def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
def unpackDH(self, machine, RR, hit1, hit2, mode):
if RR[:5] <> '\x02\x00\xff\x02\x00':
raise ValueError
(p, rest) = unpackLV(RR[5:])
(g, rest) = unpackLV(rest)
(pub, rest) = unpackLV(rest)
if mode:
machine.DH = DH.set_params(nbo2BN(p), nbo2BN(g))
machine.DH.gen_key()
machine.dhkey = machine.DH.compute_key(nbo2BN(pub))
return keymatgen(machine.dhkey, [hit1, hit2])
def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
self.assertEqual(len(a), 128)
self.assertRaises(DH.DHError, setattr, a, 'p', 1)
self.assertRaises(DH.DHError, setattr, a, 'priv', 1)
def test_compute_key(self):
a = DH.load_params('test/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
self.assertEqual(len(a), 128)
self.assertRaises(DH.DHError, setattr, a, 'p', 1)
self.assertRaises(DH.DHError, setattr, a, 'priv', 1)
def test():
print 'generating dh params:'
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print 'p = ', ` a.p `
print 'g = ', ` a.g `
print 'a.pub =', ` a.pub `
print 'a.priv =', ` a.priv `
print 'b.pub =', ` b.pub `
print 'b.priv =', ` b.priv `
print 'a.key = ', ` a.compute_key(b.pub) `
print 'b.key = ', ` b.compute_key(a.pub) `
def test_compute_key(self):
a = DH.load_params('tests/dhparams.pem')
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
self.assertEqual(ak, bk)
self.assertEqual(len(a), 128)
with self.assertRaises(DH.DHError):
setattr(a, 'p', 1)
with self.assertRaises(DH.DHError):
setattr(a, 'priv', 1)
def test():
print "generating dh params:"
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print "p = ", ` a.p `
print "g = ", ` a.g `
print "a.pub =", ` a.pub `
print "a.priv =", ` a.priv `
print "b.pub =", ` b.pub `
print "b.priv =", ` b.priv `
print "a.key = ", ` a.compute_key(b.pub) `
print "b.key = ", ` b.compute_key(a.pub) `
def main():
# seeding the PRNG with 1024 random bytes from OS
# from M2Crypto
Rand.rand_seed (os.urandom (1024))
while 1:
#======================================================
# draw MAIN SCREEN
mainScreen = MainScreen()
centerWindow(mainScreen, WINDOW_WIDTH_MS, WINDOW_HEIGHT_MS)
mainScreen.mainloop()
#======================================================
### begin connecting to the srver
# buffer length
buffer_length = 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# require a certificate from the server
myhost = 'localhost'
myport = 4321
try:
# ssl.CERT_NONE : cause we are using a self signed certificate
ssl_sock = ssl.wrap_socket(s,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1)
ssl_sock.connect((myhost, myport))
#print repr(ssl_sock.getpeername())
#print ssl_sock.cipher()
#begin to receive DH key exchange data from server
#in order of p,g,g^a
serverDH_p = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_g = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_pub = base64.b64decode(ssl_sock.read(buffer_length))
myDHobject = DH.set_params(serverDH_p, serverDH_g)
# pick random p and generate g^b in myDhobject.pub
myDHobject.gen_key()
ssl_sock.sendall(base64.b64encode(myDHobject.pub))
# generate shared AES Key
sharedAESkey = myDHobject.compute_key(serverDH_pub)
# print 'shared AES Key ', hexlify(sharedAESkey)
# now we have a secure shared 256-bit AES key to send data around
# it was Diffie Hellman, so even if TLS was borked, hopefully noone knows it
except:
#ZZZ change to msgbox
tkMessageBox.showwarning(title = "Connection Error",
message = "Cannot connect to server.")
ssl_sock.close()
# mainScreen.destroy()
# print 'Cannot connect to server', myhost , ':' , myport
continue
#======================================================
# draw AUTHENTICATION SCREEN
authScreen = AuthScreen()
centerWindow(authScreen, WINDOW_WIDTH_AUTH, WINDOW_HEIGHT_AUTH)
authScreen.mainloop()
# voterID, privateRSAKey and PIN are valid
#======================================================
# start validating login
# get the chosen IV in base64
chosen_IV_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
chosen_IV = b64decode(chosen_IV_inbase64)
# print 'got chosen_IV ', hexlify(chosen_IV)
# voterID || PIN
voterID_PIN = voterID + voterPIN
# print 'voterID_PIN ', str(voterID_PIN)
# calculate sha256 hash of voterID || PIN in base64
hash_of_voterID_PIN_inbase64 = RSAKeyHandling.sha256hash_base64(voterID_PIN)
# print 'hash of voterID_PIN in base 64 ', hash_of_voterID_PIN_inbase64
# encrypt it using AES 256
# key = sharedAESKey
# IV = chosen_IV
encrypted_AES_hash = RSAKeyHandling.AES_encryptor(sharedAESkey, hash_of_voterID_PIN_inbase64, chosen_IV)
# convert it into base64
encrypted_AES_hash_inbase64 = base64.b64encode(encrypted_AES_hash)
# send it to the server
ssl_sock.sendall(encrypted_AES_hash_inbase64)
# print 'sent to server encrypted_AES_hash_inbase64 ', encrypted_AES_hash_inbase64
# wait for server to return user_exists or user_has_voted
user_exists_base64 = ssl_sock.read(buffer_length)
# decode it from base64
user_exists = base64.b64decode(user_exists_base64)
# print hexlify(user_exists)
# decrypt it from AES using sharedAESkey and chosenIV
user_exists = RSAKeyHandling.AES_decryptor(sharedAESkey, user_exists, chosen_IV)
# print user_exists
if user_exists == 'LOL_NO_WAY':
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Not Eligible User",
message = "Sorry, User Not Eligible to Vote")
#print 'Sorry, user not eligible to vote'
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
# if user is eligible to vote
# load privatekey
rsakey = RSA.load_key(privateRSAKey, RSAKeyHandling.empty_callback)
try:
# user_exists must contain the hash_normal encrypted with public key
# decrypt it
decrypted_hash = rsakey.private_decrypt(user_exists, RSA.pkcs1_padding)
except:
# decryption didn't work
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decyption Error",
message = "Sorry, Wrong User Credentials")
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
if decrypted_hash != hash_of_voterID_PIN_inbase64:
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decryption Error",
message = "Sorry, Wrong User Credentials")
# print 'Sorry, wrong user credentials'
ssl_sock.close()
continue
# sys.exit()
# now the user is authenticated and we can go on
# start voting
#======================================================
#draw choice screen for president/congress/counsel/
polls = {
"president" : (1, 3),
"congress" : (1, 5),
"counsel" : (2, 4)
}
votes = {
"president" : None,
"congress" : None,
"counsel" : None
}
for poll in polls:
window = Group(poll, polls[poll][0], polls[poll][1]) # def __init__(self, _vf, _ms, _mo, master=None):
centerWindow(window, WINDOW_WIDTH_MAIN, WINDOW_HEIGHT_MAIN)
window.mainloop()
votes[poll] = tuple(userVote) # store user vote
del userVote[:] # clear user vote
# send the votes to server
# print votes
votes_string = json.dumps(votes)
# convert votes to base64
votes_string_inbase64 = base64.b64encode(votes_string)
# to load it later
# votes_n = json.loads(vote_str)
# begin to encrypt votes
encrypted_votes_string = RSAKeyHandling.AES_encryptor(sharedAESkey, votes_string_inbase64, chosen_IV)
# convert it to base64
encrypted_votes_string_inbase64 = base64.b64encode(encrypted_votes_string)
# send it to the server
ssl_sock.sendall(encrypted_votes_string_inbase64)
# wait for the thank you note
encrypted_thankyou_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
encrypted_thankyou = base64.b64decode(encrypted_thankyou_inbase64)
# decrypt it using AES
decrypted_thankyou = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_thankyou, chosen_IV)
print decrypted_thankyou
# draw END SCREEN
endScreen = EndScreen()
centerWindow(endScreen, WINDOW_WIDTH_ES, WINDOW_HEIGHT_MS)
endScreen.mainloop()
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()