def connection_thread(connection):
#Set private key of service server
database['service'] = common.sha256_hash('1234123412341234').hexdigest()[0:16]
#set private key of tgs
database['tgs'] = common.sha256_hash('1234123412341234').hexdigest()[0:16]
#Set private key of user
database['user'] = common.sha256_hash('1234123412341234').hexdigest()[0:16]
#lifetime for messages to be valid
lifetime = 3600
#Receive client ID
client_ID = connection.recv(4096)
#Get hashed password from database
client_secretK = database[client_ID]
message_a = common.MessageA(CLIENT_TGS_SESSION)
message_a = common.encrypt_aes(message_a,client_secretK)
#Set message B with TGT= clientID, ip address, lifetime, client/TGS sessionkey encrypted with secret TGS
message_b = common.MessageB(client_ID,lifetime,CLIENT_TGS_SESSION)
message_b = common.encrypt_aes(message_b,database['tgs'])
#Send message A and B to client
connection.sendall(message_a)
connection.sendall(message_b)
#receive message C with message B(TGT) and service id
message_c = connection.recv(4096)
#receive message D with authenticator(clientID,timestamp) encrypted with client/TGT session key
message_d = connection.recv(4096)
#Re serialize object from stream only C because it is not encrypted
message_c = pickle.loads(message_c)
#message_d = pickle.loads(message_d) decrypt_aes does this
#open message C to get message B and service id
message_b = common.decrypt_aes(message_c.ticket,database['tgs'])
#message_b = common.MessageB(message_b.clientId,message_b.validityPeriod,message_b.clientSessionKey)
#message_b = common.decrypt_aes(message_b,database['tgs'])
#Decrypt message D with with client/TGS session key
message_d = common.decrypt_aes(message_d,message_b.clientSessionKey)
#Check validity period of message D.timestamp with B.lifetime
if message_d.timestamp+message_b.validityPeriod > time.time():
#Create message E(client/server ticket(clientID,clientIP,lifetime,client/TGS session key)) encrypted with service sercret key
message_e = common.MessageB(client_ID,lifetime,CLIENT_SERVICE_SESSION)
message_e = common.encrypt_aes(message_e,database['service'])
#Create message F(client/server session key) encrypted with client/tgs session key
message_f = common.MessageF(CLIENT_SERVICE_SESSION)
message_f = common.encrypt_aes(message_f,message_b.clientSessionKey)
#Send message E
connection.sendall(message_e)
connection.sendall(message_f)
else:
print "Validity period of message D is not valid."
print "Server finished"
def ss_connection(connection, message_e, message_f):
""" Communication with SS """
# Client connects to the SS and sends message e encrypted with service's key and g encrypted using session key
connection.connect((SS_IP, PORT))
print 'Connected successfully to ip ' + AUTH_IP
connection.sendall(message_e)
timestamp = time.time()
message_g = common.MessageD('user', timestamp)
# Session key missing
encrypted_message_g = common.encrypt_aes(message_g, message_f.clientSessionKey)
connection.sendall(encrypted_message_g)
# Receives message h to confirm identity
encrypted_message_h = connection.recv(4096)
# Decrypt confirmation and check timestamp
decrypted_message_h = common.decrypt_aes(encrypted_message_h, message_f.clientSessionKey)
if decrypted_message_h.timestamp == timestamp:
connection.sendall("I trust you!")
return True
else:
connection.sendall("I dont trust you")
return False
def ss_connection(connection, message_e, message_f):
""" Communication with SS """
# Client connects to the SS and sends message e encrypted with service's key and g encrypted using session key
connection.connect((SS_IP, PORT))
print 'Connected successfully to ip ' + AUTH_IP
connection.sendall(message_e)
timestamp = time.time()
message_g = common.MessageD('user', timestamp)
# Session key missing
encrypted_message_g = common.encrypt_aes(message_g,
message_f.clientSessionKey)
connection.sendall(encrypted_message_g)
# Receives message h to confirm identity
encrypted_message_h = connection.recv(4096)
# Decrypt confirmation and check timestamp
decrypted_message_h = common.decrypt_aes(encrypted_message_h,
message_f.clientSessionKey)
if decrypted_message_h.timestamp == timestamp:
connection.sendall("I trust you!")
return True
else:
connection.sendall("I dont trust you")
return False
def tgs_connection(connection):
# Client sends cleartext message with the user id requesting services
connection.connect((AUTH_IP, PORT))
print 'Connected successfully to ip ' + AUTH_IP
connection.sendall('user')
# Receive Client/TGS Session key encrypted using the secret key of the client
message_a = connection.recv(4096)
# Receive Ticket-Granting-Ticket encrypted using the key of the TGS
message_b = connection.recv(4096)
# Decrypt session key with secret key of client
decrypted_message_a = common.decrypt_aes(message_a,
user_credentials['user'])
session_key = decrypted_message_a.sessionKey
# Message C composed with TGT and ID of requested service
message_c = common.MessageC(message_b, 'service')
# Message D authenticator with id and timestamp
timestamp = time.time()
message_d = common.MessageD('user', timestamp)
encrypted_message_d = common.encrypt_aes(message_d, session_key)
# Send message c and d
message_c = pickle.dumps(message_c)
connection.sendall(message_c)
connection.sendall(encrypted_message_d)
# Receive messages e and f from TGS
message_e = connection.recv(4096)
message_f = connection.recv(4096)
message_f = common.decrypt_aes(message_f, session_key)
messages = [message_e, message_f]
return messages
def tgs_connection(connection):
# Client sends cleartext message with the user id requesting services
connection.connect((AUTH_IP, PORT))
print 'Connected successfully to ip ' + AUTH_IP
connection.sendall('user')
# Receive Client/TGS Session key encrypted using the secret key of the client
message_a = connection.recv(4096)
# Receive Ticket-Granting-Ticket encrypted using the key of the TGS
message_b = connection.recv(4096)
# Decrypt session key with secret key of client
decrypted_message_a = common.decrypt_aes(message_a, user_credentials['user'])
session_key = decrypted_message_a.sessionKey
# Message C composed with TGT and ID of requested service
message_c = common.MessageC(message_b, 'service')
# Message D authenticator with id and timestamp
timestamp = time.time()
message_d = common.MessageD('user', timestamp)
encrypted_message_d = common.encrypt_aes(message_d, session_key)
# Send message c and d
message_c = pickle.dumps(message_c)
connection.sendall(message_c)
connection.sendall(encrypted_message_d)
# Receive messages e and f from TGS
message_e = connection.recv(4096)
message_f = connection.recv(4096)
message_f = common.decrypt_aes(message_f, session_key)
messages = [message_e, message_f]
return messages
def connection_thread(connection):
# Receive 2 messages:
# Message E: Client to server ticket encryted with services secret key
# Message G: New authenticator(clientID, Timestamp) encrypted with session key
message_e = connection.recv(4096)
message_g = connection.recv(4096)
# Decrypt ticket with SS secret key to retrieve session key
ticket = common.decrypt_aes(message_e, PRIVATE_KEY)
# Decrypt authenticator with session key
authenticator = common.decrypt_aes(message_g, ticket.clientSessionKey)
# Send message to Client
# Message H: Timestamp in clients authenticator encrypted with session key
message_h = common.MessageH(authenticator.timestamp)
message_h = common.encrypt_aes(message_h, ticket.clientSessionKey)
connection.sendall(message_h)
# Wait for requests from Client
data = connection.recv(4096)
reply = 'Received ' + data
print reply
connection.close()
def connection_thread(connection):
# Receive 2 messages:
# Message E: Client to server ticket encryted with services secret key
# Message G: New authenticator(clientID, Timestamp) encrypted with session key
message_e = connection.recv(4096)
message_g = connection.recv(4096)
# Decrypt ticket with SS secret key to retrieve session key
ticket = common.decrypt_aes(message_e, PRIVATE_KEY)
# Decrypt authenticator with session key
authenticator = common.decrypt_aes(message_g, ticket.clientSessionKey)
# Send message to Client
# Message H: Timestamp in clients authenticator encrypted with session key
message_h = common.MessageH(authenticator.timestamp)
message_h = common.encrypt_aes(message_h, ticket.clientSessionKey)
connection.sendall(message_h)
# Wait for requests from Client
data = connection.recv(4096)
reply = 'Received ' + data
print reply
connection.close()
