def authRes(s, decision): print("inside AuthRes-->", decision) decr_res = nstp_v3_pb2.DecryptedMessage() auth_res = nstp_v3_pb2.AuthenticationResponse() auth_res.authenticated = decision decr_res.auth_response.CopyFrom(auth_res) EncryptAndSend(s, decr_res)
def storeRes(s, key, value): decr_res = nstp_v3_pb2.DecryptedMessage() store_res = nstp_v3_pb2.StoreResponse() print("hiii+++++", value) store_res.hash = hash.sha256(value) store_res.hash_algorithm = nstp_v3_pb2.HashAlgorithm.SHA256 decr_res.store_response.CopyFrom(store_res) EncryptAndSend(s, decr_res)
def decrypt_message(input): print(input.ciphertext) decrypted_message = nstp_v3_pb2.DecryptedMessage() decrypted = nacl.bindings.crypto_secretbox_open( input.ciphertext, input.nonce, SessionKeys.get("server_rx")) decrypted_message.ParseFromString(decrypted) print(decrypted_message) msg_name = decrypted_message.WhichOneof('message_') check_response = getattr(AfterInitialized, msg_name + "_handler")(decrypted_message) return check_response
def decryptMessage(msg, keys): ciphertext = msg.encrypted_message.ciphertext nonce = msg.encrypted_message.nonce try: plaintextBytes = nacl.bindings.crypto_secretbox_open(ciphertext, nonce, keys[0]) decrypted = nstp_v3_pb2.DecryptedMessage() decrypted.ParseFromString(plaintextBytes) print("DECRYPTED MESSAGE\n", decrypted) return decrypted except nacl.exceptions.CryptoError: print("Bad key") return error_message("Failed to decrypt given message")
def pingRes(s, ping_req): ping_res = nstp_v3_pb2.PingResponse() if ping_req.hash_algorithm == nstp_v3_pb2.HashAlgorithm.IDENTITY: ping_res.hash = ping_req.data elif ping_req.hash_algorithm == nstp_v3_pb2.HashAlgorithm.SHA256: ping_res.hash = hash.sha256(ping_req.data) elif ping_req.hash_algorithm == nstp_v3_pb2.HashAlgorithm.SHA512: ping_res.hash = hash.sha512(ping_req.data) else: return decr_res = nstp_v3_pb2.DecryptedMessage() decr_res.ping_response.CopyFrom(ping_res) EncryptAndSend(s, decr_res)
def auth_request_handler(msg): decrypted_message = nstp_v3_pb2.DecryptedMessage() authenticated = authenticator(msg.auth_request.username, msg.auth_request.password) if authenticated == -1: return -1 decrypted_message.auth_response.authenticated = authenticated nonce = nacl.bindings.randombytes( nacl.bindings.crypto_secretbox_NONCEBYTES) ciphertext = nacl.bindings.crypto_secretbox( decrypted_message.SerializeToString(), nonce, SessionKeys.get('server_tx')) auth_response = nstp_v3_pb2.NSTPMessage() auth_response.encrypted_message.ciphertext = ciphertext auth_response.encrypted_message.nonce = nonce len_hex = bytes.fromhex("{:04x}".format(auth_response.ByteSize())) return len_hex + auth_response.SerializeToString()
def process_encrypted_message(nstp_message): global client_rx encrypted_message = nstp_message.encrypted_message try: decrypted_bytes = crypto_secretbox_open(encrypted_message.ciphertext, encrypted_message.nonce, client_rx) except Exception as e: print("Error decrypting message") return decrypted_message = nstp_v3_pb2.DecryptedMessage() decrypted_message.ParseFromString(decrypted_bytes) decrypted_message_type = decrypted_message.WhichOneof('message_') print(decrypted_message)
def load_request_handler(msg): if msg.load_request.public == False: value = SessionKeys.user_store.get(msg.load_request.key) else: value = public_store.get(msg.load_request.key) if value == None: value = b'' decrypted_message = nstp_v3_pb2.DecryptedMessage() decrypted_message.load_response.value = value nonce = nacl.bindings.randombytes( nacl.bindings.crypto_secretbox_NONCEBYTES) ciphertext = nacl.bindings.crypto_secretbox( decrypted_message.SerializeToString(), nonce, SessionKeys.get('server_tx')) load_response = nstp_v3_pb2.NSTPMessage() load_response.encrypted_message.ciphertext = ciphertext load_response.encrypted_message.nonce = nonce len_hex = bytes.fromhex("{:04x}".format(load_response.ByteSize())) return len_hex + load_response.SerializeToString()
def store_request_handler(msg): key = msg.store_request.key value = msg.store_request.value if msg.store_request.public == False: SessionKeys.user_store[key] = value else: public_store[key] = value decrypted_message = nstp_v3_pb2.DecryptedMessage() decrypted_message.store_response.hash = hashlib.sha256(value).digest() decrypted_message.store_response.hash_algorithm = 1 nonce = nacl.bindings.randombytes( nacl.bindings.crypto_secretbox_NONCEBYTES) ciphertext = nacl.bindings.crypto_secretbox( decrypted_message.SerializeToString(), nonce, SessionKeys.get('server_tx')) store_response = nstp_v3_pb2.NSTPMessage() store_response.encrypted_message.ciphertext = ciphertext store_response.encrypted_message.nonce = nonce len_hex = bytes.fromhex("{:04x}".format(store_response.ByteSize())) return len_hex + store_response.SerializeToString()
def ping_request_handler(msg): hash_algo = msg.ping_request.hash_algorithm decrypted_message = nstp_v3_pb2.DecryptedMessage() if hash_algo == 0: decrypted_message.ping_response.hash = msg.ping_request.data if hash_algo == 1: decrypted_message.ping_response.hash = hashlib.sha256( msg.ping_request.data).digest() if hash_algo == 2: decrypted_message.ping_response.hash = hashlib.sha512( msg.ping_request.data).digest() nonce = nacl.bindings.randombytes( nacl.bindings.crypto_secretbox_NONCEBYTES) ciphertext = nacl.bindings.crypto_secretbox( decrypted_message.SerializeToString(), nonce, SessionKeys.get('server_tx')) ping_response = nstp_v3_pb2.NSTPMessage() ping_response.encrypted_message.ciphertext = ciphertext ping_response.encrypted_message.nonce = nonce len_hex = bytes.fromhex("{:04x}".format(ping_response.ByteSize())) return len_hex + ping_response.SerializeToString()
def handleEncryptedMessage(s, nstp_msg): print("inside handleEncryptedMessage") if s in client_init: encr_msg = nstp_v3_pb2.EncryptedMessage() encr_msg.CopyFrom(nstp_msg.encrypted_message) print(encr_msg.ciphertext, encr_msg.nonce) decr_msg_b = crypto_secretbox_open(encr_msg.ciphertext, encr_msg.nonce, dict_session_keys[s][0]) print(decr_msg_b) decr_msg = nstp_v3_pb2.DecryptedMessage() decr_msg.ParseFromString(decr_msg_b) switcher = { 'auth_request': handleAuthReq, 'ping_request': handlePingReq, 'store_request': handleStoreReq, 'load_request': handleLoadReq } func = switcher.get(decr_msg.WhichOneof("message_")) func(s, decr_msg) else: print("out of spec") errorRes(s, "out of spec")
def ping_response(data): response = nstp_v3_pb2.DecryptedMessage() response.ping_response.hash = data return response
def load_response(value): response = nstp_v3_pb2.DecryptedMessage() response.load_response.value = value return response
def store_response(hashedValue): response = nstp_v3_pb2.DecryptedMessage() response.store_response.hash = hashedValue response.store_response.hash_algorithm = 0 return response
ms = list() ms.append(m0) # client_hello (bad nstp version) ms.append(m1) return ms cases.append(case0) ############################################################ # Test case1: check login attemp threshold m1 = nstp_v3_pb2.NSTPMessage() m1.client_hello.major_version = 3 m1.client_hello.minor_version = 1 m1.client_hello.user_agent = 'The user' m1.client_hello.public_key = client_public m1 = (m1, False) m2 = nstp_v3_pb2.DecryptedMessage() m2.auth_request.username = '******' m2.auth_request.password = '******' m2 = (m2, True) # If threshold was 3, this shouldn't work despite sending correct pwd m3 = nstp_v3_pb2.DecryptedMessage() m3.auth_request.username = '******' m3.auth_request.password = '******' m3 = (m3, True) def case1(): print("Test case1: check login attemp threshold") ms = list() ms.append(m1) # client_hello ms.append(m2) # auth_request (bad)
def loadRes(s, val): load_res = nstp_v3_pb2.LoadResponse() load_res.value = val decr_res = nstp_v3_pb2.DecryptedMessage() decr_res.load_response.CopyFrom(load_res) EncryptAndSend(s, decr_res)
def authentication_response(decision, user, authenticated): response = nstp_v3_pb2.DecryptedMessage() response.auth_response.authenticated = decision return response, user, authenticated
def errorRes(s, msg): err = nstp_v3_pb2.ErrorMessage() err.error_message = msg decr_res = nstp_v3_pb2.DecryptedMessage() decr_res.error_message.CopyFrom(err) EncryptAndSend(s, decr_res)