def verify_auth(secret, salt, org_random_str, auth_normalized): xored_random_str = xor_in_pi(org_random_str) auth = qcrypt.denormalize(auth_normalized) aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC) new_random_str = aes.decrypt(auth) if debug: print '\n------verify_auth------' print saltedhash_hex(secret, salt) print qcrypt.normalize(xored_random_str) print qcrypt.normalize(new_random_str) print '------verify_auth------\n' return bool(xored_random_str == new_random_str)
def verify_auth(self, new_auth_msg): vr = auth.verify_auth(self.secret, self.salt, self.auth_msg, new_auth_msg) msg = str(int(vr))+os.urandom(7) sig = auth.sign_msg(self.partner_secret_hash, msg) msg = qcrypt.normalize(msg) self.send('verification_result', msg, sig) self.authenticated = vr return vr
def create_auth(secret_hash_normalized, random_str): if len(random_str)%16 != 0: raise Exception, 'not len(random_str) === 16 mod 16' aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = qcrypt.normalize(aes.encrypt(random_str)) if debug: print '\n------create_auth------' print secret_hash_normalized print ciphertext print '-----create_auth-------\n' return ciphertext
def sign_auth(secret, salt, secret_hash_normalized, auth_normalized): auth = qcrypt.denormalize(auth_normalized) aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC) plaintext = aes.decrypt(auth) new_plaintext = xor_in_pi(plaintext) aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = qcrypt.normalize(aes.encrypt(new_plaintext)) if debug: print '\n------sign_auth------' print saltedhash_hex(secret, salt) print secret_hash_normalized print ciphertext print '-----sign_auth-------\n' return ciphertext
def xor_in_pi(text_bin): flen = int(os.stat('pi.bin')[stat.ST_SIZE]) max_start = flen - len(text_bin) some_pi = get_some_pi(max_start, qcrypt.normalize(text_bin)) xor = XOR.new(some_pi) ciphertext = xor.encrypt(text_bin) if debug: print '\n------xor_in_pi------' print qcrypt.normalize(text_bin) print qcrypt.normalize(some_pi) print qcrypt.normalize(ciphertext) print '------xor_in_pi------\n' return ciphertext
def create_server_keystub(): secret = create_secret() salt = qcrypt.normalize(os.urandom(64)) d = {'secret':secret, 'salt':salt} return d
def create_secret(): return qcrypt.normalize(os.urandom(256))
import authenticator as auth import os, qcrypt, keyfile, nDDB f = open(raw_input('path of server secret: '), 'r') s_secret_hash = f.read() f.close() f_name = raw_input('first name: ') l_name = raw_input('last name: ') print 'the login name is used as a part of the keyfile name so make it conform' print 'to os standards. Thank you. there is *no* validation.' login_name = raw_input('login name: ') email = raw_input('email: ') password = raw_input('password: '******'_keyfile') nDDB.saveAdvanceDDB(login_name+'_serveruser', s_user)
def get_uid(self): uid = None while uid == None or self.clients.has_key(uid): uid = qcrypt.normalize(os.urandom(8)) return uid
def request_pub_key(self): k = self.pri_key.publickey().__getstate__() msg = qcrypt.normalize(nDDB.encode(k)) signature = auth.sign_msg(self.partner_secret_hash, msg) self.send('set_pub_key', msg, signature) print 'sent signed public key'
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = aes.encrypt(plaintext) signature = hash_hex(ciphertext) return signature def verify_signature(secret, salt, msg, signature): plaintext, spaces_added = qcrypt._appendSpaces(msg) aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC) ciphertext = aes.encrypt(plaintext) new_signature = hash_hex(ciphertext) return bool(new_signature == signature) if __name__ == '__main__': debug = True s_pass = '******' c_pass = '******' s_salt = qcrypt.normalize(os.urandom(32)) c_salt = qcrypt.normalize(os.urandom(32)) s_ps_h = saltedhash_hex(s_pass, s_salt) c_ps_h = saltedhash_hex(c_pass, c_salt) ran_str = os.urandom(32) #should be larger in reality. this is so it fits on my screen print '\n------random_str------' print qcrypt.normalize(ran_str) print '------random_str------\n' a1 = create_auth(c_ps_h, ran_str) a2 = sign_auth(c_pass, c_salt, s_ps_h, a1) r = verify_auth(s_pass, s_salt, ran_str, a2) print r