diff --git a/README.md b/README.md index 5e234bd..b24685a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@ # Project - TODO: [ ] Do print stuff for EVERYTHING (with colors preferably) + [x] Client + [x] Server [ ] rewrite the protocol.md +[ ] Make a video that shows how everything works yada yada [ ] export everything and upload it [ ] get a nice drink to celebrate \ No newline at end of file diff --git a/client/Log.cs b/client/Log.cs new file mode 100644 index 0000000..1e0f700 --- /dev/null +++ b/client/Log.cs @@ -0,0 +1,44 @@ + + +using System; +using lib; + +namespace client; + +/// Helper class to pretty print stuff with colors, client specific +public static class Log +{ + public static void Encrypted(string message, byte[] payload) + { + Console.ForegroundColor = Utils.C_ENC; + Console.WriteLine($"{message}: {Convert.ToBase64String(payload)}"); + Console.ResetColor(); + } + + public static void Decrypted(string message, byte[] payload) + { + Console.ForegroundColor = Utils.C_DEC; + Console.WriteLine($"{message}: {Convert.ToBase64String(payload)}"); + Console.ResetColor(); + } + + public static void Decrypted(string message) + { + Console.ForegroundColor = Utils.C_DEC; + Console.WriteLine(message); + Console.ResetColor(); + + } + + public static void System(string message) + { + Console.ForegroundColor = Utils.C_SYS; + Console.WriteLine(message); + Console.ResetColor(); + } + + public static void Message(string message) + { + Console.WriteLine(message); + } +} \ No newline at end of file diff --git a/client/Message.cs b/client/Message.cs index afc65c8..828e2fd 100644 --- a/client/Message.cs +++ b/client/Message.cs @@ -4,6 +4,7 @@ using System; using System.Collections.Generic; using System.Security.Cryptography; using System.Text; +using System.Text.Json.Serialization; using lib; namespace client; @@ -14,6 +15,7 @@ public class Message public string Sender { set; get; } public bool IsAck { set; get; } public string Content { set; get; } + [JsonIgnore] public byte[] Signature { set; get; } public Message(byte[] bytes) diff --git a/client/Program.cs b/client/Program.cs index 7452eb5..bca150d 100644 --- a/client/Program.cs +++ b/client/Program.cs @@ -8,6 +8,7 @@ using System.Net.Sockets; using System.Security.Cryptography; using System.Text; using System.Text.Json; +using System.Text.Json.Serialization; using System.Threading.Tasks; using client; using lib; @@ -18,10 +19,11 @@ public class Program { static string User = ""; static readonly Random Rand = new((int)DateTime.Now.Ticks); - static byte counter = (byte)Rand.Next(); + static byte Counter = (byte)Rand.Next(); static async Task Main(string[] args) { + // Load some info stuff User = args .SkipWhile(a => !new[] { "-p", "--phone" }.Contains(a)) // search for the option .Skip(1) // skip the `-u/--user` itself to get the value @@ -29,22 +31,32 @@ public class Program // On boot, check if a key is available RSA? serverKey = LoadRSAFromFile("server_key.pem"); - if (serverKey == null) { Console.WriteLine("Could not find server key, please run server before clients!"); return; } - RSA pubKey = LoadRSAFromFile($"pubkey_{User}.pem") ?? RSA.Create(2048); + if (serverKey == null) + { + Log.System("Could not find server key, please run server before clients!"); + return; + } + // Attempt to load the user's keys, + RSA pubKey = LoadRSAFromFile($"pubkey_{User}.pem") ?? RSA.Create(1024); RSA privKey = LoadRSAFromFile($"privkey_{User}.pem") ?? pubKey; - SaveRSAKeys(User, pubKey, privKey); - using TcpClient client = new("127.0.0.1", 12345); + // if pubKey and privKey is the same object then we created the keys just now, otherwise we can use the below flags to force a registration + bool needsRegister = pubKey == privKey || args.Any(a => new[] { "-fr", "--force-register" }.Contains(a)); + // Connect to the server + using TcpClient client = new("127.0.0.1", 12345); var stream = client.GetStream(); - // First contact init - bool needsRegister = pubKey == privKey || args.Any(a => new[] { "-fr", "--force-register" }.Contains(a)); + // Establish secure connection Aes sk = Aes.Create(); // creates an AES-256 key - // establish secure connection + + Log.Decrypted($"Session key + IV", [.. sk.Key, .. sk.IV]); + byte[] skEnc = serverKey.Encrypt([.. sk.Key, .. sk.IV], RSAEncryptionPadding.OaepSHA256); + Log.Encrypted("Session key + IV", skEnc); await stream.WriteAsync(skEnc); - // wait for the server to confirm it recieved the keys + // wait for the server to confirm it recieved the keys, supposedly we would want to read exactly what we need then + // send as much as we can in 1 go (and maybe use buffered streams), but i didnt do that and im fine with that await stream.ReadExactlyAsync(new byte[1]); if (needsRegister) @@ -55,38 +67,48 @@ public class Program } catch (Exception ex) { - Console.WriteLine("Failed registration process"); - Console.WriteLine("Exception: " + ex.Message); - Console.WriteLine("Stack: " + ex.StackTrace); + Log.System("Failed registration process"); + Log.System("Exception: " + ex.Message); + Log.System("Stack: " + ex.StackTrace); return; } } else { // start login process - byte[] msg = Request.CreateRequest(RequestType.Login, ref counter, Utils.NumberToBytes(User)); + byte[] msg = Request.CreateRequest(RequestType.Login, ref Counter, Utils.NumberToBytes(User)); + Log.Decrypted("Login", msg); msg = sk.EncryptCfb(msg, sk.IV, PaddingMode.PKCS7); + Log.Encrypted("Login", msg); await stream.WriteAsync(msg); byte[] toSign = new byte[16]; await stream.ReadExactlyAsync(toSign, 0, 16); + Log.Encrypted("Challenge", toSign); toSign = sk.DecryptCfb(toSign, sk.IV, PaddingMode.None); + Log.Decrypted("Challenge", toSign); byte[] signed = privKey.SignData(toSign, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); - msg = Request.CreateRequest(RequestType.ConfirmLogin, ref counter, BitConverter.GetBytes(signed.Length)); + Log.Decrypted("Signed", signed); + msg = Request.CreateRequest(RequestType.ConfirmLogin, ref Counter, BitConverter.GetBytes(signed.Length)); + Log.Decrypted("Challenge message", msg); msg = sk.EncryptCfb(msg, sk.IV, PaddingMode.None); - WriteColor($"Sending sig: {Convert.ToBase64String(signed)}", ConsoleColor.Green); + Log.Encrypted("Challenge message", msg); msg = [.. msg, .. signed]; + Log.Encrypted("Challenge final", msg); await stream.WriteAsync(msg); byte[] buffer = new byte[512]; int len = await stream.ReadAsync(buffer); + Log.Encrypted("Result", buffer[..len]); byte[] dec = sk.DecryptCfb(buffer[..len], sk.IV, PaddingMode.PKCS7); + Log.Decrypted("Result", dec); string r = Encoding.UTF8.GetString(dec); + Log.Decrypted($"Result (UTF8): {JsonSerializer.Serialize(r.ToCharArray())}"); if (r == "OK") { - Console.WriteLine("Login successful"); + Log.System("Login successful"); } else { - Console.WriteLine($"Failed login: {r}"); + Log.System($"Failed login: {r}"); client.Dispose(); return; } @@ -98,34 +120,29 @@ public class Program async static Task RegisterClient(string user, RSA pub, RSA priv, Aes sk, NetworkStream stream) { - Console.WriteLine("Attempting to register with public key:"); - Console.WriteLine(pub.ExportRSAPublicKeyPem()); - // Generate aes key and send it forward - Console.WriteLine($"Session key: {string.Join(' ', sk.Key)}"); - Console.WriteLine($"Session IV: {string.Join(' ', sk.IV)}"); + Log.System("Attempting to register with public key:"); + Log.System(pub.ExportRSAPublicKeyPem()); // Generate the Register msg - Console.WriteLine("Sending rsa public key thing"); byte[] pubBytes = pub.ExportRSAPublicKey(); byte[] data = new byte[12]; Array.Copy(Utils.NumberToBytes(user), data, 8); Array.Copy(BitConverter.GetBytes(pubBytes.Length), 0, data, 8, 4); - byte[] msg = Request.CreateRequest(RequestType.Register, ref counter, data); + byte[] msg = Request.CreateRequest(RequestType.Register, ref Counter, data); // Encrypt msg and send it byte[] payload = [.. msg, .. pubBytes]; + Log.Decrypted("Register payload", payload); + byte[] enc = sk.EncryptCfb(payload, sk.IV, PaddingMode.PKCS7); - Console.WriteLine($"payload length: {enc.Length}"); + Log.Encrypted("Register payload", enc); await stream.WriteAsync(enc); // get the 6 digit code (from "secure channel", actually an OK message is expected here but the 6 digit code kinda replaces it) byte[] digits = new byte[6]; - int len = 0; - while (len != 6) - { - len = await stream.ReadAsync(digits); - } + int len = await stream.ReadAsync(digits); + Log.System($"6 digit code actual length: {len}"); // print the 6 digit code - Console.WriteLine($"[{DateTime.Now}] 6 digit code: {string.Join(' ', digits.Select(d => d.ToString()))}"); + Log.System($"[{DateTime.Now}] 6 digit code: {string.Join(' ', digits.Select(d => d.ToString()))}"); // get the 6 digit code from the user while (true) { @@ -133,7 +150,8 @@ public class Program string? code = Console.ReadLine()?.Trim(); if (code == null || code.Take(6).Any(c => !char.IsDigit(c))) { - Console.WriteLine("Invalid code!"); + // we know the code is invalid because it HAS to be a 6 digit code + Log.System("Invalid code!"); continue; } byte[] codeBytes = code @@ -141,18 +159,25 @@ public class Program .Select(d => byte.Parse(d.ToString())) // parse into bytes .ToArray(); // Debug print the inserted value to see it works :) - Console.WriteLine(string.Join(' ', codeBytes.Select(b => b.ToString()))); + Log.System(string.Join(' ', codeBytes.Select(b => b.ToString()))); // Sign the 6 digit code & Generate ConfirmRegister message byte[] signed = priv.SignData(codeBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); - msg = Request.CreateRequest(RequestType.ConfirmRegister, ref counter, [.. codeBytes, .. BitConverter.GetBytes(signed.Length)]); + Log.Decrypted("Signed code", signed); + msg = Request.CreateRequest(RequestType.ConfirmRegister, ref Counter, [.. codeBytes, .. BitConverter.GetBytes(signed.Length)]); + Log.Decrypted("Signed message", msg); enc = sk.EncryptCfb(msg, sk.IV, PaddingMode.None); // no reason to encrpy the signature + Log.Encrypted("Signed message", enc); payload = [.. enc, .. signed]; // should be 128 (enc) + 256 (signed) + Log.Encrypted("Signed final", payload); await stream.WriteAsync(payload); // wait for OK/NACK response (anything other than OK is a NACK) int incoming = await stream.ReadAsync(enc); + Log.Encrypted("Response", enc[..incoming]); msg = sk.DecryptCfb(enc[..incoming], sk.IV, PaddingMode.PKCS7); + Log.Decrypted("Response", msg); string r = Encoding.UTF8.GetString(msg); + Log.Decrypted($"Response (UTF8): {r}"); if (r == "OK") { Console.WriteLine("Registration process complete"); @@ -189,7 +214,7 @@ public class Program Dictionary publicKeys = []; while (client.Connected) { - Console.Write("> "); + Console.Write((currentChat != null ? $"[{currentChat}] " : "") + "> "); string? input = Console.ReadLine(); if (input == null) { @@ -212,7 +237,7 @@ public class Program currentChat = words.Length > 1 ? words[1] : null; if (currentChat != null && currentChat.Length > 16) { - Console.WriteLine("Invalid number: too long"); + Log.System("Invalid number: too long"); currentChat = old; continue; } @@ -228,7 +253,7 @@ public class Program else { currentChat = old; - Console.WriteLine($"Reverting to previous chat: {currentChat ?? "none"}"); + Log.System($"Reverting to previous chat: {currentChat ?? "none"}"); } } break; @@ -244,25 +269,30 @@ public class Program { if (currentChat == null) { - Console.WriteLine("No chat is active, please select chat using '/msg [number]' or '/chat [number]'"); + Log.System("No chat is active, please select chat using '/msg [number]' or '/chat [number]'"); } else if (publicKeys.TryGetValue(currentChat!, out RSA? key)) { // Pick the id as a random uint, good enough for the sake of testing Message m = new((uint)Rand.Next(), User, false, input); m.CalculateSignature(privKey); + Log.Decrypted($"Message: {JsonSerializer.Serialize(m)}"); + Log.Decrypted("Message sig", m.Signature); byte[] userMsg = [.. key.Encrypt(m.Bytes(), RSAEncryptionPadding.OaepSHA256), .. m.Signature]; + Log.Encrypted("Message", userMsg); byte[] req = Request.CreateRequest( RequestType.SendMessage, - ref counter, + ref Counter, [.. Utils.NumberToBytes(currentChat!), .. BitConverter.GetBytes(userMsg.Length)]); + Log.Decrypted("Message req", req); req = sk.EncryptCfb(req, sk.IV); + Log.Encrypted("Message req", req); stream.Write([.. req, .. userMsg]); - Console.WriteLine($"[{DateTime.Now}] Sent to server: {input}"); + Log.System($"[{DateTime.Now}] Sent to server: {input}"); } else { - Console.WriteLine($"active chat exists, but no key was found..."); + Log.System($"active chat exists, but no key was found..."); } } } @@ -270,45 +300,50 @@ public class Program static async Task GetPublicKey(NetworkStream stream, Aes sk, string chat) { - byte[] req = Request.CreateRequest(RequestType.GetUserKey, ref counter, Utils.NumberToBytes(chat)); + byte[] req = Request.CreateRequest(RequestType.GetUserKey, ref Counter, Utils.NumberToBytes(chat)); + Log.Decrypted("Get key req", req); req = sk.EncryptCfb(req, sk.IV, PaddingMode.None); // no need for padding this is exactly 128 bytes + Log.Encrypted("Get key req", req); await stream.WriteAsync(req); byte[] response = new byte[1024]; int len = await stream.ReadAsync(response); + Log.Encrypted("Key", response[..len]); byte[] key = sk.DecryptCfb(response[..len], sk.IV, PaddingMode.PKCS7); + Log.Decrypted("Key", key); if (key[0] == 1) { - Console.WriteLine($"failed getting key for {chat}: {Encoding.UTF8.GetString(key[1..])}"); + Log.System($"failed getting key for {chat}: {Encoding.UTF8.GetString(key[1..])}"); return null; } else { RSA bobsKey = RSA.Create(); bobsKey.ImportRSAPublicKey(key.AsSpan()[1..], out int _); - Console.WriteLine($"Got key:\n {bobsKey.ExportRSAPublicKeyPem()}\n"); + Log.System($"Got key:\n {bobsKey.ExportRSAPublicKeyPem()}\n"); return bobsKey; } } static async Task GetMessages(NetworkStream stream, Aes sk, RSA privKey, Dictionary publicKeys) { - byte[] req = Request.CreateRequest(RequestType.GetMessages, ref counter, []); + byte[] req = Request.CreateRequest(RequestType.GetMessages, ref Counter, []); + Log.Decrypted("Get messages", req); req = sk.EncryptCfb(req, sk.IV, PaddingMode.None); // no need for padding this is exactly 128 bytes + Log.Encrypted("Get messages", req); await stream.WriteAsync(req); byte[] buffer = new byte[4096]; int len = await stream.ReadAsync(buffer); + Log.Encrypted("Response", buffer[..len]); byte[] lengths = buffer[..16]; lengths = sk.DecryptCfb(lengths, sk.IV, PaddingMode.None); - Console.ForegroundColor = ConsoleColor.Cyan; - Console.WriteLine($"Got messages: {string.Join(", ", lengths)}"); - Console.ResetColor(); + Log.Decrypted($"Lengths: {string.Join(", ", lengths)}"); + byte[] msg = new byte[1024]; // msg buffer int start = 16; // skip the first 16 bytes since its the lengths message for (int i = 0; i < lengths.Length - 1; i += 2) { int l = (lengths[i] << 8) | (lengths[i + 1]); - Console.WriteLine($"got message of length: {l}"); if (l == 0) { break; } // a 0 means we are done actually, as empty messages shouldn't be allowed // get the msg int end = start + l; @@ -317,17 +352,19 @@ public class Program // TODO: properly handle it as a buffered stream and properly buffer it } - WriteColor($"got ecnryped message: {Convert.ToBase64String(buffer[start..end])}", ConsoleColor.Green); + Log.Encrypted($"Message {i / 2}", buffer[start..end]); // decrypt the message - int msgLen = privKey.KeySize / 8; + int msgLen = privKey.KeySize / 8; // message length is derived from the size of the key if (privKey.TryDecrypt(buffer.AsSpan()[start..(msgLen + start)], msg, RSAEncryptionPadding.OaepSHA256, out int written)) { byte[] dec = msg[..written]; + Log.Decrypted($"Message {i / 2}", dec); Message m = new(dec) { Signature = buffer[(start + msgLen)..end] }; - + Log.Decrypted($"Message {i / 2}: {JsonSerializer.Serialize(m)}"); + Log.Decrypted($"Message {i / 2} sig", m.Signature); bool sigValid = false; if (publicKeys.TryGetValue(m.Sender, out RSA? pk) || (pk = await GetPublicKey(stream, sk, m.Sender)) != null) { @@ -336,21 +373,25 @@ public class Program } else { - Console.WriteLine("Failed getting sender's public key"); + Log.System("Failed getting sender's public key - cannot verify signature"); } - WriteColor($"decrypted message: {Convert.ToBase64String(dec)}", ConsoleColor.Green); - Console.WriteLine($"Got message from {m.Sender} (id: {m.Id}) (valid: {sigValid}): " + (m.IsAck ? "ACK" : m.Content)); + Log.Message($"Got message from {m.Sender} (id: {m.Id}) (valid: {sigValid}): " + (m.IsAck ? "ACK" : m.Content)); // if the signature is valid we also want to send back a message ack for the same id :) - if (sigValid) + if (sigValid && !m.IsAck) { Message mAck = new(m.Id, User, true, ""); + Log.Decrypted($"Ack {i / 2}: {JsonSerializer.Serialize(mAck)}"); mAck.CalculateSignature(privKey); + Log.Decrypted($"Ack {i / 2} sig", mAck.Signature); byte[] userMsg = [.. publicKeys[m.Sender].Encrypt(mAck.Bytes(), RSAEncryptionPadding.OaepSHA256), .. mAck.Signature]; + Log.Encrypted($"Ack {i / 2}", userMsg); byte[] reqAck = Request.CreateRequest( RequestType.SendMessage, - ref counter, + ref Counter, [.. Utils.NumberToBytes(m.Sender), .. BitConverter.GetBytes(userMsg.Length)]); + Log.Decrypted($"Ack {i / 2} request", reqAck); reqAck = sk.EncryptCfb(reqAck, sk.IV); + Log.Encrypted($"Ack {i / 2} request", reqAck); stream.Write([.. reqAck, .. userMsg]); } } @@ -361,21 +402,13 @@ public class Program // and i dont want the server to be aware of that, i think it makes more sense for the server to act as a relay // and a buffer than an actual participant, so if the message is failing to decrypt that will go unnoticed. // supposedly the sender will notice the lack of response and send it again - Console.WriteLine("Incoming message failed to decrypt, unknown sender"); + Log.System("Incoming message failed to decrypt, unknown sender"); } start = end; } bool hasMoreMessages = lengths[15] != 0; - Console.WriteLine($"hasMoreMessages: {hasMoreMessages}"); - } - - static void WriteColor(string Line, ConsoleColor Color, ConsoleColor Background = ConsoleColor.Black) - { - Console.ForegroundColor = Color; - Console.BackgroundColor = Background; - Console.WriteLine(Line); - Console.ResetColor(); + Log.System($"hasMoreMessages: {hasMoreMessages}"); } } diff --git a/lib/Utils.cs b/lib/Utils.cs index c55b738..87e9862 100644 --- a/lib/Utils.cs +++ b/lib/Utils.cs @@ -1,10 +1,17 @@ -using System.Linq; using System.Text; namespace lib; public static class Utils { + // some print color coding constants for ease of change later + /// Encrypted stuff + public const ConsoleColor C_ENC = ConsoleColor.Green; + /// Non encrypted stuff (either before encryption or after decryption) + public const ConsoleColor C_DEC = ConsoleColor.Red; + /// System messages + public const ConsoleColor C_SYS = ConsoleColor.Yellow; + public static byte[] NumberToBytes(string Number) { if (Number.Any(c => !char.IsDigit(c)) || Number.Length > 16) diff --git a/server/Log.cs b/server/Log.cs new file mode 100644 index 0000000..dbc53fc --- /dev/null +++ b/server/Log.cs @@ -0,0 +1,47 @@ + + +using System; +using lib; + +namespace server; + +/// Printing and helper class for logging stuff on the server, this is not static so we dont have to keep on adding the id and client at every call +public class Log(int id, string? client) +{ + public int Id { set; get; } = id; + public string? Client { set; get; } = client; + + public void Encrypted(string message, byte[] payload) + { + Console.ForegroundColor = Utils.C_ENC; + Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {Id} [{Client ?? "unknown"}] - {message}: {Convert.ToBase64String(payload)}"); + Console.ResetColor(); + } + + public void Decrypted(string message, byte[] payload) + { + Console.ForegroundColor = Utils.C_DEC; + Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {Id} [{Client ?? "unknown"}] - {message}: {Convert.ToBase64String(payload)}"); + Console.ResetColor(); + } + + public void Decrypted(string message) + { + Console.ForegroundColor = Utils.C_DEC; + Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {Id} [{Client ?? "unknown"}] - {message}"); + Console.ResetColor(); + + } + + public void System(string message) + { + Console.ForegroundColor = Utils.C_SYS; + Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {Id} [{Client ?? "unknown"}] - {message}"); + Console.ResetColor(); + } + + public void Message(string message) + { + Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {Id} [{Client ?? "unknown"}] - {message}"); + } +} \ No newline at end of file diff --git a/server/Program.cs b/server/Program.cs index b652feb..6efa364 100644 --- a/server/Program.cs +++ b/server/Program.cs @@ -7,6 +7,7 @@ using System.Net; using System.Net.Sockets; using System.Security.Cryptography; using System.Text; +using System.Text.Json; using System.Text.Json.Serialization; using System.Threading.Tasks; using lib; @@ -23,7 +24,7 @@ public class Program static async Task Main() { - // Generally this key would be static but since its not production yet we can generate it every time to make sure + // Generally this key would be static but since its not production we can generate it every time to make sure // the users has the key and could load it from file RSA key = RSA.Create(1024); File.WriteAllText("server_key.pem", key.ExportRSAPublicKeyPem()); @@ -31,6 +32,14 @@ public class Program int port = 12345; TcpListener server = new(IPAddress.Parse("0.0.0.0"), port); int connectionCounter = 0; + Log log = new(-1, null); + + Console.CancelKeyPress += delegate + { + Console.WriteLine("\nEXITING!"); + server.Stop(); + }; + try { server.Start(); @@ -48,8 +57,8 @@ public class Program } catch (Exception ex) { - Console.WriteLine($"Client crashed: {ex.Message}"); - Console.WriteLine(ex.StackTrace); + log.System($"Client crashed: {ex.Message}"); + log.System(ex.StackTrace ?? "MISSING STACK TRACE"); } }); connectionCounter += 1; @@ -57,8 +66,8 @@ public class Program } catch (Exception ex) { - Console.WriteLine($"Server error: {ex.Message}"); - Console.WriteLine("Trace: " + ex.StackTrace); + log.System($"Server error: {ex.Message}"); + log.System("Trace: " + ex.StackTrace); } finally { @@ -68,31 +77,32 @@ public class Program static async Task HandleClient(TcpClient client, int id, RSA pubKey) { - Write(id, "Got a new client"); + Log log = new(id, null); + log.System("Got a new client"); string clientPhone = ""; NetworkStream stream = client.GetStream(); byte[] buffer = new byte[1024]; byte counter = 0; // Get AES session key int len = await stream.ReadAsync(buffer); - Write(id, $"Got {len} bytes"); + log.Encrypted("Key + IV", buffer[..len]); byte[] skBytes = pubKey.Decrypt(buffer[..len], RSAEncryptionPadding.OaepSHA256); + log.Decrypted("Key + IV", skBytes); Aes sk = Aes.Create(); sk.Key = skBytes[..32]; // just to make sure no one sends a too big to be true key sk.IV = skBytes[32..]; - Write(id, $"key: {string.Join(' ', sk.Key)}"); - Write(id, $"IV: {string.Join(' ', sk.IV)}"); await stream.WriteAsync(new byte[] { 0 }); // Get first message (should be either login or register) len = await stream.ReadAsync(buffer); - Write(id, $"Got {len} bytes"); + log.Encrypted("Auth message", buffer[..len]); byte[] msgDec = sk.DecryptCfb(buffer[..len], sk.IV, PaddingMode.PKCS7); + log.Decrypted("Auth message", msgDec); byte[] msg = msgDec[..MSG_LEN]; - Write(id, Request.RequestToString(msg)); + log.Message(Request.RequestToString(msg)); if (msg[0] != 0) { - Write(id, "Invalid session id!"); + log.System("Invalid message version!"); client.Dispose(); return; } @@ -102,13 +112,13 @@ public class Program // Do register stuff // get phone number string phone = Utils.BytesToNumber(msg[3..11]); - Write(id, $"Client wants to register as {phone}"); + log.System($"Client wants to register as {phone}"); clientPhone = phone; + log.Client = phone; int keyLen = BitConverter.ToInt32(msg, 11); RSA pub = RSA.Create(); pub.ImportRSAPublicKey(msgDec.AsSpan()[MSG_LEN..], out int bytesRead); - Write(id, $"Imported key len: {bytesRead} while client claims it is {keyLen}"); - Write(id, $"Imported key is: \n {pub.ExportRSAPublicKeyPem()}\n"); + log.System($"Imported key is: \n {pub.ExportRSAPublicKeyPem()}\n"); // generate the 6 digit code and send it byte[] code = [ (byte)Rand.Next(10), @@ -118,17 +128,19 @@ public class Program (byte)Rand.Next(10), (byte)Rand.Next(10), ]; - await Send6DigitCodeInSecureChannel(stream, code); + await SendBySecureChannel(stream, code); // wait for the code to be back with a key int tries = 5; // allow 5 tries before closing the connection and forcing a restart while (tries > 0) { tries -= 1; len = await stream.ReadAsync(buffer); - Write(id, $"Got 6 digit code with sig, len: {len}"); + log.Encrypted("ConfirmRegister", buffer[..len]); msg = sk.DecryptCfb(buffer[..MSG_LEN], sk.IV, PaddingMode.None); - Write(id, Request.RequestToString(msg)); + log.Decrypted("ConfirmRegister", msg); + log.Message(Request.RequestToString(msg)); byte[] sig = buffer[MSG_LEN..len]; + log.Decrypted("ConfirmRegister (sig)", sig); if (msg[0] != 0 || msg[1] != (byte)RequestType.ConfirmRegister || msg[2] != counter) { // invalid or unexpected req, someone might be sending dups @@ -139,13 +151,16 @@ public class Program int expectedSigLen = BitConverter.ToInt32(msg, 9); if (expectedSigLen != len - MSG_LEN) { - Write(id, $"expected sig len doesnt match read len: {expectedSigLen} / {len - MSG_LEN}"); + log.System($"expected sig len doesnt match read len: {expectedSigLen} / {len - MSG_LEN}"); } // check if the codes are equal if (code.Zip(gottenCode).Any(a => a.First != a.Second)) { // codes are not equal, send a nack + // perhaps we should only send a SIG INVALID (or just FAILED) and hide the reason in case someone tries to guess the code msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("BAD CODE"), sk.IV, PaddingMode.PKCS7); + log.Decrypted("Fail Register", Encoding.UTF8.GetBytes("BAD CODE")); + log.Encrypted("Fail Register", msg); await stream.WriteAsync(msg); } else @@ -155,6 +170,8 @@ public class Program if (sigValid) { msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("OK"), sk.IV, PaddingMode.PKCS7); + log.Decrypted("Register Success", Encoding.UTF8.GetBytes("OK")); + log.Encrypted("Register Success", msg); await stream.WriteAsync(msg); Data.Keys[phone] = pub; // save the key break; @@ -162,6 +179,8 @@ public class Program else { msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("SIG INVALID"), sk.IV, PaddingMode.PKCS7); + log.Decrypted("Fail Register", Encoding.UTF8.GetBytes("SIG INVALID")); + log.Encrypted("Fail Register", msg); await stream.WriteAsync(msg); } } @@ -172,42 +191,51 @@ public class Program { // verify login clientPhone = Utils.BytesToNumber(msg[3..11]); + log.Client = clientPhone; counter = IncrementCounter(msg[2]); if (!Data.Keys.TryGetValue(clientPhone, out RSA? clientKey)) { stream.Close(); client.Close(); - Write(id, $"Client claims to be {clientPhone}, but could not find key in records"); + log.System($"Client claims to be {clientPhone}, but could not find key in records"); return; } byte[] challenge = new byte[16]; Rand.NextBytes(challenge); - Write(id, $"Sending challenge: {Convert.ToBase64String(challenge)}"); + log.Decrypted("Challenge", challenge); byte[] response = sk.EncryptCfb(challenge, sk.IV, PaddingMode.None); + log.Encrypted("Challenge", response); await stream.WriteAsync(response); len = await stream.ReadAsync(buffer); + log.Encrypted("Challenge Response", buffer[..len]); msg = sk.DecryptCfb(buffer[..MSG_LEN], sk.IV, PaddingMode.None); - Write(id, Request.RequestToString(msg)); + log.Decrypted("Challenge Message", msg); + log.Message(Request.RequestToString(msg)); if (msg[2] != counter) { client.Close(); - Write(id, $"Invalid counter in login response, quitting"); + log.System($"Invalid counter in login response, quitting"); return; } counter = IncrementCounter(counter); byte[] sig = buffer[MSG_LEN..len]; - Write(id, $"Got challenge signature, length: {len - MSG_LEN}, client says: {BitConverter.ToInt32(msg, 3)}"); - Write(id, $"Sig: {Convert.ToBase64String(sig)}"); + // sig wasnt encrypted so this print is somewhat redundant, but i think its still useful to see the sig alone + log.Decrypted("Challenge Sig", sig); bool valid = clientKey.VerifyData(challenge, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); if (valid) { + log.System("Client verification complete"); response = sk.EncryptCfb(Encoding.UTF8.GetBytes("OK"), sk.IV, PaddingMode.PKCS7); + log.Decrypted("Challenge Response", Encoding.UTF8.GetBytes("OK")); + log.Encrypted("Challenge Response", response); await stream.WriteAsync(response); } else { - Write(id, "Client failed verification, invalid signature"); + log.System("Client failed verification, invalid signature"); response = sk.EncryptCfb(Encoding.UTF8.GetBytes("INVALID SIG"), sk.IV, PaddingMode.PKCS7); + log.Decrypted("Challenge Response", Encoding.UTF8.GetBytes("INVALID SIG")); + log.Encrypted("Challenge Response", response); await stream.WriteAsync(response); client.Close(); return; @@ -216,7 +244,7 @@ public class Program else { // invalid connection, quit - Write(id, "Client didnt register or login as first message"); + log.System("Client didnt register or login as first message"); client.Dispose(); return; } @@ -228,12 +256,14 @@ public class Program // while the client is connected, simply read messages from the client and handle accordingly, // either by getting new messages for other ppl, or sending back keys/pending messages len = await stream.ReadAsync(buffer); + log.Encrypted("Request", buffer[..len]); msg = sk.DecryptCfb(buffer[..MSG_LEN], sk.IV, PaddingMode.None); - Write(id, Request.RequestToString(msg)); + log.Decrypted("Request message", msg); + log.Message(Request.RequestToString(msg)); // verify that the counter message is correct if (msg[0] != 0 || msg[2] != counter) { - msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("DUPLICATE"), sk.IV, PaddingMode.PKCS7); + msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("INVALID REQUEST"), sk.IV, PaddingMode.PKCS7); await stream.WriteAsync(msg); continue; } @@ -244,7 +274,6 @@ public class Program byte[] msgsLens = Enumerable.Repeat(0, 16).ToArray(); // 128 bits // get 15 messages, last byte will indicate if there are more List msgs = Data.GetMessages(clientPhone, 7) ?? []; - Write(id, $"Got {msgs.Count} messages"); byte[] msgsBytes = new byte[msgs.Select(m => m.Length).Sum()]; int msgsbytesIndex = 0; for (int i = 0; i < msgs.Count; i += 1) @@ -260,8 +289,11 @@ public class Program } msgsLens[15] = Data.PeekMessages(clientPhone) ? (byte)1 : (byte)0; // only need to encrypt the lengths of the messages, as the messages themselves are encrypted + log.Decrypted("GetMessages", msgsLens); msgsLens = sk.EncryptCfb(msgsLens, sk.IV, PaddingMode.None); + log.Encrypted("GetMessages", msgsLens); byte[] finalPayload = [.. msgsLens, .. msgsBytes]; + log.Encrypted("GetMessages Final", finalPayload); await stream.WriteAsync(finalPayload); break; case RequestType.GetUserKey: @@ -270,13 +302,17 @@ public class Program if (key != null) { msg = [0, .. key.ExportRSAPublicKey()]; + log.Decrypted("GetUserKey", msg); msg = sk.EncryptCfb(msg, sk.IV, PaddingMode.PKCS7); + log.Encrypted("GetUserKey", msg); await stream.WriteAsync(msg); } else { msg = [1, .. Encoding.UTF8.GetBytes("USER DOES NOT EXIST")]; + log.Decrypted("GetUserKey", msg); msg = sk.EncryptCfb(msg, sk.IV, PaddingMode.PKCS7); + log.Encrypted("GetUserKey", msg); await stream.WriteAsync(msg); } break; @@ -285,12 +321,13 @@ public class Program int msgLen = BitConverter.ToInt32(msg, 11); if (msgLen != (len - MSG_LEN)) { - Write(id, $"Got message to {recv} of length {len - MSG_LEN} but expected {msgLen}"); + log.System($"Got message to {recv} of length {len - MSG_LEN} but expected {msgLen}"); } byte[] clientMsg = buffer[MSG_LEN..(msgLen + MSG_LEN)]; + log.Encrypted("SendMessage message", clientMsg); // simply add the clientMsg to the "Data" bool added = Data.AddMessage(recv, clientMsg); - Write(id, $"Added message to {recv} of length {msgLen}: {added}"); + log.System($"Added message to {recv} of length {msgLen}: {added}"); break; default: msg = sk.EncryptCfb(Encoding.UTF8.GetBytes("INVALID REQUEST"), sk.IV, PaddingMode.PKCS7); @@ -303,8 +340,8 @@ public class Program } catch (Exception ex) { - Write(id, $"Client failed with error {ex.Message}"); - Write(id, $"Stack: {ex.StackTrace}"); + log.System($"Client failed with error {ex.Message}"); + log.System($"Stack: {ex.StackTrace}"); } client.Dispose(); @@ -315,14 +352,8 @@ public class Program return counter == byte.MaxValue ? (byte)0 : (byte)(counter + 1); } - static async Task Send6DigitCodeInSecureChannel(NetworkStream stream, byte[] code) + static async Task SendBySecureChannel(NetworkStream stream, byte[] code) { await stream.WriteAsync(code); } - - /// Helper log message so it would print both the time and the id - static void Write(int id, string Message) - { - Console.WriteLine($"[{DateTime.Now:HH:mm:ss}] {id} - {Message}"); - } } \ No newline at end of file diff --git a/server_data.json b/server_data.json new file mode 100644 index 0000000..1565d09 --- /dev/null +++ b/server_data.json @@ -0,0 +1 @@ +{"Keys":{"0000":{"KeyExchangeAlgorithm":"RSA","SignatureAlgorithm":"RSA","KeySize":1024,"LegalKeySizes":[{"MinSize":512,"MaxSize":16384,"SkipSize":8}]}},"Messages":{"0000":["FfjoDxhjwTeAg8+SLXd+JR53uxIWR/I03/vTeagDX14oLqyxMgSoIKmsgDELv9aSOipN0ZcQwSeaYu6EGIZEn33r8bNpDX7rSSaztt9OEFINlAMQAMAzPuKvGB4nDg7MyDBmHXGxlvYLMTM93WoIWb2BWk3Nz/rpd3fB/Wt7/yXoNlK9hTvPbVcFMMgntVs1gjSuHHx/RLrBZ/7aoEkpEB1HM1NkvnAccYQGluv+7FES86xI8AXWIuU3iBDM3LhUUPZxmFWjLToiMqFtyp8BMyRH7HUufbzQpw+BpZMGo33LekitVhG42LHQDebsjdvWUFutLVDDdwG7sPPmzKBYRQ=="]}} \ No newline at end of file