def test_print_params(self):
a = DH.gen_params(1024, 2, self.genparam_callback)
bio = BIO.MemoryBuffer()
a.print_params(bio)
params = bio.read()
assert params.find('(1024 bit)')
assert params.find('generator: 2 (0x2)')
def test_print_params(self):
a = DH.gen_params(1024, 2, self.genparam_callback)
bio = BIO.MemoryBuffer()
a.print_params(bio)
params = bio.read()
assert params.find('(1024 bit)')
assert params.find('generator: 2 (0x2)')
def __init__(self, bind_address, database):
self.database_sock = database
self.address = bind_address
self.server_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
logging.info("Generating a {}-bit prime...".format(DH_SIZE))
self.dh_params = M2DH.gen_params(DH_SIZE, 2)
logging.info('Done!')
self.clients = [] # List containing all connected clients.
self.is_online_flag = [] # Flag used by ChatServer.is_online method.
def test():
print 'generating dh params:'
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print 'p = ', ` a.p `
print 'g = ', ` a.g `
print 'a.pub =', ` a.pub `
print 'a.priv =', ` a.priv `
print 'b.pub =', ` b.pub `
print 'b.priv =', ` b.priv `
print 'a.key = ', ` a.compute_key(b.pub) `
print 'b.key = ', ` b.compute_key(a.pub) `
def test():
print "generating dh params:"
a = DH.gen_params(128, 2)
b = DH.set_params(a.p, a.g)
a.gen_key()
b.gen_key()
print "p = ", ` a.p `
print "g = ", ` a.g `
print "a.pub =", ` a.pub `
print "a.priv =", ` a.priv `
print "b.pub =", ` b.pub `
print "b.priv =", ` b.priv `
print "a.key = ", ` a.compute_key(b.pub) `
print "b.key = ", ` b.compute_key(a.pub) `
def generatePublicKey():
a = DH.gen_params(PUBLIC_KEY_SIZE, 2)
a.gen_key()
public_key = a.pub
public_key_length = len(public_key)
if public_key_length < PUBLIC_KEY_SIZE:
length = PUBLIC_KEY_SIZE - public_key_length
public_key = pack(">%dB" % length, *[0x00 for i in xrange(0, length)]) + public_key
elif public_key_length > PUBLIC_KEY_SIZE:
public_key = public_key[0:PUBLIC_KEY_SIZE]
print "public key length:", len(public_key)
return public_key
def generatePublicKey():
a = DH.gen_params(PUBLIC_KEY_SIZE, 2)
a.gen_key()
public_key = a.pub
public_key_length = len(public_key)
if public_key_length < PUBLIC_KEY_SIZE:
length = PUBLIC_KEY_SIZE - public_key_length
public_key = pack(">%dB" % length, *[0x00 for i in xrange(0, length)
]) + public_key
elif public_key_length > PUBLIC_KEY_SIZE:
public_key = public_key[0:PUBLIC_KEY_SIZE]
print "public key length:", len(public_key)
return public_key
def __init__(self, host='127.0.0.1', port=DEFAULT_PORT):
"""
Initialize a new server object.
:param host: IP address of the server
:param port: Port to use for the server
"""
print("SecureChat Sever v{}".format(__version__))
self.host = host
self.port = port
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Generate Diffie-Hellman Key Exchange Parameters
print("Generating a {}-bit prime...".format(DH_SIZE))
self.dh_params = M2DH.gen_params(DH_SIZE, 2)
print("Done!")
self.clients = []
# Start the server, break on ^C
try:
self.start()
except KeyboardInterrupt:
print("\rExiting...")
[self.disconnect(client) for client in self.clients]
self.socket.close()
sys.exit()
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
self.assertEqual(a.check_params(), 0)
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
a = DH.gen_params(1024, 2, self.genparam_callback2)
self.assertEqual(a.check_params(), 0)
def test_gen_params(self):
a = DH.gen_params(128, 2, self.genparam_callback)
assert a.check_params() == 0
def run(self):
server_start = Server.Server()
server_start.touchResultsFile()
auditlogname = './AuditLog.pkl'
if (os.path.exists(auditlogname)):
os.remove(auditlogname)
counterplname = './CounterPL.txt'
if (os.path.exists(counterplname)):
os.remove(counterplname)
# try:
# os.remove(auditlogname)
# except OSError:
# pass
# try:
# os.remove(counterplname)
# except OSError:
# pass
# read it from config file later
number_of_users = 100
print 'server thread started'
# change buffer length here in bits
buffer_length = 5000
# seeding the PRNG with 1024 random bytes from OS
M2Crypto.Rand.rand_seed (os.urandom (1024))
# host address
# myhost = 'localhost'
myhost = '' # all interfaces
# port , which is hopefully not used
myport = 4321
# number of concurrent connections to the server, will drop after that
number_of_concurrent_connections = 3
# binding a socket
bindsocket = socket.socket()
bindsocket.bind((myhost, myport))
# start listening
bindsocket.listen(number_of_concurrent_connections)
print 'listening'
# read the pickle database
databaseobject = Database.Database()
serverDB = databaseobject.readAllDataFromDatabase(number_of_users)
# now we have the database loaded in voting_database
while True:
#ZZZ remover it later
print 'inside while'
# connection part
mysocket, fromaddr = bindsocket.accept()
# wrap SSL around the socket
connstream = ssl.wrap_socket(mysocket,
server_side=True,
certfile="servercert", # server certification file
keyfile="serverkey", # server private key file
ssl_version=ssl.PROTOCOL_TLSv1) # using TLS
# deal_with_client(connstream)
print 'Client connected from address ' + str(fromaddr)
# beginning DH key exchange
# print 'beginning DH Key exchange'
# 256 = length
# 2 = generator, which is usally 2 or 5
# empty_callback : to avoid writing garbage to screen
serverDH = DH.gen_params(256, 2, RSAKeyHandling.empty_callback)
# generate the random number a, now g^a will be in serverDH.pub
serverDH.gen_key()
# now we need to send serverDH.p , serverDH.g and serverDH.pub
# first they need to be converted to base64 and then sent
connstream.sendall(base64.b64encode(serverDH.p)) # p
connstream.sendall(base64.b64encode(serverDH.g)) # g
connstream.sendall(base64.b64encode(serverDH.pub)) # g^a
# now wait for the g^b from client to computer sharedAESkey
clientDH_pub = base64.b64decode(connstream.read(buffer_length))
# compute sharedAESkey
sharedAESkey = serverDH.compute_key(clientDH_pub)
# print 'shared AES Key ', hexlify(sharedAESkey)
# now we have a 256 bit shared AES key to encrypt data with
# now we can send voterID and check for correction in order to authenticate the voter
# or send votes
# generate 16 byte chosen_IV
chosen_IV = Rand.rand_bytes(16)
# encode it to base64 (to avoid 00 bytes)
chosen_IV_inbase64 = base64.b64encode(chosen_IV)
# send it to client
connstream.sendall(chosen_IV_inbase64)
# print 'Sent chosen IV ' , hexlify(chosen_IV)
# wait for the AES_encrypted sha hash of voterID || PIN in base64
hash_inbase64 = connstream.read(buffer_length)
# print 'received encrypted_hash_inbase64 ', hash_inbase64
# decode it from base64
encrypted_hash = base64.b64decode(hash_inbase64)
# decrypt it from AES
# key = sharedAESkey
# iv = chosen_IV
hash_normal = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_hash, chosen_IV)
# print 'hash_normal ', hash_normal
# now we have the normal hash and can look up user data
####ZZZ do a print (which user connected)
print hash_normal
if hash_normal in serverDB:
print 'user in DB'
# look it up from DB
user_public_key_inbase64 = serverDB[hash_normal]['pkey']
# we dont need to convert it from base64. our code does that
# load the public rsa key into an rsakey for encryption
rsakey = RSAKeyHandling.load_public_rsakey_from_b64string(user_public_key_inbase64)
# check if he has voted
has_voted = serverDB[hash_normal]['voted']
# we dont want to immediately reject after we see that he has voted, to avoid timing attacks
# so we add the public key too anyway
# if he has voted
# send VOTED
if (has_voted == 1):
# print 'user has voted'
# send LOL_NO_WAY
# encrypt it using AES, sharedAESkey and chosen_IV
encrypted_msg = RSAKeyHandling.AES_encryptor(sharedAESkey, 'LOL_NO_WAY', chosen_IV)
# convert it to base64
encrypted_msg_inbase64 = base64.b64encode(encrypted_msg)
# send it to the server
connstream.sendall(encrypted_msg_inbase64)
# break the connection
# BYE BYE
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
else: # user has not voted and can vote
# otherwise (if the user has not voted)
# encrypt the hash_normal with public key using RSA
# padding = PKCS1
encrypted_hash_normal = rsakey.public_encrypt(hash_normal, RSA.pkcs1_padding)
# encrypt it with AES
encrypted_hash_normal = RSAKeyHandling.AES_encryptor(sharedAESkey, encrypted_hash_normal, chosen_IV)
# encode it to base64 to send
encrypted_hash_normal_inbase64 = base64.b64encode(encrypted_hash_normal)
# send it
connstream.sendall(encrypted_hash_normal_inbase64)
# print 'sent public encrypted'
else: # if he is not in DB
# send LOL_NO_WAY
# encrypt it using AES, sharedAESkey and chosen_IV
encrypted_msg = RSAKeyHandling.AES_encryptor(sharedAESkey, 'LOL_NO_WAY', chosen_IV)
# convert it to base64
encrypted_msg_inbase64 = base64.b64encode(encrypted_msg)
# send it to the server
connstream.sendall(encrypted_msg_inbase64)
# break the connection
# BYE BYE
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
# now we need to wait for votes to be sent
# read votes sent to server
encrypted_votes_inbase64 = connstream.read(buffer_length)
# decode it from base64
encrypted_votes = base64.b64decode(encrypted_votes_inbase64)
# decrypt it using AES, we will get a base64 encoding of a json string of the dictionary
try:
decrypted_votes_inbase64_json = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_votes, chosen_IV)
except:
# bad votes received
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
continue
# decode it from base64
decrypted_votes_json = base64.b64decode(decrypted_votes_inbase64_json)
# de-json it
decrypted_votes = json.loads(decrypted_votes_json)
# note in the vote log, we don't want people to vote many times, THIS IS NOT IRAN or maybe it is ? :D
serverDB[hash_normal]['voted'] = 1
# making server object to use the utility functions
myserver = Server.Server()
auditDict = {
hash_normal:{
'president': decrypted_votes['president'],
'congress' : decrypted_votes['congress'],
'counsel' : decrypted_votes['counsel']
}
}
# add votes to the DB
myserver.addToAuditLogFile(auditDict)
myserver.addToResultsFile(decrypted_votes)
# Make vote confirmation message
thankyou_msg = 'Votes OK'
# Encrypt it
encrypted_thanks = RSAKeyHandling.AES_encryptor(sharedAESkey, thankyou_msg, chosen_IV)
# convert it to base64
encrypted_thanks_inbase64 = base64.b64encode(encrypted_thanks)
# send it to the client
connstream.sendall(encrypted_thanks_inbase64)
#finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
