def __init__(self, comm, keyfile):
self.comm = comm
self.keyfile = keyfile
if keyfile.has_key('user'):
if keyfile['user'].has_key('secret'): self.secret = qcrypt.denormalize(keyfile['user']['secret'])
else: self.secret = None
if keyfile['user'].has_key('salt'): self.salt = keyfile['user']['salt']
else: self.salt = None
else:
if keyfile.has_key('secret'): self.secret = qcrypt.denormalize( keyfile['secret'])
else: self.secret = None
if keyfile.has_key('salt'): self.salt = keyfile['salt']
else: self.salt = None
if keyfile.has_key('server_secret_hash'): self.partner_secret_hash = keyfile['server_secret_hash']
else: self.partner_secret_hash = None
if keyfile.has_key('key'):
self.pri_key = RSA.generate(1, os.urandom)
self.pri_key.__setstate__(self.keyfile['key'])
else: self.pri_key = None
# if self.secret != None: print 'secret', qcrypt.normalize(self.secret)
# else: print self.secret
# print 'salt', self.salt
# print 'psh', self.partner_secret_hash
# if self.secret != None: print 'hash', auth.saltedhash_hex(self.secret, self.salt)
self.name = None
self.pub_key = None
self.auth_msg = None
self.authenticated = None
self.aes_key = None
self.key_agreement = False
def sign_auth(secret, salt, secret_hash_normalized, auth_normalized):
auth = qcrypt.denormalize(auth_normalized)
aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
plaintext = aes.decrypt(auth)
new_plaintext = xor_in_pi(plaintext)
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = qcrypt.normalize(aes.encrypt(new_plaintext))
if debug:
print '\n------sign_auth------'
print saltedhash_hex(secret, salt)
print secret_hash_normalized
print ciphertext
print '-----sign_auth-------\n'
return ciphertext
def PillowTalkActivator(client):
client.link.name = client.keyfile['user']['login_name']
while not (client.commGeneric.closed or client.link.authenticated):
client.link.begin_auth(client.link.name)
cmd, msg, sig = client.link.recieve()
if cmd != 'sign_auth': continue
client.link.sign_auth(msg)
cmd, msg, sig = client.link.recieve()
if cmd != 'verification_result': continue
msg = qcrypt.denormalize(msg)
msg_vr = auth.verify_signature(client.link.secret, client.link.salt, msg, sig)
vr = bool(int(msg[0]))
if not msg_vr: continue
if vr: print 'server verified client'
else:
client.link.comm.close()
sys.exit()
client.link.request_auth()
cmd, msg, sig = client.link.recieve()
if cmd != 'verify_auth': continue
vr = client.link.verify_auth(msg)
if not vr:
client.link.comm.close()
sys.exit()
print 'client verified server'
def verification_result(msg, sig):
msg = qcrypt.denormalize(msg)
msg_vr = auth.verify_signature(self.link.secret, self.link.salt, msg, sig)
vr = bool(int(msg[0]))
if not msg_vr: return
if vr: print 'client verified server'
else: self.link.comm.close()
def __saltedhash(string, salt):
sha256 = SHA256.new()
sha256.update(string)
sha256.update(qcrypt.denormalize(salt))
for x in xrange(HASH_REPS):
sha256.update(sha256.digest())
if x % 10: sha256.update(salt)
return sha256
def create_auth(secret_hash_normalized, random_str):
if len(random_str)%16 != 0: raise Exception, 'not len(random_str) === 16 mod 16'
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = qcrypt.normalize(aes.encrypt(random_str))
if debug:
print '\n------create_auth------'
print secret_hash_normalized
print ciphertext
print '-----create_auth-------\n'
return ciphertext
def set_pub_key(self, msg, signature):
vr = auth.verify_signature(self.secret, self.salt, msg, signature)
if vr:
k_dict = nDDB.decode(qcrypt.denormalize(msg))
k = RSA.generate(1, os.urandom)
k.__setstate__(keyfile.proc_key_dict(k_dict))
print 'public key recieved and verified'
else:
print 'incorrect message signature'
k = None
self.pub_key = k
def verify_auth(secret, salt, org_random_str, auth_normalized):
xored_random_str = xor_in_pi(org_random_str)
auth = qcrypt.denormalize(auth_normalized)
aes = AES.new(saltedhash_bin(secret, salt), AES.MODE_CBC)
new_random_str = aes.decrypt(auth)
if debug:
print '\n------verify_auth------'
print saltedhash_hex(secret, salt)
print qcrypt.normalize(xored_random_str)
print qcrypt.normalize(new_random_str)
print '------verify_auth------\n'
return bool(xored_random_str == new_random_str)
def __init__(self, host='', port=21567, bufsize=4096):
self.HOST = host
self.PORT = port
self.BUFSIZE = bufsize
self.ADDR = (self.HOST, self.PORT)
self.cliList = []
self.activeCli = []
self.hosts = {}
self.hosts_cliNum = {}
self.keyfile = keyfile.load_server_keyfile('server_key')
self.pri_key = RSA.generate(1, os.urandom)
self.pri_key.__setstate__(self.keyfile['key'])
self.secret = qcrypt.denormalize(self.keyfile['secret'])
self.salt = self.keyfile['salt']
self.users = self.keyfile['users']
self.sock_generic = SocketGeneric(self.HOST, self.PORT, self.BUFSIZE)
super(tcpServer, self).__init__(self.sock_generic, self.keyfile, PillowTalkLink,
GenericServer_Listener, GenericServer_ClientHandler,
PillowTalkProcessor, FexibleMessageProcessor)
def save_stub_files(server_stub):
secret_hash = auth.saltedhash_hex(qcrypt.denormalize(server_stub['secret']), server_stub['salt'])
f = open('client_stub', 'w')
f.write(secret_hash)
f.close()
nDDB.saveAdvanceDDB('server_stub', server_stub)
def sign_msg(secret_hash_normalized, msg):
plaintext, spaces_added = qcrypt._appendSpaces(msg)
aes = AES.new(qcrypt.denormalize(secret_hash_normalized), AES.MODE_CBC)
ciphertext = aes.encrypt(plaintext)
signature = hash_hex(ciphertext)
return signature
