Checker env fix

checker/docker-compose.yml

@@ -7,9 +7,9 @@ services:
     ports:
       - 3303:3303
     environment:
-      - PHREAKING_GRPC_PASS=${PHREAKING_GRPC_PASS}
-      - PHREAKING_SIM_KEY=${PHREAKING_SIM_KEY}
       - REDIS_PASS=asimplesentenceisbetter
+    env_file:
+      - .env
   phreaking-db:
     image: redis:7-alpine
     restart: always

checker/src/cmd/checker/main.go

@@ -21,7 +21,7 @@ func main() {
 	})
 
 	db := redis.NewClient(&redis.Options{
-		Addr:     "phreaking_checker-phreaking-db-1:6379",
+		Addr:     "phreaking-db:6379",
 		Password: string(os.Getenv("REDIS_PASS")),
 		DB:       0, // use default DB
 	})

checker/src/pkg/crypto/crypto.go

@@ -10,22 +10,19 @@ import (
 	"fmt"
 	"io"
 	"log"
-	"os"
 
 	"golang.org/x/crypto/blake2b"
 	"golang.org/x/crypto/sha3"
 )
 
-var key = []byte(string(os.Getenv("PHREAKING_SIM_KEY")))
-
 func ComputeHash(input []byte) (hash string) {
 	h := sha256.New()
 	h.Write(input)
 	bs := h.Sum(nil)
 	return string(bs)
 }
 
-func EncryptAES(input []byte) (res []byte) {
+func EncryptAES(input []byte, key []byte) (res []byte) {
 	aesBlock, err := aes.NewCipher(key)
 	if err != nil {
 		fmt.Println(err)
@@ -47,7 +44,7 @@ func EncryptAES(input []byte) (res []byte) {
 	return buf
 }
 
-func DecryptAES(ct []byte) (res []byte) {
+func DecryptAES(ct []byte, key []byte) (res []byte) {
 	aesBlock, err := aes.NewCipher(key)
 	if err != nil {
 		log.Fatalln(err)
@@ -65,40 +62,40 @@ func DecryptAES(ct []byte) (res []byte) {
 	return originalText
 }
 
-func CheckIntegrity(buf []byte, mac []byte) bool {
-	dec := string(DecryptAES(mac))
+func CheckIntegrity(buf []byte, mac []byte, key []byte) bool {
+	dec := string(DecryptAES(mac, key))
 	hash := ComputeHash(buf)
 	return (dec == hash)
 }
 
-func IA0(msg []byte) (mac []byte) {
+func IA0(msg []byte, key []byte) (mac []byte) {
 	h := sha256.New()
 	h.Write(msg)
 	return h.Sum(nil)
 }
 
-func IA1(msg []byte) (mac []byte) {
+func IA1(msg []byte, key []byte) (mac []byte) {
 	hash := hmac.New(sha256.New, []byte(key))
 	hash.Write(msg)
 	return hash.Sum(nil)
 }
 
-func IA2(msg []byte) (mac []byte) {
+func IA2(msg []byte, key []byte) (mac []byte) {
 	hash := hmac.New(sha512.New, []byte(key))
 	hash.Write(msg)
 	return hash.Sum(nil)
 }
 
-func IA3(msg []byte) (mac []byte) {
+func IA3(msg []byte, key []byte) (mac []byte) {
 	hash := hmac.New(sha3.New256, []byte(key))
 	hash.Write(msg)
 	return hash.Sum(nil)
 }
 
-func IA4(msg []byte) (mac []byte) {
+func IA4(msg []byte, key []byte) (mac []byte) {
 	hash, _ := blake2b.New256(key)
 	hash.Write(msg)
 	return hash.Sum(nil)
 }
 
-var IAalg = map[uint8]func([]byte) []byte{0: IA0, 1: IA1, 2: IA2, 3: IA3, 4: IA4}
+var IAalg = map[uint8]func([]byte, []byte) []byte{0: IA0, 1: IA1, 2: IA2, 3: IA3, 4: IA4}

checker/src/pkg/handler/handler.go

@@ -54,7 +54,9 @@ func (h *Handler) PutFlag(ctx context.Context, message *enochecker.TaskMessage)
 
 	c := pb.NewLocationClient(conn)
 
-	md := metadata.Pairs("auth", string(os.Getenv("PHREAKING_GRPC_PASS")))
+	grpcEnvVar := "PHREAKING_" + strconv.Itoa(int(message.TeamId)) + "_GRPC_PASS"
+
+	md := metadata.Pairs("auth", string(os.Getenv(grpcEnvVar)))
 	ctx_grpc := metadata.NewOutgoingContext(context.Background(), md)
 	_, err = c.UpdateLocation(ctx_grpc, &pb.Loc{Position: message.Flag})
 	if err != nil {
@@ -94,6 +96,11 @@ func (h *Handler) getFlagLocation(ctx context.Context, message *enochecker.TaskM
 		return err
 	}
 
+	defer func() {
+		coreConn.Close()
+		ueConn.Close()
+	}()
+
 	setup := ngap.NGSetupRequestMsg{GranId: 0, Tac: 0, Plmn: 0}
 	buf, _ := ngap.EncodeMsg(ngap.NGSetupRequest, &setup)
 
@@ -175,7 +182,11 @@ func (h *Handler) getFlagLocation(ctx context.Context, message *enochecker.TaskM
 		return err
 	}
 
-	dec := crypto.DecryptAES(reply[9:])
+	keyEnvVar := "PHREAKING_" + strconv.Itoa(int(message.TeamId)) + "_SIM_KEY"
+
+	key := []byte(string(os.Getenv(keyEnvVar)))
+
+	dec := crypto.DecryptAES(reply[9:], key)
 
 	var loc ngap.LocationUpdateMsg
 	err = ngap.DecodeMsg(dec, &loc)
@@ -225,6 +236,11 @@ func (h *Handler) Exploit(ctx context.Context, message *enochecker.TaskMessage)
 		return nil, err
 	}
 
+	defer func() {
+		coreConn.Close()
+		ueConn.Close()
+	}()
+
 	setup := ngap.NGSetupRequestMsg{GranId: 0, Tac: 0, Plmn: 0}
 	buf, _ := ngap.EncodeMsg(ngap.NGSetupRequest, &setup)
 
@@ -365,6 +381,11 @@ func (h *Handler) gnb(ctx context.Context, message *enochecker.TaskMessage, port
 		return err
 	}
 
+	defer func() {
+		coreConn.Close()
+		ueConn.Close()
+	}()
+
 	setup := ngap.NGSetupRequestMsg{GranId: 0, Tac: 0, Plmn: 0}
 	buf, _ := ngap.EncodeMsg(ngap.NGSetupRequest, &setup)
 

checker/src/pkg/ngap/parse.go

@@ -22,15 +22,15 @@ func EncodeMsg[T any](t MsgType, msgPtr *T) ([]byte, error) {
 	return b.Bytes(), err
 }
 
-func EncodeEncMsg[T any](t MsgType, msgPtr *T) ([]byte, error) {
+func EncodeEncMsg[T any](t MsgType, msgPtr *T, key []byte) ([]byte, error) {
 	var b bytes.Buffer
 	b.WriteByte(byte(t))
 	var be bytes.Buffer
 	e := gob.NewEncoder(&be)
 	err := e.Encode(&msgPtr)
 
 	tmp := be.Bytes()
-	tmp = crypto.EncryptAES(tmp)
+	tmp = crypto.EncryptAES(tmp, key)
 
 	b.Write(tmp)
 	return b.Bytes(), err