init

server.cpp

@@ -0,0 +1,271 @@
+#include <stdio.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+// open ssl
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+#include <errno.h>  // for perror()
+#include <unistd.h> // for close()
+
+#include <string>
+#include <cstring>
+#include <cstdlib> // for atoi()
+#include <vector>
+
+// load environment variables from .env file, and additional helper functions
+#include "helper.h"
+
+using std::string;
+using std::vector;
+
+int gcm_decrypt(unsigned char *ciphertext, int ciphertext_len,
+                unsigned char *aad, int aad_len,
+                unsigned char *tag,
+                unsigned char *key,
+                unsigned char *iv, int iv_len,
+                unsigned char *plaintext)
+{
+    EVP_CIPHER_CTX *ctx;
+    int len, plaintext_len, ret;
+    /* Create and initialize the context */
+    ctx = EVP_CIPHER_CTX_new();
+    if (!ctx)
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+
+    /* Initialize the decryption operation. */
+    if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /* Set IV length. Not necessary if this is 12 bytes (96 bits) */
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, iv_len, NULL))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /* Initialize key and IV */
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /*
+     * Provide any AAD data. This can be called zero or more times as
+     * required
+     */
+    if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+
+    /*
+    * Provide the message to be decrypted, and obtain the plaintext
+   output.
+    * EVP_DecryptUpdate can be called multiple times if necessary
+    */
+    if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    plaintext_len = len;
+    /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
+    {
+        ERR_print_errors_fp(stderr);
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /*
+     * Finalize the decryption. A positive return value indicates success,
+     * and anything else is a failure - the plaintext is not trustworthy.
+     */
+    ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
+    /* Clean up */
+    EVP_CIPHER_CTX_free(ctx);
+    if (ret > 0)
+    {
+        /* Success */
+        plaintext_len += len;
+        return plaintext_len;
+    }
+    else
+    {
+        /* Verify failed */
+        return 0;
+    }
+}
+
+int main(void)
+{
+    printf("Server starting...\n");
+    load_env(".env");
+
+    // Declare variables
+    const char *server_ip = getenv("SERVER_IP");
+    const int server_port = atoi(getenv("SERVER_PORT"));
+    char client_message[2048];
+    char server_message[2048];
+    const char *custom_message_success = "Server: Hello from server, message authenticated!\n";
+    const char *custom_message_failed = "Server: Hello from server, message failed authentication!\n";
+
+    // debug
+    printf("Server starting at IP: %s, Port: %d\n", server_ip, server_port);
+
+    // encryption parameters
+    const char *inital_vector = std::getenv("INITIAL_VECTOR");
+    const char *secret_key = std::getenv("SECRET_KEY");
+    const char *add = std::getenv("ADD");
+    unsigned char key_bytes[32], iv_bytes[16];
+
+    int key_len = hex_to_bytes_upper(secret_key, key_bytes, sizeof(key_bytes));
+    int iv_len = hex_to_bytes_upper(inital_vector, iv_bytes, sizeof(iv_bytes));
+
+    if (key_len != 32 || iv_len != 16)
+    {
+        fprintf(stderr, "Invalid key/IV size for AES-256-GCM\n");
+        return 1;
+    }
+
+    // Create socket
+    const int server_socket = socket(AF_INET, SOCK_STREAM, 0);
+    if (server_socket == -1)
+    {
+        perror("Failed to create socket");
+        return 1;
+    }
+
+    // Bind to the set port and IP
+    struct sockaddr_in server_addr;
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_port = htons(server_port);
+    inet_pton(AF_INET, server_ip, &server_addr.sin_addr);
+
+    if (bind(server_socket, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1)
+    {
+        perror("Failed to bind socket");
+        close(server_socket);
+        return 1;
+    }
+    printf("Done with binding with IP: %s, Port: %d\n", server_ip, server_port);
+
+    // Listen for clients:
+    const char *client_ip = getenv("CLIENT_IP");
+    if (listen(server_socket, 1) == -1)
+    {
+        perror("Failed to listen on socket");
+        close(server_socket);
+        return 1;
+    }
+    printf("Listening for incoming connections...\n");
+
+    // Accept an incoming connection
+    struct sockaddr_in client_addr;
+    socklen_t client_addr_len = sizeof(client_addr);
+    int client_socket = accept(server_socket, (struct sockaddr *)&client_addr, &client_addr_len);
+    if (client_socket == -1)
+    {
+        perror("Failed to accept connection");
+        close(server_socket);
+        return 1;
+    }
+    printf("Client connected at IP: %s \n", client_ip);
+
+    // clean exising buffer
+    memset(client_message, 0, sizeof(client_message));
+
+    // store message history, for TAG calculation
+    // msg on odd is msg, and on even is corresponding TAG
+    vector<string> message_history;
+
+    // Receive client's message
+    while (1)
+    {
+        // clean exising buffer
+        memset(client_message, 0, sizeof(client_message));
+
+        ssize_t n = recv(client_socket, client_message, sizeof(client_message), 0);
+        if (n == 0)
+            break;
+        if (n < 0)
+        {
+            perror("recv");
+            break;
+        }
+
+        if (strcmp((char *)client_message, "\\exit\n") == 0)
+            break;
+
+        printf("Msg from client: %s \n", byte_to_hex((unsigned char *)client_message, n));
+        // store message history for TAG calculation
+        message_history.push_back(string((char *)client_message, n));
+
+        // only respond after receiving both msg and TAG
+        if (message_history.size() % 2 == 1)
+            continue;
+
+        // check TAG
+        const string tag_str = message_history.back();
+        unsigned char tag[16];
+        memcpy(tag, tag_str.c_str(), 16);
+        const string ciphertext_str = message_history[message_history.size() - 2];
+        char ciphertext_cstr[2048];
+        strcpy(ciphertext_cstr, ciphertext_str.c_str());
+
+        unsigned char plaintext[2048];
+        memset(plaintext, 0, sizeof(plaintext));
+        int plaintext_len = gcm_decrypt((unsigned char *)ciphertext_cstr,
+                    strlen(ciphertext_cstr),
+                    (unsigned char *)add,
+                    strlen(add),
+                    tag,
+                    key_bytes,
+                    iv_bytes,
+                    16,
+                    plaintext);
+
+        if (plaintext_len == 0)
+        {
+            fprintf(stderr, "TAG mismatch or invalid message\n");
+            memcpy(server_message, custom_message_failed, strlen(custom_message_failed));
+            ;
+        }
+        else
+        {
+            fprintf(stderr, "Decryption success\n, decrypted message: %s\n", plaintext);
+            memcpy(server_message, custom_message_success, strlen(custom_message_success));
+            ;
+        }
+        // Respond to client
+        // prepare server message
+
+        size_t reply_len = strlen(server_message);
+        if (send(client_socket, server_message, reply_len, 0) == -1)
+        {
+            perror("Send failed");
+            break;
+        }
+
+        printf("Response sent to client: %s\n", server_message);
+    }
+    // Close the socket
+    close(client_socket);
+    close(server_socket);
+
+    return 0;
+}