feat(a1): implement proof of work

Author: declan-zhao

README.md

@@ -8,6 +8,50 @@ Go to `a1` directory and use command `make` to compile
 
 ### Run
 
+#### Proof of Work
+
+By default, the server runs at 127.0.0.1 on port 17777, and the client listens to it.
+
+`./server.out <p_bits>`
+
+- `p_bits`: optional, the length of P in bits, e.g. `12`, default `8`
+
+`./client.out`
+
+##### PoW Implementation Details
+
+**server.cpp**:
+
+This file contains the server code.
+
+1. Listen to port 17777.
+2. Accept the client.
+3. Generate random 128-bit R and P of length `p_bits`.
+4. Transmit the hex-encoded challenge to the client.
+5. Wait for the response. Close the connection if it takes too long.
+6. Verify the response from the client.
+7. Transmit `welcome` if the response is valid. Otherwise, close the connection.
+
+**client.cpp**:
+
+This file contains the client code.
+
+1. Connect to server at 127.0.0.1 on port 17777.
+2. Get challenge.
+3. Do proof of work.
+4. Give up if it takes too long.
+5. Transmit answer to the server.
+6. Wait for the response.
+7. Close the connection.
+
+**custom_utils.h**:
+
+This file contains shared helper functions.
+
+##### PoW Disclaimer
+
+The processing time varies, especially when `p_bits` is large, such as `16`.
+
 #### Timing Attack
 
 `./timing_attack.out <username> <number_of_trials> <password>`
@@ -16,15 +60,15 @@ Go to `a1` directory and use command `make` to compile
 - `number_of_trials`: optional, the number of trials for each letter, default `15000`
 - `password`: optional, the prefix of the password, should be empty at the beginning
 
-##### Usage Examples
+##### TA Usage Examples
 
 `./timing_attack.out user1`
 
 `./timing_attack.out user1 15000 f`
 
 `./timing_attack.out user1 15000 fi`
 
-##### Implementation Details
+##### TA Implementation Details
 
 1. Connect to the server at 127.0.0.1 on port 10458.
 2. Transmit the username.
@@ -35,7 +79,7 @@ Go to `a1` directory and use command `make` to compile
 7. If there is overlapping between the chosen letter and any other letter, stop and report. Otherwise, append the chosen letter to the password.
 8. Go back to step 4.
 
-##### Disclaimer
+##### TA Disclaimer
 
 Since 95% confidence intervals are used to determine the letter, there is uncertainty especially when cracking the last letter of the password.
 

a1/Makefile

@@ -1,5 +1,13 @@
+default: server client timing_attack
+
+server: custom_utils.h server.cpp
+	rm -f server.out
+	g++ -o server.out server.cpp -lcrypto
+
+client: custom_utils.h client.cpp
+	rm -f client.out
+	g++ -o client.out client.cpp -lcrypto
+
 timing_attack:
 	rm -f timing_attack.out
 	g++ -o timing_attack.out timing_attack.cpp
-default:
-	timing_attack

a1/client.cpp

@@ -0,0 +1,137 @@
+#include <iostream>
+#include <sstream>
+#include <map>
+#include <algorithm>
+#include <cstdlib>
+#include <ctime>
+#include <cstring>
+#include <cerrno>
+using namespace std;
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#include <wait.h>
+#include <unistd.h>
+
+#include "custom_utils.h"
+
+bool process_challenge(const string &R, const string &PH, string &answer);
+int socket_to_server(const char *IP, int port);
+
+int main(int argc, char *argv[])
+{
+    int server_socket = socket_to_server("127.0.0.1", 17777);
+
+    if (server_socket != -1)
+    {
+        struct timeval tv;
+
+        tv.tv_sec  = 10;
+        tv.tv_usec = 0;
+
+        setsockopt(server_socket, SOL_SOCKET, SO_RCVTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
+
+        // read challenge
+        const string &challenge = read_packet(server_socket);
+        int   slash_pos         = challenge.find('/');
+
+        if (slash_pos != challenge.npos)
+        {
+            const string &R  = hex_to_string(challenge.substr(0, slash_pos));
+            const string &PH = challenge.substr(slash_pos + 1, challenge.length());
+
+            string answer;
+
+            if (process_challenge(R, PH, answer))
+            {
+                cout << "Answer: " << answer << endl;
+
+                send(server_socket, (answer + "\n").c_str(), strlen((answer + "\n").c_str()), MSG_NOSIGNAL);
+
+                const string &result = read_packet(server_socket);
+                cout << "Result: " << result << endl;
+
+                close(server_socket);
+            }
+            else
+            {
+                close(server_socket);
+            }
+        }
+        else
+        {
+            cerr << "Wrong challenge format!" << endl;
+            close(server_socket);
+        }
+    }
+
+    return 0;
+}
+
+bool process_challenge(const string &R, const string &PH, string &answer)
+{
+    int min_processing_time = get_min_processing_time();
+    int max_processing_time = get_max_processing_time(PH.length() * 4);
+
+    // start timer
+    clock_t start = clock();
+
+    string hash;
+    double processing_time;
+
+    // do PoW
+    do
+    {
+        answer = R + generate_random_string(128) + R;
+
+        if (!get_sha256(answer, hash))
+        {
+            cerr << "Cannot generate hash!" << endl;
+            return false;
+        }
+
+        // stop timer
+        clock_t end = clock();
+
+        processing_time = (double)(end - start) / CLOCKS_PER_SEC;
+
+        if (processing_time > max_processing_time)
+        {
+            cerr << "It takes too long!" << endl;
+            return false;
+        }
+    } while (hash.find(PH) == hash.npos || hash.find(PH) != 0);
+
+    cout << "Processing time: " << processing_time << "s" << endl;
+
+    while (processing_time < min_processing_time)
+    {
+        usleep(500000);
+        processing_time += 0.5;
+    }
+
+    answer = string_to_hex(answer);
+
+    return true;
+}
+
+int socket_to_server(const char *IP, int port)
+{
+    struct sockaddr_in address;
+
+    address.sin_family      = AF_INET;
+    address.sin_addr.s_addr = inet_addr(IP);
+    address.sin_port        = htons(port);
+
+    int sock = socket(AF_INET, SOCK_STREAM, 0);
+
+    if (connect(sock, (struct sockaddr *)&address, sizeof(address)) == -1)
+    {
+        return -1;
+    }
+
+    return sock;
+}