def accept_session_key(connection, keystore, mode_name='CFB'): iv = open("iv.txt", 'rb').read(16) ks = KeyStore(keystore, os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) mode_ = modes_ls[mode_name](iv) ct = b"" #while True: chunk = connection.recv(512) #if not chunk: #break ct += chunk click.echo( click.style('DEBUG : Decrypting session key with keystore key: %s' % key, bold=True, fg='yellow')) cipher = Cipher(algorithms.AES(key), mode_, backend=default_backend()) so = SealedObject() sk = so.unseal(ct, cipher) click.echo( click.style('DEBUG : Obtained session key: %s' % sk, bold=True, fg='yellow')) #send private key connection.sendall(ct) #click.echo(click.style('Decryption successful!', bold = True, fg = 'green')) return sk
def accept_session_key(connection, keystore, mode_name='CFB'): iv = open("iv.txt", 'rb').read(16) ks = KeyStore(keystore, os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) mode_ = modes_ls[mode_name](iv) ct = b"" #while True: chunk = connection.recv(512) #if not chunk: #break ct += chunk click.echo(click.style('DEBUG : Decrypting session key with keystore key: %s' % key, bold = True, fg = 'yellow')) cipher = Cipher(algorithms.AES(key), mode_, backend=default_backend()) so = SealedObject() sk = so.unseal(ct, cipher) click.echo(click.style('DEBUG : Obtained session key: %s' % sk, bold = True, fg = 'yellow')) #send private key connection.sendall(ct) #click.echo(click.style('Decryption successful!', bold = True, fg = 'green')) return sk
def accept_session_packet(connection, keystore, mode_name='CFB'): iv = open("iv.txt", 'rb').read(16) ks = KeyStore(keystore, os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) ct = b"" #while True: chunk = connection.recv(512) #if not chunk: #break ct += chunk so = SealedObject() packet = so.deserialize(ct) cipher = ciphers.KeyAES(key, 'CFB8', False, packet.iv) sk = cipher.decrypt(packet.msg) #send private key connection.sendall(ct) #click.echo(click.style('Decryption successful!', bold = True, fg = 'green')) return sk
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold = True, fg = 'yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo(click.style('Error connecting to server: ' + str(msg[1]), bold = True, fg = 'red')) ks = KeyStore('enc_key.store', os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] cipher = ciphers.KeyAES(key, 'CFB8', False) ct = cipher.encrypt(sk) pkt = packet.Packet(ct, None, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.sendall(csk) s.recv(512) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold = True, fg = 'green'))
def negotiate_asymmetric_session_key(connection, private_key, public_key): pem = public_key.public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) #send public key over network connection.sendall(pem) #accept session key csk = connection.recv(512) #unseal session key so = SealedObject() sk = so.unseal_asym(csk, private_key) return sk
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold = True, fg = 'yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo(click.style('Error connecting to server: ' + str(msg[1]), bold = True, fg = 'red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk pem = s.recv(2048) #click.echo(click.style('Client: public key = %s' % rsa_public_key, bold = True, fg = 'green')) rsa_public_key = serialization.load_pem_public_key(pem, backend=default_backend()) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] so = SealedObject() csk = so.seal_asym(sk, rsa_public_key) s.sendall(csk) cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold = True, fg = 'green'))
def negotiate_asymmetric_session_key(connection, private_key, public_key): pem = public_key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) #send public key over network connection.sendall(pem) #accept session key csk = connection.recv(512) #unseal session key so = SealedObject() sk = so.unseal_asym(csk, private_key) return sk
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold=True, fg='yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo( click.style('Error connecting to server: ' + str(msg[1]), bold=True, fg='red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk ks = KeyStore('enc_key.store', os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) sk = os.urandom(16) so = SealedObject() cipher = Cipher(algorithms.AES(key), mode=modes.CFB8(open('iv.txt', 'rb').read(16)), backend=default_backend()) csk = so.seal(sk, cipher) s.sendall(csk) #time.sleep(1) s.recv(512) cipher = Cipher(algorithms.AES(sk), mode=modes.CFB8(open('iv.txt', 'rb').read(16)), backend=default_backend()) encryptor = cipher.encryptor() ct = encryptor.update(pt) + encryptor.finalize() s.send(ct) s.close() click.echo(click.style('File sent!', bold=True, fg='green'))
def negotiate_asymmetric_session_key(connection, private_key, public_key, signature): pem = public_key #send public key and signature over network #create packet husk pkt = packet.Packet(pem, None, None) pkt.add_attribute(signature, id='sig') so = SealedObject() csig = so.serialize(pkt) connection.sendall(csig) #accept session key csk = connection.recv(512) #unseal session key so = SealedObject() sk = so.unseal_asym(csk, private_key) return sk
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold = True, fg = 'yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo(click.style('Error connecting to server: ' + str(msg[1]), bold = True, fg = 'red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk ks = KeyStore('enc_key.store', os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) sk = os.urandom(16) so = SealedObject() cipher = Cipher(algorithms.AES(key), mode=modes.CFB8(open('iv.txt', 'rb').read(16)), backend=default_backend()) csk = so.seal(sk, cipher) s.sendall(csk) #time.sleep(1) s.recv(512) cipher = Cipher(algorithms.AES(sk), mode=modes.CFB8(open('iv.txt', 'rb').read(16)), backend=default_backend()) encryptor = cipher.encryptor() ct = encryptor.update(pt) + encryptor.finalize() s.send(ct) s.close() click.echo(click.style('File sent!', bold = True, fg = 'green'))
def decrypt_AES_with_key_mac(connection, outfile, s_key, hmac): ct = b"" while True: chunk = connection.recv(50) if not chunk: break ct += chunk so = SealedObject() packet = so.deserialize(ct) #verify mac if not hmac.verMAC(packet.msg, 0, packet.mac): #reject click.echo(click.style('Decryptionphailed', bold = True, fg = 'red')) else: cipher = ciphers.KeyAES(s_key, 'CFB8', False, packet.iv) dt = cipher.decrypt(packet.msg) outfile.write(dt) click.echo(click.style('Decryption successful!', bold = True, fg = 'green'))
def decrypt_AES_with_key_mac(connection, outfile, s_key, hmac, mode_name='CFB8'): ct = b"" while True: chunk = connection.recv(50) if not chunk: break ct += chunk so = SealedObject() packet = so.deserialize(ct) #verify mac if not hmac.verMAC(packet.msg, packet.mac): #reject click.echo(click.style('Decryptionphailed', bold = True, fg = 'red')) else: cipher = ciphers.KeyAES(s_key, 'CFB8', False, packet.iv) dt = cipher.decrypt(packet.msg) outfile.write(dt) click.echo(click.style('Decryption successful!', bold = True, fg = 'green'))
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold=True, fg='yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo( click.style('Error connecting to server: ' + str(msg[1]), bold=True, fg='red')) ks = KeyStore('enc_key.store', os.path.abspath('')) key = str.encode(ks.keys['mother_base_key'].public_key) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] cipher = ciphers.KeyAES(key, 'CFB8', False) ct = cipher.encrypt(sk) pkt = packet.Packet(ct, None, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.sendall(csk) s.recv(512) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold=True, fg='green'))
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold=True, fg='yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo( click.style('Error connecting to server: ' + str(msg[1]), bold=True, fg='red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk pem = s.recv(2048) #click.echo(click.style('Client: public key = %s' % rsa_public_key, bold = True, fg = 'green')) rsa_public_key = serialization.load_pem_public_key( pem, backend=default_backend()) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] so = SealedObject() csk = so.seal_asym(sk, rsa_public_key) s.sendall(csk) cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold=True, fg='green'))
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold = True, fg = 'yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo(click.style('Error connecting to server: ' + str(msg[1]), bold = True, fg = 'red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk in_cert = s.recv(2048) # Validate server certificate using CA certificate server_cert = x509.load_der_x509_certificate(in_cert, default_backend()) ca_cert_file = open('ca.cer', 'rb') ca_cert = ca_cert_file.read() ca_cert_file.close() store = crypto.X509Store() store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert)) store_ctx = crypto.X509StoreContext(store, server_cert) if store_ctx.verify_certificate() != None: click.echo(click.style('Error validating server certificate', bold = True, fg = 'red')) return else: click.echo(click.style('Valid server certificate!', bold = True, fg = 'green')) server_public_key = server_cert.public_key() client_cert_file = open('client.cer', 'rb') client_cert = client_cert_file.read() client_cert_file.close() s.send(client_cert) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] so = SealedObject() csk = so.seal_asym(sk, server_public_key) s.sendall(csk) challenge = s.recv(32) private_key_file = open('client.pk8', 'rb') private_key = private_key_file.read() private_key_file.close() private_key = load_der_private_key(private_key, password=None, backend=default_backend()) signer = private_key.signer(padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) signer.update(challenge) signature = signer.finalize() s.send(signature) cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold = True, fg = 'green'))
def server(folder): HOST = '' PORT = 4567 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #Create server socket try: s.bind((HOST, PORT)) except socket.error as msg: print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]) sys.exit() #Start listening on socket s.listen(10) print('Server started ...') #Start upload counter counter = 0; #now keep talking with the client while 1: #wait for client - conn is input stream conn, addr = s.accept() #Increment counter counter += 1 print("Accepted connection " + str(counter) + "."); # Load and send server certificate server_cert_file = open('server.cer', 'rb') server_cert = server_cert_file.read() server_cert_file.close() conn.send(bytes(server_cert)) in_cert = conn.recv(2048) # Validate server certificate using CA certificate client_cert = x509.load_der_x509_certificate(in_cert, default_backend()) ca_cert_file = open('ca.cer', 'rb') ca_cert = ca_cert_file.read() ca_cert_file.close() store = crypto.X509Store() store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert)) store_ctx = crypto.X509StoreContext(store, client_cert) if store_ctx.verify_certificate() != None: click.echo(click.style('Error validating client certificate', bold = True, fg = 'red')) return else: click.echo(click.style('Valid client certificate!', bold = True, fg = 'green')) client_public_key = client_cert.public_key() private_key_file = open('server.pk8', 'rb') private_key = private_key_file.read() private_key_file.close() private_key = load_der_private_key(private_key, password=None, backend=default_backend()) #accept session key csk = conn.recv(512) #unseal session key so = SealedObject() sk = so.unseal_asym(csk, private_key) challenge = os.urandom(32) conn.send(challenge) signature = conn.recv(512) verifier = client_public_key.verifier(signature, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) verifier.update(challenge) try: verifier.verify() except InvalidKey: click.echo(click.style('Error verifying signature!', bold = True, fg = 'red')) return #Open file to write to f = open(folder + "/" + str(counter), 'wb') sess_k = sk[0:16] mac_k = sk[16:32] hmac = mac.MAC(mac_k) crypt.decrypt_AES_with_key_mac(conn, f, sess_k, hmac) f.close() print("Closed connection.") s.close()
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold=True, fg='yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo( click.style('Error connecting to server: ' + str(msg[1]), bold=True, fg='red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk r_pkt = s.recv(2048) #click.echo(click.style('Client: public key = %s' % rsa_public_key, bold = True, fg = 'green')) so = SealedObject() pkt = so.deserialize(r_pkt) signature = pkt.get_attribute('sig') pem = pkt.msg rsa_public_key = serialization.load_pem_public_key( pem.encode(), backend=default_backend() ) #.public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) key_bytes = rsa_public_key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) verifier = rsa_public_key.verifier( signature, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) verifier.update(key_bytes) try: verifier.verify() except InvalidKey: click.echo(click.style('Error verifying key', bold=True, fg='red')) return sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] so = SealedObject() csk = so.seal_asym(sk, rsa_public_key) s.sendall(csk) cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold=True, fg='green'))
def server(folder): HOST = '' PORT = 4567 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #Create server socket try: s.bind((HOST, PORT)) except socket.error as msg: print('Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]) sys.exit() #Start listening on socket s.listen(10) print('Server started ...') #Start upload counter counter = 0 #now keep talking with the client while 1: #wait for client - conn is input stream conn, addr = s.accept() #Increment counter counter += 1 print("Accepted connection " + str(counter) + ".") # Load and send server certificate server_cert_file = open('server.cer', 'rb') server_cert = server_cert_file.read() server_cert_file.close() conn.send(bytes(server_cert)) in_cert = conn.recv(2048) # Validate server certificate using CA certificate client_cert = x509.load_der_x509_certificate(in_cert, default_backend()) ca_cert_file = open('ca.cer', 'rb') ca_cert = ca_cert_file.read() ca_cert_file.close() store = crypto.X509Store() store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert)) store_ctx = crypto.X509StoreContext(store, client_cert) if store_ctx.verify_certificate() != None: click.echo( click.style('Error validating client certificate', bold=True, fg='red')) return else: click.echo( click.style('Valid client certificate!', bold=True, fg='green')) client_public_key = client_cert.public_key() private_key_file = open('server.pk8', 'rb') private_key = private_key_file.read() private_key_file.close() private_key = load_der_private_key(private_key, password=None, backend=default_backend()) #accept session key csk = conn.recv(512) #unseal session key so = SealedObject() sk = so.unseal_asym(csk, private_key) challenge = os.urandom(32) conn.send(challenge) signature = conn.recv(512) verifier = client_public_key.verifier( signature, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) verifier.update(challenge) try: verifier.verify() except InvalidKey: click.echo( click.style('Error verifying signature!', bold=True, fg='red')) return #Open file to write to f = open(folder + "/" + str(counter), 'wb') sess_k = sk[0:16] mac_k = sk[16:32] hmac = mac.MAC(mac_k) crypt.decrypt_AES_with_key_mac(conn, f, sess_k, hmac) f.close() print("Closed connection.") s.close()
def cli(filename): """Send file over to server""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) host = '127.0.0.1' port = 4567 click.echo(click.style('Connecting...', bold=True, fg='yellow')) try: s.connect((host, port)) except socket.error as msg: click.echo( click.style('Error connecting to server: ' + str(msg[1]), bold=True, fg='red')) pt = b"" while True: chunk = filename.read(100) if not chunk: break pt += chunk in_cert = s.recv(2048) # Validate server certificate using CA certificate server_cert = x509.load_der_x509_certificate(in_cert, default_backend()) ca_cert_file = open('ca.cer', 'rb') ca_cert = ca_cert_file.read() ca_cert_file.close() store = crypto.X509Store() store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, ca_cert)) store_ctx = crypto.X509StoreContext(store, server_cert) if store_ctx.verify_certificate() != None: click.echo( click.style('Error validating server certificate', bold=True, fg='red')) return else: click.echo( click.style('Valid server certificate!', bold=True, fg='green')) server_public_key = server_cert.public_key() client_cert_file = open('client.cer', 'rb') client_cert = client_cert_file.read() client_cert_file.close() s.send(client_cert) sk = os.urandom(32) sk1 = sk[0:16] sk2 = sk[16:32] so = SealedObject() csk = so.seal_asym(sk, server_public_key) s.sendall(csk) challenge = s.recv(32) private_key_file = open('client.pk8', 'rb') private_key = private_key_file.read() private_key_file.close() private_key = load_der_private_key(private_key, password=None, backend=default_backend()) signer = private_key.signer( padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) signer.update(challenge) signature = signer.finalize() s.send(signature) cipher = ciphers.KeyAES(sk1, 'CFB8', False) ct = cipher.encrypt(pt) hmac = mac.MAC(sk2) mac1 = hmac.genMAC(ct, 0) pkt = packet.Packet(ct, mac1, cipher.iv) so = SealedObject() csk = so.serialize(pkt) s.send(csk) s.close() click.echo(click.style('File sent!', bold=True, fg='green'))