def encrypt(self, msg):
msglen = len(msg)
msgbytes = bytearray(msglen + 1 + BLOCK_SIZE - ((msglen + 1) % BLOCK_SIZE))
msgbytes[:msglen] = msg
# add null byte and random byte padding as necessary
msgbytes[msglen] = NULL_BYTE
for i in xrange(msglen + 1, len(msgbytes)):
msgbytes[i] = random.randint(0, 255)
output = bytearray(1)
output[0] = GUARD_BYTE
for i in xrange(0, len(msgbytes), BLOCK_SIZE):
block = msgbytes[i:i+BLOCK_SIZE]
leftblock = util.left(block)
rightblock = util.right(block)
leftmd = bytearray(hashlib.sha1(str(leftblock) + str(self.leftkey)).digest())
rightcipher = bytearray(leftmd[i] ^ rightblock[i] for i in xrange(len(leftmd)))
rightmd = bytearray(hashlib.sha1(str(rightcipher) + str(self.rightkey)).digest())
leftcipher = bytearray(rightmd[i] ^ leftblock[i] for i in xrange(len(rightmd)))
output.extend(leftcipher)
output.extend(rightcipher)
return util.base32(int(util.bytestohex(output), 16)) + '\n'
def process_monitor_directive(line):
"""takes directive and returns command if response is needed"""
global cookie
global mycipher
global authcomplete
global passwordchanged
global transfer_args
directive, args = [i.strip() for i in line.split(':', 1)]
if directive == 'WAITING' and authcomplete and Settings.mode == 'manual':
if transfer_args:
command = encrypt('TRANSFER_REQUEST %s %s FROM %s\n' % transfer_args)
transfer_args = ()
return command
else:
command = raw_input('Enter command: ') + '\n'
return mycipher.encrypt(command) if mycipher else command
elif directive == 'REQUIRE':
if args == 'IDENT':
if Settings.encrypt:
return 'IDENT %s %s\n' % (Settings.ident, util.base32(mysession.public_key))
else:
return 'IDENT %s\n' % Settings.ident
elif args == 'PASSWORD':
password = util.getpassword(dbconn, Settings.ident)
if not password:
password = util.genpassword()
util.updatepassword(dbconn, Settings.ident, password)
return encrypt('PASSWORD %s\n' % password)
elif args == 'HOST_PORT':
return encrypt('HOST_PORT %s %s\n' % (Settings.server, Settings.server_port))
elif args == 'ALIVE':
return encrypt('ALIVE %s\n' % util.getcookie(dbconn, Settings.ident))
elif args == 'PUBLIC_KEY':
return encrypt('PUBLIC_KEY %d %d\n' % (prover.v, prover.n))
elif args == 'AUTHORIZE_SET':
return encrypt('AUTHORIZE_SET %s\n' % ' '.join(str(s) for s in prover.authorize_iter()))
elif args == 'SUBSET_J':
return encrypt('SUBSET_J %s\n' % ' '.join(str(s) for s in prover.subset_j_iter()))
elif args == 'SUBSET_K':
return encrypt('SUBSET_K %s\n' % ' '.join(str(s) for s in prover.subset_k_iter()))
elif directive == 'RESULT':
if args == 'ALIVE Identity has been verified.' or args == 'HOST_PORT LOCALHOST %s' % Settings.server_port:
authcomplete = True
return
args = args.split()
if args[0] == 'PASSWORD' or args[0] == 'CHANGE_PASSWORD':
cookie = args[1]
util.updatecookie(dbconn, Settings.ident, cookie)
elif args[0] == 'IDENT' and Settings.encrypt:
mysession.set_monitor_key(int(args[1], 32))
mycipher = karn.Cipher(mysession.shared_secret)
elif args[0] == 'ROUNDS':
prover.rounds = int(args[1])
elif args[0] == 'SUBSET_A':
prover.subset_a = tuple(int(i) for i in args[1:])
elif directive == 'WAITING' and authcomplete:
if not passwordchanged:
oldpass = util.getpassword(dbconn, Settings.ident)
newpass = util.genpassword()
util.updatepassword(dbconn, Settings.ident, newpass)
passwordchanged = True
return encrypt('CHANGE_PASSWORD %s %s\n' % (oldpass, newpass))
if transfer_args:
command = encrypt('TRANSFER_REQUEST %s %s FROM %s\n' % transfer_args)
transfer_args = ()
return command
if Settings.mode == 'manual':
return encrypt(raw_input('Enter server command: ') + '\n')
def handle(self):
if self.session is None:
self.session = diffie_hellman.Session(Settings.privatekey)
#rfile is a file-like handle to our socket
for line in self.rfile:
if util.is_encrypted(line):
line = self.cipher.decrypt(line)
chkprint('incoming [encrypted] >>> %s' % line.strip())
else:
chkprint('incoming >>> %s' % line.strip())
directive, args = [i.strip() for i in line.split(':', 1)]
if Settings.mode == 'manual':
if directive == 'WAITING':
self.send_command(raw_input('Enter server command: ') + '\n')
elif directive == 'PARTICIPANT_PASSWORD_CHECKSUM':
check = self.check_checksum(args.strip())
# hangup if in strict mode and checksum fails
if Settings.enforcechecksums and not check:
return
elif directive == 'REQUIRE':
if args == 'IDENT':
if Settings.encrypt:
self.send_command('IDENT %s %s\n' % (Settings.ident, util.base32(self.session.public_key)))
else:
self.send_command('IDENT %s\n' % Settings.ident)
elif args == 'QUIT':
command = 'QUIT\n'
self.send_command(self.cipher.encrypt(command) if self.cipher else command)
elif args == 'ALIVE':
global cookie
command = 'ALIVE %s\n' % util.getcookie(self.dbconn, Settings.ident)
self.send_command(self.cipher.encrypt(command) if self.cipher else command)
elif args == 'ROUNDS':
command = 'ROUNDS %d' % Settings.proof_rounds
self.send_command(self.cipher.encrypt(command) if self.cipher else command)
elif args == 'SUBSET_A':
command = 'SUBSET_A %s' % ' '.join(str(s) for s in self.verifier.subset_a)
self.send_command(self.cipher.encrypt(command) if self.cipher else command)
elif args == 'TRANSFER_RESPONSE':
#use a whitelist instead of spending time on calculations
#accept_transfer = self.transfer_request['recipient'] in Settings.ident_whitelist
accept_transfer = self.verifier.is_valid()
chkprint(self.verifier.is_valid())
command = 'TRANSFER_RESPONSE %s' % ('ACCEPT' if accept_transfer else 'DECLINE')
self.send_command(self.cipher.encrypt(command) if self.cipher else command)
elif directive == 'TRANSFER':
recipient, amount, _, sender = args.split()
self.transfer_request = {'recipient':recipient, 'amount':amount, 'sender':sender}
elif directive == 'RESULT':
args = args.split()
if args[0] == 'IDENT' and Settings.encrypt:
self.session.set_monitor_key(int(args[1], 32))
self.cipher = karn.Cipher(self.session.shared_secret)
elif args[0] == 'SUBSET_K':
self.verifier.subset_k = tuple(int(i) for i in args[1:])
elif args[0] == 'SUBSET_J':
self.verifier.subset_j = tuple(int(i) for i in args[1:])
elif args[0] == 'PUBLIC_KEY':
self.verifier.v, self.verifier.n = (int(i) for i in args[1:])
elif args[0] == 'AUTHORIZE_SET':
self.verifier.authorize_set = tuple(int(i) for i in args[1:])
