def authenticate(self):
TGS_key_encoded, TGT = send((self.user, '_'), URL_AS).split()
secret = lib.one_way_hash(self.passwd)
TGS_key = lib.decrypt(TGS_key_encoded, secret)
return TGS_key, TGT
def resolve(self, CTS_encrypted, message, addr):
CTS = literal_eval(lib.decrypt(CTS_encrypted, self.private_key))
if CTS[1] != addr:
return 'IP does not match ticket'
if CTS[2] < time():
return 'Session expired, please re-authenticate'
return self.process_msg(message, CTS[0])
def main(): generated_key = key_exchange() key = format_key(generated_key) enc_pass = encrypt(password, key) send(enc_pass) enc = read() flag = decrypt(enc, key)
def post(self):
#记录一个是否加密的状态变量
is_crypted = int(self.request.body[0])
req_body = lib.decrypt(self.request.body)
req_body = lib.loadDict(req_body)
method = getattr(urlfetch, req_body.command)
# 如超时则自动重试4次,4次失败后,GAE会抛错并返回给client 500错误。
for dl in lib.deadlineRetry:
try:
res = urlfetch.fetch(
url=req_body.path,
payload=lib.atob(req_body.payload),
method=method,
headers=json.loads(req_body.headers),
follow_redirects=False,
deadline=dl,
validate_certificate=True,
)
except urlfetch.DownloadError, e:
logging.error(u'下载错误: %s' % e)
else:
break #没有抛出任何异常则跳出循环
def decrypt_response_payload(self, encrypted, hmac):
assert self.ecdh_server_public_key
# Verify hmac received
hmac_calculated = hmac_sha256(self.response_hmac_key, encrypted)
assert compare_digest(hmac, hmac_calculated)
# Return decrypted data
return decrypt(self.response_encryption_key, encrypted)
def service_request(self, CTS, CTS_key, url):
authenticator = (self.user, str(time()))
authenticator_encrypted = lib.encrypt(str(authenticator), CTS_key)
timestamp_encrypted = send((CTS, authenticator_encrypted),
url).split()[0]
timestamp = lib.decrypt(timestamp_encrypted, CTS_key)
return timestamp == authenticator[1]
def authorize(self, TGT, TGS_key, service_id):
unencrypted = str((TGT, service_id))
encrypted = lib.encrypt_tuple((self.user, time()), TGS_key)
CTS, CTS_key_encrypted = send((unencrypted, encrypted),
URL_TGS).split()
CTS_key = lib.decrypt(CTS_key_encrypted, TGS_key)
return CTS, CTS_key
def main():
generated_key = key_exchange()
key = format_key(generated_key)
enc_pass = read()
dec_pass = decrypt(enc_pass, key)
if dec_pass != password:
print("wrong password, terminating")
return
enc = encrypt(flag, key)
send(enc)
def engine(args):
try:
if args.Encrypt is True:
if args.Decrypt is True:
parser.error(
'Cannot use --Encrypt and --Decrypt given together.')
sys.exit(1)
else:
pass
if args.Encrypt is False:
if args.Decrypt is False:
parser.error(
'Must use either --Encrypt, or --Decrypt modes. Not both.')
sys.exit(1)
else:
pass
if not args.File:
parser.error(
'Cannot use --Encrypt, or --Decrypt without a file location.')
sys.exit(1)
if not args.Password:
parser.error(
'Cannot use --Encrypt, or --Decrypt without a password.')
sys.exit(1)
if not args.IV:
parser.error('Cannot use --Encrypt, or --Decrypt without an IV.')
sys.exit(1)
key = padpwd(args.Password)
iv = padiv(args.IV)
settings = opts(key, iv)
op = reader(args.File)
if args.Encrypt is True:
pd = pad(op)
enc = encrypt(pd)
wr = writer(args.File, enc)
print('Encryption completed for: {}'.format(args.File))
sys.exit(0)
if args.Decrypt is True:
dec = decrypt(op)
unp = unpad(dec)
wr = writer(args.File, unp)
print('Decryption completed for: {}'.format(args.File))
sys.exit(0)
else:
sys.exit(0)
except KeyboardInterrupt:
sys.exit(1)
except FileNotFoundError:
print('File Not Found: {}'.format(args.File))
sys.exit(1)
def post(self):
#记录一个是否加密的状态变量
is_crypted = int(self.request.body[0])
req_body = lib.decrypt(self.request.body)
req_body = lib.loadDict(req_body)
method = getattr(urlfetch, req_body.command)
# 如超时则自动重试4次,4次失败后,GAE会抛错并返回给client 500错误。
for dl in lib.deadlineRetry:
try:
res = urlfetch.fetch(url=req_body.path,
payload=lib.atob(req_body.payload),
method=method,
headers=json.loads(req_body.headers),
follow_redirects=False,
deadline=dl,
validate_certificate=True,
)
except urlfetch.DownloadError, e:
logging.error(u'下载错误: %s' % e)
else:
break #没有抛出任何异常则跳出循环
def do_GET(self):
# headers is a dict-like object, it doesn't have `iteritems` method, so convert it to `dict`
req_headers = dict(self.headers) # dict
req_headers = dict((h, v) for h, v in req_headers.iteritems() if h.lower() not in self.forbidden_headers)
req_body_len = int(req_headers.get('content-length', 0))
req_body = self.rfile.read(req_body_len) # bin or str
payload = {
'command': self.command, # str
'path': self.path, # str
'headers': json.dumps(req_headers), # json
'payload': lib.btoa(req_body), # str
}
#导出并压缩payload
payload = lib.dumpDict(payload)
#判断是否需要加密
if self.path.startswith('https'):
payload = lib.encrypt(payload)
else:
payload = '0' + payload
# 向GAE获取的过程
for i in range(4):
try:
res = urllib2.urlopen(gaeServer, payload, lib.deadlineRetry[i])
except (urllib2.URLError, socket.timeout) as e:
logging.error(e)
continue
if res.code == 200: # 如果打开GAE没发生错误
result = res.read()
result = lib.decrypt(result)
result = lib.loadDict( result )
res_status_code = result.status_code
res_headers = json.loads(result.headers)
res_content = lib.atob(result.content)
break
else:
# 如果urllib2打开GAE都出错的话,就换个g_opener吧。
urllib2.install_opener( get_g_opener() )
# 返回数据给浏览器的过程
try:
self.send_response(res_status_code) # 200 or or 301 or 404
res_headers['connection'] = 'close' # 这样不会对速度造成影响,反而能使很多的请求表现得更为准确。
for k, v in res_headers.iteritems():
try:
self.send_header(k, v)
except UnicodeEncodeError: # google plus里面就遇到了v包含中文的情况
pass
self.end_headers()
self.wfile.write(res_content)
except socket.error, e:
# 打开了网页后,在数据到达浏览器之前又把网页关闭了而导致的错误。
logging.error(e)
def do_GET(self):
# headers is a dict-like object, it doesn't have `iteritems` method, so convert it to `dict`
req_headers = dict(self.headers) # dict
req_headers = dict((h, v) for h, v in req_headers.iteritems() if h.lower() not in self.forbidden_headers)
req_body_len = int(req_headers.get("content-length", 0))
req_body = self.rfile.read(req_body_len) # bin or str
payload = {
"command": self.command, # str
"path": self.path, # str
"headers": json.dumps(req_headers), # json
"payload": lib.btoa(req_body), # str
}
# 导出并压缩payload
payload = lib.dumpDict(payload)
# 判断是否需要加密
if self.path.startswith("https"):
payload = lib.encrypt(payload)
else:
payload = "0" + payload
# 向GAE获取的过程
for i in range(4):
try:
res = urllib2.urlopen(gaeServer, payload, lib.deadlineRetry[i])
except (urllib2.URLError, socket.timeout) as e:
logging.error(e)
continue
if res.code == 200: # 如果打开GAE没发生错误
result = res.read()
result = lib.decrypt(result)
result = lib.loadDict(result)
res_status_code = result.status_code
res_headers = json.loads(result.headers)
res_content = lib.atob(result.content)
break
else:
# 如果urllib2打开GAE都出错的话,就换个g_opener吧。
urllib2.install_opener(get_g_opener())
# 返回数据给浏览器的过程
try:
self.send_response(res_status_code) # 200 or or 301 or 404
res_headers["connection"] = "close" # 这样不会对速度造成影响,反而能使很多的请求表现得更为准确。
for k, v in res_headers.iteritems():
try:
self.send_header(k, v)
except UnicodeEncodeError: # google plus里面就遇到了v包含中文的情况
pass
self.end_headers()
self.wfile.write(res_content)
except socket.error, e:
# 打开了网页后,在数据到达浏览器之前又把网页关闭了而导致的错误。
logging.error(e)
