def mitm(client_sock):
# client will send the value B**(a + ux)
# I can't think of any possible way to get the a value completely out
# of the calculation while only knowing G**a and not a
# so setting u = 1 and B = generator, this will give G**a * G**x as the value the client
# will be use as S for generating the key K in the HMAC computation.
# Full attack:
# for likely passwords pw, do the following,
# calculate x = H(salt || pw) for known salt, calculate G**x and use client value G**a to
# create potential S. take k = H(S) and compute HMAC(key, salt) and check this against client
# output
u = 1
B = CP36.GENERATOR
salt = ("000").encode()
# run interaction with client
client_msg = (net_utils.receive_msg(client_sock)).decode("utf-8")
if ":" in client_msg:
switch_val, actual_msg = client_msg.split(":")
else:
switch_val = client_msg
if switch_val == "AUTH_ATTEMPT":
client_share, email = actual_msg.split(',')
client_share = int(client_share.lstrip('('))
email = email.rstrip(')')
server_msg = "({},{},{})".format(salt, B, u)
if not net_utils.send_msg(server_msg, client_sock):
raise ValueError("Failed writing to pipe")
client_hmac_val = net_utils.receive_msg(client_sock)
net_utils.send_msg("FAILED", client_sock)
print("Beginning dictionary attack... ")
res = offline_attack(client_share, salt, client_hmac_val, PASSWORD_DICT)
if res:
print("Found password used by victim: {}".format(res))
else:
print("Was unable to find password")
else:
send_msg("FAILED", client_sock)
return
return
def simple_srp(email, client_share, client_sock):
# try and receive msg from pipe
b = secrets.randbelow(CP36.MODPGROUP["1536"])
salt, v = server_user_list[email]
g_with_b = GroupOp.mod_exp(CP36.GENERATOR, b, CP36.MODPGROUP["1536"])
u = secrets.randbelow(2**128)
server_msg = "({},{},{})".format(salt, g_with_b, u)
if not net_utils.send_msg(server_msg, client_sock):
raise ValueError("Failed writing to pipe")
client_hmac_val = net_utils.receive_msg(client_sock)
total = GroupOp.mod_exp(v,u, CP36.MODPGROUP["1536"])
total = (total * client_share) % CP36.MODPGROUP["1536"]
total = GroupOp.mod_exp(total, b, CP36.MODPGROUP["1536"])
key_digest = sha256.SHA256()
key_digest.Update(bytes("{}".format(total), encoding='utf-8'))
actual_key = (key_digest.Sum()).to_bytes(256 // 8,byteorder='big')
check_against = hmac_myimpl.SHA256_HMAC(actual_key, salt)
# this comparison is very insecure
if client_hmac_val == check_against:
return True
else:
return False
return
def server_wrapper(client_sock):
client_msg = (net_utils.receive_msg(client_sock)).decode("utf-8")
if ":" in client_msg:
switch_val, actual_msg = client_msg.split(":")
else:
switch_val = client_msg
if switch_val == "CREATE_PASSWORD":
email, passw = actual_msg.split(',')
email = email.lstrip('(')
passw = passw.rstrip(')')
if email in server_user_list:
net_utils.send_msg("FAILED", client_sock)
else:
salt, v = CP37.create_password(passw)
server_user_list[email] = (salt, v)
net_utils.send_msg("SUCCESS", client_sock)
elif switch_val == "AUTH_ATTEMPT":
client_share, email = actual_msg.split(',')
client_share = int(client_share.lstrip('('))
email = email.rstrip(')')
if email in server_user_list:
auth_outcome = simple_srp(email, client_share, client_sock)
if auth_outcome:
net_utils.send_msg("SUCCESS", client_sock)
else:
net_utils.send_msg("FAILED", client_sock)
else:
net_utils.send_msg("FAILED", client_sock)
else:
net_utils.send_msg("FAILED", client_sock)
return
def server_switch(client_sock):
global SALT, v, EMAIL
client_msg = (net_utils.receive_msg(client_sock)).decode("utf-8")
if ":" in client_msg:
switch_val, actual_msg = client_msg.split(":")
else:
switch_val = client_msg
if switch_val == "CREATE_PASSWORD" and len(EMAIL) == 0:
EMAIL, password = actual_msg.split(',')
EMAIL = EMAIL.lstrip('(')
password = password.rstrip(')')
SALT, v = create_password(password)
print("Successfully created user password {}".format(EMAIL))
net_utils.send_msg("SUCCESS", client_sock)
elif switch_val == "AUTH_ATTEMPT" and len(EMAIL) != 0:
net_utils.send_msg("CONTINUE", client_sock)
auth_outcome = CP36.server_srp(client_sock, EMAIL, SALT, v)
if auth_outcome:
net_utils.send_msg("SUCCESS", client_sock)
else:
net_utils.send_msg("FAILED", client_sock)
else:
net_utils.send_msg("FAILED", client_sock)
def client():
client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_sock.connect((HOST, PROTOCOL))
# generate a needed for diffie hellman
a = secrets.randbelow(MODPGROUP["1536"])
g_with_a = GroupOp.mod_exp(GENERATOR, a, MODPGROUP["1536"])
if not net_utils.send_msg("({},{})".format(g_with_a, EMAIL), client_sock):
raise ValueError("Failed to send message")
message_received = net_utils.receive_msg(client_sock)
msg_ints = literal_eval(message_received.decode('utf-8'))
salt = msg_ints[0]
b_value = msg_ints[1]
sha_pw_digest = sha256.SHA256()
sha_pw_digest.Update(
bytes("{}||{}".format(salt, PASSWORD), encoding='utf-8'))
x_exp = sha_pw_digest.Sum()
u_digest = sha256.SHA256()
u_digest.Update(bytes("{}||{}".format(g_with_a, b_value),
encoding='utf-8'))
u = u_digest.Sum()
v_value = GroupOp.mod_exp(GENERATOR, x_exp, MODPGROUP["1536"])
total = (b_value - (K * v_value)) % MODPGROUP["1536"]
total = GroupOp.mod_exp(total, a + (x_exp * u), MODPGROUP["1536"])
key_digest = sha256.SHA256()
key_digest.Update(bytes("{}".format(total), encoding='utf-8'))
actual_key = (key_digest.Sum()).to_bytes(256 // 8, byteorder='big')
verification_check = hmac_myimpl.SHA256_HMAC(actual_key, salt)
if not net_utils.send_msg(verification_check, client_sock):
raise ValueError("Could not send over pipe")
def client(email, password, new_user=False):
client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_sock.connect((HOST,PROTOCOL))
if new_user:
msg = "CREATE_PASSWORD:({},{})".format(email, password)
if not net_utils.send_msg(msg, client_sock):
raise ValueError("Failed to send message")
# wait to receive a SUCCESSFUL from the server
server_reply = (net_utils.receive_msg(client_sock)).decode('utf-8')
if server_reply != "SUCCESS":
raise ValueError("Could not create account")
else:
print("Successfully created account")
else:
# generate a needed for diffie hellman
a = secrets.randbelow(CP36.MODPGROUP["1536"])
g_with_a = GroupOp.mod_exp(CP36.GENERATOR, a, CP36.MODPGROUP["1536"])
if not net_utils.send_msg("AUTH_ATTEMPT:({},{})".format(g_with_a, email),client_sock):
raise ValueError("Failed to send message")
message_received = net_utils.receive_msg(client_sock)
msg_ints = literal_eval(message_received.decode('utf-8'))
salt = msg_ints[0]
b_value = msg_ints[1]
u = msg_ints[2]
sha_pw_digest = sha256.SHA256()
sha_pw_digest.Update(bytes("{}||{}".format(salt, password), encoding='utf-8'))
x_exp = sha_pw_digest.Sum()
total = GroupOp.mod_exp(b_value, a + (x_exp * u), CP36.MODPGROUP["1536"])
key_digest = sha256.SHA256()
key_digest.Update(bytes("{}".format(total), encoding='utf-8'))
actual_key = (key_digest.Sum()).to_bytes(256 // 8,byteorder='big')
verification_check = hmac_myimpl.SHA256_HMAC(actual_key, salt)
if not net_utils.send_msg(verification_check, client_sock):
raise ValueError("Could not send over pipe")
msg = (net_utils.receive_msg(client_sock)).decode('utf-8')
print("Server says {}".format(msg))
print("Finishing client thread")
return
def client(email, password):
client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_sock.connect((HOST, PROTOCOL))
msg = "CREATE_PASSWORD:({},{})".format(email, password)
if not net_utils.send_msg(msg, client_sock):
raise ValueError("Failed to send message")
# wait to receive a SUCCESSFUL from the server
server_reply = (net_utils.receive_msg(client_sock)).decode('utf-8')
if server_reply != "SUCCESS":
raise ValueError("Could not create account")
return
def server_srp(client_sock, email_held, salt, v_held):
# try and receive msg from pipe
b = secrets.randbelow(MODPGROUP["1536"])
client_msg = (net_utils.receive_msg(client_sock)).decode('utf-8')
args = client_msg.split(",")
email = args[1][:-1]
client_key_share = int(args[0][1:])
if email == email_held:
g_with_b = GroupOp.mod_exp(GENERATOR, b, MODPGROUP["1536"])
maskedv = (K * v_held + g_with_b) % MODPGROUP["1536"]
server_msg = "({},{})".format(salt, maskedv)
else:
print("Server received wrong email identifier")
server_msg = "ERROR"
if not net_utils.send_msg(server_msg, client_sock):
raise ValueError("Failed writing to pipe")
client_hmac_val = net_utils.receive_msg(client_sock)
#compute local
u_hash = sha256.SHA256()
u_hash.Update(
bytes("{}||{}".format(client_key_share, maskedv), encoding='utf-8'))
u = u_hash.Sum()
total = GroupOp.mod_exp(v_held, u, MODPGROUP["1536"])
total = (total * client_key_share) % MODPGROUP["1536"]
total = GroupOp.mod_exp(total, b, MODPGROUP["1536"])
key_digest = sha256.SHA256()
key_digest.Update(bytes("{}".format(total), encoding='utf-8'))
actual_key = (key_digest.Sum()).to_bytes(256 // 8, byteorder='big')
check_against = hmac_myimpl.SHA256_HMAC(actual_key, salt)
# this comparison is very insecure
if client_hmac_val == check_against:
print("{} client succesfully authenticated".format(email_held))
return True
else:
return False
def attacker():
print("Attacker trying to authenticate")
email = input("Please enter the user you would like to authenticate as...")
# generate a needed for diffie hellman
share = input(
"Input client share (i.e. g**a) as numerical value or [number]G\n")
changed_val = False
if "G" in share:
g_with_a = CP36.MODPGROUP["1536"] * int(share[:share.index("G")])
changed_val = True
else:
g_with_a = int(share)
second_client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
second_client_sock.connect((HOST, PROTOCOL))
if not net_utils.send_msg("AUTH_ATTEMPT", second_client_sock):
raise ValueError("Failed to send message")
saw_okay = (net_utils.receive_msg(second_client_sock)).decode('utf-8')
if saw_okay != "CONTINUE":
raise ValueError("Server Error")
if not net_utils.send_msg("({},{})".format(g_with_a, email),
second_client_sock):
raise ValueError("Failed to send message")
message_received = net_utils.receive_msg(second_client_sock)
msg_ints = literal_eval(message_received.decode('utf-8'))
salt = msg_ints[0]
total = int(input("Please give integer input (i.e. S): "))
key_digest = sha256.SHA256()
key_digest.Update(bytes("{}".format(total), encoding='utf-8'))
actual_key = (key_digest.Sum()).to_bytes(256 // 8, byteorder='big')
verification_check = hmac_myimpl.SHA256_HMAC(actual_key, salt)
if not net_utils.send_msg(verification_check, second_client_sock):
raise ValueError("Could not send over pipe")
response = (net_utils.receive_msg(second_client_sock)).decode('utf-8')
print("Finishing client thread, received from server {}".format(response))