def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
def test_compute_key(self):
a = DH.load_params('test/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
self.assertEqual(len(a), 128)
self.assertRaises(DH.DHError, setattr, a, 'p', 1)
self.assertRaises(DH.DHError, setattr, a, 'priv', 1)
def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
self.assertEqual(len(a), 128)
self.assertRaises(DH.DHError, setattr, a, 'p', 1)
self.assertRaises(DH.DHError, setattr, a, 'priv', 1)
def test():
print 'generating dh params:'
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print 'p = ', ` a.p `
print 'g = ', ` a.g `
print 'a.pub =', ` a.pub `
print 'a.priv =', ` a.priv `
print 'b.pub =', ` b.pub `
print 'b.priv =', ` b.priv `
print 'a.key = ', ` a.compute_key(b.pub) `
print 'b.key = ', ` b.compute_key(a.pub) `
def test():
print "generating dh params:"
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print "p = ", ` a.p `
print "g = ", ` a.g `
print "a.pub =", ` a.pub `
print "a.priv =", ` a.priv `
print "b.pub =", ` b.pub `
print "b.priv =", ` b.priv `
print "a.key = ", ` a.compute_key(b.pub) `
print "b.key = ", ` b.compute_key(a.pub) `
def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
self.assertEqual(ak, bk)
self.assertEqual(len(a), 128)
with self.assertRaises(DH.DHError):
setattr(a, 'p', 1)
with self.assertRaises(DH.DHError):
setattr(a, 'priv', 1)
def test_print_params(self):
a = DH.gen_params(1024, 2, self.genparam_callback)
bio = BIO.MemoryBuffer()
a.print_params(bio)
params = bio.read()
assert params.find('(1024 bit)')
assert params.find('generator: 2 (0x2)')
def test_print_params(self):
a = DH.gen_params(1024, 2, self.genparam_callback)
bio = BIO.MemoryBuffer()
a.print_params(bio)
params = bio.read()
assert params.find('(1024 bit)')
assert params.find('generator: 2 (0x2)')
def __init__(self, bind_address, database):
self.database_sock = database
self.address = bind_address
self.server_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
logging.info("Generating a {}-bit prime...".format(DH_SIZE))
self.dh_params = M2DH.gen_params(DH_SIZE, 2)
logging.info('Done!')
self.clients = [] # List containing all connected clients.
self.is_online_flag = [] # Flag used by ChatServer.is_online method.
def unpackDH(self, machine, RR, hit1, hit2, mode):
if RR[:5] <> '\x02\x00\xff\x02\x00':
raise ValueError
(p, rest) = unpackLV(RR[5:])
(g, rest) = unpackLV(rest)
(pub, rest) = unpackLV(rest)
if mode:
machine.DH = DH.set_params(nbo2BN(p), nbo2BN(g))
machine.DH.gen_key()
machine.dhkey = machine.DH.compute_key(nbo2BN(pub))
return keymatgen(machine.dhkey, [hit1, hit2])
def __init__(self):
"""
Load OpenSSL dhparams from dhparams.pem file - the encoDHer distribution
includes a 8192 bit prime in dhparams.pem. Also, strip the OpenSSL headers
from the imported dhparams and convert to long.
"""
self.dh = DH.load_params('/usr/local/lib/dhparams.pem')
self.dh.gen_key()
self.prime = long(hexlify(self.dh.p)[10:], 16)
self.generator = int(hexlify(self.dh.g)[8:], 16)
self.privateKey = long(hexlify(self.dh.priv)[8:], 16)
self.publicKey = long(hexlify(self.dh.pub)[8:], 16)
def generatePublicKey():
a = DH.gen_params(PUBLIC_KEY_SIZE, 2)
a.gen_key()
public_key = a.pub
public_key_length = len(public_key)
if public_key_length < PUBLIC_KEY_SIZE:
length = PUBLIC_KEY_SIZE - public_key_length
public_key = pack(">%dB" % length, *[0x00 for i in xrange(0, length)]) + public_key
elif public_key_length > PUBLIC_KEY_SIZE:
public_key = public_key[0:PUBLIC_KEY_SIZE]
print "public key length:", len(public_key)
return public_key
def generatePublicKey():
a = DH.gen_params(PUBLIC_KEY_SIZE, 2)
a.gen_key()
public_key = a.pub
public_key_length = len(public_key)
if public_key_length < PUBLIC_KEY_SIZE:
length = PUBLIC_KEY_SIZE - public_key_length
public_key = pack(">%dB" % length, *[0x00 for i in xrange(0, length)
]) + public_key
elif public_key_length > PUBLIC_KEY_SIZE:
public_key = public_key[0:PUBLIC_KEY_SIZE]
print "public key length:", len(public_key)
return public_key
def __init__(self, host='127.0.0.1', port=DEFAULT_PORT):
"""
Initialize a new server object.
:param host: IP address of the server
:param port: Port to use for the server
"""
print("SecureChat Sever v{}".format(__version__))
self.host = host
self.port = port
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Generate Diffie-Hellman Key Exchange Parameters
print("Generating a {}-bit prime...".format(DH_SIZE))
self.dh_params = M2DH.gen_params(DH_SIZE, 2)
print("Done!")
self.clients = []
# Start the server, break on ^C
try:
self.start()
except KeyboardInterrupt:
print("\rExiting...")
[self.disconnect(client) for client in self.clients]
self.socket.close()
sys.exit()
def init_dhparams():
global dh1024
dh1024 = DH.load_params('dh1024.pem')
def test_load_params(self):
a = DH.load_params('tests/dhparams.pem')
assert a.check_params() == 0
def test_gen_params(self):
a = DH.gen_params(128, 2, self.genparam_callback)
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
assert a.check_params() == 0
def test_load_params(self):
a = DH.load_params('tests/dhparams.pem')
self.assertEqual(a.check_params(), 0)
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
self.assertEqual(a.check_params(), 0)
def test_init_junk(self):
with self.assertRaises(TypeError):
DH.DH('junk')
def setUp(self):
self.SM = StateMachine(state=E0, HI=testHI)
self.SM.setFQDN('1234')
self.SM.localHIT = self.SM.HI.pack()
self.SM.remoteHIT = '\xde\xad\xbe\xef\xde\xad\xbe\xef'
self.SM.DH = DH.load_params('dh512.pem')
def test_load_params(self):
a = DH.load_params('test/dhparams.pem')
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
assert a.check_params() == 0
def init_dhparams():
global dh1024
dh1024 = DH.load_params('dh1024.pem')
def test_load_params(self):
a = DH.load_params("tests/dhparams.pem")
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
self.assertEqual(a.check_params(), 0)
def test_load_params(self):
a = DH.load_params('tests/dhparams.pem')
self.assertEqual(a.check_params(), 0)
def main():
# seeding the PRNG with 1024 random bytes from OS
# from M2Crypto
Rand.rand_seed (os.urandom (1024))
while 1:
#======================================================
# draw MAIN SCREEN
mainScreen = MainScreen()
centerWindow(mainScreen, WINDOW_WIDTH_MS, WINDOW_HEIGHT_MS)
mainScreen.mainloop()
#======================================================
### begin connecting to the srver
# buffer length
buffer_length = 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# require a certificate from the server
myhost = 'localhost'
myport = 4321
try:
# ssl.CERT_NONE : cause we are using a self signed certificate
ssl_sock = ssl.wrap_socket(s,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1)
ssl_sock.connect((myhost, myport))
#print repr(ssl_sock.getpeername())
#print ssl_sock.cipher()
#begin to receive DH key exchange data from server
#in order of p,g,g^a
serverDH_p = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_g = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_pub = base64.b64decode(ssl_sock.read(buffer_length))
myDHobject = DH.set_params(serverDH_p, serverDH_g)
# pick random p and generate g^b in myDhobject.pub
myDHobject.gen_key()
ssl_sock.sendall(base64.b64encode(myDHobject.pub))
# generate shared AES Key
sharedAESkey = myDHobject.compute_key(serverDH_pub)
# print 'shared AES Key ', hexlify(sharedAESkey)
# now we have a secure shared 256-bit AES key to send data around
# it was Diffie Hellman, so even if TLS was borked, hopefully noone knows it
except:
#ZZZ change to msgbox
tkMessageBox.showwarning(title = "Connection Error",
message = "Cannot connect to server.")
ssl_sock.close()
# mainScreen.destroy()
# print 'Cannot connect to server', myhost , ':' , myport
continue
#======================================================
# draw AUTHENTICATION SCREEN
authScreen = AuthScreen()
centerWindow(authScreen, WINDOW_WIDTH_AUTH, WINDOW_HEIGHT_AUTH)
authScreen.mainloop()
# voterID, privateRSAKey and PIN are valid
#======================================================
# start validating login
# get the chosen IV in base64
chosen_IV_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
chosen_IV = b64decode(chosen_IV_inbase64)
# print 'got chosen_IV ', hexlify(chosen_IV)
# voterID || PIN
voterID_PIN = voterID + voterPIN
# print 'voterID_PIN ', str(voterID_PIN)
# calculate sha256 hash of voterID || PIN in base64
hash_of_voterID_PIN_inbase64 = RSAKeyHandling.sha256hash_base64(voterID_PIN)
# print 'hash of voterID_PIN in base 64 ', hash_of_voterID_PIN_inbase64
# encrypt it using AES 256
# key = sharedAESKey
# IV = chosen_IV
encrypted_AES_hash = RSAKeyHandling.AES_encryptor(sharedAESkey, hash_of_voterID_PIN_inbase64, chosen_IV)
# convert it into base64
encrypted_AES_hash_inbase64 = base64.b64encode(encrypted_AES_hash)
# send it to the server
ssl_sock.sendall(encrypted_AES_hash_inbase64)
# print 'sent to server encrypted_AES_hash_inbase64 ', encrypted_AES_hash_inbase64
# wait for server to return user_exists or user_has_voted
user_exists_base64 = ssl_sock.read(buffer_length)
# decode it from base64
user_exists = base64.b64decode(user_exists_base64)
# print hexlify(user_exists)
# decrypt it from AES using sharedAESkey and chosenIV
user_exists = RSAKeyHandling.AES_decryptor(sharedAESkey, user_exists, chosen_IV)
# print user_exists
if user_exists == 'LOL_NO_WAY':
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Not Eligible User",
message = "Sorry, User Not Eligible to Vote")
#print 'Sorry, user not eligible to vote'
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
# if user is eligible to vote
# load privatekey
rsakey = RSA.load_key(privateRSAKey, RSAKeyHandling.empty_callback)
try:
# user_exists must contain the hash_normal encrypted with public key
# decrypt it
decrypted_hash = rsakey.private_decrypt(user_exists, RSA.pkcs1_padding)
except:
# decryption didn't work
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decyption Error",
message = "Sorry, Wrong User Credentials")
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
if decrypted_hash != hash_of_voterID_PIN_inbase64:
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decryption Error",
message = "Sorry, Wrong User Credentials")
# print 'Sorry, wrong user credentials'
ssl_sock.close()
continue
# sys.exit()
# now the user is authenticated and we can go on
# start voting
#======================================================
#draw choice screen for president/congress/counsel/
polls = {
"president" : (1, 3),
"congress" : (1, 5),
"counsel" : (2, 4)
}
votes = {
"president" : None,
"congress" : None,
"counsel" : None
}
for poll in polls:
window = Group(poll, polls[poll][0], polls[poll][1]) # def __init__(self, _vf, _ms, _mo, master=None):
centerWindow(window, WINDOW_WIDTH_MAIN, WINDOW_HEIGHT_MAIN)
window.mainloop()
votes[poll] = tuple(userVote) # store user vote
del userVote[:] # clear user vote
# send the votes to server
# print votes
votes_string = json.dumps(votes)
# convert votes to base64
votes_string_inbase64 = base64.b64encode(votes_string)
# to load it later
# votes_n = json.loads(vote_str)
# begin to encrypt votes
encrypted_votes_string = RSAKeyHandling.AES_encryptor(sharedAESkey, votes_string_inbase64, chosen_IV)
# convert it to base64
encrypted_votes_string_inbase64 = base64.b64encode(encrypted_votes_string)
# send it to the server
ssl_sock.sendall(encrypted_votes_string_inbase64)
# wait for the thank you note
encrypted_thankyou_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
encrypted_thankyou = base64.b64decode(encrypted_thankyou_inbase64)
# decrypt it using AES
decrypted_thankyou = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_thankyou, chosen_IV)
print decrypted_thankyou
# draw END SCREEN
endScreen = EndScreen()
centerWindow(endScreen, WINDOW_WIDTH_ES, WINDOW_HEIGHT_MS)
endScreen.mainloop()
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()
def run(self):
server_start = Server.Server()
server_start.touchResultsFile()
auditlogname = './AuditLog.pkl'
if (os.path.exists(auditlogname)):
os.remove(auditlogname)
counterplname = './CounterPL.txt'
if (os.path.exists(counterplname)):
os.remove(counterplname)
# try:
# os.remove(auditlogname)
# except OSError:
# pass
# try:
# os.remove(counterplname)
# except OSError:
# pass
# read it from config file later
number_of_users = 100
print 'server thread started'
# change buffer length here in bits
buffer_length = 5000
# seeding the PRNG with 1024 random bytes from OS
M2Crypto.Rand.rand_seed (os.urandom (1024))
# host address
# myhost = 'localhost'
myhost = '' # all interfaces
# port , which is hopefully not used
myport = 4321
# number of concurrent connections to the server, will drop after that
number_of_concurrent_connections = 3
# binding a socket
bindsocket = socket.socket()
bindsocket.bind((myhost, myport))
# start listening
bindsocket.listen(number_of_concurrent_connections)
print 'listening'
# read the pickle database
databaseobject = Database.Database()
serverDB = databaseobject.readAllDataFromDatabase(number_of_users)
# now we have the database loaded in voting_database
while True:
#ZZZ remover it later
print 'inside while'
# connection part
mysocket, fromaddr = bindsocket.accept()
# wrap SSL around the socket
connstream = ssl.wrap_socket(mysocket,
server_side=True,
certfile="servercert", # server certification file
keyfile="serverkey", # server private key file
ssl_version=ssl.PROTOCOL_TLSv1) # using TLS
# deal_with_client(connstream)
print 'Client connected from address ' + str(fromaddr)
# beginning DH key exchange
# print 'beginning DH Key exchange'
# 256 = length
# 2 = generator, which is usally 2 or 5
# empty_callback : to avoid writing garbage to screen
serverDH = DH.gen_params(256, 2, RSAKeyHandling.empty_callback)
# generate the random number a, now g^a will be in serverDH.pub
serverDH.gen_key()
# now we need to send serverDH.p , serverDH.g and serverDH.pub
# first they need to be converted to base64 and then sent
connstream.sendall(base64.b64encode(serverDH.p)) # p
connstream.sendall(base64.b64encode(serverDH.g)) # g
connstream.sendall(base64.b64encode(serverDH.pub)) # g^a
# now wait for the g^b from client to computer sharedAESkey
clientDH_pub = base64.b64decode(connstream.read(buffer_length))
# compute sharedAESkey
sharedAESkey = serverDH.compute_key(clientDH_pub)
# print 'shared AES Key ', hexlify(sharedAESkey)
# now we have a 256 bit shared AES key to encrypt data with
# now we can send voterID and check for correction in order to authenticate the voter
# or send votes
# generate 16 byte chosen_IV
chosen_IV = Rand.rand_bytes(16)
# encode it to base64 (to avoid 00 bytes)
chosen_IV_inbase64 = base64.b64encode(chosen_IV)
# send it to client
connstream.sendall(chosen_IV_inbase64)
# print 'Sent chosen IV ' , hexlify(chosen_IV)
# wait for the AES_encrypted sha hash of voterID || PIN in base64
hash_inbase64 = connstream.read(buffer_length)
# print 'received encrypted_hash_inbase64 ', hash_inbase64
# decode it from base64
encrypted_hash = base64.b64decode(hash_inbase64)
# decrypt it from AES
# key = sharedAESkey
# iv = chosen_IV
hash_normal = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_hash, chosen_IV)
# print 'hash_normal ', hash_normal
# now we have the normal hash and can look up user data
####ZZZ do a print (which user connected)
print hash_normal
if hash_normal in serverDB:
print 'user in DB'
# look it up from DB
user_public_key_inbase64 = serverDB[hash_normal]['pkey']
# we dont need to convert it from base64. our code does that
# load the public rsa key into an rsakey for encryption
rsakey = RSAKeyHandling.load_public_rsakey_from_b64string(user_public_key_inbase64)
# check if he has voted
has_voted = serverDB[hash_normal]['voted']
# we dont want to immediately reject after we see that he has voted, to avoid timing attacks
# so we add the public key too anyway
# if he has voted
# send VOTED
if (has_voted == 1):
# print 'user has voted'
# send LOL_NO_WAY
# encrypt it using AES, sharedAESkey and chosen_IV
encrypted_msg = RSAKeyHandling.AES_encryptor(sharedAESkey, 'LOL_NO_WAY', chosen_IV)
# convert it to base64
encrypted_msg_inbase64 = base64.b64encode(encrypted_msg)
# send it to the server
connstream.sendall(encrypted_msg_inbase64)
# break the connection
# BYE BYE
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
else: # user has not voted and can vote
# otherwise (if the user has not voted)
# encrypt the hash_normal with public key using RSA
# padding = PKCS1
encrypted_hash_normal = rsakey.public_encrypt(hash_normal, RSA.pkcs1_padding)
# encrypt it with AES
encrypted_hash_normal = RSAKeyHandling.AES_encryptor(sharedAESkey, encrypted_hash_normal, chosen_IV)
# encode it to base64 to send
encrypted_hash_normal_inbase64 = base64.b64encode(encrypted_hash_normal)
# send it
connstream.sendall(encrypted_hash_normal_inbase64)
# print 'sent public encrypted'
else: # if he is not in DB
# send LOL_NO_WAY
# encrypt it using AES, sharedAESkey and chosen_IV
encrypted_msg = RSAKeyHandling.AES_encryptor(sharedAESkey, 'LOL_NO_WAY', chosen_IV)
# convert it to base64
encrypted_msg_inbase64 = base64.b64encode(encrypted_msg)
# send it to the server
connstream.sendall(encrypted_msg_inbase64)
# break the connection
# BYE BYE
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
# now we need to wait for votes to be sent
# read votes sent to server
encrypted_votes_inbase64 = connstream.read(buffer_length)
# decode it from base64
encrypted_votes = base64.b64decode(encrypted_votes_inbase64)
# decrypt it using AES, we will get a base64 encoding of a json string of the dictionary
try:
decrypted_votes_inbase64_json = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_votes, chosen_IV)
except:
# bad votes received
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
# decode it from base64
decrypted_votes_json = base64.b64decode(decrypted_votes_inbase64_json)
# de-json it
decrypted_votes = json.loads(decrypted_votes_json)
# note in the vote log, we don't want people to vote many times, THIS IS NOT IRAN or maybe it is ? :D
serverDB[hash_normal]['voted'] = 1
# making server object to use the utility functions
myserver = Server.Server()
auditDict = {
hash_normal:{
'president': decrypted_votes['president'],
'congress' : decrypted_votes['congress'],
'counsel' : decrypted_votes['counsel']
}
}
# add votes to the DB
myserver.addToAuditLogFile(auditDict)
myserver.addToResultsFile(decrypted_votes)
# Make vote confirmation message
thankyou_msg = 'Votes OK'
# Encrypt it
encrypted_thanks = RSAKeyHandling.AES_encryptor(sharedAESkey, thankyou_msg, chosen_IV)
# convert it to base64
encrypted_thanks_inbase64 = base64.b64encode(encrypted_thanks)
# send it to the client
connstream.sendall(encrypted_thanks_inbase64)
#finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
