Added crypto, fixing isues with handshakes

Author: mstrielnikov

CMakeLists.txt

@@ -7,5 +7,8 @@ add_subdirectory(Server)
 add_subdirectory(Client)
 add_subdirectory(test/flatServer)
 add_subdirectory(test/simpleClient)
+add_subdirectory(test/cryptSockServer)
+add_subdirectory(test/cryptSockClient)
+
 
 

Server/Server.cpp

@@ -9,6 +9,13 @@ static const char * my_addr = "127.0.0.1";
 static const uint16_t my_port = 44301;
 
 
+void isRoot(){
+    if (getuid() !=0){
+        cerr << "You should have root preveledges" << endl;
+        exit(0);
+    }
+}
+
 void listen_cycle(AsyncServer * server){
     mutex mtx;
     while(1){
@@ -23,6 +30,7 @@ void listen_cycle(AsyncServer * server){
 
 
 int main(){
+    isRoot();
     auto Server = new AsyncServer(my_addr, my_port);
     thread handle_conns_async(listen_cycle, Server);
     handle_conns_async.detach();

Service/config.sh

@@ -1,29 +1,13 @@
 #!/usr/bin/env bash
 
-global_path="`cd ..`"
-exec_path="/usr/bin/telemetry_service/"
-
-create_conf(option){
-cat > "telemetry_${option}.service" <<EOF
-[Unit]
-Description="Telemetry service"
-After=multi-user.target
-Conflicts=getty@tty1.service
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/telemetry_service/telemetry_${option}
-StandardInput=tty-force
-Restart=always
+if [["`whoami`" -ne "root"]] then
+    echo "You are not root. Please retry."
+    exit 0
+fi
 
-[Install]
-WantedBy=multi-user.target
-exec_path="`cd ..`"
-conf_path="/usr/bin/telemtry_service/telemetry.srvice"
-EOF
 
-cp "telemetry_${option}.service" "${exec_path}/${option}.service"
-}
+global_path="`cd ..`"
+exec_path="/usr/bin/telemetry_service/"
 
 
 check_dependencies(){
@@ -48,7 +32,6 @@ setup_service(){
     if [$choice=="y" or $choice=="Y"] then
         while true; do
             read -p "Which config may I setup: Server or Client? (S/C for appropriate option)" choice
-        
             case $choice in
                 "S"|"s") load_binary("Server") && create_conf("Server");;
                 "C"|"c") load_binary("Client") && create_conf("Client");;
@@ -57,28 +40,85 @@ setup_service(){
                  continue;;
             esac
         done
+    fi
+}
+ 
 
-        systemctl daemon-reload
+create_conf(option){
+    cat > "telemetry_${option}.service" <<EOF
+[Unit]
+Description="Telemetry service"
+After=multi-user.target
+Conflicts=getty@tty1.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/telemetry_service/telemetry_${option}
+StandardInput=tty-force
+Restart=always
 
-        read -p "Would want you to autorun telemtry service? (y/n or another key)" choice
+[Install]
+WantedBy=multi-user.target
+exec_path="`cd ..`"
+conf_path="/usr/bin/telemtry_service/telemetry_${option}.srvice"
+EOF
 
-        if [$choice=="y" or $choice=="Y"] then
-            systemctl enable telemetry.service
-        else break
-        fi 
+    cp "telemetry_${option}.service" "${exec_path}/telemetry_${option}.service"
 
-        systemctl start telemetry.service
-        systemctl status telemetry.service       
+    read -p "Would want you to autorun telemtry service? (y/n or another key)" choice
 
-    else break
+    if [$choice=="y" or $choice=="Y"] then
+        systemctl enable telemetry.service
+            else break
+            fi 
+
+    read -p "Should service start now? (y/n or another key)" choice
+
+    if [$choice=="y" or $choice=="Y"] then
+
+         systemctl start telemetry_${option}.service
+         systemctl status telemetry_${option}.service       
+    else 
+         echo "You always can do that using next command:\"systemctl start telemetry_${option}.service\""
     fi 
+        systemctl daemon-reload
 }
 
 
 gen_ciphers(){
     cd "$(pwd)/cryptkeys"
-    openssl genpkey -algorithm ed25519 -out ed25519-priv-key.pem
-    openssl pkey -in ed25519key.pem -pubout
+    openssl ecparam -name c2tnb191v3 -out X9_62.pem
+    openssl ecparam -in X9_62.pem -genkey -noout -out X9_62-key.pem
+    openssl ecparam -in X9_62.pem -text -param_enc explicit -noout
+
+    openssl req -x509 -new -SHA384 -nodes -key X9_62-key.pem 3650 -out X9_62-cert.pem
+    openssl x509 -req -SHA384 -extfile v3.ext -days 365 -in X9_62-cert.pem -CA ca.crt -CAkey X9_62-key.pem -CAcreateserial -out X9_62-cert.pem
+    openssl req -in X9_62-cert.pem -noout -text
+
+    openssl ec -in X9_62-key.pem -pubout -out X9_62-pub.pem
+
+#openssl genpkey -algorithm ed25519 -out ed25519-priv-key.pem
+#openssl pkey -in ed25519key.pem -pubout
+#    read -p "Few details are necessary for certificate creating. Please enter CN: " CN
+#    read -p "Also I need cert owner email: " email
+#    read -p "And last enter your email (example@service.com): " email
+#    cat >> "${exec_path}/cryptkeys/openssl.cnf"<< EOF
+#[ req ]
+#prompt = no
+#encrypt_key = no
+#default_md = sha512
+#distinguished_name = dname
+#req_extensions = reqext
+
+#[ dname ]
+#CN = ${CN}
+#emailAddress = ${email}
+#
+#[ reqext ]
+#subjectAltName = ${altname}
+#EOF
+#    openssl req -new -config openssl.cnf -key privkey.pem -out csr.pem 
+#    openssl req -in csr.pem -noout -text -verify
 }
 
 

Service/cryptkeys/X9_62-cert.pem

@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBwgIBADA4MRQwEgYDVQQDDAtleGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
+ARYRYWRtaW5AZXhhbXBsZS5jb20wSTATBgcqhkjOPQIBBggqhkjOPQMABwMyAAQV
+gA4WQAUTwA/38SLvowdLf+kQNLVCtUN5j42DSuwXBbJOVfrO9LW4Z6RD6Wr8jLGg
+ODA2BgkqhkiG9w0BCQ4xKTAnMCUGA1UdEQQeMByCC2V4YW1wbGUuY29tgg0qLmV4
+YW1wbGUuY29tMAoGCCqGSM49BAMEAzcAMDQCGALdLDEnRYkTFg6SK5fh9EyoypDr
+WjkkzwIYDvI65GqhNfUOS8DvQucNF7aJsq8YSzxL
+-----END CERTIFICATE REQUEST-----

Service/cryptkeys/X9_62-cert1.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLjCCAeWgAwIBAgIUBFVAQV/xoAMtC15yE0WV4k926D0wCgYIKoZIzj0EAwMw
+fTELMAkGA1UEBhMCdWExDTALBgNVBAgMBG5pa28xEzARBgNVBAcMCm5pa28tZGlz
+dHIxCzAJBgNVBAoMAmRmMRIwEAYDVQQLDAlkZi1vZmZpY2UxDDAKBgNVBAMMA01h
+eDEbMBkGCSqGSIb3DQEJARYMeWFAZW1haWwuY29tMB4XDTE5MDkxMTE5MjczN1oX
+DTI5MDkwODE5MjczN1owfTELMAkGA1UEBhMCdWExDTALBgNVBAgMBG5pa28xEzAR
+BgNVBAcMCm5pa28tZGlzdHIxCzAJBgNVBAoMAmRmMRIwEAYDVQQLDAlkZi1vZmZp
+Y2UxDDAKBgNVBAMMA01heDEbMBkGCSqGSIb3DQEJARYMeWFAZW1haWwuY29tMEkw
+EwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEFYAOFkAFE8AP9/Ei76MHS3/pEDS1QrVD
+eY+Ng0rsFwWyTlX6zvS1uGekQ+lq/Iyxo1MwUTAdBgNVHQ4EFgQUqp+Wba9NcSoS
+39/jjMi8RBOA34YwHwYDVR0jBBgwFoAUqp+Wba9NcSoS39/jjMi8RBOA34YwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwM3ADA0AhgOXpTcEHKFCif9AGmTISiF
+XI3T0KKa7B8CGARx2a4o6IW+ijNMW+DZhWQSnDuP3mGCag==
+-----END CERTIFICATE-----

Service/cryptkeys/X9_62-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MF8CAQEEGACQNhm6kWR+8R1ONOieY6L8K684mZxWRKAKBggqhkjOPQMAB6E0AzIA
+BBWADhZABRPAD/fxIu+jB0t/6RA0tUK1Q3mPjYNK7BcFsk5V+s70tbhnpEPpavyM
+sQ==
+-----END EC PRIVATE KEY-----

Service/cryptkeys/X9_62-pub.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEFYAOFkAFE8AP9/Ei76MHS3/pEDS1
+QrVDeY+Ng0rsFwWyTlX6zvS1uGekQ+lq/Iyx
+-----END PUBLIC KEY-----

Service/cryptkeys/X9_62.pem

@@ -0,0 +1,3 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMABw==
+-----END EC PARAMETERS-----

Service/cryptkeys/openssl.cnf

@@ -0,0 +1,13 @@
+[ req ]
+prompt = no
+encrypt_key = no
+default_md = sha512
+distinguished_name = dname
+req_extensions = reqext
+
+[ dname ]
+CN = example.com
+emailAddress = admin@example.com
+
+[ reqext ]
+subjectAltName = DNS:example.com, DNS:*.example.com