0) ); atoms.push_back( Atom("Carbon", "C", charges(4), masses(4), radiusC, C5, 1.0) ); atoms.push_back( Atom("Carbon", "C", charges(5), masses(5), radiusC, C6, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(6), masses(6), radiusH, H1, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(7), masses(7), radiusH, H2, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(8), masses(8), radiusH, H3, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(9), masses(9), radiusH, H4, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(10), masses(10), radiusH, H5, 1.0) ); atoms.push_back( Atom("Hydrogen", "H", charges(11), masses(11), radiusH, H6, 1.0) ); std::vector<Sphere> spheres; Sphere sph1(C1, radiusC); Sphere sph2(C2, radiusC); Sphere sph3(C3, radiusC); Sphere sph4(C4, radiusC); Sphere sph5(C5, radiusC); Sphere sph6(C6, radiusC); Sphere sph7(H1, radiusH); Sphere sph8(H2, radiusH); Sphere sph9(H3, radiusH); Sphere sph10(H4, radiusH); Sphere sph11(H5, radiusH); Sphere sph12(H6, radiusH); spheres.push_back(sph1); spheres.push_back(sph2); spheres.push_back(sph3); spheres.push_back(sph4); spheres.push_back(sph5); spheres.push_back(sph6); spheres.push_back(sph7); spheres.push_back(sph8); spheres.push_back(sph9); spheres.push_back(sph10); spheres.push_back(sph11); spheres.push_back(sph12); // D2h as generated by Oxy, Oxz, Oyz Symmetry pGroup = buildGroup(0, 0, 0, 0); return Molecule(nAtoms, charges, masses, geom, atoms, spheres, pGroup); };
void tSecureStream::m_setupServer(const tRSA& rsa, string appGreeting) { // Read the greeting (part 1) from the client. // Note: The following DOES leak timing information, but we don't // care because 'kLibrhoGreeting' isn't a secret. string receivedLibrhoGreeting; try { unpack(m_internal_readable, receivedLibrhoGreeting, (u32)kLibrhoGreeting.size()); } catch (ebObject& e) { s_failConnection(m_internal_writable, "The secure client did not greet me properly."); } if (receivedLibrhoGreeting != kLibrhoGreeting) s_failConnection(m_internal_writable, "The secure client did not greet me properly."); // Read the greeting (part 2) from the client. // Note: The following DOES leak timing information, but we don't // care because 'appGreeting' isn't a secret. string receivedAppGreeting; try { unpack(m_internal_readable, receivedAppGreeting, (u32)appGreeting.size()); } catch (ebObject& e) { s_failConnection(m_internal_writable, "The secure client requested a different application."); } if (receivedAppGreeting != appGreeting) s_failConnection(m_internal_writable, "The secure client requested a different application."); // Read the client's random bytes. // Again, we don't care about the leaked info here because the correct // random vector length is not a secret. vector<u8> rand_c; try { unpack(m_internal_readable, rand_c, kRandVectLen); } catch (ebObject& e) { s_failConnection(m_internal_writable, "The secure client sent a random byte vector of the wrong length."); } if (rand_c.size() != kRandVectLen) s_failConnection(m_internal_writable, "The secure client sent a random byte vector of the wrong length."); // Read the encrypted pre-secret from the client. // (No info is leaked by this section.) vector<u8> enc; try { unpack(m_internal_readable, enc, rsa.maxMessageLength()+5); } catch (ebObject& e) { s_failConnection(m_internal_writable, "The secure client failed to send an encrypted pre-secret."); } // Now that the server has read everything from the client, it // will do some calculations. // We will protect this section with a const time block to // protect against timing side-channel attacks. vector<u8> pre_secret, rand_s, secret, f, gPrime; { // This object is constructed in this code block, and it // will be destructed when this block ends. The d'tor of // this class calls sleep() in order to enforce consistent // timing of the execution of this block. tConstTimeBlock ctb(&gServerProcessGreetingTimingHistory); // Decrypt the pre-secret and make sure it looks okay. pre_secret = rsa.decrypt(enc); if (pre_secret.size() != kPreSecretLen) s_failConnection(m_internal_writable, "The secure client gave a pre-secret that is the wrong length."); // Generate the server random byte vector. rand_s = s_genRand(kRandVectLen); // Calculated the shared secret (from the pre-secret). secret = H1(pre_secret, rand_c, rand_s); // Calculate the proof-of-server hash. (The convinces the client that we are the actual server.) f = H2(secret, rand_c, rand_s); // Calculate what the client correct response would be. gPrime = H3(secret, rand_c, rand_s); } // Write back to the client all this stuff. pack(m_internal_writable, kSuccessfulGreeting); pack(m_internal_writable, rand_s); pack(m_internal_writable, f); s_flush(m_internal_writable); // Have the client prove that it is a real client, not a reply attack. vector<u8> g; try { unpack(m_internal_readable, g, (u32)gPrime.size()); } catch (ebObject& e) { throw eRuntimeError("The secure client failed to show proof that it is real."); } if (!s_constTimeIsEqual(g, gPrime)) throw eRuntimeError("The secure client failed to show proof that it is real."); // Setup secure streams with the client. vector<u8> ksw = H4(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Server Writer vector<u8> kcw = H5(pre_secret, secret, rand_c, rand_s); // <-- the Key for the Client Writer m_readable = new tReadableAES(m_internal_readable, kOpModeCBC, &kcw[0], s_toKeyLen(kcw.size())); m_writable = new tWritableAES(m_internal_writable, kOpModeCBC, &ksw[0], s_toKeyLen(ksw.size())); }