def verify_auth(secret, salt, org_random_str, auth_normalized):
xored_random_str = xor_in_pi(org_random_str)
auth = qcrypt.denormalize(auth_normalized)
aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
new_random_str = aes.decrypt(auth)
if debug:
print '\n------verify_auth------'
print saltedhash_hex(secret, salt)
print qcrypt.normalize(xored_random_str)
print qcrypt.normalize(new_random_str)
print '------verify_auth------\n'
return bool(xored_random_str == new_random_str)
def verify_auth(self, new_auth_msg):
vr = auth.verify_auth(self.secret, self.salt, self.auth_msg, new_auth_msg)
msg = str(int(vr))+os.urandom(7)
sig = auth.sign_msg(self.partner_secret_hash, msg)
msg = qcrypt.normalize(msg)
self.send('verification_result', msg, sig)
self.authenticated = vr
return vr
def create_auth(secret_hash_normalized, random_str):
if len(random_str)%16 != 0: raise Exception, 'not len(random_str) === 16 mod 16'
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = qcrypt.normalize(aes.encrypt(random_str))
if debug:
print '\n------create_auth------'
print secret_hash_normalized
print ciphertext
print '-----create_auth-------\n'
return ciphertext
def sign_auth(secret, salt, secret_hash_normalized, auth_normalized):
auth = qcrypt.denormalize(auth_normalized)
aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
plaintext = aes.decrypt(auth)
new_plaintext = xor_in_pi(plaintext)
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = qcrypt.normalize(aes.encrypt(new_plaintext))
if debug:
print '\n------sign_auth------'
print saltedhash_hex(secret, salt)
print secret_hash_normalized
print ciphertext
print '-----sign_auth-------\n'
return ciphertext
def xor_in_pi(text_bin):
flen = int(os.stat('pi.bin')[stat.ST_SIZE])
max_start = flen - len(text_bin)
some_pi = get_some_pi(max_start, qcrypt.normalize(text_bin))
xor = XOR.new(some_pi)
ciphertext = xor.encrypt(text_bin)
if debug:
print '\n------xor_in_pi------'
print qcrypt.normalize(text_bin)
print qcrypt.normalize(some_pi)
print qcrypt.normalize(ciphertext)
print '------xor_in_pi------\n'
return ciphertext
def create_server_keystub():
secret = create_secret()
salt = qcrypt.normalize(os.urandom(64))
d = {'secret':secret, 'salt':salt}
return d
def create_secret():
return qcrypt.normalize(os.urandom(256))
import authenticator as auth
import os, qcrypt, keyfile, nDDB
f = open(raw_input('path of server secret: '), 'r')
s_secret_hash = f.read()
f.close()
f_name = raw_input('first name: ')
l_name = raw_input('last name: ')
print 'the login name is used as a part of the keyfile name so make it conform'
print 'to os standards. Thank you. there is *no* validation.'
login_name = raw_input('login name: ')
email = raw_input('email: ')
password = raw_input('password: '******'_keyfile')
nDDB.saveAdvanceDDB(login_name+'_serveruser', s_user)
def get_uid(self):
uid = None
while uid == None or self.clients.has_key(uid): uid = qcrypt.normalize(os.urandom(8))
return uid
def request_pub_key(self):
k = self.pri_key.publickey().__getstate__()
msg = qcrypt.normalize(nDDB.encode(k))
signature = auth.sign_msg(self.partner_secret_hash, msg)
self.send('set_pub_key', msg, signature)
print 'sent signed public key'
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = aes.encrypt(plaintext)
signature = hash_hex(ciphertext)
return signature
def verify_signature(secret, salt, msg, signature):
plaintext, spaces_added = qcrypt._appendSpaces(msg)
aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
ciphertext = aes.encrypt(plaintext)
new_signature = hash_hex(ciphertext)
return bool(new_signature == signature)
if __name__ == '__main__':
debug = True
s_pass = '******'
c_pass = '******'
s_salt = qcrypt.normalize(os.urandom(32))
c_salt = qcrypt.normalize(os.urandom(32))
s_ps_h = saltedhash_hex(s_pass, s_salt)
c_ps_h = saltedhash_hex(c_pass, c_salt)
ran_str = os.urandom(32) #should be larger in reality. this is so it fits on my screen
print '\n------random_str------'
print qcrypt.normalize(ran_str)
print '------random_str------\n'
a1 = create_auth(c_ps_h, ran_str)
a2 = sign_auth(c_pass, c_salt, s_ps_h, a1)
r = verify_auth(s_pass, s_salt, ran_str, a2)
print r
