def manage_request(self, data):
# quello che mi arriva è del tipo [OPCODE|S|C|sito|...|nonce|hash]kcs | IV
unpacked_data = utility.unpack_message(data, 4)
if(unpacked_data is None or len(unpacked_data) != 2):
utility.print_user_log(self.client_address,"Bad packet format")
return (False, 109)
encrypted_data , IV = unpacked_data
decrypted_data = utility.decrypt_AES(encrypted_data, self.session_key, IV)
if decrypted_data is None:
return (False, 102)
#print decrypted_data
decrypted_fields = utility.unpack_message(decrypted_data, 4)
if decrypted_data is None:
utility.print_user_log(self.client_address,"Bad packet format")
return (False, 109)
data_to_hash = ''.join(decrypted_fields[:-1])
hashed_data_c = decrypted_fields[-1]
hashed_data = utility.get_hash(data_to_hash)
ret = utility.secure_cmp(hashed_data_c, hashed_data)
utility.print_user_log(self.client_address,"Request: %s" % decrypted_fields[0])
if ret is False:
print hexlify(hashed_data_c)
print hexlify(hashed_data)
utility.print_user_log(self.client_address,"Different hashes")
return (False, 103)
#print fields
nonce = decrypted_fields[-2]
if nonce in self.nonces:
utility.print_user_log(self.client_address, "No fresh nonce!!")
return (False, 104)
self.nonces.append(nonce)
#print fields
#execute query
response_fields = self.execute_query(decrypted_fields[:-2]) # è una lista [:-2] tutto tranne nonce hash
response_fields.append(nonce) # aggiungo nonce alla lista
response = utility.concatenate(*response_fields)
hashed_response = utility.get_hash(response)
#print "hash,", hashed_response
#data_to_pack = utility.concatenate((response, hashed_response)) # concateno hash alla risposta
response_fields.append(hashed_response)
#print "RF: ",response_fields
packed_message = utility.pack_message(*response_fields)
#print packed_message
IV = os.urandom(16)
data_to_send = utility.encrypt_AES(packed_message, self.session_key, IV)
if data_to_send is None:
return (False, 106)
data_to_send = utility.pack_message(data_to_send, IV)
#print "DATA TO SEND \n", data_to_send
#un = utility.unpack_message(data_to_send, 4)
#print "ENC",un[0]
#print "IV", un[1]
utility.print_user_log(self.client_address, 'Response: '+ response_fields[0])
return (True, data_to_send)
def message_M1(self):
utility.print_user_log(self.client_address,"Waiting for M1...")
response_m1 = utility.recv_data(self.request, 0)
#print response_m1
if response_m1 is None:
utility.print_user_log(self.client_address,"client disconnected")
return 201
#print "...OK"
unpack_m1 = utility.unpack_message(response_m1, 4)
if len(unpack_m1) != 1:
return None
#utility.print_user_log(self.client_address, 'UNPACK M1 '+unpack_m1)
self.client_ID = unpack_m1[0]
print 'ClientID: ',self.client_ID,'is connecting from: ', self.client_address
return True
def message_M3(self):
priv_key = utility.load_priv_key('server_prvkey_1')
if priv_key is None:
utility.print_user_log(self.client_address,'[ERROR]Some errors occured reading the key')
return None
utility.print_user_log(self.client_address,'Private key loaded')
# waiting for M3
utility.print_user_log(self.client_address,"Waiting for M3...")
data_recv = utility.recv_data(self.request,0)
if data_recv is None:
utility.print_user_log(self.client_address, "[ERROR] Client disconnected during M3")
return None
utility.print_user_log(self.client_address, "Received M3..")
encrypted_data = bytes(data_recv)
decrypted_data = utility.decrypt_RSA(encrypted_data, priv_key)
if decrypted_data is None:
utility.print_user_log(self.client_address, '[ERROR] some errors occured decrypting the data')
return None
try:
''' print '_____________________________________'
print decrypted_data
print '_____________________________________' '''
fields = utility.unpack_message(decrypted_data, 4)
#print fields
if len(fields) != 8:
return None
# Manca TYPE | ...
opcode, server_prot_ID,client_prot_ID, client_pass,session_key, nonce_prot_s, self.nonce_prot_c, hashed_data_c = fields
except IndexError:
utility.print_user_log(self.client_address, '[ERROR] incorrect message format')
return None
''' for i in fields:
print hexlify( i), "\n" '''
data_to_hash = ''.join(fields[0:7])
hashed_data = utility.get_hash(data_to_hash)
ret = utility.secure_cmp(hashed_data, hashed_data_c)
#print hexlify(hashed_data)
#print hexlify(hashed_data_c)
if (ret is False):
utility.print_user_log(self.client_address, '[ERROR] Packet Hashes do not match')
del session_key
return None
ret = utility.secure_cmp(self.nonce_s, nonce_prot_s)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Server Nonce is not fresh!')
del session_key
return None
#print '1'
ret = utility.secure_cmp(self.client_ID, client_prot_ID)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Client IDs do not match')
del session_key
return None
#print '2'
ret = utility.secure_cmp(self.server_ID, server_prot_ID)
if(ret is False):
utility.print_user_log(self.client_address, '[ERROR] Serve IDs do not match')
del session_key
return None
#return (opcode, session_key, nonce_prot_c, client_pass)
# =================================================================
if opcode == 'LOG':
utility.print_user_log(self.client_address, "LOGIN REQUEST")
# KDF(salted) e ricerca hash in database
db = DB.Database()
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address, '[ERROR] Error during connecting to DB '+ str(ret[1]))
del session_key
return None
user_config = db.find_user_config(self.client_ID, 'users')
db.disconnect()
if user_config == None:
utility.print_user_log(self.client_address, '[ERROR] No user config found with ID: %s' % self.client_ID )
del session_key
return None
ID, hash_pwd, salt_hash = user_config
hashed_pwd = bytes(hash_pwd)
#print hash_pwd, hashed_pwd
#print hexlify(hashed_pwd)
#kdf = utility.get_kdf(client_pass, salt_kdf)
#hashed_kdf = utility.get_hash(kdf, salt_hash)
#if hashed_kdf == None:
# utility.print_user_log(self.client_address, '[ERROR] Error during KDF creation')
# del session_key
# return None
# Check importante, hashed_kdf é l'hash della kdf della password che mi invia l'utente
# hashed_pwd é l'hash della kdf della password che ho nel DB
hash_pwd_c = utility.get_hash(client_pass, salt_hash)
ret = utility.secure_cmp(hashed_pwd, hash_pwd_c)
if ret == False:
utility.print_user_log(self.client_address, '[ERROR] Password hashes do not match')
del session_key
return None
# =====================================================================
# REG ===============================================================
elif opcode == 'REG':
utility.print_user_log(self.client_address,'SIGNIN REQUEST')
db = DB.Database()
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR CONNECT] '+ str(ret[0]))
del session_key
return None
user_config = db.find_user_config(self.client_ID, 'users')
db.disconnect()
if user_config != None:
utility.print_user_log(self.client_address,'[ERROR CONFIG] User: '******' already present')
del session_key
return 203
# bytes salts
salt_hash = os.urandom(16)
#kdf = utility.get_kdf(client_pass, salt_kdf)
#hashed_kdf = utility.get_hash(kdf, salt_hash)
hashed_pwd = utility.get_hash(client_pass, salt_hash)
#print hashed_kdf
''' if hashed_kdf == None:
utility.print_user_log(self.client_address,'[ERROR] Error during KDF creation')
del session_key
return None '''
ret = db.connect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR] Error during connecting to DB '+ str(ret[1]))
del session_key
return None
ret = db.add_user('users',self.client_ID, hashed_pwd, salt_hash)
db.disconnect()
if ret[0] == False:
utility.print_user_log(self.client_address,'[ERROR] Error during user add ' + ret[1])
del session_key
return None
else:
del session_key
return None
self.session_key = session_key
#self.client_key = kdf
self.database = db
self.nonces = []
return True