def unpack(
data: bytes,
crypto: AuxiliaryStreamCrypto,
client_data: bool = False
) -> bytes:
"""
Split and decrypt auxiliary data blob
Args:
data: Data blob
crypto: Crypto context
client_data: Whether to decrypt with 'client IV'
Returns:
bytes: Decrypted message
"""
# Split header from rest of data
header, payload, hmac = data[:4], data[4:-32], data[-32:]
parsed = aux_header_struct.parse(header)
if not crypto.verify(header + payload, hmac):
raise AuxiliaryPackerException('Hash verification failed')
if not client_data:
plaintext = crypto.decrypt(payload)
else:
plaintext = crypto.decrypt_client(payload)
# Cut off padding, before returning
return plaintext[:parsed.payload_size]
def __init__(
self,
loop: asyncio.AbstractEventLoop,
connection_info: XStructObj,
listen_port: int
):
if len(connection_info.endpoints) > 1:
raise Exception(
'Auxiliary Stream advertises more than one endpoint!'
)
self._loop = loop
self.crypto = AuxiliaryStreamCrypto.from_connection_info(
connection_info
)
self.target_ip = connection_info.endpoints[0].ip
self.target_port = connection_info.endpoints[0].port
self.console_connection = ConsoleConnection(
self.target_ip,
self.target_port,
self.crypto
)
self.server = self._loop.create_server(
lambda: LocalConnection(),
'0.0.0.0', listen_port
)
self.client_transport = None
def pack(
data: bytes,
crypto: AuxiliaryStreamCrypto,
server_data: bool = False
) -> List[bytes]:
"""
Encrypt auxiliary data blob
Args:
data: Data
crypto: Crypto context
server_data: Whether to encrypt with `server IV`
Returns:
bytes: Encrypted message
"""
# Store payload size without padding
payload_size = len(data)
# Pad data
padded = PKCS7Padding.pad(data, 16)
if not server_data:
ciphertext = crypto.encrypt(padded)
else:
ciphertext = crypto.encrypt_server(padded)
header = aux_header_struct.build(dict(
magic=AUX_PACKET_MAGIC,
payload_size=payload_size)
)
msg = header + ciphertext
hmac = crypto.hash(msg)
msg += hmac
messages = list()
while len(msg) > 1448:
fragment, msg = msg[:1448], msg[1448:]
messages.append(fragment)
messages.append(msg)
return messages
def __init__(self, connection_info, listen_port):
if len(connection_info.endpoints) > 1:
raise Exception(
'Auxiliary Stream advertises more than one endpoint!')
self.crypto = AuxiliaryStreamCrypto.from_connection_info(
connection_info)
self.target_ip = connection_info.endpoints[0].ip
self.target_port = connection_info.endpoints[0].port
self.console_connection = ConsoleConnection(self.target_ip,
self.target_port,
self.crypto)
self.server = StreamServer(('0.0.0.0', listen_port),
self._handle_client)
self.client_socket = None
def aux_crypto(packets):
connection_info = packets[
'aux_stream_connection_info'].protected_payload.connection_info
return AuxiliaryStreamCrypto.from_connection_info(connection_info)