online_security_project/README.md

2.4 KiB

Project - TODO:

[ ] Create a skeleton protocol [ ] implement most of the skeleton [ ] Create basic TCP server [ ] Create basic client that connects to the server [ ] Send ping message from client to server [ ] Add more items based on skeleton protocol [ ] Refine protocol using the implementation (and update stuff that got changed in impl) [ ] Finish implementing the protocol [ ] Update the protocol file with the latest structs and stuff

Protocol todo:

[ ] Figure out how a message and message ack payload will look [ ] Figure out server responses (hopefully manages to be stuck in a 512 bit block as well)

Misc todo:

[ ] Create a Request to String function for easy printing and debugging

client todo:

[ ] Check for key when turned on [x] generate key and register if no key is preset, and save it after registration is done [ ] if key is present, start by establishing connection (which makes sure we are signed in) [ ] use AES to get basic packets from the server [ ] use RSA private key to read normal messages

Server todo:

[x] Laucnh task for each new connection [x] use RSA key to get first message and extract AES key [ ] verify the user using its public RSA key [x] if it was a register session save the key into the BIG DATA STRUCTURE [ ] Keep lists of incoming messages (doesnt need to know from who, they are just big blobs of shlomp) [ ] When user asks for incoming messages, make basic packet and append the incoming messages - last byte is the "how many messages are left" byte - each byte in the extra data will be the length of the next message, so if there are 3 messages of length 128, 200, 300 bytes it will be [128, 200, 300, 0 ...] and the actual position in the payload is easy to calculate ([128, 200+128=328, 300+328=628, ...])

Register process:

Client Server

Send AES key (sk) Send Register(pub key) Get AES Get Register Send 6 digit code Get 6 digit code (1) Wait for user to input 6 digit code Send 6 digit code (signed) Get 6 digit code and verify (code, then sig) Send OK/NACK if NACK goto (1)

Login process:

Client Server

Send AES key (sk) Send Login message (Phone, AES sig) Get AES key Verify AES sig with Phone-pub key if sig is invalid: close connection else: send stored messages because why not

Usual process get messages:

Client Server

Send GetMessages Send back messages Send GotMessages(amount)