Ejemplo n.º 1
0
 def receive(self):
     """
     Receive and decrypt data and populate the received entry field.
     """
     if self.connector is None:
         return
     encrypted = self.connector.receive()
     if encrypted:
         self.logger.info('Encrypted data, received: ' + connector.bytestring_as_hex_string(encrypted))
         msg_bytes = aes.aes_decrypt(encrypted[:-32], self.session_key)
         message = bytes(msg_bytes)
         self.logger.info('Decrypted message: ' + str(message))
         mac_val = encrypted[-16:]
         mac_iv = encrypted[-32:-16]
         verified = mac.check_mac(message, mac_val, MAC_KEY, mac_iv)
         if verified:
             self.logger.info('MAC check SUCCESS')
             self.received_entry.delete(0, END)
             self.received_entry.insert(0, message)
         else:
             self.logger.info.info("MAC check FAILURE")
Ejemplo n.º 2
0
 def receive(self):
     """
     Receive and decrypt data and populate the received entry field.
     """
     if self.connector is None:
         return
     encrypted = self.connector.receive()
     if encrypted:
         self.logger.info('Encrypted data, received: ' +
                          connector.bytestring_as_hex_string(encrypted))
         msg_bytes = aes.aes_decrypt(encrypted[:-32], self.session_key)
         message = bytes(msg_bytes)
         self.logger.info('Decrypted message: ' + str(message))
         mac_val = encrypted[-16:]
         mac_iv = encrypted[-32:-16]
         verified = mac.check_mac(message, mac_val, MAC_KEY, mac_iv)
         if verified:
             self.logger.info('MAC check SUCCESS')
             self.received_entry.delete(0, END)
             self.received_entry.insert(0, message)
         else:
             self.logger.info.info("MAC check FAILURE")
Ejemplo n.º 3
0
def connect(host, port, shared_value, is_server):
    """
    Connect to the host:port with the Diffie-Hellman exchange, making sure to
    authenticate the connection.
    """
    global MAC_KEY
    ctr = None
    if port:
        ctr = connector.Connector(is_server, host, port)
    else:
        ctr = connector.Connector(is_server, host)

    # Generate a 16 byte key, from a hash of the shared secret value.
    # Then use that value, to encrypt a Diffie-Hellman exchange to 
    # ensure Perfect Forward Secrecy.
    md5_key = hashlib.md5()
    shared_val = shared_value.encode('utf-8')
    md5_key.update(shared_val)
    long_term_key = md5_key.digest()

    md5_key = hashlib.md5()
    md5_key.update(long_term_key)
    MAC_KEY = md5_key.digest()
    
    ctr.connect()
    
    session_key = []
    
    if not is_server:
        #Client Authenticated DH exchange
        # Send initial DH trigger message
        logging.getLogger().info('Sending initial authentication message')
        client_dh_init_msg = dh_auth.gen_auth_msg()
        ctr.send(bytes(client_dh_init_msg))
        
        # Receive server authentication response
        logging.getLogger().info('Waiting for server authentication response')
        rcv_server_public_transport = ctr.receive_wait()
        rcv_server_nonce = rcv_server_public_transport[:16]
        rcv_server_dh_data_encrypted = rcv_server_public_transport[16:]  
        
        # Send back client authentication response
        logging.getLogger().info('Sending client authentication response')
        client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce)
        client_dh_data_tup = dh_auth.gen_public_transport(long_term_key, client_auth_msg)
        client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
        ctr.send(bytes(client_public_transport))
        
        # Authenticate received data from server
        logging.getLogger().info('Authenticating data received from server')
        expect_rcv_server_id = [int(byte) for byte in host.split('.')]
        expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[4:]
        
        logging.getLogger().info('Generating session key')
        session_key = dh_auth.gen_session_key(rcv_server_dh_data_encrypted, client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_server_auth_msg)
        
    else:
        #Server Authenticated DH exchange
        # Receive initial DH trigger message
        logging.getLogger().info('Waiting for initial authentication message')
        rcv_client_dh_data = ctr.receive_wait()
        rcv_client_id = rcv_client_dh_data[:4]
        rcv_client_nonce = rcv_client_dh_data[4:]
        
        # send response
        logging.getLogger().info('Sending server authentication response')
        server_nonce = dh_auth.gen_nonce()
        server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce) 
        server_dh_data_tup = dh_auth.gen_public_transport(long_term_key, server_auth_msg)
        server_public_transport = server_nonce + server_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
        ctr.send(bytes(server_public_transport))
        
        # Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted
        logging.getLogger().info('Waiting for client authentication response')
        rcv_client_public_transport = ctr.receive_wait()
        
        # Authenticate received data from client
        logging.getLogger().info('Authenticating client response')
        expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce)
        session_key = dh_auth.gen_session_key(rcv_client_public_transport, server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_client_auth_msg)

    if session_key == 0:
        logging.getLogger().info('Failed to authenticate: session key invalid')
    else:
        logging.getLogger().info('Authenticated with session key: ' + connector.bytestring_as_hex_string(session_key))
    # Enforce Perfect Forward Security by forgetting local exponent 
    client_dh_data_tup = (0,0)
    server_dh_data_tup = (0,0)

    return (session_key, ctr)
Ejemplo n.º 4
0
def connect(host, port, shared_value, is_server):
    """
    Connect to the host:port with the Diffie-Hellman exchange, making sure to
    authenticate the connection.
    """
    global MAC_KEY
    ctr = None
    if port:
        ctr = connector.Connector(is_server, host, port)
    else:
        ctr = connector.Connector(is_server, host)

    # Generate a 16 byte key, from a hash of the shared secret value.
    # Then use that value, to encrypt a Diffie-Hellman exchange to
    # ensure Perfect Forward Secrecy.
    md5_key = hashlib.md5()
    shared_val = shared_value.encode('utf-8')
    md5_key.update(shared_val)
    long_term_key = md5_key.digest()

    md5_key = hashlib.md5()
    md5_key.update(long_term_key)
    MAC_KEY = md5_key.digest()

    ctr.connect()

    session_key = []

    if not is_server:
        #Client Authenticated DH exchange
        # Send initial DH trigger message
        logging.getLogger().info('Sending initial authentication message')
        client_dh_init_msg = dh_auth.gen_auth_msg()
        ctr.send(bytes(client_dh_init_msg))

        # Receive server authentication response
        logging.getLogger().info('Waiting for server authentication response')
        rcv_server_public_transport = ctr.receive_wait()
        rcv_server_nonce = rcv_server_public_transport[:16]
        rcv_server_dh_data_encrypted = rcv_server_public_transport[16:]

        # Send back client authentication response
        logging.getLogger().info('Sending client authentication response')
        client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce)
        client_dh_data_tup = dh_auth.gen_public_transport(
            long_term_key, client_auth_msg)
        client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
        ctr.send(bytes(client_public_transport))

        # Authenticate received data from server
        logging.getLogger().info('Authenticating data received from server')
        expect_rcv_server_id = [int(byte) for byte in host.split('.')]
        expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[
            4:]

        logging.getLogger().info('Generating session key')
        session_key = dh_auth.gen_session_key(
            rcv_server_dh_data_encrypted,
            client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key,
            expect_rcv_server_auth_msg)

    else:
        #Server Authenticated DH exchange
        # Receive initial DH trigger message
        logging.getLogger().info('Waiting for initial authentication message')
        rcv_client_dh_data = ctr.receive_wait()
        rcv_client_id = rcv_client_dh_data[:4]
        rcv_client_nonce = rcv_client_dh_data[4:]

        # send response
        logging.getLogger().info('Sending server authentication response')
        server_nonce = dh_auth.gen_nonce()
        server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce)
        server_dh_data_tup = dh_auth.gen_public_transport(
            long_term_key, server_auth_msg)
        server_public_transport = server_nonce + server_dh_data_tup[
            dh_auth.PUB_TRANSPORT_IDX]
        ctr.send(bytes(server_public_transport))

        # Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted
        logging.getLogger().info('Waiting for client authentication response')
        rcv_client_public_transport = ctr.receive_wait()

        # Authenticate received data from client
        logging.getLogger().info('Authenticating client response')
        expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce)
        session_key = dh_auth.gen_session_key(
            rcv_client_public_transport,
            server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key,
            expect_rcv_client_auth_msg)

    if session_key == 0:
        logging.getLogger().info('Failed to authenticate: session key invalid')
    else:
        logging.getLogger().info(
            'Authenticated with session key: ' +
            connector.bytestring_as_hex_string(session_key))
    # Enforce Perfect Forward Security by forgetting local exponent
    client_dh_data_tup = (0, 0)
    server_dh_data_tup = (0, 0)

    return (session_key, ctr)