def process_step4_phase3(sock, rply):
ip = base64.b64decode(rply.ip)
port = rply.udp_port
#Verify the R! sent in the last message is same as R1 given in the first message.
decrypted_r1 = base64.b64decode(rply.nonce_r1)
decrypted_r1 = Decrypt.decrypt_message(decrypted_r1, dh_shared_key_u2,
RANDOM)
if decrypted_r1 != R1:
print 'R1 does not match, Something went wrong. Exiting.'
exit()
decrypted_signed_key = base64.b64decode(rply.secret_key)
decrypted_signed_key = Decrypt.decrypt_message(decrypted_signed_key,
dh_shared_key_u2, RANDOM)
#Verify signature on Diffie Hellman
public_key_file_user2 = USER2 + '_public_key.pem'
public_key_user2 = CommonMethod.get_public_key(public_key_file_user2)
verify_sign(public_key_file_user2, dh_shared_key_u2, decrypted_signed_key)
#Prepare message that the user1 wants to give user2
#hash the message, encrypt it and then send to user1.
rply.type = pb_example_pb2.Reply.SEND_3
message_to_send = 'Hi ' + USER2 + ' ,this is ' + USER1
message_hash = hashing_process(message_to_send, RANDOM)
encrypted_message = Encrypt.encrypt(message_to_send, dh_shared_key_u2,
RANDOM)
rply.message = base64.b64encode(encrypted_message)
encrypted_dh_key = Encrypt.asy_encrpt_key(dh_shared_key_u2,
public_key_user2)
rply.secret_key = base64.b64encode(encrypted_dh_key)
rply.hash = base64.b64encode(message_hash)
rply.ip = base64.b64encode(args.ip_addr)
rply.port = random_port
sqlconn = sqlite3.connect("db.sqlite")
# c = sqlconn.cursor()
# sql = "SELECT port,ip from active_users where name = ?"
# c.execute(sql,(USER2,))
# result = c.fetchone()
# port = result[0]
# print 'Port is '
# print port
# port = int(port)
# ip = result[1]
# print 'IP address is'
# print ip
# ip = ip.encode('utf-8')
# if port is None:
# print 'Port is not present'
# exit()
# if ip is None:
# print 'IP is not present'
# exit()
# print 'Done executing chat with client'
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udp_sock.sendto(rply.SerializeToString(), (ip, port))
def process_step2_phase3(sock, rply):
ip = base64.b64decode(rply.ip_addr)
port = rply.udp_port
#Fetch the Diffie hellman component received and verify sign on it
dh_component_2 = base64.b64decode(rply.dh_component)
long_dh_component = long(dh_component_2)
signature = base64.b64decode(rply.signature)
r2 = base64.b64decode(rply.nonce_r2)
private_key_file_user1 = USER1 + '_private_key.pem'
user1_private_key = CommonMethod.get_private_key(private_key_file_user1)
decrypted_r2 = Decrypt.asyn_decrypt(r2, user1_private_key)
public_key_file_user2 = USER2 + '_public_key.pem'
verify_sign(public_key_file_user2, dh_component_2, signature)
#generate shared Diffie Hellman secret
global dh_shared_key_u2
dh_shared_key_u2 = generate_dh_shared_secret(dh1_obj, long_dh_component)
#Sign and encrypt the Diffie hellman generated secret
sign_dh_shared_key_u1 = sign_message(private_key_file_user1,
dh_shared_key_u2)
encrypted_r2 = Encrypt.encrypt(R2, dh_shared_key_u2, RANDOM)
encrypted_signed_key = Encrypt.encrypt(sign_dh_shared_key_u1,
dh_shared_key_u2, RANDOM)
#set message to send
rply.ip_addr = base64.b64encode(args.ip_addr)
rply.udp_port = random_port
rply.secret_key = base64.b64encode(encrypted_signed_key)
rply.nonce_r2 = base64.b64encode(encrypted_r2)
rply.type = pb_example_pb2.Reply.SEND_1
# sqlconn = sqlite3.connect("db.sqlite")
# c = sqlconn.cursor()
# sql = "SELECT port,ip from active_users where name = ?"
# c.execute(sql,(USER2,))
# result = c.fetchone()
# port = result[0]
# print 'Port is '
# print port
# port = int(port)
# ip = result[1]
# print 'IP address is'
# print ip
# ip = ip.encode('utf-8')
# if port is None:
# print 'Port is not present'
# exit()
# if ip is None:
# print 'IP is not present'
# exit()
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udp_sock.sendto(rply.SerializeToString(), (ip, port))
def verify_sent_message(sock, rply):
ciphertext = base64.b64decode(rply.message)
msg_digest = base64.b64decode(rply.hash)
encrypted_shared_key = base64.b64decode(rply.secret_key)
private_key_user2 = USER2 + '_private_key.pem'
private_key_user2 = CommonMethod.get_private_key(private_key_user2)
dh_shared_key_u1 = Decrypt.asyn_decrypt(encrypted_shared_key,
private_key_user2)
decrypted_ciphertext = Decrypt.decrypt_message(ciphertext,
dh_shared_key_u1, RANDOM)
verify_hash(decrypted_ciphertext, RANDOM, msg_digest)
def talk_to_another_client(data, iv_user1, symmetric_key_user1, username,
user_to_talk_to):
rply.ParseFromString(data)
#Decrypt the public key of user2 using the shared key of user1-server
#this key will be used to send data to user2
decrypted_pku2 = base64.b64decode(rply.public_key_u2)
decrypted_pku2 = Decrypt.decrypt_message(decrypted_pku2,
symmetric_key_user1, iv_user1)
#Generate a nonce to send to server
r1 = R1
#Fetch public key value
public_key_u2 = CommonMethod.get_public_key(decrypted_pku2)
#Encrypt username of user1 and r1 with the public key of user2
encrypted_r1 = Encrypt.asy_encrpt_key(r1, public_key_u2)
encrypted_u1 = Encrypt.asy_encrpt_key(username, public_key_u2)
#keep the ticket to user2 as it was received from Server.
ticket_pku1 = rply.public_key_u1
ticket_u1 = rply.username
#Generate the Diffie hellman component to generate session keys
dh_component_1 = dh1_obj.gen_public_key()
dh_component_1 = str(dh_component_1).encode()
#Sign the Diffie Hellman component using user1's private key
private_key_file = username + '_private_key.pem'
signed_dh_component = sign_message(private_key_file, dh_component_1)
#Set the message to send to user 2
rply.nonce_r1 = base64.b64encode(encrypted_r1)
rply.username = base64.b64encode(encrypted_u1)
rply.public_key_u1 = base64.b64encode(ticket_pku1)
rply.ticket_username = base64.b64encode(ticket_u1)
rply.dh_component = base64.b64encode(dh_component_1)
rply.signature = base64.b64encode(signed_dh_component)
#Fetch the port to send on
sqlconn = sqlite3.connect("db.sqlite")
c = sqlconn.cursor()
sql = "SELECT port,ip from active_users where name = ?"
c.execute(sql, (user_to_talk_to, ))
result = c.fetchone()
port = result[0]
port = int(port)
ip = result[1]
ip = ip.encode('utf-8')
if port is None:
print 'Port is not present'
exit()
if ip is None:
print 'IP is not present'
exit()
#Client to client communication takes place on udp port
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udp_sock.sendto(rply.SerializeToString(), (ip, port))
def sign_message(sender_privkey, plaintext):
try:
private_key = CommonMethod.get_private_key(sender_privkey)
except:
print 'Error in reading file'
try:
signature = private_key.sign(
plaintext,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return signature
except Exception as e:
print 'Error in signing message' + str(e)
import sqlite3
import base64
import binascii
from fcrypt import CommonMethod, Encrypt, Decrypt
conn = sqlite3.connect("db.sqlite")
c = conn.cursor()
user_password = '******'
user_password1 = 'test'
user_password2 = 'ashu'
g = 2
p = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
#print pow(g,a)
password_hash = CommonMethod().generate_hash(user_password+"123")
password_hash1 = CommonMethod().generate_hash(user_password1+"321")
password_hash2 = CommonMethod().generate_hash(user_password2+"231")
a_1 = str(int(binascii.hexlify(password_hash), base=16))
a_2 = str(int(binascii.hexlify(password_hash1), base=16))
a_3 = str(int(binascii.hexlify(password_hash2), base=16))
pass_1 = str(pow(g,int(a_1),p))
pass_2 = str(pow(g,int(a_2),p))
pass_3 = str(pow(g,int(a_3),p))
user1_public_key = 'user1_public_key.pem'
user2_public_key = 'user2_public_key.pem'
#Table 1
table_name1 = 'active_users'
field_1 = 'name'
field_type = 'TEXT'
field_2 = 'shared_key'
field_type = 'TEXT'
def chat_with_client(sock, any, rply):
#Receive any message coming from client
data = sock.recvfrom(BUFFER_SIZE)
if data:
rply.ParseFromString(data[0])
if rply.type == pb_example_pb2.Reply.SEND:
process_step2_phase3(sock, rply)
if rply.type == pb_example_pb2.Reply.SEND_1:
process_step3_phase3(sock, rply)
if rply.type == pb_example_pb2.Reply.SEND_2:
process_step4_phase3(sock, rply)
if rply.type == pb_example_pb2.Reply.SEND_3:
verify_sent_message(sock, rply)
else:
#User2 verifies the data sent by user1.
user2 = args.user
decrypted_r1 = Decrypt.asyn_decrypt(
base64.b64decode(rply.nonce_r1), client_private_key)
decrypted_u1 = Decrypt.asyn_decrypt(
base64.b64decode(rply.username), client_private_key)
#Fetch the shared key of user2-server and IV from the database
sqlconn = sqlite3.connect("db.sqlite")
c = sqlconn.cursor()
sql = "SELECT * from active_users where name = ?"
c.execute(sql, (user2, ))
result = c.fetchone()
symmetric_key_user2 = base64.b64decode(result[1])
iv_user2 = base64.b64decode(result[3])
#Fetch the shared key of user1-server and IV from the database
sql = "SELECT * from active_users where name = ?"
c.execute(sql, (decrypted_u1, ))
result_u1 = c.fetchone()
symmetric_key_user1 = base64.b64decode(result_u1[1])
iv_user1 = base64.b64decode(result_u1[3])
ip = base64.b64decode(rply.ip)
port = rply.port
#Decrypt username oof user1 in the ticket to B and verify it with
#the username in the tuple encrypted with public key of user2.
#If usernames in both places are same, continue, else exit
decrypted_ticket_username = base64.b64decode(rply.ticket_username)
decrypted_ticket_username = base64.b64decode(
decrypted_ticket_username)
decrypted_ticket_username = Decrypt.decrypt_message(
decrypted_ticket_username, symmetric_key_user1, iv_user1)
decrypted_ticket_username = Decrypt.decrypt_message(
decrypted_ticket_username, symmetric_key_user2, iv_user2)
if decrypted_ticket_username != decrypted_u1:
print 'Usernames are not same, something is wrong. Exiting.'
exit()
#verify signature on the diffie hellman component
signature = base64.b64decode(rply.signature)
dh_component = base64.b64decode(rply.dh_component)
long_dh_component = long(dh_component)
sql = 'SELECT public_key from user_public_key where name = ?'
c.execute(sql, (decrypted_u1, ))
public_key_user1_file = str(c.fetchone()[0])
verify_sign(public_key_user1_file, dh_component, signature)
#Generate the shared secret key of Diffie Hellman
global dh_shared_key_u1
dh_shared_key_u1 = generate_dh_shared_secret(
dh2_obj, long_dh_component)
#Send a nonce, r2 and user2 sides's diffie hellman component to user 1
r2 = R2
public_key_user1 = CommonMethod.get_public_key(
public_key_user1_file)
encrypted_r2 = Encrypt.asy_encrpt_key(r2, public_key_user1)
dh_component_2 = dh2_obj.gen_public_key()
dh_component_2 = str(dh_component_2).encode()
private_key_file_user2 = user2 + '_private_key.pem'
print private_key_file_user2
#Sign the diffie hellman component
signed_dh_component = sign_message(private_key_file_user2,
dh_component_2)
#prepare emssage to send
rply.ip = base64.b64encode(args.ip_addr)
rply.udp_port = random_port
rply.nonce_r2 = base64.b64encode(encrypted_r2)
rply.dh_component = base64.b64encode(dh_component_2)
rply.signature = base64.b64encode(signed_dh_component)
rply.type = pb_example_pb2.Reply.SEND
# sqlconn = sqlite3.connect("db.sqlite")
# c = sqlconn.cursor()
# sql = "SELECT port,ip from active_users where name = ?"
# c.execute(sql,(decrypted_u1,))
# result = c.fetchone()
# port = result[0]
# print 'Port is '
# print port
# port = int(port)
# ip = result[1]
# print 'IP address is'
# print ip
# ip = ip.encode('utf-8')
# if port is None:
# print 'Port is not present'
# exit()
# if ip is None:
# print 'IP is not present'
# exit()
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udp_sock.sendto(rply.SerializeToString(), (ip, port))
TIMEOUT = 5
used_ports = []
RANDOM = os.urandom(16)
Loged_in = True
rqst = pb_example_pb2.Request() # create protobuf Request message
rply = pb_example_pb2.Reply() # create protobuf Reply message
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((IP_ADDR, TCP_PORT))
except Exception:
print "----Eitheryour format is wrong or server is done check you format from below template------"
print "Format is :"
print "python client.py -u Username -pass Password -ip IP -p Port -pr Private_Key -pu public_key -sk server_public_key"
exit()
reqno = 0 # initialize request number to 0
ec = CommonMethod()
try:
client_private_key = ec.get_private_key(args.private_key)
client_public_key = ec.get_public_key(args.public_key)
server_public_key = ec.get_public_key(args.server_public_key)
except Exception:
print "Format is :"
print "python client.py -u Username -pass Password -ip IP -p Port -pr Private_Key -pu public_key -sk server_public_key"
exit()
symetric_key = ''
salt_for_key = ''
try:
user_password = args.password
except Exception:
print "Format is :"
print "python client.py -u Username -pass Password -ip IP -p Port -pr Private_Key -pu public_key -sk server_public_key"