Exemple #1
0
def server(folder):
    HOST = ''
    PORT = 4567

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    #Create server socket
    try:
        s.bind((HOST, PORT))
    except socket.error as msg:
        print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' +
              msg[1])
        sys.exit()

    #Start listening on socket
    s.listen(10)
    print('Server started ...')

    #Start upload counter
    counter = 0

    #now keep talking with the client
    while 1:
        #wait for client - conn is input stream
        conn, addr = s.accept()

        #Increment counter
        counter += 1

        print("Accepted connection " + str(counter) + ".")

        #negotiate private keypair
        keyfile = open('keypair_server.xml', 'r')
        sigfile = open('signature_server.sig', 'rb')
        signature = sigfile.read()
        tree = ET.parse(keyfile)
        root = tree.getroot()

        pr_k_pem = root.findtext('private_key')
        pu_k_pem = root.findtext('public_key')
        rsa_private_key = serialization.load_pem_private_key(
            pr_k_pem.encode(), password=None, backend=default_backend())
        #rsa_public_key = serialization.load_pem_public_key(pu_k_pem.encode(), backend=default_backend())

        sk = crypto.negotiate_asymmetric_session_key(conn, rsa_private_key,
                                                     pu_k_pem, signature)

        #Open file to write to
        f = open(folder + "/" + str(counter), 'wb')

        sess_k = sk[0:16]
        mac_k = sk[16:32]

        hmac = mac.MAC(mac_k)

        crypto.decrypt_AES_with_key_mac(conn, f, sess_k, hmac)
        f.close()
        print("Closed connection.")

    s.close()
Exemple #2
0
def cli(filename):
    """Send file over to server"""
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    host = '127.0.0.1'
    port = 4567

    click.echo(click.style('Connecting...', bold=True, fg='yellow'))
    try:
        s.connect((host, port))
    except socket.error as msg:
        click.echo(
            click.style('Error connecting to server: ' + str(msg[1]),
                        bold=True,
                        fg='red'))

    ks = KeyStore('enc_key.store', os.path.abspath(''))
    key = str.encode(ks.keys['mother_base_key'].public_key)

    sk = os.urandom(32)
    sk1 = sk[0:16]
    sk2 = sk[16:32]

    cipher = ciphers.KeyAES(key, 'CFB8', False)
    ct = cipher.encrypt(sk)

    pkt = packet.Packet(ct, None, cipher.iv)

    so = SealedObject()
    csk = so.serialize(pkt)

    s.sendall(csk)
    s.recv(512)

    pt = b""
    while True:
        chunk = filename.read(100)
        if not chunk:
            break
        pt += chunk

    cipher = ciphers.KeyAES(sk1, 'CFB8', False)
    ct = cipher.encrypt(pt)

    hmac = mac.MAC(sk2)
    mac1 = hmac.genMAC(ct, 0)

    pkt = packet.Packet(ct, mac1, cipher.iv)

    so = SealedObject()
    csk = so.serialize(pkt)

    s.send(csk)

    s.close()

    click.echo(click.style('File sent!', bold=True, fg='green'))
Exemple #3
0
def cli(filename):
    """Send file over to server"""
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    host = '127.0.0.1'
    port = 4567

    click.echo(click.style('Connecting...', bold=True, fg='yellow'))
    try:
        s.connect((host, port))
    except socket.error as msg:
        click.echo(
            click.style('Error connecting to server: ' + str(msg[1]),
                        bold=True,
                        fg='red'))

    pt = b""
    while True:
        chunk = filename.read(100)
        if not chunk:
            break
        pt += chunk

    pem = s.recv(2048)
    #click.echo(click.style('Client: public key = %s' % rsa_public_key, bold = True, fg = 'green'))

    rsa_public_key = serialization.load_pem_public_key(
        pem, backend=default_backend())

    sk = os.urandom(32)
    sk1 = sk[0:16]
    sk2 = sk[16:32]

    so = SealedObject()
    csk = so.seal_asym(sk, rsa_public_key)
    s.sendall(csk)

    cipher = ciphers.KeyAES(sk1, 'CFB8', False)
    ct = cipher.encrypt(pt)

    hmac = mac.MAC(sk2)
    mac1 = hmac.genMAC(ct, 0)

    pkt = packet.Packet(ct, mac1, cipher.iv)

    so = SealedObject()
    csk = so.serialize(pkt)

    s.send(csk)

    s.close()

    click.echo(click.style('File sent!', bold=True, fg='green'))
Exemple #4
0
def server(folder):
    HOST = ''
    PORT = 4567

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    #Create server socket
    try:
        s.bind((HOST, PORT))
    except socket.error as msg:
        print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1])
        sys.exit()

    #Start listening on socket
    s.listen(10)
    print('Server started ...')

    #Start upload counter
    counter = 0;

    #now keep talking with the client
    while 1:
        #wait for client - conn is input stream
        conn, addr = s.accept()

        #Increment counter
        counter += 1

        print("Accepted connection "+str(counter)+".");

        #negotiate private keypair
        rsa_private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())
        rsa_public_key = rsa_private_key.public_key()

        sk = crypto.negotiate_asymmetric_session_key(conn, rsa_private_key, rsa_public_key)

        #Open file to write to
        f = open(folder+"/"+str(counter), 'wb')

        sess_k = sk[0:16]
        mac_k  = sk[16:32]

        hmac = mac.MAC(mac_k)

        crypto.decrypt_AES_with_key_mac(conn, f, sess_k, hmac)
        f.close()
        print("Closed connection.")

    s.close()
Exemple #5
0
def server(folder):
    HOST = ''
    PORT = 4567

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    #Create server socket
    try:
        s.bind((HOST, PORT))
    except socket.error as msg:
        print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' +
              msg[1])
        sys.exit()

    #Start listening on socket
    s.listen(10)
    print('Server started ...')

    #Start upload counter
    counter = 0

    #now keep talking with the client
    while 1:
        #wait for client - conn is input stream
        conn, addr = s.accept()

        #Increment counter
        counter += 1

        print("Accepted connection " + str(counter) + ".")

        #Open file to write to
        f = open(folder + "/" + str(counter), 'wb')

        sk = crypto.accept_session_packet(conn, 'enc_key.store')

        sess_k = sk[0:16]
        mac_k = sk[16:32]

        hmac = mac.MAC(mac_k)

        crypto.decrypt_AES_with_key_mac(conn, f, sess_k, hmac)

        hmac.counterUp()

        f.close()
        print("Closed connection.")

    s.close()
Exemple #6
0
def server(folder):
    HOST = ''
    PORT = 4567

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    #Create server socket
    try:
        s.bind((HOST, PORT))
    except socket.error as msg:
        print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' +
              msg[1])
        sys.exit()

    #Start listening on socket
    s.listen(10)
    print('Server started ...')

    #Start upload counter
    counter = 0

    #now keep talking with the client
    while 1:
        #wait for client - conn is input stream
        conn, addr = s.accept()

        #Increment counter
        counter += 1

        print("Accepted connection " + str(counter) + ".")

        # Load and send server certificate

        server_cert_file = open('server.cer', 'rb')
        server_cert = server_cert_file.read()
        server_cert_file.close()

        conn.send(bytes(server_cert))

        in_cert = conn.recv(2048)

        # Validate server certificate using CA certificate
        client_cert = x509.load_der_x509_certificate(in_cert,
                                                     default_backend())

        ca_cert_file = open('ca.cer', 'rb')
        ca_cert = ca_cert_file.read()
        ca_cert_file.close()

        store = crypto.X509Store()

        store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert))

        store_ctx = crypto.X509StoreContext(store, client_cert)

        if store_ctx.verify_certificate() != None:
            click.echo(
                click.style('Error validating client certificate',
                            bold=True,
                            fg='red'))
            return
        else:
            click.echo(
                click.style('Valid client certificate!', bold=True,
                            fg='green'))

        client_public_key = client_cert.public_key()

        private_key_file = open('server.pk8', 'rb')
        private_key = private_key_file.read()
        private_key_file.close()

        private_key = load_der_private_key(private_key,
                                           password=None,
                                           backend=default_backend())

        #accept session key
        csk = conn.recv(512)

        #unseal session key
        so = SealedObject()
        sk = so.unseal_asym(csk, private_key)

        challenge = os.urandom(32)

        conn.send(challenge)

        signature = conn.recv(512)

        verifier = client_public_key.verifier(
            signature,
            padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
                        salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())

        verifier.update(challenge)

        try:
            verifier.verify()
        except InvalidKey:
            click.echo(
                click.style('Error verifying signature!', bold=True, fg='red'))
            return

        #Open file to write to
        f = open(folder + "/" + str(counter), 'wb')

        sess_k = sk[0:16]
        mac_k = sk[16:32]

        hmac = mac.MAC(mac_k)

        crypt.decrypt_AES_with_key_mac(conn, f, sess_k, hmac)
        f.close()
        print("Closed connection.")

    s.close()
Exemple #7
0
def cli(filename):
    """Send file over to server"""
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    host = '127.0.0.1'
    port = 4567

    click.echo(click.style('Connecting...', bold=True, fg='yellow'))
    try:
        s.connect((host, port))
    except socket.error as msg:
        click.echo(
            click.style('Error connecting to server: ' + str(msg[1]),
                        bold=True,
                        fg='red'))

    pt = b""
    while True:
        chunk = filename.read(100)
        if not chunk:
            break
        pt += chunk

    r_pkt = s.recv(2048)
    #click.echo(click.style('Client: public key = %s' % rsa_public_key, bold = True, fg = 'green'))

    so = SealedObject()
    pkt = so.deserialize(r_pkt)

    signature = pkt.get_attribute('sig')
    pem = pkt.msg

    rsa_public_key = serialization.load_pem_public_key(
        pem.encode(), backend=default_backend()
    )  #.public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo)
    key_bytes = rsa_public_key.public_bytes(
        serialization.Encoding.PEM,
        serialization.PublicFormat.SubjectPublicKeyInfo)

    verifier = rsa_public_key.verifier(
        signature,
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
    verifier.update(key_bytes)
    try:
        verifier.verify()
    except InvalidKey:
        click.echo(click.style('Error verifying key', bold=True, fg='red'))
        return

    sk = os.urandom(32)
    sk1 = sk[0:16]
    sk2 = sk[16:32]

    so = SealedObject()
    csk = so.seal_asym(sk, rsa_public_key)
    s.sendall(csk)

    cipher = ciphers.KeyAES(sk1, 'CFB8', False)
    ct = cipher.encrypt(pt)

    hmac = mac.MAC(sk2)
    mac1 = hmac.genMAC(ct, 0)

    pkt = packet.Packet(ct, mac1, cipher.iv)

    so = SealedObject()
    csk = so.serialize(pkt)

    s.send(csk)

    s.close()

    click.echo(click.style('File sent!', bold=True, fg='green'))
Exemple #8
0
def cli(filename):
    """Send file over to server"""
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    host = '127.0.0.1'
    port = 4567

    click.echo(click.style('Connecting...', bold=True, fg='yellow'))
    try:
        s.connect((host, port))
    except socket.error as msg:
        click.echo(
            click.style('Error connecting to server: ' + str(msg[1]),
                        bold=True,
                        fg='red'))

    pt = b""
    while True:
        chunk = filename.read(100)
        if not chunk:
            break
        pt += chunk

    in_cert = s.recv(2048)

    # Validate server certificate using CA certificate
    server_cert = x509.load_der_x509_certificate(in_cert, default_backend())

    ca_cert_file = open('ca.cer', 'rb')
    ca_cert = ca_cert_file.read()
    ca_cert_file.close()

    store = crypto.X509Store()

    store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert))

    store_ctx = crypto.X509StoreContext(store, server_cert)

    if store_ctx.verify_certificate() != None:
        click.echo(
            click.style('Error validating server certificate',
                        bold=True,
                        fg='red'))
        return
    else:
        click.echo(
            click.style('Valid server certificate!', bold=True, fg='green'))

    server_public_key = server_cert.public_key()

    client_cert_file = open('client.cer', 'rb')
    client_cert = client_cert_file.read()
    client_cert_file.close()

    s.send(client_cert)

    sk = os.urandom(32)
    sk1 = sk[0:16]
    sk2 = sk[16:32]

    so = SealedObject()
    csk = so.seal_asym(sk, server_public_key)
    s.sendall(csk)

    challenge = s.recv(32)

    private_key_file = open('client.pk8', 'rb')
    private_key = private_key_file.read()
    private_key_file.close()

    private_key = load_der_private_key(private_key,
                                       password=None,
                                       backend=default_backend())

    signer = private_key.signer(
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())

    signer.update(challenge)
    signature = signer.finalize()

    s.send(signature)

    cipher = ciphers.KeyAES(sk1, 'CFB8', False)
    ct = cipher.encrypt(pt)

    hmac = mac.MAC(sk2)
    mac1 = hmac.genMAC(ct, 0)

    pkt = packet.Packet(ct, mac1, cipher.iv)

    so = SealedObject()
    csk = so.serialize(pkt)

    s.send(csk)

    s.close()

    click.echo(click.style('File sent!', bold=True, fg='green'))