def process_payload(self, message, conn):
print "Received payload at server"
if len(message) < 12:
return '\x03', None
# Validate some bytes
message_id = message[0]
if not util.is_known_message_id(message_id):
return '\x02', None
if not message[0] == ord('\x07'):
return '\x01', None
if not message[5:7] == self.session_ids[conn]:
return '\x04', None
# Get the length of the actual payload and extract it
length = util.binary_to_int(message[7:11])
if len(message) < 12 + length:
return '\x03', None
payload = message[11:11 + length]
# Validate some bytes
if not (message[11 + length] == ord('\xF0')
and message[12 + length] == ord('\xF0')):
return '\x06', None
# If no listener, nothing to do
if self.payload_listener is None:
return None, None
# Let listener generate replies
replies = self.payload_listener.callback(payload, self.user_ids[conn])
return None, replies
def process_payload(self, message, conn):
print "Received payload at client"
if len(message) < 12:
return '\x03'
# Validate some bytes
message_id = message[0]
if not util.is_known_message_id(message_id):
return '\x02'
if not message[0] == ord('\x07'):
return '\x01'
if not message[5:7] == self.session_id:
return '\x04'
# Get the unencrypted payload length
length = util.binary_to_int(message[7:11])
if len(message) < 12 + length:
return '\x03'
# Extract the payload
payload = message[11:11 + length]
if not (message[11 + length] == ord('\xF0') and message[12 + length] == ord('\xF0')):
return '\x06'
# If no listener, nothing to do
if self.payload_listener is None:
return None
# Generate reply
self.payload_listener.callback(payload, self)
return None
def process_hello(self, message, conn):
print "Received Server Hello"
if len(message) != 1249:
return '\x03'
# Validate some bytes
message_id = message[0]
if not util.is_known_message_id(message_id):
return '\x02'
if not message[0] == ord('\x02'):
return '\x01'
if not message[5] == ord('\x64'):
return '\x05'
if not message[6] == ord('\x65'):
return '\x05'
# Extract server_random and session ID
self.server_random = util.binary_to_text(message[7:39])
self.session_id = message[39:41]
# Validate some more bytes
if not (message[41] == ord('\x00') and message[42] == ord('\x2F')):
return '\x05'
self.certificate_required = message[43] == ord('\x01')
# Parse and validate the server certificate
server_cert = crypto.load_certificate(crypto.FILETYPE_PEM, util.binary_to_text(message[44:1247]))
if server_cert.get_issuer().commonName != 'orion' or server_cert.has_expired():
return '\x07'
# Extract server public key
self.server_pubkey = Crypto.PublicKey.RSA.importKey(
M2Crypto.X509.load_cert_string(message[44:1247]).get_pubkey().as_der())
# Validate some more bytes
if not (message[1247] == ord('\xF0') and message[1248] == ord('\xF0')):
return '\x06'
return None
def process_finished(self, message, conn):
print "Received FinishedClient"
if len(message) != 10:
return '\x03'
# Validate some bytes
message_id = message[0]
if not util.is_known_message_id(message_id):
return '\x02'
if not message[0] == ord('\x04'):
return '\x01'
if not message[5:7] == self.session_ids[conn]:
return '\x04'
# skip state
if not (message[8] == ord('\xF0') and message[9] == ord('\xF0')):
return '\x06'
return None
def process_hello(self, message, conn):
print "Received ClientHello"
if len(message) != 43:
return '\x03'
message_id = message[0]
# Validate some bytes
if not util.is_known_message_id(message_id):
return '\x02'
if not message[0] == ord('\x01'):
return '\x01'
if not message[5] == ord('\x64'):
return '\x05'
if not message[6] == ord('\x65'):
return '\x05'
# Extract client_random
self.client_randoms[conn] = util.binary_to_text(message[7:39])
# Validate some more bytes
if not (message[39] == ord('\x00') and message[40] == ord('\x2F')):
return '\x05'
if not (message[41] == ord('\xF0') and message[42] == ord('\xF0')):
return '\x06'
return None
def process_key_exchange(self, message, conn):
print "Received ClientKeyExchange"
if len(message) < 1234:
return '\x03'
# Validate some bytes
message_id = message[0]
if not util.is_known_message_id(message_id):
return '\x02'
if not message[0] == ord('\x03'):
return '\x01'
if not message[5:7] == self.session_ids[conn]:
return '\x04'
# Parse and validate certificate
client_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, util.binary_to_text(message[7:1210]))
if client_cert.get_issuer(
).commonName != 'orion' or client_cert.has_expired():
return '\x08'
# Extract pubkey from certificate
self.client_pubkeys[conn] = Crypto.PublicKey.RSA.importKey(
M2Crypto.X509.load_cert_string(
message[7:1210]).get_pubkey().as_der())
# Extract and decrypt pre_master
length = util.binary_to_int(message[1210:1212])
if len(message) != 1234 + length:
return '\x03'
pre_master = rsa.long_to_text(
rsa.decrypt_rsa(util.binary_to_long(message[1212:1212 + length]),
self.private_key.d, self.private_key.n), 48)
# Validate login
user_id = client_cert.get_subject().commonName
if not self.accounts.get(user_id):
# Don't know this user at all
return '\x09'
expected_hash = sha1.sha1(
sha1.digestToString(self.accounts[user_id]) +
self.server_randoms[conn])
if not message[1212 + length:1232 + length] == util.int_to_binary(
expected_hash, 20):
return '\x09'
self.user_ids[conn] = user_id
# Validate some bytes
if not (message[1232 + length] == ord('\xF0')
and message[1233 + length] == ord('\xF0')):
return '\x06'
# Now knows enough to calculate master secret
server_random = self.server_randoms[conn]
client_random = self.client_randoms[conn]
master_secret = \
sha1.sha1(
sha1.digestToString(sha1.sha1(
pre_master + sha1.digestToString(sha1.sha1('A' + pre_master + client_random + server_random))))
+ sha1.digestToString(sha1.sha1(
pre_master + sha1.digestToString(sha1.sha1('BB' + pre_master + client_random + server_random))))
+ sha1.digestToString(sha1.sha1(
pre_master + sha1.digestToString(sha1.sha1('CCC' + pre_master + client_random + server_random)))))
self.master_secrets[conn] = master_secret
return None