def handle(self):
print "New Connection from: " + self.client_address[0], ', on port: ' , self.client_address[1]
# M1
i = 0
while(i < 4):
utility.print_user_log(self.client_address, "KEY ESTABLISHMENT PROTOCOL")
self.key_est_result = self.key_establishment_protocol()
if self.key_est_result is None:
i = i + 1
utility.print_user_log(self.client_address, "Errors during protocol number: %d" %i)
fail = utility.pack_message('FAIL')
ret = utility.send_data(self.request, fail)
if ret is False:
utility.print_user_log(self.client_address,"[ERROR] Error during sending data ")
return None
#self.request.close()
elif self.key_est_result == 201:
#utility.print_user_log(self.client_address, 'DISC')
utility.print_user_log(self.client_address, "Client Disconnected")
return None
elif self.key_est_result == 203:
i = i + 1
utility.print_user_log(self.client_address, "Errors during protocol number: %d" %i)
fail = utility.pack_message('COPY')
ret = utility.send_data(self.request, fail)
else:
utility.print_user_log(self.client_address,"Key establishment protocol has done correctly \n")
i = 0
break
if (i >= 2):
utility.print_user_log(self.client_address, "To many errors! Disconnecting...")
return None
# after return, finish() will be called
while(True):
utility.print_line()
utility.print_user_log(self.client_address, "Listening for requests...")
data = utility.recv_data(self.request, 0)
#print data
if not data or data is None:
utility.print_user_log(self.client_address, 'Client Disconnected' )
break
# after return, finish() will be called
data_to_send = self.manage_request(data)
if data_to_send[0] is False:
utility.print_user_log(self.client_address,"[ERROR] Unable to manage the request ")
ret = utility.send_data(self.request, "FAIL")
if ret is False:
utility.print_user_log(self.client_address,"[ERROR] Error during sending data ")
else:
#print data_to_send[1]
ret = utility.send_data(self.request, data_to_send[1])
if ret is False:
utility.print_user_log(self.client_address,"[ERROR] Error during sending data ")
def message_M1(self):
utility.print_user_log(self.client_address,"Waiting for M1...")
response_m1 = utility.recv_data(self.request, 0)
#print response_m1
if response_m1 is None:
utility.print_user_log(self.client_address,"client disconnected")
return 201
#print "...OK"
unpack_m1 = utility.unpack_message(response_m1, 4)
if len(unpack_m1) != 1:
return None
#utility.print_user_log(self.client_address, 'UNPACK M1 '+unpack_m1)
self.client_ID = unpack_m1[0]
print 'ClientID: ',self.client_ID,'is connecting from: ', self.client_address
return True
def message_M3(self):
priv_key = utility.load_priv_key('server_prvkey_1')
if priv_key is None:
utility.print_user_log(self.client_address,'[ERROR]Some errors occured reading the key')
return None
utility.print_user_log(self.client_address,'Private key loaded')
# waiting for M3
utility.print_user_log(self.client_address,"Waiting for M3...")
data_recv = utility.recv_data(self.request,0)
if data_recv is None:
utility.print_user_log(self.client_address, "[ERROR] Client disconnected during M3")
return None
utility.print_user_log(self.client_address, "Received M3..")
encrypted_data = bytes(data_recv)
decrypted_data = utility.decrypt_RSA(encrypted_data, priv_key)
if decrypted_data is None:
utility.print_user_log(self.client_address, '[ERROR] some errors occured decrypting the data')
return None
try:
''' print '_____________________________________'
print decrypted_data
print '_____________________________________' '''
fields = utility.unpack_message(decrypted_data, 4)
#print fields
if len(fields) != 8:
return None
# Manca TYPE | ...
opcode, server_prot_ID,client_prot_ID, client_pass,session_key, nonce_prot_s, self.nonce_prot_c, hashed_data_c = fields
except IndexError:
utility.print_user_log(self.client_address, '[ERROR] incorrect message format')
return None
''' for i in fields:
print hexlify( i), "\n" '''
data_to_hash = ''.join(fields[0:7])
hashed_data = utility.get_hash(data_to_hash)
ret = utility.secure_cmp(hashed_data, hashed_data_c)
#print hexlify(hashed_data)
#print hexlify(hashed_data_c)
if (ret is False):
utility.print_user_log(self.client_address, '[ERROR] Packet Hashes do not match')
del session_key
return None
ret = utility.secure_cmp(self.nonce_s, nonce_prot_s)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Server Nonce is not fresh!')
del session_key
return None
#print '1'
ret = utility.secure_cmp(self.client_ID, client_prot_ID)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Client IDs do not match')
del session_key
return None
#print '2'
ret = utility.secure_cmp(self.server_ID, server_prot_ID)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Serve IDs do not match')
del session_key
return None
#return (opcode, session_key, nonce_prot_c, client_pass)
# =================================================================
if opcode == 'LOG':
utility.print_user_log(self.client_address, "LOGIN REQUEST")
# KDF(salted) e ricerca hash in database
db = DB.Database()
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address, '[ERROR] Error during connecting to DB '+ str(ret[1]))
del session_key
return None
user_config = db.find_user_config(self.client_ID, 'users')
db.disconnect()
if user_config == None:
utility.print_user_log(self.client_address, '[ERROR] No user config found with ID: %s' % self.client_ID )
del session_key
return None
ID, hash_pwd, salt_hash = user_config
hashed_pwd = bytes(hash_pwd)
#print hash_pwd, hashed_pwd
#print hexlify(hashed_pwd)
#kdf = utility.get_kdf(client_pass, salt_kdf)
#hashed_kdf = utility.get_hash(kdf, salt_hash)
#if hashed_kdf == None:
# utility.print_user_log(self.client_address, '[ERROR] Error during KDF creation')
# del session_key
# return None
# Check importante, hashed_kdf é l'hash della kdf della password che mi invia l'utente
# hashed_pwd é l'hash della kdf della password che ho nel DB
hash_pwd_c = utility.get_hash(client_pass, salt_hash)
ret = utility.secure_cmp(hashed_pwd, hash_pwd_c)
if ret == False:
utility.print_user_log(self.client_address, '[ERROR] Password hashes do not match')
del session_key
return None
# =====================================================================
# REG ===============================================================
elif opcode == 'REG':
utility.print_user_log(self.client_address,'SIGNIN REQUEST')
db = DB.Database()
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR CONNECT] '+ str(ret[0]))
del session_key
return None
user_config = db.find_user_config(self.client_ID, 'users')
db.disconnect()
if user_config != None:
utility.print_user_log(self.client_address,'[ERROR CONFIG] User: '******' already present')
del session_key
return 203
# bytes salts
salt_hash = os.urandom(16)
#kdf = utility.get_kdf(client_pass, salt_kdf)
#hashed_kdf = utility.get_hash(kdf, salt_hash)
hashed_pwd = utility.get_hash(client_pass, salt_hash)
#print hashed_kdf
''' if hashed_kdf == None:
utility.print_user_log(self.client_address,'[ERROR] Error during KDF creation')
del session_key
return None '''
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR] Error during connecting to DB '+ str(ret[1]))
del session_key
return None
ret = db.add_user('users',self.client_ID, hashed_pwd, salt_hash)
db.disconnect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR] Error during user add ' + ret[1])
del session_key
return None
else:
del session_key
return None
self.session_key = session_key
#self.client_key = kdf
self.database = db
self.nonces = []
return True