Light

just-hms / foc Goto Github PK

View Code? Open in Web Editor NEW

1.0 2.0 0.0 1.54 MB

Foundation of Cybersecuity project

Makefile 1.64% C++ 97.29% Shell 1.07%

foc's Introduction

FoC

Foundation of Cybersecuity project 2022-2023.

A Secure Bank Application (SBA) is a client-server application that allows users to issue operations ontheir own bank accounts.

Demo

Info

The application relys in a custom protocol developed using OpenSSL library. Using symmetric and asymmetric encryption the protocol guarantees that the comunication is onfidential, authenticated, and protected against replay. For more information about the specification read the documentation.pdf file

Requirements

sudo apt install libssl-dev
sudo apt install libjsoncpp-dev
sudo apt install libncurses5-dev libncursesw5-dev

Run

make build
./build/generator
./build/server
./build/client username

foc's People

Contributors

Stargazers

Watchers

foc's Issues

Use user provided username to initialize handshake

right now the name to be used to find the asym key is hardcoded, fix this inside client

protocol::FunkyOptions fOpt{
    .name = "client",
    .peerName = "server",
    .dataPath = "./data/keys/",
    .secret = cfg.Secret,
};

fix server going sigsegv on wrong username

Accept vector<uint8_t> inside symcrypt ctor

Add errors to the `sec` module

Bump the doc version

Add project specifications

Buffer overflow on scanf

Use security module inside the `FunkyProtocol`

Improve Makefile

Add Encryption protocol

pass to the server a protocol interface that has a "handshake" and "cypher" functions
create a mock protocol
create an actual protocol

Create `cli` for client

Security checks

free-memory-after-returning-from-an-error
use always the right type for data
add object destructors
check memory leaks when returning EVP_KEY * on sec module

create `firm` functions inside security module

Implement security module

create a struct AsymCrypt that does this:
- constructor New(private_key key, public_keys map[string]key) *AsymCrypt, your private key and all the other public keys (ReceiverID: key)
- has a a.Encrypt(message string) string that accpets the message and the receiver's ReceiverID
- has a a.Depcypt(message string) string function that accepts a cypher and use the private_key to decrypt
create a struct SymCrypt that does this:
- constructor with New(session key) *SymCrypt call the refresh function
- func s.Refresh(session key) void that sets the session key
- has a s.Encrypt(message string) string
- has a s.Decrypt(message string) string
create a struct Generator
- a construct New(len int) *Generator
- a func g.Generate() string that generate a session key

Add the documentation

Hash and Salt

a file named password.cpp
HashAndSalt(password string) string function
Verify(hashedPassword string, plainPassword string) bool function

Store data

decide which framework to use
encrypt data

Secsuite map erase on disconnect

create a hook for the protocol interface on which a protocol would like to erase the suite each time a disconnection happens

Improve the readme

Add timeout

add timeout to both client and server
deal with timeout as it was a disconnect
- from the server and client close the connection on timeout
- from the client call riconnect each time there was a timeout

ping pong client server

create an endpoint struct with this api:

e := new Endpoint("5050")

// lato client
e.Connect("127.0.0.1", "4000")
e.Input = func(){}

// lato server
e.Accept = func(){}

// sia client che server
e.Message = func(){}
e.Start()

create two simple main that uses them to do a ping pong

Patch the handshake protocol

remove RSA encryption
add firm to the handshake

Add a funciton to encode a session key

Create the tests automagically

Add resiliancy to DH attack

Fix server logic bugs and refactoring

alway return Json::value from the handlers
fix the login check
use tuple in place of pair

Add specification functionalities

Send {MAC}_Ksess, {MAC}_KprivS as last message

Add a `counter` to the `sym` message

some other added a counter inside the sym message to handle an eventual intruder

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble