def __init__(self, comm, keyfile):
     self.comm = comm
     self.keyfile = keyfile
     
     if keyfile.has_key('user'):
         if keyfile['user'].has_key('secret'): self.secret = qcrypt.denormalize(keyfile['user']['secret'])
         else: self.secret = None
         if keyfile['user'].has_key('salt'): self.salt = keyfile['user']['salt']
         else: self.salt = None
     else:
         if keyfile.has_key('secret'): self.secret = qcrypt.denormalize( keyfile['secret'])
         else: self.secret = None
         if keyfile.has_key('salt'): self.salt = keyfile['salt']
         else: self.salt = None
     if keyfile.has_key('server_secret_hash'): self.partner_secret_hash = keyfile['server_secret_hash']
     else: self.partner_secret_hash = None
     
     if keyfile.has_key('key'): 
         self.pri_key = RSA.generate(1, os.urandom)
         self.pri_key.__setstate__(self.keyfile['key'])
     else: self.pri_key = None
     
     # if self.secret != None: print 'secret', qcrypt.normalize(self.secret)
     # else: print self.secret
     # print 'salt', self.salt
     # print 'psh', self.partner_secret_hash
     # if self.secret != None: print 'hash', auth.saltedhash_hex(self.secret, self.salt)
     
     self.name = None
     self.pub_key = None
     self.auth_msg = None
     self.authenticated = None
     self.aes_key = None
     self.key_agreement = False
Esempio n. 2
0
def sign_auth(secret, salt, secret_hash_normalized, auth_normalized):
    auth = qcrypt.denormalize(auth_normalized)
    aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
    plaintext = aes.decrypt(auth)
    new_plaintext = xor_in_pi(plaintext)
    aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
    ciphertext = qcrypt.normalize(aes.encrypt(new_plaintext))
    if debug:
        print '\n------sign_auth------'
        print saltedhash_hex(secret, salt)
        print secret_hash_normalized
        print ciphertext
        print '-----sign_auth-------\n'
    return ciphertext
def PillowTalkActivator(client):
    client.link.name = client.keyfile['user']['login_name']
    while not (client.commGeneric.closed or client.link.authenticated):
        client.link.begin_auth(client.link.name)
        cmd, msg, sig = client.link.recieve()
        if cmd != 'sign_auth': continue
        client.link.sign_auth(msg)
        cmd, msg, sig = client.link.recieve()
        if cmd != 'verification_result': continue
        msg = qcrypt.denormalize(msg)
        msg_vr = auth.verify_signature(client.link.secret, client.link.salt, msg, sig)
        vr = bool(int(msg[0]))
        if not msg_vr: continue
        if vr: print 'server verified client'
        else: 
            client.link.comm.close()
            sys.exit()
        
        client.link.request_auth()
        cmd, msg, sig = client.link.recieve()
        if cmd != 'verify_auth': continue
        vr = client.link.verify_auth(msg)
        if not vr:
            client.link.comm.close()
            sys.exit()
        print 'client verified server'
 def verification_result(msg, sig):
     msg = qcrypt.denormalize(msg)
     msg_vr = auth.verify_signature(self.link.secret, self.link.salt, msg, sig)
     vr = bool(int(msg[0]))
     if not msg_vr: return
     if vr: print 'client verified server'
     else: self.link.comm.close()
Esempio n. 5
0
def __saltedhash(string, salt):
    sha256 = SHA256.new()
    sha256.update(string)
    sha256.update(qcrypt.denormalize(salt))
    for x in xrange(HASH_REPS): 
        sha256.update(sha256.digest())
        if x % 10: sha256.update(salt)
    return sha256
Esempio n. 6
0
def create_auth(secret_hash_normalized, random_str):
    if len(random_str)%16 != 0: raise Exception, 'not len(random_str) === 16 mod 16'
    aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
    ciphertext = qcrypt.normalize(aes.encrypt(random_str))
    if debug:
        print '\n------create_auth------'
        print secret_hash_normalized
        print ciphertext
        print '-----create_auth-------\n'
    return ciphertext
 def set_pub_key(self, msg, signature):
     vr = auth.verify_signature(self.secret, self.salt, msg, signature)
     if vr:
         k_dict = nDDB.decode(qcrypt.denormalize(msg))
         k = RSA.generate(1, os.urandom)
         k.__setstate__(keyfile.proc_key_dict(k_dict))
         print 'public key recieved and verified'
     else:
         print 'incorrect message signature'
         k = None
     self.pub_key = k
Esempio n. 8
0
def verify_auth(secret, salt, org_random_str, auth_normalized):
    xored_random_str = xor_in_pi(org_random_str)
    auth = qcrypt.denormalize(auth_normalized)
    aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
    new_random_str = aes.decrypt(auth)
    if debug:
        print '\n------verify_auth------'
        print saltedhash_hex(secret, salt)
        print qcrypt.normalize(xored_random_str)
        print qcrypt.normalize(new_random_str)
        print '------verify_auth------\n'
    return bool(xored_random_str == new_random_str)
Esempio n. 9
0
 def __init__(self, host='', port=21567, bufsize=4096):
     self.HOST = host
     self.PORT = port
     self.BUFSIZE = bufsize
     self.ADDR = (self.HOST, self.PORT)
     self.cliList = []
     self.activeCli = []
     self.hosts = {}
     self.hosts_cliNum = {}
     
     self.keyfile = keyfile.load_server_keyfile('server_key')
     self.pri_key = RSA.generate(1, os.urandom)
     self.pri_key.__setstate__(self.keyfile['key'])
     
     self.secret = qcrypt.denormalize(self.keyfile['secret'])
     self.salt = self.keyfile['salt']
     
     self.users = self.keyfile['users']
     
     self.sock_generic = SocketGeneric(self.HOST, self.PORT, self.BUFSIZE)
     
     super(tcpServer, self).__init__(self.sock_generic, self.keyfile, PillowTalkLink,
                                     GenericServer_Listener, GenericServer_ClientHandler, 
                                     PillowTalkProcessor, FexibleMessageProcessor)
Esempio n. 10
0
def save_stub_files(server_stub):
    secret_hash = auth.saltedhash_hex(qcrypt.denormalize(server_stub['secret']), server_stub['salt'])
    f = open('client_stub', 'w')
    f.write(secret_hash)
    f.close()
    nDDB.saveAdvanceDDB('server_stub', server_stub)
Esempio n. 11
0
def sign_msg(secret_hash_normalized, msg):
    plaintext, spaces_added = qcrypt._appendSpaces(msg)
    aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
    ciphertext = aes.encrypt(plaintext)
    signature = hash_hex(ciphertext)
    return signature