def connect(block=False): global block_loop block_loop = block global current_subscribe_list global current_id times = 1 while not microgear.accesstoken: get_token() time.sleep(times) times = times + 10 microgear.mqtt_client = mqtt.Client(microgear.accesstoken["token"]) current_id = '/&id/' + str(microgear.accesstoken["token"]) + '/#' current_subscribe_list.append('/&id/' + str(microgear.accesstoken["token"]) + '/#') endpoint = microgear.accesstoken["endpoint"].split("//")[1].split(":") username = microgear.gearkey + "%" + str(int(time.time())) password = hmac( microgear.accesstoken["secret"] + "&" + microgear.gearsecret, microgear.accesstoken["token"] + "%" + username) microgear.mqtt_client.username_pw_set(username, password) microgear.mqtt_client.connect(endpoint[0], int(endpoint[1]), 60) microgear.mqtt_client.on_connect = client_on_connect microgear.mqtt_client.on_message = client_on_message microgear.mqtt_client.on_publish = client_on_publish microgear.mqtt_client.on_subscribe = client_on_subscribe microgear.mqtt_client.on_disconnect = client_on_disconnect if (block): microgear.mqtt_client.loop_forever() else: microgear.mqtt_client.loop_start() while True: time.sleep(2) break
def connect(block=False): global block_loop block_loop = block global current_subscribe_list global current_id times = 1 while not microgear.accesstoken: get_token() time.sleep(times) times = times+10 microgear.mqtt_client = mqtt.Client(microgear.accesstoken["token"]) current_id = '/&id/'+str(microgear.accesstoken["token"])+'/#' current_subscribe_list.append('/&id/'+str(microgear.accesstoken["token"])+'/#') endpoint = microgear.accesstoken["endpoint"].split("//")[1].split(":") username = microgear.gearkey+"%"+str(int(time.time())) password = hmac(microgear.accesstoken["secret"]+"&"+microgear.gearsecret,microgear.accesstoken["token"]+"%"+username) microgear.mqtt_client.username_pw_set(username,password) microgear.mqtt_client.connect(endpoint[0],int(endpoint[1]), 60) microgear.mqtt_client.on_connect = client_on_connect microgear.mqtt_client.on_message = client_on_message microgear.mqtt_client.on_publish = client_on_publish microgear.mqtt_client.on_subscribe = client_on_subscribe microgear.mqtt_client.on_disconnect = client_on_disconnect if(block): microgear.mqtt_client.loop_forever() else: microgear.mqtt_client.loop_start() while True: time.sleep(2) break
def server_authenticate(connection, scret_key): message = os.urandom(32) connection.send(message) hash = hmac(scret_key, message) digest = hash.digest() response = connection.recv(len(digest)) return hmac.compare_digest(digest, response)
def test_invalid_len(self): class hmac(object): def new(self, *arg): return self def hexdigest(self): return '1234' serialized = serialize('123', 'secret123') self.assertRaises(ValueError, self._callFUT, serialized, 'secret', hmac=hmac())
def test_invalid_len(self): class hmac(object): def new(self, *arg): return self def hexdigest(self): return "1234" serialized = serialize("123", "secret123") self.assertRaises(ValueError, self._callFUT, serialized, "secret", hmac=hmac())
def _getSignature(self, secretKey, input): '''Unused currently.''' if input.get('SignatureVersion', '') != '1' : raise SimpleDBError('400 Bad Request', getRequestId(), 'UnsupportedSignatureVersion', 'Only the newer signature version 1 is supported in SimpleDB/dev.') string = '' keys = sorted(input.keys()) for key in keys: if key == 'Signature' : continue string += key+input[key] return base64.b64encode(hmac(secretKey, string, 'sha1'))
def get_accesstoken(cached): microgear.requesttoken = cached.get("requesttoken") logging.debug("Already has request token.") logging.debug("Requesting an access token.") token = oauth.Token(key=microgear.requesttoken.get("token"), secret=microgear.requesttoken.get("secret")) consumer = oauth.Consumer(key=microgear.gearkey, secret=microgear.gearsecret) client = oauth.Client(consumer, token) params = {"oauth_verifier": microgear.requesttoken["verifier"]} headers = {} method = "POST" req = oauth.Request.from_consumer_and_token( consumer, token=token, http_method=method, http_url=microgear.gearauthaccesstokenendpoint, parameters=params) req.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer, token) headers.update(req.to_header(realm="NETPIE")) h = httplib2.Http( os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), ".cache")) resp, content = h.request(microgear.gearauthaccesstokenendpoint, method=method, headers=headers) parsed_resp = parse_qs(content.decode(encoding='UTF-8')) if resp.status == 200: revokecode = hmac( parsed_resp['oauth_token_secret'][0] + "&" + microgear.gearsecret, parsed_resp['oauth_token'][0]).replace('/', '_') cached["requesttoken"] = None cached["accesstoken"] = { "token": parsed_resp['oauth_token'][0], "secret": parsed_resp['oauth_token_secret'][0], "endpoint": parsed_resp['endpoint'][0], "revokecode": revokecode } flag = parsed_resp.get('flag', ["P"]) if flag[0] == "P": cache.set_item("microgear-" + microgear.gearkey + ".cache", cached) elif flag[0] == "S": cache.set_item("microgear-" + microgear.gearkey + ".cache", {}) microgear.accesstoken = cached["accesstoken"] else: resettoken() on_error( "Access token is not issued, please check your consumerkey and consumersecret." ) logging.error( "Access token is not issued, please check your consumerkey and consumersecret." )
def get_accesstoken(cached): microgear.requesttoken = cached.get("requesttoken") logging.info("Already has request token.") logging.info("Requesting an access token.") verifier = "" url = "" path = "/oauth2/token?grant_type=authorization_code&code=" + microgear.requesttoken.get( "token" ) + "&client_id=" + microgear.gearkey + "&client_secret=" + microgear.gearsecret + "&state=mgrev:" + microgear.mgrev if microgear.securemode: url = "https://" + microgear.gearauthsite + ":" + microgear.gearapisecureport + path else: url = "http://" + microgear.gearauthsite + ":" + microgear.gearapiport + path response = requests.post(url) if response.status_code == 200: datajson = json.loads(response.text) token = datajson['access_token'].split(':') revokecode = hmac(token[1] + "&" + microgear.gearsecret, token[0]).replace('/', '_') cached["requesttoken"] = None cached["accesstoken"] = { "token": token[0], "secret": token[1], "endpoint": datajson['endpoint'], "revokecode": revokecode } flag = datajson['flag'] if flag == "P": cache.set_item("microgear-" + microgear.gearkey + ".cache", cached) elif flag == "S": cache.set_item("microgear-" + microgear.gearkey + ".cache", {}) microgear.accesstoken = cached["accesstoken"] else: resettoken() on_error( "Access token is not issued, please check your consumerkey and consumersecret." ) logging.error( "Access token is not issued, please check your consumerkey and consumersecret." )
def get_accesstoken(cached): microgear.requesttoken = cached.get("requesttoken") logging.debug("Already has request token.") logging.debug("Requesting an access token.") token = oauth.Token(key=microgear.requesttoken.get("token"), secret=microgear.requesttoken.get("secret")) consumer = oauth.Consumer(key=microgear.gearkey, secret=microgear.gearsecret) client = oauth.Client(consumer, token) params = { "oauth_verifier": microgear.requesttoken["verifier"]} headers = {} method = "POST" req = oauth.Request.from_consumer_and_token(consumer, token=token, http_method=method, http_url=microgear.gearauthaccesstokenendpoint, parameters=params) req.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer, token) headers.update(req.to_header(realm="NETPIE")) h = httplib2.Http(os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])),".cache")) resp, content = h.request(microgear.gearauthaccesstokenendpoint, method=method, headers=headers) parsed_resp = parse_qs(content.decode(encoding='UTF-8')) if resp.status == 200: revokecode = hmac(parsed_resp['oauth_token_secret'][0]+"&"+microgear.gearsecret,parsed_resp['oauth_token'][0]).replace('/','_') cached["requesttoken"] = None cached["accesstoken"] = { "token": parsed_resp['oauth_token'][0], "secret": parsed_resp['oauth_token_secret'][0], "endpoint": parsed_resp['endpoint'][0], "revokecode": revokecode } flag = parsed_resp.get('flag',["P"]) if flag[0] == "P": cache.set_item("microgear-"+microgear.gearkey+".cache", cached) elif flag[0] == "S": cache.set_item("microgear-"+microgear.gearkey+".cache", {}) microgear.accesstoken = cached["accesstoken"] else: resettoken() on_error("Access token is not issued, please check your consumerkey and consumersecret.") logging.error("Access token is not issued, please check your consumerkey and consumersecret.")
def complete_handshake(self, handshake_data): # The server's handshake reply is: # SERVER_PK Y [G_LENGTH bytes] # AUTH H(auth_input, t_mac) [H_LENGTH bytes] Y = handshake_data[: 32] # ntor data curve25519::public_key::key_size_in_bytes auth = handshake_data[32:] # ntor auth is SHA1, 32 in bytes? assert len(auth) == 32 # # The client then checks Y is in G^* [see NOTE below], and computes # secret_input = EXP(Y,x) | EXP(B,x) | ID | B | X | Y | PROTOID si = curve25519_get_shared(self._x, curve25519_public_from_bytes(Y)) si += curve25519_get_shared(self._x, self._B) si += self._fingerprint_bytes si += curve25519_to_bytes(self._B) si += curve25519_to_bytes(self._X) si += Y si += b'ntor-curve25519-sha256-1' # KEY_SEED = H(secret_input, t_key) # verify = H(secret_input, t_verify) key_seed = hmac(self.t_key, si) verify = hmac(self.t_verify, si) # auth_input = verify | ID | B | Y | X | PROTOID | "Server" ai = verify ai += self._fingerprint_bytes ai += curve25519_to_bytes(self._B) ai += Y ai += curve25519_to_bytes(self._X) ai += self.protoid ai += b'Server' # The client verifies that AUTH == H(auth_input, t_mac). if auth != hmac(self.t_mac, ai): raise NtorError('auth input does not match.') # Both parties check that none of the EXP() operations produced the # point at infinity. [NOTE: This is an adequate replacement for # checking Y for group membership, if the group is curve25519.] # Both parties now have a shared value for KEY_SEED. They expand this # into the keys needed for the Tor relay protocol, using the KDF # described in 5.2.2 and the tag m_expand. # 5.2.2. KDF-RFC5869 # For newer KDF needs, Tor uses the key derivation function HKDF from # RFC5869, instantiated with SHA256. (This is due to a construction # from Krawczyk.) The generated key material is: # K = K_1 | K_2 | K_3 | ... # Where H(x,t) is HMAC_SHA256 with value x and key t # and K_1 = H(m_expand | INT8(1) , KEY_SEED ) # and K_(i+1) = H(K_i | m_expand | INT8(i+1) , KEY_SEED ) # and m_expand is an arbitrarily chosen value, # and INT8(i) is a octet with the value "i". # In RFC5869's vocabulary, this is HKDF-SHA256 with info == m_expand, # salt == t_key, and IKM == secret_input. # WARN: length must be 92 # 72 + byte_type rend_nonce [20]; << ignored now return hkdf_sha256(key_seed, length=72, info=self.m_expand)
def hash_hmac(ac_key, text): return str(hmac(ac_key, text, sha1).digest().encode('base64')[:-1])
if e.code == 304: print "X Did not get right response yet. Trying again." pass else: raise time.sleep(1) print "X Got Server.Message3: %s" % server_three # COMPARE KEYS print "X Generating keys" # This is the 'master' key. It is E = HMAC(0x00 * 32, K) key = j.three(server_two['payload']) aes_key = hmac("Sync-AES_256_CBC-HMAC256\x01", key, algo="sha256") hmac_key = hmac(aes_key + "Sync-AES_256_CBC-HMAC256\x02", key, algo="sha256") # Check if the other side has the correct key. We do this by decrypting the payload (ciphertext/IV) with our calculated AES # key. The result should be '0123456789ABCDEF' check = decrypt(base64.b64decode(server_three['payload']['ciphertext']), aes_key, base64.b64decode(server_three['payload']['IV'])) print "X Check = %s" % binascii.hexlify(check) if check != '0123456789ABCDEF': print "X CHECK FAIL" delete(url) sys.exit(1) # Put Client.Message3
# COMPARE KEYS print "X Generating key" key = j.three(server_two['payload']) print "X Generated key: %s" % key print "X Comparing keys" print "X Desktop H(K) = %s" % sha256(sha256(key).digest()).hexdigest() print "X Mobile H(K) = %s" % server_three['payload'] if server_three['payload'] != sha256(sha256(key).digest()).hexdigest(): print "X KEY FAIL" delete(url) sys.exit(1) # Put Client.Message3 iv = '0123456780abcdef' cleartext = simplejson.dumps({ 'message': sys.argv[2] }) ciphertext = base64.b64encode(encrypt(cleartext, key, iv)) hmac_hex = binascii.hexlify(hmac(key, cleartext, algo="sha256")) payload = {'ciphertext': ciphertext, 'IV': base64.b64encode(iv), 'hmac': hmac_hex} print "X Putting Client.Message3" client_three = { 'type': 'sender3', 'payload': payload } client_three_etag = put(url, client_three) print "X Put Client.Message3 (etag=%s) %s" % (client_three_etag, client_three)
def client_authenticate(connection, scret_key): message = connection.recv(32) hash = hmac(scret_key, message) digest = hash.digest() connection.send(digest)
def POST(self): uid = web.input().login_uid pw = web.input().login_pw # DB select based on username # Will raise exception if not valid try: login_user = db.select('users', where = 'username = $uid', vars = locals())[0] except: # TODO return error mesage using ajax return render('login.html') # This will be executed if try block is executed # This is because except block returns value # Each user has a different salt # SHA256 used because it's better than default MD5 # Rehash password and check if equal to database's salt = login_user['salt'] hashed_pw = hmac(salt, pw, sha256).hexdigest() # Hashed password with user's salt matches! # Moves on to process the remember me toggle # Sets cookies accordingly # Redirects to /home if hashed_pw == login_user['pw']: # Exception checking using to-string conversion # Raises error if not remember me is not toggled try: # Remember me toggle is 'on' # 'on' as in string and literally on rmb_me = str(web.input().rmb_me) rmb_me = True # Oddly there is only 'on', no 'off' # So this will trigger an AttributeError (string) except AttributeError: rmb_me = False # Sets the cookie expiration to 3 months # Resets cookie expiration on every login if rmb_me: # make_cookie( uid, hashed_pw, salt ) # cookie = uid|hashed_pw|salt web.setcookie('login_info', make_cookie(uid, hashed_pw), 7776000) # Sets uid_login to hashed_pw for later confirmation memcache.set(uid + '_login', hashed_pw) raise web.seeother('/home') # Session only login, remember me is False else: web.setcookie('login_info', make_cookie(uid, hashed_pw)) # Sets uid_login to hashed_pw for later confirmation memcache.set(uid + '_login', hashed_pw) raise web.seeother('/home') # Input password does not match the one in database # Renders the html with notice else: # TODO do this rendering with Ajax request return render('login.html')