def accept_cli(self):
"""
Accepts new incoming client connections
"""
while True:
# Blocking call for a connection
connection, client_address = self.sock.accept()
try:
print('Incoming client:', client_address)
print('Connection:', connection)
packet = connection.recv(1024)
packet = decode_dict(packet)
self.decode_packet(packet, connection)
# Check if DH done, move on to NS part
alice_done = 'secret_s' in self.dh_dict['alice']
bob_done = 'secret_s' in self.dh_dict['bob']
if alice_done and bob_done:
# Tell alice to begin NS with bob
self.sock.close()
self.sock = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
self.sock.bind(self.kdc_address_2)
time.sleep(5)
self.sock.connect(self.alice_address)
self.handle_NS()
break
finally:
print("Closing connection...")
connection.close()
def recv_ack(self):
"""
Recv ACK from server
"""
packet = self.srv_sock.recv(20000)
packet = decode_dict(packet)
print("Handshake complete")
def handle_NS(self):
packet = self.sock.recv(1024)
print("packet:", packet)
packet = decode_dict(packet)
nonce_a = packet['nonce_a']
nonce_b_e = packet['nonce_b_e']
k_as = self.dh_dict['alice']['secret_s']
k_bs = self.dh_dict['bob']['secret_s']
k_ab = random.getrandbits(8)
des = ToyDES(k_bs)
k_ab_e = des.encrypt(k_ab)
packet = {
'nonce_a': nonce_a,
'k_ab': k_ab,
'k_ab_e': k_ab_e,
'nonce_b_e': nonce_b_e
}
packet = json.dumps(packet)
#packet = encode_dict(packet)
des.set_key(k_as)
encrypted_packet = ""
for byte in packet:
encrypted_byte = chr(des.encrypt(ord(byte)))
encrypted_packet += encrypted_byte
encrypted_packet = encrypted_packet.encode('UTF-8')
self.sock.sendall(encrypted_packet)
def recv_msg(self, conn):
"""
Recv msg from client
"""
packet = conn.recv(20000)
# Client terminated connection
if packet.decode('ascii') == "":
sys.exit()
packet = decode_dict(packet)
encrypted = packet['msg']
num_bytes = packet['num_bytes']
HMAC = packet['MAC']
decrypted = self.alg_handler.sym_decrypt(self.sym_key, encrypted)
compressed = decrypted.to_bytes(num_bytes, byteorder='big')
msg_bytes = gzip.decompress(compressed)
msg = msg_bytes.decode('ascii')
verified = self.verify_MAC(HMAC, compressed)
print("MAC verified:", verified)
if verified == False:
sys.exit()
print("Received msg from client:", msg)
def recv_B(self):
"""
Recv B from KDC so client can compute secret_s
"""
packet = self.kdc_sock.recv(1024)
packet = decode_dict(packet)
B = packet['B']
self.secret_s = (B ** self.secret_a) % self.p
def recv_sym_key(self, conn):
"""
Recv symmetric key from client
"""
packet = conn.recv(20000)
packet = decode_dict(packet)
e_sym_key = packet['key']
self.sym_key = self.decrypt_sym_key(e_sym_key)
def recv_ack(self):
"""
Receives ACK packet; if reply packet was not ACK, then abort
"""
packet = self.kdc_sock.recv(1024)
packet = decode_dict(packet)
if packet['type'] != "ACK":
print("No ack recv'd!")
sys.exit()
def recv_key_exc(self):
"""
Recv public key from server
"""
packet = self.srv_sock.recv(20000)
packet = decode_dict(packet)
n = packet['public_key_1']
e = packet['public_key_2']
self.alg_handler.set_their_pub_key((n,e))
def recv_key_exc(self, conn):
"""
Recv public key from client
"""
packet = conn.recv(20000)
packet = decode_dict(packet)
n = packet['public_key_1']
e = packet['public_key_2']
self.alg_handler.set_their_pub_key((n, e))
def recv_suite(self):
"""
Recv selected cipher suite from server
"""
packet = self.srv_sock.recv(20000)
packet = decode_dict(packet)
sk = packet['sym_key']
ke = packet['key_exc']
h = packet['hash']
self.alg_handler = AlgHandler(sk, ke, h)
def recv_hello(self):
"""
Receive hello packet; if reply packet was not hello, then abort
TODO: replace with abort protocol
"""
packet = self.srv_sock.recv(20000)
packet = decode_dict(packet)
if packet['type'] != "hello":
print("No hello recv'd!")
sys.exit()
def recv_suite(self, conn):
"""
Recv cipher suite from client
"""
packet = conn.recv(20000)
packet = decode_dict(packet)
sk = packet['sym_key'][0]
ke = packet['key_exc'][0]
h = packet['hash'][0]
self.alg_handler = AlgHandler(sk, ke, h)
def get_nonce_from_bob(self):
self.nonce_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.nonce_sock.bind(self.alice_address_2)
self.nonce_sock.listen(1)
print("Waiting for Bob's nonce at", self.alice_address_2)
self.nonce_connection, self.nonce_address = self.nonce_sock.accept()
print("Bob connected")
packet = self.nonce_connection.recv(1024)
packet = decode_dict(packet)
self.nonce_b_e = packet['nonce_b_e']
def recv_msg(self):
"""
Recv msg from server
"""
packet = self.srv_sock.recv(20000)
packet = decode_dict(packet)
encrypted = packet['msg']
num_bytes = packet['num_bytes']
HMAC = packet['MAC']
decrypted = self.alg_handler.sym_decrypt(self.sym_key, encrypted)
compressed = decrypted.to_bytes(num_bytes, byteorder='big')
msg_bytes = gzip.decompress(compressed)
msg = msg_bytes.decode('ascii')
verified = self.verify_MAC(HMAC, compressed)
print("MAC verified:", verified)
if verified == False:
sys.exit()
print("Received msg from server:", msg)
def host_client(self):
"""
Bob will host Alice's connection
"""
self.alice_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.alice_sock.bind(self.bob_address_2)
self.alice_sock.listen(1)
print("Waiting for Alice at", self.bob_address_2)
self.alice_connection, self.alice_address = self.alice_sock.accept()
print("Connected to Alice")
packet = self.alice_connection.recv(1024)
packet = decode_dict(packet)
k_ab_e = packet['k_ab_e']
nonce_b_e = packet['nonce_b_e']
des = ToyDES(self.secret_s)
nonce_b_e = des.decrypt(nonce_b_e)
if nonce_b_e == self.replay_nonce:
print("Replay attack prevented; nonces match!")
else:
print("Replay attack possible; nonces do not match!")
k_ab = des.decrypt(k_ab_e)
packet = {'type': "ACK"}
packet = encode_dict(packet)
self.alice_connection.sendall(packet)
packet = self.alice_connection.recv(1024)
packet = packet.decode('UTF-8')
des.set_key(k_ab)
decrypted_msg = ""
for byte in packet:
decrypted_msg += chr(des.decrypt(ord(byte)))
print("Recv'd from alice: ", decrypted_msg)
