def __init__(self, comm, keyfile): self.comm = comm self.keyfile = keyfile if keyfile.has_key('user'): if keyfile['user'].has_key('secret'): self.secret = qcrypt.denormalize(keyfile['user']['secret']) else: self.secret = None if keyfile['user'].has_key('salt'): self.salt = keyfile['user']['salt'] else: self.salt = None else: if keyfile.has_key('secret'): self.secret = qcrypt.denormalize( keyfile['secret']) else: self.secret = None if keyfile.has_key('salt'): self.salt = keyfile['salt'] else: self.salt = None if keyfile.has_key('server_secret_hash'): self.partner_secret_hash = keyfile['server_secret_hash'] else: self.partner_secret_hash = None if keyfile.has_key('key'): self.pri_key = RSA.generate(1, os.urandom) self.pri_key.__setstate__(self.keyfile['key']) else: self.pri_key = None # if self.secret != None: print 'secret', qcrypt.normalize(self.secret) # else: print self.secret # print 'salt', self.salt # print 'psh', self.partner_secret_hash # if self.secret != None: print 'hash', auth.saltedhash_hex(self.secret, self.salt) self.name = None self.pub_key = None self.auth_msg = None self.authenticated = None self.aes_key = None self.key_agreement = False
def sign_auth(secret, salt, secret_hash_normalized, auth_normalized): auth = qcrypt.denormalize(auth_normalized) aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC) plaintext = aes.decrypt(auth) new_plaintext = xor_in_pi(plaintext) aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = qcrypt.normalize(aes.encrypt(new_plaintext)) if debug: print '\n------sign_auth------' print saltedhash_hex(secret, salt) print secret_hash_normalized print ciphertext print '-----sign_auth-------\n' return ciphertext
def PillowTalkActivator(client): client.link.name = client.keyfile['user']['login_name'] while not (client.commGeneric.closed or client.link.authenticated): client.link.begin_auth(client.link.name) cmd, msg, sig = client.link.recieve() if cmd != 'sign_auth': continue client.link.sign_auth(msg) cmd, msg, sig = client.link.recieve() if cmd != 'verification_result': continue msg = qcrypt.denormalize(msg) msg_vr = auth.verify_signature(client.link.secret, client.link.salt, msg, sig) vr = bool(int(msg[0])) if not msg_vr: continue if vr: print 'server verified client' else: client.link.comm.close() sys.exit() client.link.request_auth() cmd, msg, sig = client.link.recieve() if cmd != 'verify_auth': continue vr = client.link.verify_auth(msg) if not vr: client.link.comm.close() sys.exit() print 'client verified server'
def verification_result(msg, sig): msg = qcrypt.denormalize(msg) msg_vr = auth.verify_signature(self.link.secret, self.link.salt, msg, sig) vr = bool(int(msg[0])) if not msg_vr: return if vr: print 'client verified server' else: self.link.comm.close()
def __saltedhash(string, salt): sha256 = SHA256.new() sha256.update(string) sha256.update(qcrypt.denormalize(salt)) for x in xrange(HASH_REPS): sha256.update(sha256.digest()) if x % 10: sha256.update(salt) return sha256
def create_auth(secret_hash_normalized, random_str): if len(random_str)%16 != 0: raise Exception, 'not len(random_str) === 16 mod 16' aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = qcrypt.normalize(aes.encrypt(random_str)) if debug: print '\n------create_auth------' print secret_hash_normalized print ciphertext print '-----create_auth-------\n' return ciphertext
def set_pub_key(self, msg, signature): vr = auth.verify_signature(self.secret, self.salt, msg, signature) if vr: k_dict = nDDB.decode(qcrypt.denormalize(msg)) k = RSA.generate(1, os.urandom) k.__setstate__(keyfile.proc_key_dict(k_dict)) print 'public key recieved and verified' else: print 'incorrect message signature' k = None self.pub_key = k
def verify_auth(secret, salt, org_random_str, auth_normalized): xored_random_str = xor_in_pi(org_random_str) auth = qcrypt.denormalize(auth_normalized) aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC) new_random_str = aes.decrypt(auth) if debug: print '\n------verify_auth------' print saltedhash_hex(secret, salt) print qcrypt.normalize(xored_random_str) print qcrypt.normalize(new_random_str) print '------verify_auth------\n' return bool(xored_random_str == new_random_str)
def __init__(self, host='', port=21567, bufsize=4096): self.HOST = host self.PORT = port self.BUFSIZE = bufsize self.ADDR = (self.HOST, self.PORT) self.cliList = [] self.activeCli = [] self.hosts = {} self.hosts_cliNum = {} self.keyfile = keyfile.load_server_keyfile('server_key') self.pri_key = RSA.generate(1, os.urandom) self.pri_key.__setstate__(self.keyfile['key']) self.secret = qcrypt.denormalize(self.keyfile['secret']) self.salt = self.keyfile['salt'] self.users = self.keyfile['users'] self.sock_generic = SocketGeneric(self.HOST, self.PORT, self.BUFSIZE) super(tcpServer, self).__init__(self.sock_generic, self.keyfile, PillowTalkLink, GenericServer_Listener, GenericServer_ClientHandler, PillowTalkProcessor, FexibleMessageProcessor)
def save_stub_files(server_stub): secret_hash = auth.saltedhash_hex(qcrypt.denormalize(server_stub['secret']), server_stub['salt']) f = open('client_stub', 'w') f.write(secret_hash) f.close() nDDB.saveAdvanceDDB('server_stub', server_stub)
def sign_msg(secret_hash_normalized, msg): plaintext, spaces_added = qcrypt._appendSpaces(msg) aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC) ciphertext = aes.encrypt(plaintext) signature = hash_hex(ciphertext) return signature