def receive(self):
"""
Receive and decrypt data and populate the received entry field.
"""
if self.connector is None:
return
encrypted = self.connector.receive()
if encrypted:
self.logger.info('Encrypted data, received: ' + connector.bytestring_as_hex_string(encrypted))
msg_bytes = aes.aes_decrypt(encrypted[:-32], self.session_key)
message = bytes(msg_bytes)
self.logger.info('Decrypted message: ' + str(message))
mac_val = encrypted[-16:]
mac_iv = encrypted[-32:-16]
verified = mac.check_mac(message, mac_val, MAC_KEY, mac_iv)
if verified:
self.logger.info('MAC check SUCCESS')
self.received_entry.delete(0, END)
self.received_entry.insert(0, message)
else:
self.logger.info.info("MAC check FAILURE")
def receive(self):
"""
Receive and decrypt data and populate the received entry field.
"""
if self.connector is None:
return
encrypted = self.connector.receive()
if encrypted:
self.logger.info('Encrypted data, received: ' +
connector.bytestring_as_hex_string(encrypted))
msg_bytes = aes.aes_decrypt(encrypted[:-32], self.session_key)
message = bytes(msg_bytes)
self.logger.info('Decrypted message: ' + str(message))
mac_val = encrypted[-16:]
mac_iv = encrypted[-32:-16]
verified = mac.check_mac(message, mac_val, MAC_KEY, mac_iv)
if verified:
self.logger.info('MAC check SUCCESS')
self.received_entry.delete(0, END)
self.received_entry.insert(0, message)
else:
self.logger.info.info("MAC check FAILURE")
def connect(host, port, shared_value, is_server):
"""
Connect to the host:port with the Diffie-Hellman exchange, making sure to
authenticate the connection.
"""
global MAC_KEY
ctr = None
if port:
ctr = connector.Connector(is_server, host, port)
else:
ctr = connector.Connector(is_server, host)
# Generate a 16 byte key, from a hash of the shared secret value.
# Then use that value, to encrypt a Diffie-Hellman exchange to
# ensure Perfect Forward Secrecy.
md5_key = hashlib.md5()
shared_val = shared_value.encode('utf-8')
md5_key.update(shared_val)
long_term_key = md5_key.digest()
md5_key = hashlib.md5()
md5_key.update(long_term_key)
MAC_KEY = md5_key.digest()
ctr.connect()
session_key = []
if not is_server:
#Client Authenticated DH exchange
# Send initial DH trigger message
logging.getLogger().info('Sending initial authentication message')
client_dh_init_msg = dh_auth.gen_auth_msg()
ctr.send(bytes(client_dh_init_msg))
# Receive server authentication response
logging.getLogger().info('Waiting for server authentication response')
rcv_server_public_transport = ctr.receive_wait()
rcv_server_nonce = rcv_server_public_transport[:16]
rcv_server_dh_data_encrypted = rcv_server_public_transport[16:]
# Send back client authentication response
logging.getLogger().info('Sending client authentication response')
client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce)
client_dh_data_tup = dh_auth.gen_public_transport(long_term_key, client_auth_msg)
client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
ctr.send(bytes(client_public_transport))
# Authenticate received data from server
logging.getLogger().info('Authenticating data received from server')
expect_rcv_server_id = [int(byte) for byte in host.split('.')]
expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[4:]
logging.getLogger().info('Generating session key')
session_key = dh_auth.gen_session_key(rcv_server_dh_data_encrypted, client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_server_auth_msg)
else:
#Server Authenticated DH exchange
# Receive initial DH trigger message
logging.getLogger().info('Waiting for initial authentication message')
rcv_client_dh_data = ctr.receive_wait()
rcv_client_id = rcv_client_dh_data[:4]
rcv_client_nonce = rcv_client_dh_data[4:]
# send response
logging.getLogger().info('Sending server authentication response')
server_nonce = dh_auth.gen_nonce()
server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce)
server_dh_data_tup = dh_auth.gen_public_transport(long_term_key, server_auth_msg)
server_public_transport = server_nonce + server_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
ctr.send(bytes(server_public_transport))
# Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted
logging.getLogger().info('Waiting for client authentication response')
rcv_client_public_transport = ctr.receive_wait()
# Authenticate received data from client
logging.getLogger().info('Authenticating client response')
expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce)
session_key = dh_auth.gen_session_key(rcv_client_public_transport, server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key, expect_rcv_client_auth_msg)
if session_key == 0:
logging.getLogger().info('Failed to authenticate: session key invalid')
else:
logging.getLogger().info('Authenticated with session key: ' + connector.bytestring_as_hex_string(session_key))
# Enforce Perfect Forward Security by forgetting local exponent
client_dh_data_tup = (0,0)
server_dh_data_tup = (0,0)
return (session_key, ctr)
def connect(host, port, shared_value, is_server):
"""
Connect to the host:port with the Diffie-Hellman exchange, making sure to
authenticate the connection.
"""
global MAC_KEY
ctr = None
if port:
ctr = connector.Connector(is_server, host, port)
else:
ctr = connector.Connector(is_server, host)
# Generate a 16 byte key, from a hash of the shared secret value.
# Then use that value, to encrypt a Diffie-Hellman exchange to
# ensure Perfect Forward Secrecy.
md5_key = hashlib.md5()
shared_val = shared_value.encode('utf-8')
md5_key.update(shared_val)
long_term_key = md5_key.digest()
md5_key = hashlib.md5()
md5_key.update(long_term_key)
MAC_KEY = md5_key.digest()
ctr.connect()
session_key = []
if not is_server:
#Client Authenticated DH exchange
# Send initial DH trigger message
logging.getLogger().info('Sending initial authentication message')
client_dh_init_msg = dh_auth.gen_auth_msg()
ctr.send(bytes(client_dh_init_msg))
# Receive server authentication response
logging.getLogger().info('Waiting for server authentication response')
rcv_server_public_transport = ctr.receive_wait()
rcv_server_nonce = rcv_server_public_transport[:16]
rcv_server_dh_data_encrypted = rcv_server_public_transport[16:]
# Send back client authentication response
logging.getLogger().info('Sending client authentication response')
client_auth_msg = dh_auth.gen_auth_msg(rcv_server_nonce)
client_dh_data_tup = dh_auth.gen_public_transport(
long_term_key, client_auth_msg)
client_public_transport = client_dh_data_tup[dh_auth.PUB_TRANSPORT_IDX]
ctr.send(bytes(client_public_transport))
# Authenticate received data from server
logging.getLogger().info('Authenticating data received from server')
expect_rcv_server_id = [int(byte) for byte in host.split('.')]
expect_rcv_server_auth_msg = expect_rcv_server_id + client_dh_init_msg[
4:]
logging.getLogger().info('Generating session key')
session_key = dh_auth.gen_session_key(
rcv_server_dh_data_encrypted,
client_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key,
expect_rcv_server_auth_msg)
else:
#Server Authenticated DH exchange
# Receive initial DH trigger message
logging.getLogger().info('Waiting for initial authentication message')
rcv_client_dh_data = ctr.receive_wait()
rcv_client_id = rcv_client_dh_data[:4]
rcv_client_nonce = rcv_client_dh_data[4:]
# send response
logging.getLogger().info('Sending server authentication response')
server_nonce = dh_auth.gen_nonce()
server_auth_msg = dh_auth.gen_auth_msg(rcv_client_nonce)
server_dh_data_tup = dh_auth.gen_public_transport(
long_term_key, server_auth_msg)
server_public_transport = server_nonce + server_dh_data_tup[
dh_auth.PUB_TRANSPORT_IDX]
ctr.send(bytes(server_public_transport))
# Receive client authentication response - client_public_transport is the same as rcv_client_dh_data_encrypted
logging.getLogger().info('Waiting for client authentication response')
rcv_client_public_transport = ctr.receive_wait()
# Authenticate received data from client
logging.getLogger().info('Authenticating client response')
expect_rcv_client_auth_msg = list(rcv_client_id) + list(server_nonce)
session_key = dh_auth.gen_session_key(
rcv_client_public_transport,
server_dh_data_tup[dh_auth.LOC_EXPONENT_IDX], long_term_key,
expect_rcv_client_auth_msg)
if session_key == 0:
logging.getLogger().info('Failed to authenticate: session key invalid')
else:
logging.getLogger().info(
'Authenticated with session key: ' +
connector.bytestring_as_hex_string(session_key))
# Enforce Perfect Forward Security by forgetting local exponent
client_dh_data_tup = (0, 0)
server_dh_data_tup = (0, 0)
return (session_key, ctr)
