def process_monitor_directive(line): """takes directive and returns command if response is needed""" global cookie global mycipher global authcomplete global passwordchanged global transfer_args directive, args = [i.strip() for i in line.split(':', 1)] if directive == 'WAITING' and authcomplete and Settings.mode == 'manual': if transfer_args: command = encrypt('TRANSFER_REQUEST %s %s FROM %s\n' % transfer_args) transfer_args = () return command else: command = raw_input('Enter command: ') + '\n' return mycipher.encrypt(command) if mycipher else command elif directive == 'REQUIRE': if args == 'IDENT': if Settings.encrypt: return 'IDENT %s %s\n' % (Settings.ident, util.base32(mysession.public_key)) else: return 'IDENT %s\n' % Settings.ident elif args == 'PASSWORD': password = util.getpassword(dbconn, Settings.ident) if not password: password = util.genpassword() util.updatepassword(dbconn, Settings.ident, password) return encrypt('PASSWORD %s\n' % password) elif args == 'HOST_PORT': return encrypt('HOST_PORT %s %s\n' % (Settings.server, Settings.server_port)) elif args == 'ALIVE': return encrypt('ALIVE %s\n' % util.getcookie(dbconn, Settings.ident)) elif args == 'PUBLIC_KEY': return encrypt('PUBLIC_KEY %d %d\n' % (prover.v, prover.n)) elif args == 'AUTHORIZE_SET': return encrypt('AUTHORIZE_SET %s\n' % ' '.join(str(s) for s in prover.authorize_iter())) elif args == 'SUBSET_J': return encrypt('SUBSET_J %s\n' % ' '.join(str(s) for s in prover.subset_j_iter())) elif args == 'SUBSET_K': return encrypt('SUBSET_K %s\n' % ' '.join(str(s) for s in prover.subset_k_iter())) elif directive == 'RESULT': if args == 'ALIVE Identity has been verified.' or args == 'HOST_PORT LOCALHOST %s' % Settings.server_port: authcomplete = True return args = args.split() if args[0] == 'PASSWORD' or args[0] == 'CHANGE_PASSWORD': cookie = args[1] util.updatecookie(dbconn, Settings.ident, cookie) elif args[0] == 'IDENT' and Settings.encrypt: mysession.set_monitor_key(int(args[1], 32)) mycipher = karn.Cipher(mysession.shared_secret) elif args[0] == 'ROUNDS': prover.rounds = int(args[1]) elif args[0] == 'SUBSET_A': prover.subset_a = tuple(int(i) for i in args[1:]) elif directive == 'WAITING' and authcomplete: if not passwordchanged: oldpass = util.getpassword(dbconn, Settings.ident) newpass = util.genpassword() util.updatepassword(dbconn, Settings.ident, newpass) passwordchanged = True return encrypt('CHANGE_PASSWORD %s %s\n' % (oldpass, newpass)) if transfer_args: command = encrypt('TRANSFER_REQUEST %s %s FROM %s\n' % transfer_args) transfer_args = () return command if Settings.mode == 'manual': return encrypt(raw_input('Enter server command: ') + '\n')
def handle(self): if self.session is None: self.session = diffie_hellman.Session(Settings.privatekey) #rfile is a file-like handle to our socket for line in self.rfile: if util.is_encrypted(line): line = self.cipher.decrypt(line) chkprint('incoming [encrypted] >>> %s' % line.strip()) else: chkprint('incoming >>> %s' % line.strip()) directive, args = [i.strip() for i in line.split(':', 1)] if Settings.mode == 'manual': if directive == 'WAITING': self.send_command(raw_input('Enter server command: ') + '\n') elif directive == 'PARTICIPANT_PASSWORD_CHECKSUM': check = self.check_checksum(args.strip()) # hangup if in strict mode and checksum fails if Settings.enforcechecksums and not check: return elif directive == 'REQUIRE': if args == 'IDENT': if Settings.encrypt: self.send_command('IDENT %s %s\n' % (Settings.ident, util.base32(self.session.public_key))) else: self.send_command('IDENT %s\n' % Settings.ident) elif args == 'QUIT': command = 'QUIT\n' self.send_command(self.cipher.encrypt(command) if self.cipher else command) elif args == 'ALIVE': global cookie command = 'ALIVE %s\n' % util.getcookie(self.dbconn, Settings.ident) self.send_command(self.cipher.encrypt(command) if self.cipher else command) elif args == 'ROUNDS': command = 'ROUNDS %d' % Settings.proof_rounds self.send_command(self.cipher.encrypt(command) if self.cipher else command) elif args == 'SUBSET_A': command = 'SUBSET_A %s' % ' '.join(str(s) for s in self.verifier.subset_a) self.send_command(self.cipher.encrypt(command) if self.cipher else command) elif args == 'TRANSFER_RESPONSE': #use a whitelist instead of spending time on calculations #accept_transfer = self.transfer_request['recipient'] in Settings.ident_whitelist accept_transfer = self.verifier.is_valid() chkprint(self.verifier.is_valid()) command = 'TRANSFER_RESPONSE %s' % ('ACCEPT' if accept_transfer else 'DECLINE') self.send_command(self.cipher.encrypt(command) if self.cipher else command) elif directive == 'TRANSFER': recipient, amount, _, sender = args.split() self.transfer_request = {'recipient':recipient, 'amount':amount, 'sender':sender} elif directive == 'RESULT': args = args.split() if args[0] == 'IDENT' and Settings.encrypt: self.session.set_monitor_key(int(args[1], 32)) self.cipher = karn.Cipher(self.session.shared_secret) elif args[0] == 'SUBSET_K': self.verifier.subset_k = tuple(int(i) for i in args[1:]) elif args[0] == 'SUBSET_J': self.verifier.subset_j = tuple(int(i) for i in args[1:]) elif args[0] == 'PUBLIC_KEY': self.verifier.v, self.verifier.n = (int(i) for i in args[1:]) elif args[0] == 'AUTHORIZE_SET': self.verifier.authorize_set = tuple(int(i) for i in args[1:])