def encrypt(self, plaintext): """Encrypts plaintext, returns (salt, iv, ciphertext) tuple""" salt = Rand.rand_bytes(self._SALT_LEN) key = self._make_key(salt) iv = Rand.rand_bytes(self._IV_LEN) encryptor = self._make_encryptor(key, iv) ciphertext = encryptor.update(plaintext) ciphertext += encryptor.final() return salt, iv, ciphertext
def send_data(data): if c.encipher: data = struct.pack('!I', len(data)) + data if len(data)%16 > 0: data += Rand.rand_bytes(16 - (len(data)%16)) data = c.encipher.update(data)+c.encipher.final() send_xmpp_message(get_client_jid(), c.remote_jid, 'DATA %s %s' % (c.id, encode(data)))
def pubkey2swarmid(livedict): if DEBUG: print >> sys.stderr, 'pubkey2swarmid:', livedict.keys() if livedict['authmethod'] == 'None': return Rand.rand_bytes(20) else: return sha(livedict['pubkey']).digest()
def encode(self, data): d = { 'salt': base64.b64encode(Rand.rand_bytes(8)), 'digest': 'sha1', 'validFrom': self._formatDate(datetime.datetime.utcnow()), 'validTo': self._formatDate( datetime.datetime.utcnow() + datetime.timedelta( seconds=self._lifetime ) ), 'data': data } self._pkey.reset_context(md=d['digest']) self._pkey.sign_init() fields = [] for k, v in d.items(): fields.append(k) self._pkey.sign_update(v) d['signedFields'] = ','.join(fields) d['signature'] = base64.b64encode(self._pkey.sign_final()) d['certificate'] = self._x509.as_pem() return base64.b64encode(json.dumps(d))
def sign(request): #to do print 'LOG:sign -------------- from ' + getClientIp(request) #the user HaiChiang is fixed in the database user = User.objects.get(userName='******') #create the signrequest signRequest = {} key_handle = user.key_handle Rand.rand_seed(os.urandom(1024)) challenge = urlsafe_b64encode(Rand.rand_bytes(32)) signRequest['signRequests'] = [{'challenge': challenge, 'version': 'U2F_V2', 'appId': 'http://localhost:8000', 'keyHandle': key_handle, "sessionId":"123456"}] #signRequest['registerRequests'] = [] strong_signRequest = {} strong_signRequest['Challenge'] = signRequest strong_signRequest['Message'] = '' strong_signRequest['Error'] = '' user.challenge = challenge return JsonResponse(strong_signRequest)
def ssl_encrypt(plaintext, passwd, algorithm=None, salt=None): """ Encrypt data in a format that is openssl compatible. :param plaintext: The plaintext data to encrypt :type plaintext: string :param passwd: The password to use to encrypt the data :type passwd: string :param algorithm: The cipher algorithm to use :type algorithm: string :param salt: The salt to use. If none is provided, one will be randomly generated. :type salt: bytes :returns: string - The base64-encoded, salted, encrypted string. The string includes a trailing newline to make it fully compatible with openssl command-line tools. """ if salt is None: salt = Rand.rand_bytes(8) # pylint: disable=E1101,E1121 hashes = [md5(passwd + salt).digest()] for i in range(1, 3): hashes.append(md5(hashes[i - 1] + passwd + salt).digest()) # pylint: enable=E1101,E1121 key = hashes[0] + hashes[1] iv = hashes[2] crypted = str_encrypt(plaintext, key=key, salt=salt, iv=iv, algorithm=algorithm) return b64encode("Salted__" + salt + crypted) + "\n"
def generate_response1(randomB,peeridB,keypairA): randomA = Rand.rand_bytes(num_random_bits/8) response1 = {} response1['certA'] = str(keypairA.pub().get_der()) response1['rA'] = randomA response1['B'] = peeridB response1['SA'] = sign_response(randomA,randomB,peeridB,keypairA) return [randomA,bencode(response1)]
def _test_good_request(self): options = "\x00\x00\x00\x00\x00\x10\x00\x00" myid = Rand.rand_bytes(20) s = BTConnection("localhost", self.hisport, user_option_pattern=options, user_infohash=self.infohash, myid=myid) msg = self.create_good_nontribler_extend_hs() s.send(msg) s.read_handshake_medium_rare() # Tribler should send an EXTEND message back try: print >> sys.stderr, "test: Waiting for reply" s.s.settimeout(10.0) resp = s.recv() self.assert_(len(resp) > 0) print >> sys.stderr, "test: Got reply", getMessageName(resp[0]) self.assert_(resp[0] == EXTEND) self.check_tribler_extend_hs(resp[1:]) # 1. Pretend we're leecher: send INTERESTED msg = INTERESTED s.send(msg) print >> sys.stderr, "test: Pretend we are leecher" while True: resp = s.recv() self.assert_(len(resp) > 0) print >> sys.stderr, "test: Got reply2", getMessageName(resp[0]) if resp[0] == EXTEND: print >> sys.stderr, "test: Got EXTEND type", getMessageName(resp[1]) self.assert_(resp[0] == UNCHOKE or resp[0] == BITFIELD or resp[0] == EXTEND or resp[0] == HAVE) if resp[0] == UNCHOKE: # 2. Reply with REQUESTs for index in range(0, self.numpieces): plen = self.get_piece_length(index) for begin in range(0, plen, 2 ** 14): length = self.get_chunk_length(index, begin) print >> sys.stderr, "RETRIEVE", index, begin, length chunkid = (index, begin, length) msg = self.create_request(chunkid) s.send(msg) # s.send(NOT_INTERESTED) elif resp[0] == EXTEND and resp[1] == HASHPIECE: done = self.check_hashpiece(resp) if done: break elif resp[0] == BITFIELD: self.check_bitfield(resp) # s.close() except socket.timeout: print >> sys.stderr, "test: Timeout, bad, peer didn't reply in time" self.assert_(False) time.sleep(3) s.close()
def gen_random(secret_len=10): """ The default secret len is 10 so that when base32 encoded it results in a stream of ascii characters that are easy for the user to enter on the device without '=' padding :param secret_len: The length of the secret to generate. :type secret_len: int """ return Rand.rand_bytes(10)
def pubkey2swarmid(livedict): """ Calculate SHA1 of pubkey (or cert). Make X.509 Subject Key Identifier compatible? """ if DEBUG: print >>sys.stderr,time.asctime(),'-', "pubkey2swarmid:",livedict.keys() if livedict['authmethod'] == "None": # No live-source auth return Rand.rand_bytes(20) else: return sha(livedict['pubkey']).digest()
def RunOnce(self): """This is run only once.""" # Initialize the PRNG. Rand.rand_seed(Rand.rand_bytes(1000)) # Counters used here stats.STATS.RegisterCounterMetric("grr_client_unknown") stats.STATS.RegisterCounterMetric("grr_decoding_error") stats.STATS.RegisterCounterMetric("grr_decryption_error") stats.STATS.RegisterCounterMetric("grr_rekey_error") stats.STATS.RegisterCounterMetric("grr_authenticated_messages") stats.STATS.RegisterCounterMetric("grr_unauthenticated_messages") stats.STATS.RegisterCounterMetric("grr_rsa_operations")
def ssl_encrypt(plaintext, passwd, algorithm=ALGORITHM, salt=None): """ encrypt data in a format that is openssl compatible """ if salt is None: salt = Rand.rand_bytes(8) hashes = [md5(passwd + salt).digest()] for i in range(1,3): hashes.append(md5(hashes[i-1] + passwd + salt).digest()) key = hashes[0] + hashes[1] iv = hashes[2] crypted = str_encrypt(plaintext, key=key, salt=salt, iv=iv) return base64.b64encode("Salted__" + salt + crypted) + "\n"
def gen_enroll_challenge(): enrollRequest = {} enrollRequest['SignRequest'] = [] Rand.rand_seed(os.urandom(1024)) challenge = urlsafe_b64encode(Rand.rand_bytes(32)) enrollRequest['RegisterRequest'] = [{'challenge': challenge, 'version': 'U2F_V2', 'appId': 'http://localhost:8000'}] enrollRequest['sessionId'] = '123456' strong_enrollRequest = {} strong_enrollRequest['Challenge'] = enrollRequest strong_enrollRequest['Message'] = '' strong_enrollRequest['Error'] = '' return strong_enrollRequest, challenge
def RunOnce(self): """This is run only once.""" # Initialize the PRNG. seed = Rand.rand_bytes(1000) if not seed: raise RuntimeError("Unable to initialize random seed.") Rand.rand_seed(seed) # Counters used here stats.STATS.RegisterCounterMetric("grr_client_unknown") stats.STATS.RegisterCounterMetric("grr_decoding_error") stats.STATS.RegisterCounterMetric("grr_decryption_error") stats.STATS.RegisterCounterMetric("grr_rekey_error") stats.STATS.RegisterCounterMetric("grr_authenticated_messages") stats.STATS.RegisterCounterMetric("grr_unauthenticated_messages") stats.STATS.RegisterCounterMetric("grr_rsa_operations")
def __addk(self, gid): # Prepare an SMIME object s = SMIME.SMIME() s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Load all certificates from users in the group cert_stack = X509.X509_Stack() users = rediserver.smembers("users_gid:"+gid) if users: for uid in users: x509_string = rediserver.hget("x509_uid:"+uid, "x509") x509 = X509.load_cert_string(x509_string) if x509: cert_stack.push(x509) s.set_x509_stack(cert_stack) # Encrypt # The new key is generated using secure random generator provided by OpenSSL random_string = Rand.rand_bytes(32) # TODO: change the length of the key to support other block sizes # CHECK IF THIS IS REALLY NEEDED # print random_string random_string = binascii.hexlify(random_string) # print random_string # END CHECK key = BIO.MemoryBuffer(random_string) crypted_key = s.encrypt(key) # Convert the key from BIO to string # crypted_key.write(BIO.File(sys.stdout)) # Print to standard output bio = BIO.MemoryBuffer() crypted_key.write(bio) pkcs7string = bio.read() # Store the key in redis sha1 = hashlib.sha1(random_string).hexdigest() rediserver.sadd("keys_gid:"+gid, sha1) rediserver.set("first_key_gid:"+gid, sha1) rediserver.hmset("sha1:"+sha1, {"gid" : gid, "key_type" : "aes_256_cbc", "key" : pkcs7string}) # key_type is fixed to aes_256_cbc, for now return 1 return 0
def create_torrent(self): [srchandle, self.sourcefn] = mkstemp() self.content = Rand.rand_bytes(self.contentlen) os.write(srchandle, self.content) os.close(srchandle) self.tdef = TorrentDef() self.tdef.add_content(self.sourcefn) self.tdef.set_piece_length(self.piecelen) self.tdef.set_tracker("http://127.0.0.1:12/announce") self.tdef.finalize() self.torrentfn = os.path.join(self.session.get_state_dir(), "gen.torrent") self.tdef.save(self.torrentfn) dscfg = DownloadStartupConfig() destdir = os.path.dirname(self.sourcefn) dscfg.set_dest_dir(destdir) dscfg.set_video_event_callback(self.sesscb_vod_event_callback) self.session.set_download_states_callback(self.states_callback) self.session.start_download(self.tdef, dscfg)
def test_bytes(self): self.assertRaises(MemoryError, Rand.rand_bytes, -1) assert Rand.rand_bytes(0) == '' assert len(Rand.rand_bytes(1)) == 1
def create_and_register_query_id(self,query,usercallback): id = Rand.rand_bytes(QUERY_ID_SIZE) queryrec = {'query':query,'usercallback':usercallback} self.query_ids2rec[id] = queryrec return id
elif '-o' in opt: o = opt[1] if o == '-': outf = sys.stdout else: outf = open(o, 'wb') if cmd < 0: raise argerr, "either -d or -e" if cmd > 1: raise argerr, "either -d or -e, not both" if cmd == 0: iv = inf.read(10) pp = getpass.getpass('Enter decryption passphrase: ') else: iv = Rand.rand_bytes(10) outf.write(iv) pp = getpass.getpass('Enter encryption passphrase: ') pp2 = getpass.getpass('Enter passphrase again: ') if pp != pp2: raise SystemExit, 'passphrase mismatch, I\'m outta here...' ci = RC4.RC4(pp + iv) del pp, iv while 1: buf = inf.read() if not buf: break outf.write(ci.update(buf)) outf.write(ci.final())
def test_bytes(self): self.assertRaises(MemoryError, Rand.rand_bytes, -1) assert Rand.rand_bytes(0) == "" assert len(Rand.rand_bytes(1)) == 1
et = time() if st == et: et = st+1.0 print "Performance",(float(pos)/1024.0)/(et-st),"KB/s" inf.close() out.close() if __name__ == "__main__": [options,files] = getopt(sys.argv[1:],"c:e:a:d:t") print "options",options print "files",files for opt,value in options: if opt == '-c': # Create key keyfile = value key = Rand.rand_bytes(KEYSIZE) print "Created key is",`key`,"hex",hexlify(key) kout = open(keyfile,"wb") kout.write(key) kout.close() elif opt == '-e' or opt == '-d': # Encrypt or decrypt keyfile = value kin = open(keyfile,"rb") key = kin.read() kin.close() print "Loaded key is",`key`,"hex",hexlify(key) if opt == '-e': encode_files(files,key,1) else: encode_files(files,key,0) elif opt == '-a': # Add key to torrent file
def test_bytes(self): with self.assertRaises(MemoryError): Rand.rand_bytes(-1) self.assertEqual(Rand.rand_bytes(0), b'') self.assertEqual(len(Rand.rand_bytes(1)), 1)
def rand_bytes(n_bytes): return Rand.rand_bytes(n_bytes)
def create_topic_keypair(): return { 'encryption': Rand.rand_bytes(16), 'authentication': Rand.rand_bytes(16) }
def generate_challenge(): randomB = Rand.rand_bytes(num_random_bits/8) return [randomB,bencode(randomB)]
def _get_random(self, cnt): while True: data = Rand.rand_bytes(cnt) if data[0] != '\x00': return data
def test_tunnel_send(self): self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.connect(("127.0.0.1", self.cmdport)) print >>sys.stderr,"test: Send over TCP, receive on UDP" for i in range(0,NREPEATS): self.randsize = random.randint(1,2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n"; self.s.send(cmd+self.data) # Read at UDPListener self.wait() print >>sys.stderr,"test: Separate TUNNEL cmd from data on TCP" for i in range(0,NREPEATS): self.randsize = random.randint(1,2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n"; self.s.send(cmd) time.sleep(.1) self.s.send(self.data) # Read at UDPListener self.wait() print >>sys.stderr,"test: Add command after TUNNEL" for i in range(0,NREPEATS): self.randsize = random.randint(1,2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n"; cmd2 = "SETMOREINFO 979152e57a82d8781eb1f2cd0c4ab8777e431012 1\r\n" self.s.send(cmd+self.data+cmd2) # Read at UDPListener self.wait() print >>sys.stderr,"test: Send data in parts" for i in range(0,NREPEATS): self.randsize = random.randint(1,2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n"; self.s.send(cmd) self.s.send(self.data[0:self.randsize/2]) self.s.send(self.data[self.randsize/2:]) # Read at UDPListener self.wait() print >>sys.stderr,"test: Send UDP, receive TCP" self.s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) totaldata = '' for i in range(0,NREPEATS): self.randsize = random.randint(1,2048) self.data = Rand.rand_bytes(self.randsize) # Send data over UDP print >>sys.stderr,"test: TCP: Sending swift UDP bytes",self.randsize swiftmsg = "\xff\xff\xff\xff"+self.data nsend = self.s2.sendto(swiftmsg,0,("127.0.0.1",self.listenport)) # Receive data via TCP print >>sys.stderr,"test: TCP: Recv" crlfidx=-1 while crlfidx == -1: gotdata = self.s.recv(5000) print >>sys.stderr,"test: TCP: Got cmd bytes",len(gotdata) if len(gotdata) == 0: break totaldata += gotdata crlfidx = totaldata.find('\r\n') cmd = totaldata[0:crlfidx] print >>sys.stderr,"test: TCP: Got cmd",cmd totaldata = totaldata[crlfidx+2:] # strip cmd words = cmd.split() if words[0] == "TUNNELRECV": srcstr = words[1] size = int(words[2]) while len(totaldata) < size: gotdata = self.s.recv(5000) print >>sys.stderr,"test: TCP: Got tunnel bytes",len(gotdata) if len(gotdata) == 0: break totaldata += gotdata tunneldata=totaldata[0:size] totaldata = totaldata[size:] self.assertEqual(self.randsize,len(tunneldata)) self.assertEqual(self.data,tunneldata) print >>sys.stderr,"test: TCP: Done" else: self.assertEqual(words[0],"TUNNELRECV")
def test_tunnel_send(self): self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.connect(("127.0.0.1", self.cmdport)) print >> sys.stderr, "test: Send over TCP, receive on UDP" for i in range(0, NREPEATS): self.randsize = random.randint(1, 2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:" + str( self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n" self.s.send(cmd + self.data) # Read at UDPListener self.wait() print >> sys.stderr, "test: Separate TUNNEL cmd from data on TCP" for i in range(0, NREPEATS): self.randsize = random.randint(1, 2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:" + str( self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n" self.s.send(cmd) sleep(.1) self.s.send(self.data) # Read at UDPListener self.wait() print >> sys.stderr, "test: Add command after TUNNEL" for i in range(0, NREPEATS): self.randsize = random.randint(1, 2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:" + str( self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n" cmd2 = "SETMOREINFO 979152e57a82d8781eb1f2cd0c4ab8777e431012 1\r\n" self.s.send(cmd + self.data + cmd2) # Read at UDPListener self.wait() print >> sys.stderr, "test: Send data in parts" for i in range(0, NREPEATS): self.randsize = random.randint(1, 2048) self.data = Rand.rand_bytes(self.randsize) cmd = "TUNNELSEND 127.0.0.1:" + str( self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n" self.s.send(cmd) self.s.send(self.data[0:self.randsize / 2]) self.s.send(self.data[self.randsize / 2:]) # Read at UDPListener self.wait() print >> sys.stderr, "test: Send UDP, receive TCP" self.s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) totaldata = '' for i in range(0, NREPEATS): self.randsize = random.randint(1, 2048) self.data = Rand.rand_bytes(self.randsize) # Send data over UDP print >> sys.stderr, "test: TCP: Sending swift UDP bytes", self.randsize swiftmsg = "\xff\xff\xff\xff" + self.data nsend = self.s2.sendto(swiftmsg, 0, ("127.0.0.1", self.swiftport)) # Receive data via TCP print >> sys.stderr, "test: TCP: Recv" crlfidx = -1 while crlfidx == -1: gotdata = self.s.recv(5000) print >> sys.stderr, "test: TCP: Got cmd bytes", len(gotdata) if len(gotdata) == 0: break totaldata += gotdata crlfidx = totaldata.find('\r\n') cmd = totaldata[0:crlfidx] print >> sys.stderr, "test: TCP: Got cmd", cmd totaldata = totaldata[crlfidx + 2:] # strip cmd words = cmd.split() if words[0] == "TUNNELRECV": srcstr = words[1] size = int(words[2]) while len(totaldata) < size: gotdata = self.s.recv(5000) print >> sys.stderr, "test: TCP: Got tunnel bytes", len( gotdata) if len(gotdata) == 0: break totaldata += gotdata tunneldata = totaldata[0:size] totaldata = totaldata[size:] self.assertEqual(self.randsize, len(tunneldata)) self.assertEqual(self.data, tunneldata) print >> sys.stderr, "test: TCP: Done" else: self.assertEqual(words[0], "TUNNELRECV")
def __init__(self): # type: () -> None self._key = Rand.rand_bytes(self._keylen)
def create_and_register_query_id(self, query, usercallback): id = Rand.rand_bytes(QUERY_ID_SIZE) queryrec = {'query': query, 'usercallback': usercallback} self.query_ids2rec[id] = queryrec return id
def decrypt(self, key): ''' decrypt the message using the specified symmetric algorithm ''' self._symmetric(key, 0) def _symmetric(self, key, mode = 1): ''' perform ymmetric encryption or decryption based on the mode ''' cipher = EVP.Cipher( alg = self.metadata['enc_algo'], key = key, iv = self.metadata['iv'], op = mode ) v = cipher.update(self.data) self.data = v + cipher.final() # module unit-test if __name__ == '__main__': msg = Message('foo', 'bar', 'message') key1 = Rand.rand_bytes(16) key2 = Rand.rand_bytes(16) print msg.data msg.encrypt(key1) msg.sign(key2) print msg.auth print msg.data print msg.verify(key2) msg.decrypt(key1) print msg.data
def encrypt(self, key): ''' encrypt the message using the specified symmetric algorithm ''' self.metadata['iv'] = Rand.rand_bytes(16) self._symmetric(key)
def handle_message(from_jid, to_jid, body): try: resp = None if 0: print 'handle_message: %s->%s, %r' % (from_jid, to_jid, body[0:]) print body if body.startswith('CONNECT '): _, addr_port, conn_id, ek = body.split(' ') from_jid_norecource , _ = from_jid.split('/') # no need to specify the Recource in .conf files, or if not then no error occur c = Connection() c.id = conn_id # needed in line 216 if errors occur if addr_port in exposed and ('*' in exposed[addr_port] or from_jid in exposed[addr_port] or from_jid_norecource in exposed[addr_port]): # also chek if jid without Recource is in .conf print 'im_tcp_tunneler: connection allowed for %s to %s' % (from_jid, addr_port) addr, port = addr_port.split(':') port = int(port) c.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) c.sock.connect((addr, port)) c.remote_jid = from_jid if get_jid_keyid(c.remote_jid): print 'im_tcp_tunneler: connection from %s to %s ENCRYPTED' % (from_jid, addr_port) dekey = decrypt_gpg(c.remote_jid, decode(ek)) c.decipher = EVP.Cipher(alg='aes_256_cbc', key=dekey[0:32], iv=dekey[32:64], op=0, padding=0) enkey = Rand.rand_bytes(64) c.encipher = EVP.Cipher(alg='aes_256_cbc', key=enkey[0:32], iv=enkey[32:64], op=1, padding=0) ek2 = encode(encrypt_gpg(c.remote_jid, enkey)) else: ek2 = '-' with lock: conns[c.id] = c if DBG2: print conns t = threading.Thread(target=connection_handler, args=(c,)) t.setDaemon(True) t.start() resp = 'CONNECT_RESULT %s OK %s' % (c.id, ek2) else: if DBG1: print 'im_tcp_tunneler: connection refused for %s to %s' % (from_jid, addr_port) #useful for debugging which adress gets refused resp = 'CONNECT_RESULT %s ERROR -' % c.id elif body.startswith('CONNECT_RESULT '): _, conn_id, status, ek = body.split(' ') with lock: c = conns.get(conn_id, None) if DBG2: print conns if c: if status == 'OK': if get_jid_keyid(c.remote_jid): dekey = decrypt_gpg(c.remote_jid, decode(ek)) c.decipher = EVP.Cipher(alg='aes_256_cbc', key=dekey[0:32], iv=dekey[32:64], op=0, padding=0) else: c.sock.close() if DBG2: print 'sock.close:', c elif body.startswith('CLOSE '): _, conn_id = body.split() with lock: c = conns.get(conn_id, None) if DBG2: print conns if c: c.sock.close() if DBG2: print 'sock.close:', c elif body.startswith('DATA '): a = body.find(' ')+1 b = body.find(' ', a) conn_id = body[a:b] data = body[b+1:] with lock: c = conns.get(conn_id, None) if DBG2: print conns if c: data = decode(data) if c.decipher: data = c.decipher.update(data)+c.decipher.final() hsz = struct.calcsize('!I') size, = struct.unpack('!I', data[0:hsz]) data = data[hsz:hsz+size] print data if DBG2: print 'data: %r' % data c.sock.send(data) #time.sleep(0.01) # resp = 'DATA_RESULT %s OK' % conn_id else: resp = 'DATA_RESULT %s ERROR unknown connection id' % conn_id if resp is not None: send_xmpp_message(to_jid, from_jid, resp) else: # send_xmpp_message(to_jid, from_jid, 'ACK') pass except: traceback.print_exc()
sock.bind((src_addr, src_port)) sock.listen(5) while 1: conn, addr = sock.accept() if DBG1: print 's2x_socket_listener(%s:%d->%s:%d!%s), accepted: %r' % ( src_addr, src_port, dst_addr, dst_port, dst_jid, (conn, addr)) c = Connection() c.sock = conn c.remote_jid = dst_jid with lock: conns[c.id] = c if DBG2: print conns if get_jid_keyid(c.remote_jid): print 'im_tcp_tunneler: connection to %s:%d!%s ENCRYPTED' % (dst_addr, dst_port, dst_jid) enkey = Rand.rand_bytes(64) c.encipher = EVP.Cipher(alg='aes_256_cbc', key=enkey[0:32], iv=enkey[32:64], op=1, padding=0) ek = encode(encrypt_gpg(c.remote_jid, enkey)) else: ek = '-' send_xmpp_message(get_client_jid(), c.remote_jid, 'CONNECT %s:%d %s %s' % (dst_addr, dst_port, c.id, ek)) t = threading.Thread(target=connection_handler, args=(c,)) t.setDaemon(True) t.start() def connection_handler(c): def send_data(data): if c.encipher: data = struct.pack('!I', len(data)) + data if len(data)%16 > 0: data += Rand.rand_bytes(16 - (len(data)%16))
def keygen(length=40): return binascii.b2a_base64(Rand.rand_bytes(length))