def execute_query(self, fields): #print len(fields) utility.print_user_log(self.client_address, "Executing query...") self.database.connect() opcode = fields[0] #print fields #va bene se invia IV anche i DEL, non necessario per if opcode == 'ADD' and len(fields) == 4: site, password, IV = fields[1:] utility.print_user_log(self.client_address, "PWD LEN: %d" % len(password)) #print "IV ADD: ", hexlify(IV) ret = self.database.add_password(self.client_ID, site, password, IV) elif opcode == 'DEL' and len(fields) == 3: site, password = fields[1:] ret = self.database.delete_password(self.client_ID, site, password) ''' if (opcode == 'ADD' or opcode == 'DEL') and len(fields) == 4+1: # +1 nonce site , password, IV = fields[1:-1] if opcode == 'ADD': ret = self.database.add_password(self.client_ID, site, password, IV) else: ret = self.database.delete_password(self.client_ID, site,password) ''' elif opcode == 'IV' and len(fields) == 2: site = fields[1] ret = self.database.find_IV(self.client_ID, site) elif opcode == 'UPD' and len(fields) == 5: site, old_pwd, new_pwd, new_IV = fields[1:] #print "IV ADD: ", hexlify(new_IV) ret = self.database.change_password(self.client_ID, site, old_pwd, new_pwd, new_IV) elif opcode == 'GET' and len(fields) == 2: site = fields[1] ret = self.database.find_password(self.client_ID, site) else: #print "ERROR" ret = (False, 105) self.database.disconnect() if opcode == 'GET' and ret[0] is True: #print "PASSWORD: "******"IV ADD: ", hexlify(ret[2]) response_fields = ["100", ret[1], ret[2]] elif opcode == 'IV' and ret[0] is True: #print hexlify(ret[1]) response_fields = ['100', ret[1]] else: response_fields = [str(ret[1])] return response_fields
def message_M4(self, nonce_prot_c): utility.print_user_log(self.client_address,'Sending M4...') hash_nonce_c = utility.get_hash(nonce_prot_c) data_to_pack = utility.concatenate('100', self.server_ID, self.client_ID, hash_nonce_c) hash_data = utility.get_hash(data_to_pack) data = utility.pack_message('100', self.server_ID, self.client_ID, hash_nonce_c, hash_data) IV = os.urandom(16) enc_data = utility.encrypt_AES(data, self.session_key, IV) if enc_data is None: utility.print_user_log(self.client_address, '[ERROR] Error during encryption') return None data_to_send = utility.pack_message(enc_data, IV) return data_to_send
def message_M1(self): utility.print_user_log(self.client_address,"Waiting for M1...") response_m1 = utility.recv_data(self.request, 0) #print response_m1 if response_m1 is None: utility.print_user_log(self.client_address,"client disconnected") return 201 #print "...OK" unpack_m1 = utility.unpack_message(response_m1, 4) if len(unpack_m1) != 1: return None #utility.print_user_log(self.client_address, 'UNPACK M1 '+unpack_m1) self.client_ID = unpack_m1[0] print 'ClientID: ',self.client_ID,'is connecting from: ', self.client_address return True
def finish(self): #utility.print_user_log(self.client_address,"Finish function" ) utility.print_user_log(self.client_address,"Cleaning the connection..." ) self.request.close() if hasattr(self, 'session_key'): utility.print_user_log(self.client_address, "Deleting secret information...") del self.session_key #del self.client_key self.database.disconnect() del self.database utility.print_user_log(self.client_address,"Cleaning completed" ) utility.print_line()
def message_M2(self): utility.print_user_log(self.client_address, "Sending M2..") # generate Nonce self.nonce_s = os.urandom(16) # print "nonce: ", nonce_s # read certificate cert = utility.read_cert('server_cert_1') # server_cert_1 if cert is None: utility.print_user_log(self.client_address,'[ERROR] Some errors occured reading the certificate') return None utility.print_user_log(self.client_address, 'Server certificate loaded') data_to_send = utility.pack_message(self.server_ID, cert, self.nonce_s) return data_to_send
def message_M3(self): priv_key = utility.load_priv_key('server_prvkey_1') if priv_key is None: utility.print_user_log(self.client_address,'[ERROR]Some errors occured reading the key') return None utility.print_user_log(self.client_address,'Private key loaded') # waiting for M3 utility.print_user_log(self.client_address,"Waiting for M3...") data_recv = utility.recv_data(self.request,0) if data_recv is None: utility.print_user_log(self.client_address, "[ERROR] Client disconnected during M3") return None utility.print_user_log(self.client_address, "Received M3..") encrypted_data = bytes(data_recv) decrypted_data = utility.decrypt_RSA(encrypted_data, priv_key) if decrypted_data is None: utility.print_user_log(self.client_address, '[ERROR] some errors occured decrypting the data') return None try: ''' print '_____________________________________' print decrypted_data print '_____________________________________' ''' fields = utility.unpack_message(decrypted_data, 4) #print fields if len(fields) != 8: return None # Manca TYPE | ... opcode, server_prot_ID,client_prot_ID, client_pass,session_key, nonce_prot_s, self.nonce_prot_c, hashed_data_c = fields except IndexError: utility.print_user_log(self.client_address, '[ERROR] incorrect message format') return None ''' for i in fields: print hexlify( i), "\n" ''' data_to_hash = ''.join(fields[0:7]) hashed_data = utility.get_hash(data_to_hash) ret = utility.secure_cmp(hashed_data, hashed_data_c) #print hexlify(hashed_data) #print hexlify(hashed_data_c) if (ret is False): utility.print_user_log(self.client_address, '[ERROR] Packet Hashes do not match') del session_key return None ret = utility.secure_cmp(self.nonce_s, nonce_prot_s) if(ret is False): utility.print_user_log(self.client_address, '[ERROR] Server Nonce is not fresh!') del session_key return None #print '1' ret = utility.secure_cmp(self.client_ID, client_prot_ID) if(ret is False): utility.print_user_log(self.client_address, '[ERROR] Client IDs do not match') del session_key return None #print '2' ret = utility.secure_cmp(self.server_ID, server_prot_ID) if(ret is False): utility.print_user_log(self.client_address, '[ERROR] Serve IDs do not match') del session_key return None #return (opcode, session_key, nonce_prot_c, client_pass) # ================================================================= if opcode == 'LOG': utility.print_user_log(self.client_address, "LOGIN REQUEST") # KDF(salted) e ricerca hash in database db = DB.Database() ret = db.connect() if ret[0] == False: utility.print_user_log(self.client_address, '[ERROR] Error during connecting to DB '+ str(ret[1])) del session_key return None user_config = db.find_user_config(self.client_ID, 'users') db.disconnect() if user_config == None: utility.print_user_log(self.client_address, '[ERROR] No user config found with ID: %s' % self.client_ID ) del session_key return None ID, hash_pwd, salt_hash = user_config hashed_pwd = bytes(hash_pwd) #print hash_pwd, hashed_pwd #print hexlify(hashed_pwd) #kdf = utility.get_kdf(client_pass, salt_kdf) #hashed_kdf = utility.get_hash(kdf, salt_hash) #if hashed_kdf == None: # utility.print_user_log(self.client_address, '[ERROR] Error during KDF creation') # del session_key # return None # Check importante, hashed_kdf é l'hash della kdf della password che mi invia l'utente # hashed_pwd é l'hash della kdf della password che ho nel DB hash_pwd_c = utility.get_hash(client_pass, salt_hash) ret = utility.secure_cmp(hashed_pwd, hash_pwd_c) if ret == False: utility.print_user_log(self.client_address, '[ERROR] Password hashes do not match') del session_key return None # ===================================================================== # REG =============================================================== elif opcode == 'REG': utility.print_user_log(self.client_address,'SIGNIN REQUEST') db = DB.Database() ret = db.connect() if ret[0] == False: utility.print_user_log(self.client_address,'[ERROR CONNECT] '+ str(ret[0])) del session_key return None user_config = db.find_user_config(self.client_ID, 'users') db.disconnect() if user_config != None: utility.print_user_log(self.client_address,'[ERROR CONFIG] User: '******' already present') del session_key return 203 # bytes salts salt_hash = os.urandom(16) #kdf = utility.get_kdf(client_pass, salt_kdf) #hashed_kdf = utility.get_hash(kdf, salt_hash) hashed_pwd = utility.get_hash(client_pass, salt_hash) #print hashed_kdf ''' if hashed_kdf == None: utility.print_user_log(self.client_address,'[ERROR] Error during KDF creation') del session_key return None ''' ret = db.connect() if ret[0] == False: utility.print_user_log(self.client_address,'[ERROR] Error during connecting to DB '+ str(ret[1])) del session_key return None ret = db.add_user('users',self.client_ID, hashed_pwd, salt_hash) db.disconnect() if ret[0] == False: utility.print_user_log(self.client_address,'[ERROR] Error during user add ' + ret[1]) del session_key return None else: del session_key return None self.session_key = session_key #self.client_key = kdf self.database = db self.nonces = [] return True
def handle(self): print "New Connection from: " + self.client_address[0], ', on port: ' , self.client_address[1] # M1 i = 0 while(i < 4): utility.print_user_log(self.client_address, "KEY ESTABLISHMENT PROTOCOL") self.key_est_result = self.key_establishment_protocol() if self.key_est_result is None: i = i + 1 utility.print_user_log(self.client_address, "Errors during protocol number: %d" %i) fail = utility.pack_message('FAIL') ret = utility.send_data(self.request, fail) if ret is False: utility.print_user_log(self.client_address,"[ERROR] Error during sending data ") return None #self.request.close() elif self.key_est_result == 201: #utility.print_user_log(self.client_address, 'DISC') utility.print_user_log(self.client_address, "Client Disconnected") return None elif self.key_est_result == 203: i = i + 1 utility.print_user_log(self.client_address, "Errors during protocol number: %d" %i) fail = utility.pack_message('COPY') ret = utility.send_data(self.request, fail) else: utility.print_user_log(self.client_address,"Key establishment protocol has done correctly \n") i = 0 break if (i >= 2): utility.print_user_log(self.client_address, "To many errors! Disconnecting...") return None # after return, finish() will be called while(True): utility.print_line() utility.print_user_log(self.client_address, "Listening for requests...") data = utility.recv_data(self.request, 0) #print data if not data or data is None: utility.print_user_log(self.client_address, 'Client Disconnected' ) break # after return, finish() will be called data_to_send = self.manage_request(data) if data_to_send[0] is False: utility.print_user_log(self.client_address,"[ERROR] Unable to manage the request ") ret = utility.send_data(self.request, "FAIL") if ret is False: utility.print_user_log(self.client_address,"[ERROR] Error during sending data ") else: #print data_to_send[1] ret = utility.send_data(self.request, data_to_send[1]) if ret is False: utility.print_user_log(self.client_address,"[ERROR] Error during sending data ")
def manage_request(self, data): # quello che mi arriva è del tipo [OPCODE|S|C|sito|...|nonce|hash]kcs | IV unpacked_data = utility.unpack_message(data, 4) if(unpacked_data is None or len(unpacked_data) != 2): utility.print_user_log(self.client_address,"Bad packet format") return (False, 109) encrypted_data , IV = unpacked_data decrypted_data = utility.decrypt_AES(encrypted_data, self.session_key, IV) if decrypted_data is None: return (False, 102) #print decrypted_data decrypted_fields = utility.unpack_message(decrypted_data, 4) if decrypted_data is None: utility.print_user_log(self.client_address,"Bad packet format") return (False, 109) data_to_hash = ''.join(decrypted_fields[:-1]) hashed_data_c = decrypted_fields[-1] hashed_data = utility.get_hash(data_to_hash) ret = utility.secure_cmp(hashed_data_c, hashed_data) utility.print_user_log(self.client_address,"Request: %s" % decrypted_fields[0]) if ret is False: print hexlify(hashed_data_c) print hexlify(hashed_data) utility.print_user_log(self.client_address,"Different hashes") return (False, 103) #print fields nonce = decrypted_fields[-2] if nonce in self.nonces: utility.print_user_log(self.client_address, "No fresh nonce!!") return (False, 104) self.nonces.append(nonce) #print fields #execute query response_fields = self.execute_query(decrypted_fields[:-2]) # è una lista [:-2] tutto tranne nonce hash response_fields.append(nonce) # aggiungo nonce alla lista response = utility.concatenate(*response_fields) hashed_response = utility.get_hash(response) #print "hash,", hashed_response #data_to_pack = utility.concatenate((response, hashed_response)) # concateno hash alla risposta response_fields.append(hashed_response) #print "RF: ",response_fields packed_message = utility.pack_message(*response_fields) #print packed_message IV = os.urandom(16) data_to_send = utility.encrypt_AES(packed_message, self.session_key, IV) if data_to_send is None: return (False, 106) data_to_send = utility.pack_message(data_to_send, IV) #print "DATA TO SEND \n", data_to_send #un = utility.unpack_message(data_to_send, 4) #print "ENC",un[0] #print "IV", un[1] utility.print_user_log(self.client_address, 'Response: '+ response_fields[0]) return (True, data_to_send)
def key_establishment_protocol(self): self.server_ID = 'RPM_server' #print self.server_ID # M1 ------------------------------------------------------------------------------ response_m1 = self.message_M1() if response_m1 is None: return None if response_m1 == 201: return response_m1 # M2 ------------------------------------------------------------------------------ data_to_send = self.message_M2() if data_to_send is None: utility.print_user_log(self.client_address,"[ERROR] Error during M2 creation ") return None ret = utility.send_data(self.request,data_to_send) if ret is False: utility.print_user_log(self.client_address,"[ERROR] Error during sending data ") return None utility.print_user_log(self.client_address, "Message M2 sent") #------------------------------------------------------------------------------------- # M3 -------------------------------------------------------------------------------- ret = self.message_M3() if ret is None: utility.print_user_log(self.client_address, "[ERROR] Error during M3") return ret if ret == 203: return ret # M4----------------------------------------------------------------------------------------- data_to_send = self.message_M4(self.nonce_prot_c) if data_to_send is None: utility.print_user_log(self.client_address, '[ERROR]Errors occured during M4') return None ret = utility.send_data(self.request, data_to_send) if ret is False: utility.print_user_log(self.client_address,"[ERROR] Error during sending data on M4") return None utility.print_user_log(self.client_address, 'M4 sent') return True