def receive(self): """ Receive and decrypt data and populate the received entry field. """ if self.connector is None: return encrypted = self.connector.receive() if encrypted: self.logger.info('Encrypted data, received: ' + connector.bytestring_as_hex_string(encrypted)) msg_bytes = aes.aes_decrypt(encrypted[:-32], self.session_key) message = bytes(msg_bytes) self.logger.info('Decrypted message: ' + str(message)) mac_val = encrypted[-16:] mac_iv = encrypted[-32:-16] verified = mac.check_mac(message, mac_val, MAC_KEY, mac_iv) if verified: self.logger.info('MAC check SUCCESS') self.received_entry.delete(0, END) self.received_entry.insert(0, message) else: self.logger.info.info("MAC check FAILURE")
def connect(host, port, shared_value, is_server): """ Connect to the host:port with the Diffie-Hellman exchange, making sure to authenticate the connection. """ global MAC_KEY ctr = None if port: ctr = connector.Connector(is_server, host, port) else: ctr = connector.Connector(is_server, host) # Generate a 16 byte key, from a hash of the shared secret value. # Then use that value, to encrypt a Diffie-Hellman exchange to # ensure Perfect Forward Secrecy. md5_key = hashlib.md5() shared_val = shared_value.encode('utf-8') md5_key.update(shared_val) long_term_key = md5_key.digest() md5_key = hashlib.md5() md5_key.update(long_term_key) MAC_KEY = md5_key.digest() ctr.connect() session_key = [] if not is_server: #Client Authenticated DH exchange # Send initial DH trigger message logging.getLogger().info('Sending initial authentication message') client_dh_init_msg = dh_auth.gen_auth_msg() ctr.send(bytes(client_dh_init_msg)) # Receive server authentication response logging.getLogger().info('Waiting for server authentication response') rcv_server_public_transport = ctr.receive_wait() rcv_server_nonce = rcv_server_public_transport[:16] rcv_server_dh_data_encrypted = rcv_server_public_transport[16:] # Send back client authentication response logging.getLogger().info('Sending client authentication response') client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce) client_dh_data_tup = dh_auth.gen_public_transport(long_term_key, client_auth_msg) client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX] ctr.send(bytes(client_public_transport)) # Authenticate received data from server logging.getLogger().info('Authenticating data received from server') expect_rcv_server_id = [int(byte) for byte in host.split('.')] expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[4:] logging.getLogger().info('Generating session key') session_key = dh_auth.gen_session_key(rcv_server_dh_data_encrypted, client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_server_auth_msg) else: #Server Authenticated DH exchange # Receive initial DH trigger message logging.getLogger().info('Waiting for initial authentication message') rcv_client_dh_data = ctr.receive_wait() rcv_client_id = rcv_client_dh_data[:4] rcv_client_nonce = rcv_client_dh_data[4:] # send response logging.getLogger().info('Sending server authentication response') server_nonce = dh_auth.gen_nonce() server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce) server_dh_data_tup = dh_auth.gen_public_transport(long_term_key, server_auth_msg) server_public_transport = server_nonce + server_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX] ctr.send(bytes(server_public_transport)) # Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted logging.getLogger().info('Waiting for client authentication response') rcv_client_public_transport = ctr.receive_wait() # Authenticate received data from client logging.getLogger().info('Authenticating client response') expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce) session_key = dh_auth.gen_session_key(rcv_client_public_transport, server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_client_auth_msg) if session_key == 0: logging.getLogger().info('Failed to authenticate: session key invalid') else: logging.getLogger().info('Authenticated with session key: ' + connector.bytestring_as_hex_string(session_key)) # Enforce Perfect Forward Security by forgetting local exponent client_dh_data_tup = (0,0) server_dh_data_tup = (0,0) return (session_key, ctr)
def connect(host, port, shared_value, is_server): """ Connect to the host:port with the Diffie-Hellman exchange, making sure to authenticate the connection. """ global MAC_KEY ctr = None if port: ctr = connector.Connector(is_server, host, port) else: ctr = connector.Connector(is_server, host) # Generate a 16 byte key, from a hash of the shared secret value. # Then use that value, to encrypt a Diffie-Hellman exchange to # ensure Perfect Forward Secrecy. md5_key = hashlib.md5() shared_val = shared_value.encode('utf-8') md5_key.update(shared_val) long_term_key = md5_key.digest() md5_key = hashlib.md5() md5_key.update(long_term_key) MAC_KEY = md5_key.digest() ctr.connect() session_key = [] if not is_server: #Client Authenticated DH exchange # Send initial DH trigger message logging.getLogger().info('Sending initial authentication message') client_dh_init_msg = dh_auth.gen_auth_msg() ctr.send(bytes(client_dh_init_msg)) # Receive server authentication response logging.getLogger().info('Waiting for server authentication response') rcv_server_public_transport = ctr.receive_wait() rcv_server_nonce = rcv_server_public_transport[:16] rcv_server_dh_data_encrypted = rcv_server_public_transport[16:] # Send back client authentication response logging.getLogger().info('Sending client authentication response') client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce) client_dh_data_tup = dh_auth.gen_public_transport( long_term_key, client_auth_msg) client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX] ctr.send(bytes(client_public_transport)) # Authenticate received data from server logging.getLogger().info('Authenticating data received from server') expect_rcv_server_id = [int(byte) for byte in host.split('.')] expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[ 4:] logging.getLogger().info('Generating session key') session_key = dh_auth.gen_session_key( rcv_server_dh_data_encrypted, client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_server_auth_msg) else: #Server Authenticated DH exchange # Receive initial DH trigger message logging.getLogger().info('Waiting for initial authentication message') rcv_client_dh_data = ctr.receive_wait() rcv_client_id = rcv_client_dh_data[:4] rcv_client_nonce = rcv_client_dh_data[4:] # send response logging.getLogger().info('Sending server authentication response') server_nonce = dh_auth.gen_nonce() server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce) server_dh_data_tup = dh_auth.gen_public_transport( long_term_key, server_auth_msg) server_public_transport = server_nonce + server_dh_data_tup[ dh_auth.PUB_TRANSPORT_IDX] ctr.send(bytes(server_public_transport)) # Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted logging.getLogger().info('Waiting for client authentication response') rcv_client_public_transport = ctr.receive_wait() # Authenticate received data from client logging.getLogger().info('Authenticating client response') expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce) session_key = dh_auth.gen_session_key( rcv_client_public_transport, server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_client_auth_msg) if session_key == 0: logging.getLogger().info('Failed to authenticate: session key invalid') else: logging.getLogger().info( 'Authenticated with session key: ' + connector.bytestring_as_hex_string(session_key)) # Enforce Perfect Forward Security by forgetting local exponent client_dh_data_tup = (0, 0) server_dh_data_tup = (0, 0) return (session_key, ctr)