From 88a387f4f82b3a4e00f97cddee85ec6a9c3c76f8 Mon Sep 17 00:00:00 2001
From: triptighanghas <61556682+triptighanghas@users.noreply.github.com>
Date: Mon, 10 Jun 2024 12:37:43 -0700
Subject: [PATCH] added server identity key to client bundle (#69)
* added server_identity key in client bundle, refactored EncryptionHeader
* added check on bundle processing on server to match serverIdentity key
---
BundleClient/app/build.gradle | 2 +-
.../client/bundlesecurity/BundleSecurity.java | 5 ++-
.../client/bundlesecurity/ClientSecurity.java | 18 ++++----
bundle-core/pom.xml | 7 +++-
.../java/com/ddd/model/EncryptionHeader.java | 42 ++++---------------
bundleserver/pom.xml | 2 +-
.../server/bundlesecurity/BundleSecurity.java | 12 +++++-
.../server/bundlesecurity/ServerSecurity.java | 4 ++
.../BundleTransmission.java | 12 ++++++
9 files changed, 53 insertions(+), 51 deletions(-)
diff --git a/BundleClient/app/build.gradle b/BundleClient/app/build.gradle
index 435aa60ae4..2c563fd926 100644
--- a/BundleClient/app/build.gradle
+++ b/BundleClient/app/build.gradle
@@ -77,7 +77,7 @@ dependencies {
exclude group: 'com.google.protobuf', module:'protobuf-java'
}
// DDD common core
- implementation 'com.ddd:bundle-core:0.0.1'
+ implementation 'com.ddd:bundle-core:0.0.2'
}
task prepareKotlinBuildScriptModel {
diff --git a/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/BundleSecurity.java b/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/BundleSecurity.java
index 5ab34b8563..d46c77f0bf 100644
--- a/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/BundleSecurity.java
+++ b/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/BundleSecurity.java
@@ -170,9 +170,10 @@ public UncompressedBundle encryptPayload(Payload payload, String bundleGenDirPat
paths = client.encrypt(payload.getSource().getAbsolutePath(), bundleGenDirPath, bundleId);
EncryptedPayload encryptedPayload = new EncryptedPayload(bundleId, new File(paths[0]));
-
File source = new File(bundleGenDirPath + File.separator + bundleId);
- EncryptionHeader encHeader = new EncryptionHeader(new File(paths[2]), new File(paths[3]));
+ EncryptionHeader encHeader =
+ EncryptionHeader.builder().clientBaseKey(new File(paths[2])).clientIdentityKey(new File(paths[3]))
+ .serverIdentityKey(new File(paths[4])).build();
return new UncompressedBundle(bundleId, source, encHeader, encryptedPayload, new File(paths[1]));
} catch (Exception e) {
e.printStackTrace();
diff --git a/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/ClientSecurity.java b/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/ClientSecurity.java
index 2596b8e181..e493211337 100644
--- a/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/ClientSecurity.java
+++ b/BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/ClientSecurity.java
@@ -101,16 +101,18 @@ private ClientSecurity(int deviceID, String clientRootPath, String serverKeyPath
private String[] writeKeysToFiles(String path, boolean writePvt) throws EncodingException, IOException {
/* Create Directory if it does not exist */
SecurityUtils.createDirectory(path);
- String[] clientKeypaths = { path + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY,
- path + File.separator + SecurityUtils.CLIENT_BASE_KEY };
+ String[] identityKeyPaths = { path + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY,
+ path + File.separator + SecurityUtils.CLIENT_BASE_KEY,
+ path + File.separator + SecurityUtils.SERVER_IDENTITY_KEY };
if (writePvt) {
writePrivateKeys(path);
}
- SecurityUtils.createEncodedPublicKeyFile(ourIdentityKeyPair.getPublicKey().getPublicKey(), clientKeypaths[0]);
- SecurityUtils.createEncodedPublicKeyFile(ourBaseKey.getPublicKey(), clientKeypaths[1]);
- return clientKeypaths;
+ SecurityUtils.createEncodedPublicKeyFile(ourIdentityKeyPair.getPublicKey().getPublicKey(), identityKeyPaths[0]);
+ SecurityUtils.createEncodedPublicKeyFile(ourBaseKey.getPublicKey(), identityKeyPaths[1]);
+ SecurityUtils.createEncodedPublicKeyFile(theirIdentityKey.getPublicKey(), identityKeyPaths[2]);
+ return identityKeyPaths;
}
private void writePrivateKeys(String path) throws IOException {
@@ -308,14 +310,12 @@ public String[] encrypt(String toBeEncPath, String encPath, String bundleID) thr
inputStream.close();
/* Create Encryption Headers */
- String[] clientKeyPaths = createEncryptionHeader(encPath, bundleID);
+ String[] identityKeyPaths = createEncryptionHeader(encPath, bundleID);
returnPaths.add(payloadPath);
returnPaths.add(signPath);
- for (String clientKeyPath : clientKeyPaths) {
- returnPaths.add(clientKeyPath);
- }
+ returnPaths.addAll(Arrays.asList(identityKeyPaths));
return returnPaths.toArray(new String[returnPaths.size()]);
}
diff --git a/bundle-core/pom.xml b/bundle-core/pom.xml
index e02702bc3a..3b477fc459 100644
--- a/bundle-core/pom.xml
+++ b/bundle-core/pom.xml
@@ -6,7 +6,7 @@
com.ddd
bundle-core
- 0.0.1
+ 0.0.2
17
@@ -20,6 +20,11 @@
picocli
4.7.5
+
+ org.projectlombok
+ lombok
+ 1.18.32
+
\ No newline at end of file
diff --git a/bundle-core/src/main/java/com/ddd/model/EncryptionHeader.java b/bundle-core/src/main/java/com/ddd/model/EncryptionHeader.java
index 9a5e6b8bc3..3543515f21 100644
--- a/bundle-core/src/main/java/com/ddd/model/EncryptionHeader.java
+++ b/bundle-core/src/main/java/com/ddd/model/EncryptionHeader.java
@@ -1,46 +1,18 @@
package com.ddd.model;
+import lombok.Builder;
+import lombok.Data;
+import lombok.Getter;
+
import java.io.File;
+@Data
+@Getter
+@Builder
public class EncryptionHeader {
private final File serverSignedPreKey;
private final File serverIdentityKey;
private final File serverRatchetKey;
-
- public File getServerSignedPreKey() {
- return this.serverSignedPreKey;
- }
-
- public File getServerIdentityKey() {
- return this.serverIdentityKey;
- }
-
- public File getServerRatchetKey() {
- return this.serverRatchetKey;
- }
-
- public EncryptionHeader(File serverSignedPreKey, File serverIdentityKey, File serverRatchetKey) {
- this.serverSignedPreKey = serverSignedPreKey;
- this.serverIdentityKey = serverIdentityKey;
- this.serverRatchetKey = serverRatchetKey;
- }
-
private File clientBaseKey;
private File clientIdentityKey;
-
- public EncryptionHeader(File clientBaseKey, File clientIdentityKey) {
- this.clientBaseKey = clientBaseKey;
- this.clientIdentityKey = clientIdentityKey;
- this.serverSignedPreKey = null;
- this.serverIdentityKey = null;
- this.serverRatchetKey = null;
- }
-
- public File getClientBaseKey() {
- return clientBaseKey;
- }
-
- public File getClientIdentityKey() {
- return clientIdentityKey;
- }
}
diff --git a/bundleserver/pom.xml b/bundleserver/pom.xml
index 4673e5a7db..55fed37548 100644
--- a/bundleserver/pom.xml
+++ b/bundleserver/pom.xml
@@ -71,7 +71,7 @@
com.ddd
bundle-core
- 0.0.1
+ 0.0.2
com.google.code.gson
diff --git a/bundleserver/src/main/java/com/ddd/server/bundlesecurity/BundleSecurity.java b/bundleserver/src/main/java/com/ddd/server/bundlesecurity/BundleSecurity.java
index a8aa55b06f..a5c2ac813e 100644
--- a/bundleserver/src/main/java/com/ddd/server/bundlesecurity/BundleSecurity.java
+++ b/bundleserver/src/main/java/com/ddd/server/bundlesecurity/BundleSecurity.java
@@ -182,8 +182,8 @@ public UncompressedBundle encryptPayload(String clientId, Payload payload, Strin
EncryptedPayload encryptedPayload = new EncryptedPayload(bundleId, new File(paths[0]));
File source = new File(bundleGenDirPath + File.separator + bundleId);
- EncryptionHeader encHeader =
- new EncryptionHeader(new File(paths[2]), new File(paths[3]), new File(paths[4]));
+ EncryptionHeader encHeader = EncryptionHeader.builder().serverSignedPreKey(new File(paths[2]))
+ .serverIdentityKey(new File(paths[3])).serverRatchetKey(new File(paths[4])).build();
return new UncompressedBundle( // TODO get encryption header, payload signature
bundleId, source, encHeader, encryptedPayload, new File(paths[1]));
@@ -198,4 +198,12 @@ public int isNewerBundle(String bundlePath, String lastReceivedBundleID) throws
return this.serverSecurity.isNewerBundle(bundlePath, lastReceivedBundleID);
}
+ public String getServerId() throws SecurityExceptions.IDGenerationException {
+ return serverSecurity.getServerId();
+ }
+
+ public boolean bundleServerIdMatchesCurrentServer(String receivedServerId) throws SecurityExceptions.IDGenerationException {
+ return receivedServerId.equals(getServerId());
+ }
+
}
diff --git a/bundleserver/src/main/java/com/ddd/server/bundlesecurity/ServerSecurity.java b/bundleserver/src/main/java/com/ddd/server/bundlesecurity/ServerSecurity.java
index f612355afa..9faccc88f5 100644
--- a/bundleserver/src/main/java/com/ddd/server/bundlesecurity/ServerSecurity.java
+++ b/bundleserver/src/main/java/com/ddd/server/bundlesecurity/ServerSecurity.java
@@ -558,4 +558,8 @@ public int isNewerBundle(String bundlePath, String lastBundleID) throws IOExcept
return BundleIDGenerator.compareBundleIDs(receivedBundleID, latestBundleID, BundleIDGenerator.UPSTREAM);
}
+ public String getServerId() throws IDGenerationException {
+ return SecurityUtils.generateID(ourIdentityKeyPair.getPublicKey().serialize());
+ }
+
};
diff --git a/bundleserver/src/main/java/com/ddd/server/bundletransmission/BundleTransmission.java b/bundleserver/src/main/java/com/ddd/server/bundletransmission/BundleTransmission.java
index 479679faab..81fe58a509 100644
--- a/bundleserver/src/main/java/com/ddd/server/bundletransmission/BundleTransmission.java
+++ b/bundleserver/src/main/java/com/ddd/server/bundletransmission/BundleTransmission.java
@@ -11,6 +11,8 @@
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import org.apache.commons.io.FileUtils;
import org.springframework.stereotype.Service;
@@ -56,6 +58,7 @@ public class BundleTransmission {
private ServerWindow serverWindow;
private int WINDOW_LENGTH = 3;
+ private Logger logger = Logger.getLogger(this.getClass().getName());
public BundleTransmission(BundleSecurity bundleSecurity, ApplicationDataManager applicationDataManager,
BundleRouting bundleRouting,
@@ -80,6 +83,15 @@ public void processReceivedBundle(String transportId, Bundle bundle) throws Exce
this.bundleGenServ.extractBundle(bundle, bundleRecvProcDir.getAbsolutePath());
String clientId = "";
try {
+
+ String serverIdReceived = SecurityUtils.generateID(
+ uncompressedBundle.getSource() + File.separator + SecurityUtils.SERVER_IDENTITY_KEY);
+ if (!bundleSecurity.bundleServerIdMatchesCurrentServer(serverIdReceived)) {
+ logger.log(Level.WARNING, "Received bundle's serverIdentity didn't match with current server, " +
+ "ignoring bundle with bundleId: " + uncompressedBundle.getBundleId());
+ return;
+ }
+
clientId = SecurityUtils.generateID(
uncompressedBundle.getSource() + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY);
Optional opt = this.applicationDataManager.getLargestRecvdBundleId(clientId);