def LoginSequence(username, password): global server_socket global serverIP global serverPort global client_socket global commonPort global dh_aes_key global serverpubkey global Dport global sender_private_key # Compute the nonce, a random no. of 32 bit nonce = os.urandom(LengthN) u = DiffieHellman() # modular prime and private key for DH exchange p = str(u.prime) a = str(u.privateKey) # public key g^a mod p dh_pub_key = str(u.publicKey) # Generate client rsa auth key pair try: sender_private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend()) except: print("The provided backend does not implement RSABackend") # Obtain the public key from the private key generated using RSA sender_public_key = sender_private_key.public_key() try: pem = sender_public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) except: print("Serialization failed") # Get the server public key from the file try: with open('serverpubkey.pem', 'rb') as f1: serverpubkey = serialization.load_pem_public_key( f1.read(), backend=default_backend()) except: print("The destination public key file is not present") sys.exit(2) msg = str(nonce) + username + ',' + str(dh_pub_key) + ',' + str(pem) # Encrypt using aes key key_sym = keygen() iv = os.urandom(16) ciphertext = AESEncrypt(msg, key_sym, iv) # Encrypt the symmetric key with rsa public key cipher_key_sym = serverpubkey.encrypt( key_sym, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) # Constant for GREETING is 0x00 greeting_msg = bytes(0x00) + bytes(iv) + bytes(cipher_key_sym) + bytes( ciphertext) server_socket.sendto(greeting_msg, (serverIP, int(serverPort))) (Dport, addr) = server_socket.recvfrom(4096) (dataRecv, addr) = server_socket.recvfrom(4096) # Use Dport to finish the rest of sequence server_socket.sendto(other_msg, (serverIP, Dport)) # Server_first_msg = bytes(0x00) + bytes(iv) + bytes(cipher_key_sym) + bytes(ciphertext) # msg = nonce + dh_key_server + ',' + u.hashsecret cipher_key_sym = None ciphertext = None iv = None offset = InitOffset msg_type = dataRecv[offset] offset += 1 iv = dataRecv[offset:offset + LengthIV] offset += LengthIV cipher_key_sym = dataRecv[offset:offset + LengthKey] offset += LengthKey ciphertext = dataRecv[offset:len(dataRecv)] # Decrypt key_sym with sender's private key key_sym = RSADecrypt(cipher_key_sym, sender_private_key) # Decrypt the ciphertext using the key_sym and iv plaintext = AESDecrypt(key_sym, iv, ciphertext) plaintext = bytes(plaintext) offset = InitOffset nonce1 = plaintext[offset:offset + LengthN] offset += LengthN nonce2 = plaintext[offset:offset + LengthN] offset += LengthN if nonce1 != nonce: print "Nonce N1 doesn't match" exit(2) # Get data from plaintext hash_secret = plaintext[offset:offset + LengthN] offset += LengthN dh_key_server_public = plaintext[offset:len(plaintext)] # Generate hash secret W = hash32(password) u.genHashSecret(W, dh_key_server_public) if hash_secret == u.hashsecret: # Generate DH shared key u.genKey(dh_key_server_public) u.genHashSecret1(W, dh_key_server_public) server_socket.sendto( str(nonce2) + u.hashsecret1, (serverIP, int(Dport))) else: print('Hashes do not match') sys.exit(2) (dataRecv, addr) = server_socket.recvfrom(4096) offset = InitOffset iv = dataRecv[offset:offset + LengthIV] offset += LengthIV ciphertext = dataRecv[offset:len(dataRecv)] dh_aes_key = aeskeygen(u.key) # Decrypt the ciphertext using the key_sym and iv plaintext = AESDecrypt(dh_aes_key, iv, ciphertext) msg = str(bytes(plaintext)) print('Received ACK') networkinfo = client_socket.getsockname()[0] + ',' + str( client_socket.getsockname()[1]) # Encrypt the network info using DH Key iv = os.urandom(LengthIV) nwinfo = AESEncrypt(networkinfo, dh_aes_key, iv) # Encrypt username and encrypted networkinfo using new aes key , and encrypt sym key using rsa server ublic key new_iv = os.urandom(LengthIV) new_sym_key = keygen() msg_nwinfo = username + ',' + bytes(nwinfo) encrypted_msg = AESEncrypt(msg_nwinfo, new_sym_key, new_iv) # Encrypt the symmetric key with rsa public key cipher_new_key = RSAEncrypt(new_sym_key, serverpubkey) info_msg = bytes(new_iv) + bytes(iv) + bytes(cipher_new_key) + bytes( encrypted_msg) print('Sending common port info and peer AuthKey') server_socket.sendto(info_msg, (serverIP, int(Dport))) pass
def LoginSequence(username, password): global server_socket global serverIP global serverPort global client_socket global commonPort global dh_aes_key global serverpubkey global Dport global sender_private_key # Compute the nonce, a random no. of 32 bit nonce = os.urandom(LengthN) u = DiffieHellman() # modular prime and private key for DH exchange p = str(u.prime) a = str(u.privateKey) # public key g^a mod p dh_pub_key = str(u.publicKey) # Generate client rsa auth key pair try: sender_private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend()) except: print("The provided backend does not implement RSABackend") # Obtain the public key from the private key generated using RSA sender_public_key = sender_private_key.public_key() try: pem = sender_public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) except: print("Serialization failed") # Get the server public key from the file try: with open('serverpubkey.pem', 'rb') as f1: serverpubkey = serialization.load_pem_public_key(f1.read(), backend=default_backend()) except: print("The destination public key file is not present") sys.exit(2) msg = str(nonce) + username + ',' + str(dh_pub_key) + ',' + str(pem) # Encrypt using aes key key_sym=keygen() iv = os.urandom(16) ciphertext = AESEncrypt(msg, key_sym, iv) # Encrypt the symmetric key with rsa public key cipher_key_sym = serverpubkey.encrypt(key_sym, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()),algorithm=hashes.SHA1(),label=None)) # Constant for GREETING is 0x00 greeting_msg = bytes(0x00) + bytes(iv) + bytes(cipher_key_sym) + bytes(ciphertext) server_socket.sendto(greeting_msg, (serverIP, int(serverPort))) (Dport, addr) = server_socket.recvfrom(4096) (dataRecv, addr) = server_socket.recvfrom(4096) # Use Dport to finish the rest of sequence server_socket.sendto(other_msg, (serverIP, Dport)) # Server_first_msg = bytes(0x00) + bytes(iv) + bytes(cipher_key_sym) + bytes(ciphertext) # msg = nonce + dh_key_server + ',' + u.hashsecret cipher_key_sym = None ciphertext = None iv = None offset = InitOffset msg_type = dataRecv[offset] offset += 1 iv = dataRecv[offset:offset+LengthIV] offset += LengthIV cipher_key_sym = dataRecv[offset:offset+LengthKey] offset += LengthKey ciphertext = dataRecv[offset:len(dataRecv)] # Decrypt key_sym with sender's private key key_sym = RSADecrypt(cipher_key_sym, sender_private_key) # Decrypt the ciphertext using the key_sym and iv plaintext = AESDecrypt(key_sym, iv, ciphertext) plaintext = bytes(plaintext) offset = InitOffset nonce1 = plaintext[offset:offset+LengthN] offset += LengthN nonce2 = plaintext[offset:offset+LengthN] offset += LengthN if nonce1 != nonce: print "Nonce N1 doesn't match" exit(2) # Get data from plaintext hash_secret = plaintext[offset:offset+LengthN] offset += LengthN dh_key_server_public = plaintext[offset:len(plaintext)] # Generate hash secret W = hash32(password) u.genHashSecret(W, dh_key_server_public) if hash_secret == u.hashsecret: # Generate DH shared key u.genKey(dh_key_server_public) u.genHashSecret1(W, dh_key_server_public) server_socket.sendto(str(nonce2)+u.hashsecret1, (serverIP, int(Dport))) else: print('Hashes do not match' ) sys.exit(2) (dataRecv, addr) = server_socket.recvfrom(4096) offset =InitOffset iv = dataRecv[offset:offset+LengthIV] offset += LengthIV ciphertext = dataRecv[offset:len(dataRecv)] dh_aes_key = aeskeygen(u.key) # Decrypt the ciphertext using the key_sym and iv plaintext = AESDecrypt(dh_aes_key, iv, ciphertext) msg = str(bytes(plaintext)) print('Received ACK') networkinfo = client_socket.getsockname()[0] + ',' + str(client_socket.getsockname()[1]) # Encrypt the network info using DH Key iv = os.urandom(LengthIV) nwinfo = AESEncrypt(networkinfo, dh_aes_key, iv) # Encrypt username and encrypted networkinfo using new aes key , and encrypt sym key using rsa server ublic key new_iv = os.urandom(LengthIV) new_sym_key = keygen() msg_nwinfo = username + ',' + bytes(nwinfo) encrypted_msg = AESEncrypt(msg_nwinfo, new_sym_key, new_iv) # Encrypt the symmetric key with rsa public key cipher_new_key = RSAEncrypt(new_sym_key, serverpubkey) info_msg = bytes(new_iv) + bytes(iv) + bytes(cipher_new_key) + bytes(encrypted_msg) print('Sending common port info and peer AuthKey') server_socket.sendto(info_msg, (serverIP, int(Dport))) pass