def encrypt(self, plaintext):
"""Encrypts plaintext, returns (salt, iv, ciphertext) tuple"""
salt = Rand.rand_bytes(self._SALT_LEN)
key = self._make_key(salt)
iv = Rand.rand_bytes(self._IV_LEN)
encryptor = self._make_encryptor(key, iv)
ciphertext = encryptor.update(plaintext)
ciphertext += encryptor.final()
return salt, iv, ciphertext
def send_data(data):
if c.encipher:
data = struct.pack('!I', len(data)) + data
if len(data)%16 > 0: data += Rand.rand_bytes(16 - (len(data)%16))
data = c.encipher.update(data)+c.encipher.final()
send_xmpp_message(get_client_jid(), c.remote_jid,
'DATA %s %s' % (c.id, encode(data)))
def pubkey2swarmid(livedict):
if DEBUG:
print >> sys.stderr, 'pubkey2swarmid:', livedict.keys()
if livedict['authmethod'] == 'None':
return Rand.rand_bytes(20)
else:
return sha(livedict['pubkey']).digest()
def encode(self, data):
d = {
'salt': base64.b64encode(Rand.rand_bytes(8)),
'digest': 'sha1',
'validFrom': self._formatDate(datetime.datetime.utcnow()),
'validTo': self._formatDate(
datetime.datetime.utcnow() + datetime.timedelta(
seconds=self._lifetime
)
),
'data': data
}
self._pkey.reset_context(md=d['digest'])
self._pkey.sign_init()
fields = []
for k, v in d.items():
fields.append(k)
self._pkey.sign_update(v)
d['signedFields'] = ','.join(fields)
d['signature'] = base64.b64encode(self._pkey.sign_final())
d['certificate'] = self._x509.as_pem()
return base64.b64encode(json.dumps(d))
def sign(request):
#to do
print 'LOG:sign -------------- from ' + getClientIp(request)
#the user HaiChiang is fixed in the database
user = User.objects.get(userName='******')
#create the signrequest
signRequest = {}
key_handle = user.key_handle
Rand.rand_seed(os.urandom(1024))
challenge = urlsafe_b64encode(Rand.rand_bytes(32))
signRequest['signRequests'] = [{'challenge': challenge,
'version': 'U2F_V2', 'appId': 'http://localhost:8000', 'keyHandle': key_handle, "sessionId":"123456"}]
#signRequest['registerRequests'] = []
strong_signRequest = {}
strong_signRequest['Challenge'] = signRequest
strong_signRequest['Message'] = ''
strong_signRequest['Error'] = ''
user.challenge = challenge
return JsonResponse(strong_signRequest)
def ssl_encrypt(plaintext, passwd, algorithm=None, salt=None):
""" Encrypt data in a format that is openssl compatible.
:param plaintext: The plaintext data to encrypt
:type plaintext: string
:param passwd: The password to use to encrypt the data
:type passwd: string
:param algorithm: The cipher algorithm to use
:type algorithm: string
:param salt: The salt to use. If none is provided, one will be
randomly generated.
:type salt: bytes
:returns: string - The base64-encoded, salted, encrypted string.
The string includes a trailing newline to make it fully
compatible with openssl command-line tools.
"""
if salt is None:
salt = Rand.rand_bytes(8)
# pylint: disable=E1101,E1121
hashes = [md5(passwd + salt).digest()]
for i in range(1, 3):
hashes.append(md5(hashes[i - 1] + passwd + salt).digest())
# pylint: enable=E1101,E1121
key = hashes[0] + hashes[1]
iv = hashes[2]
crypted = str_encrypt(plaintext, key=key, salt=salt, iv=iv,
algorithm=algorithm)
return b64encode("Salted__" + salt + crypted) + "\n"
def generate_response1(randomB,peeridB,keypairA):
randomA = Rand.rand_bytes(num_random_bits/8)
response1 = {}
response1['certA'] = str(keypairA.pub().get_der())
response1['rA'] = randomA
response1['B'] = peeridB
response1['SA'] = sign_response(randomA,randomB,peeridB,keypairA)
return [randomA,bencode(response1)]
def _test_good_request(self):
options = "\x00\x00\x00\x00\x00\x10\x00\x00"
myid = Rand.rand_bytes(20)
s = BTConnection("localhost", self.hisport, user_option_pattern=options, user_infohash=self.infohash, myid=myid)
msg = self.create_good_nontribler_extend_hs()
s.send(msg)
s.read_handshake_medium_rare()
# Tribler should send an EXTEND message back
try:
print >> sys.stderr, "test: Waiting for reply"
s.s.settimeout(10.0)
resp = s.recv()
self.assert_(len(resp) > 0)
print >> sys.stderr, "test: Got reply", getMessageName(resp[0])
self.assert_(resp[0] == EXTEND)
self.check_tribler_extend_hs(resp[1:])
# 1. Pretend we're leecher: send INTERESTED
msg = INTERESTED
s.send(msg)
print >> sys.stderr, "test: Pretend we are leecher"
while True:
resp = s.recv()
self.assert_(len(resp) > 0)
print >> sys.stderr, "test: Got reply2", getMessageName(resp[0])
if resp[0] == EXTEND:
print >> sys.stderr, "test: Got EXTEND type", getMessageName(resp[1])
self.assert_(resp[0] == UNCHOKE or resp[0] == BITFIELD or resp[0] == EXTEND or resp[0] == HAVE)
if resp[0] == UNCHOKE:
# 2. Reply with REQUESTs
for index in range(0, self.numpieces):
plen = self.get_piece_length(index)
for begin in range(0, plen, 2 ** 14):
length = self.get_chunk_length(index, begin)
print >> sys.stderr, "RETRIEVE", index, begin, length
chunkid = (index, begin, length)
msg = self.create_request(chunkid)
s.send(msg)
# s.send(NOT_INTERESTED)
elif resp[0] == EXTEND and resp[1] == HASHPIECE:
done = self.check_hashpiece(resp)
if done:
break
elif resp[0] == BITFIELD:
self.check_bitfield(resp)
# s.close()
except socket.timeout:
print >> sys.stderr, "test: Timeout, bad, peer didn't reply in time"
self.assert_(False)
time.sleep(3)
s.close()
def gen_random(secret_len=10):
"""
The default secret len is 10 so that when
base32 encoded it results in a stream of
ascii characters that are easy for the user to
enter on the device without '=' padding
:param secret_len: The length of the secret to generate.
:type secret_len: int
"""
return Rand.rand_bytes(10)
def pubkey2swarmid(livedict):
""" Calculate SHA1 of pubkey (or cert).
Make X.509 Subject Key Identifier compatible?
"""
if DEBUG:
print >>sys.stderr,time.asctime(),'-', "pubkey2swarmid:",livedict.keys()
if livedict['authmethod'] == "None":
# No live-source auth
return Rand.rand_bytes(20)
else:
return sha(livedict['pubkey']).digest()
def RunOnce(self):
"""This is run only once."""
# Initialize the PRNG.
Rand.rand_seed(Rand.rand_bytes(1000))
# Counters used here
stats.STATS.RegisterCounterMetric("grr_client_unknown")
stats.STATS.RegisterCounterMetric("grr_decoding_error")
stats.STATS.RegisterCounterMetric("grr_decryption_error")
stats.STATS.RegisterCounterMetric("grr_rekey_error")
stats.STATS.RegisterCounterMetric("grr_authenticated_messages")
stats.STATS.RegisterCounterMetric("grr_unauthenticated_messages")
stats.STATS.RegisterCounterMetric("grr_rsa_operations")
def ssl_encrypt(plaintext, passwd, algorithm=ALGORITHM, salt=None):
""" encrypt data in a format that is openssl compatible """
if salt is None:
salt = Rand.rand_bytes(8)
hashes = [md5(passwd + salt).digest()]
for i in range(1,3):
hashes.append(md5(hashes[i-1] + passwd + salt).digest())
key = hashes[0] + hashes[1]
iv = hashes[2]
crypted = str_encrypt(plaintext, key=key, salt=salt, iv=iv)
return base64.b64encode("Salted__" + salt + crypted) + "\n"
def gen_enroll_challenge():
enrollRequest = {}
enrollRequest['SignRequest'] = []
Rand.rand_seed(os.urandom(1024))
challenge = urlsafe_b64encode(Rand.rand_bytes(32))
enrollRequest['RegisterRequest'] = [{'challenge': challenge,
'version': 'U2F_V2', 'appId': 'http://localhost:8000'}]
enrollRequest['sessionId'] = '123456'
strong_enrollRequest = {}
strong_enrollRequest['Challenge'] = enrollRequest
strong_enrollRequest['Message'] = ''
strong_enrollRequest['Error'] = ''
return strong_enrollRequest, challenge
def RunOnce(self):
"""This is run only once."""
# Initialize the PRNG.
seed = Rand.rand_bytes(1000)
if not seed:
raise RuntimeError("Unable to initialize random seed.")
Rand.rand_seed(seed)
# Counters used here
stats.STATS.RegisterCounterMetric("grr_client_unknown")
stats.STATS.RegisterCounterMetric("grr_decoding_error")
stats.STATS.RegisterCounterMetric("grr_decryption_error")
stats.STATS.RegisterCounterMetric("grr_rekey_error")
stats.STATS.RegisterCounterMetric("grr_authenticated_messages")
stats.STATS.RegisterCounterMetric("grr_unauthenticated_messages")
stats.STATS.RegisterCounterMetric("grr_rsa_operations")
def __addk(self, gid):
# Prepare an SMIME object
s = SMIME.SMIME()
s.set_cipher(SMIME.Cipher('des_ede3_cbc'))
# Load all certificates from users in the group
cert_stack = X509.X509_Stack()
users = rediserver.smembers("users_gid:"+gid)
if users:
for uid in users:
x509_string = rediserver.hget("x509_uid:"+uid, "x509")
x509 = X509.load_cert_string(x509_string)
if x509: cert_stack.push(x509)
s.set_x509_stack(cert_stack)
# Encrypt
# The new key is generated using secure random generator provided by OpenSSL
random_string = Rand.rand_bytes(32) # TODO: change the length of the key to support other block sizes
# CHECK IF THIS IS REALLY NEEDED
# print random_string
random_string = binascii.hexlify(random_string)
# print random_string
# END CHECK
key = BIO.MemoryBuffer(random_string)
crypted_key = s.encrypt(key)
# Convert the key from BIO to string
# crypted_key.write(BIO.File(sys.stdout)) # Print to standard output
bio = BIO.MemoryBuffer()
crypted_key.write(bio)
pkcs7string = bio.read()
# Store the key in redis
sha1 = hashlib.sha1(random_string).hexdigest()
rediserver.sadd("keys_gid:"+gid, sha1)
rediserver.set("first_key_gid:"+gid, sha1)
rediserver.hmset("sha1:"+sha1, {"gid" : gid, "key_type" : "aes_256_cbc", "key" : pkcs7string})
# key_type is fixed to aes_256_cbc, for now
return 1
return 0
def create_torrent(self):
[srchandle, self.sourcefn] = mkstemp()
self.content = Rand.rand_bytes(self.contentlen)
os.write(srchandle, self.content)
os.close(srchandle)
self.tdef = TorrentDef()
self.tdef.add_content(self.sourcefn)
self.tdef.set_piece_length(self.piecelen)
self.tdef.set_tracker("http://127.0.0.1:12/announce")
self.tdef.finalize()
self.torrentfn = os.path.join(self.session.get_state_dir(), "gen.torrent")
self.tdef.save(self.torrentfn)
dscfg = DownloadStartupConfig()
destdir = os.path.dirname(self.sourcefn)
dscfg.set_dest_dir(destdir)
dscfg.set_video_event_callback(self.sesscb_vod_event_callback)
self.session.set_download_states_callback(self.states_callback)
self.session.start_download(self.tdef, dscfg)
def test_bytes(self):
self.assertRaises(MemoryError, Rand.rand_bytes, -1)
assert Rand.rand_bytes(0) == ''
assert len(Rand.rand_bytes(1)) == 1
def create_and_register_query_id(self,query,usercallback):
id = Rand.rand_bytes(QUERY_ID_SIZE)
queryrec = {'query':query,'usercallback':usercallback}
self.query_ids2rec[id] = queryrec
return id
elif '-o' in opt:
o = opt[1]
if o == '-':
outf = sys.stdout
else:
outf = open(o, 'wb')
if cmd < 0:
raise argerr, "either -d or -e"
if cmd > 1:
raise argerr, "either -d or -e, not both"
if cmd == 0:
iv = inf.read(10)
pp = getpass.getpass('Enter decryption passphrase: ')
else:
iv = Rand.rand_bytes(10)
outf.write(iv)
pp = getpass.getpass('Enter encryption passphrase: ')
pp2 = getpass.getpass('Enter passphrase again: ')
if pp != pp2:
raise SystemExit, 'passphrase mismatch, I\'m outta here...'
ci = RC4.RC4(pp + iv)
del pp, iv
while 1:
buf = inf.read()
if not buf:
break
outf.write(ci.update(buf))
outf.write(ci.final())
def test_bytes(self):
self.assertRaises(MemoryError, Rand.rand_bytes, -1)
assert Rand.rand_bytes(0) == ""
assert len(Rand.rand_bytes(1)) == 1
et = time()
if st == et:
et = st+1.0
print "Performance",(float(pos)/1024.0)/(et-st),"KB/s"
inf.close()
out.close()
if __name__ == "__main__":
[options,files] = getopt(sys.argv[1:],"c:e:a:d:t")
print "options",options
print "files",files
for opt,value in options:
if opt == '-c': # Create key
keyfile = value
key = Rand.rand_bytes(KEYSIZE)
print "Created key is",`key`,"hex",hexlify(key)
kout = open(keyfile,"wb")
kout.write(key)
kout.close()
elif opt == '-e' or opt == '-d': # Encrypt or decrypt
keyfile = value
kin = open(keyfile,"rb")
key = kin.read()
kin.close()
print "Loaded key is",`key`,"hex",hexlify(key)
if opt == '-e':
encode_files(files,key,1)
else:
encode_files(files,key,0)
elif opt == '-a': # Add key to torrent file
def test_bytes(self):
with self.assertRaises(MemoryError):
Rand.rand_bytes(-1)
self.assertEqual(Rand.rand_bytes(0), b'')
self.assertEqual(len(Rand.rand_bytes(1)), 1)
def rand_bytes(n_bytes):
return Rand.rand_bytes(n_bytes)
def create_topic_keypair():
return {
'encryption': Rand.rand_bytes(16),
'authentication': Rand.rand_bytes(16)
}
def generate_challenge():
randomB = Rand.rand_bytes(num_random_bits/8)
return [randomB,bencode(randomB)]
def _get_random(self, cnt):
while True:
data = Rand.rand_bytes(cnt)
if data[0] != '\x00':
return data
def test_tunnel_send(self):
self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.s.connect(("127.0.0.1", self.cmdport))
print >>sys.stderr,"test: Send over TCP, receive on UDP"
for i in range(0,NREPEATS):
self.randsize = random.randint(1,2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n";
self.s.send(cmd+self.data)
# Read at UDPListener
self.wait()
print >>sys.stderr,"test: Separate TUNNEL cmd from data on TCP"
for i in range(0,NREPEATS):
self.randsize = random.randint(1,2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n";
self.s.send(cmd)
time.sleep(.1)
self.s.send(self.data)
# Read at UDPListener
self.wait()
print >>sys.stderr,"test: Add command after TUNNEL"
for i in range(0,NREPEATS):
self.randsize = random.randint(1,2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n";
cmd2 = "SETMOREINFO 979152e57a82d8781eb1f2cd0c4ab8777e431012 1\r\n"
self.s.send(cmd+self.data+cmd2)
# Read at UDPListener
self.wait()
print >>sys.stderr,"test: Send data in parts"
for i in range(0,NREPEATS):
self.randsize = random.randint(1,2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:"+str(self.peer1port)+"/ffffffff "+str(self.randsize)+"\r\n";
self.s.send(cmd)
self.s.send(self.data[0:self.randsize/2])
self.s.send(self.data[self.randsize/2:])
# Read at UDPListener
self.wait()
print >>sys.stderr,"test: Send UDP, receive TCP"
self.s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
totaldata = ''
for i in range(0,NREPEATS):
self.randsize = random.randint(1,2048)
self.data = Rand.rand_bytes(self.randsize)
# Send data over UDP
print >>sys.stderr,"test: TCP: Sending swift UDP bytes",self.randsize
swiftmsg = "\xff\xff\xff\xff"+self.data
nsend = self.s2.sendto(swiftmsg,0,("127.0.0.1",self.listenport))
# Receive data via TCP
print >>sys.stderr,"test: TCP: Recv"
crlfidx=-1
while crlfidx == -1:
gotdata = self.s.recv(5000)
print >>sys.stderr,"test: TCP: Got cmd bytes",len(gotdata)
if len(gotdata) == 0:
break
totaldata += gotdata
crlfidx = totaldata.find('\r\n')
cmd = totaldata[0:crlfidx]
print >>sys.stderr,"test: TCP: Got cmd",cmd
totaldata = totaldata[crlfidx+2:] # strip cmd
words = cmd.split()
if words[0] == "TUNNELRECV":
srcstr = words[1]
size = int(words[2])
while len(totaldata) < size:
gotdata = self.s.recv(5000)
print >>sys.stderr,"test: TCP: Got tunnel bytes",len(gotdata)
if len(gotdata) == 0:
break
totaldata += gotdata
tunneldata=totaldata[0:size]
totaldata = totaldata[size:]
self.assertEqual(self.randsize,len(tunneldata))
self.assertEqual(self.data,tunneldata)
print >>sys.stderr,"test: TCP: Done"
else:
self.assertEqual(words[0],"TUNNELRECV")
def test_tunnel_send(self):
self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.s.connect(("127.0.0.1", self.cmdport))
print >> sys.stderr, "test: Send over TCP, receive on UDP"
for i in range(0, NREPEATS):
self.randsize = random.randint(1, 2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:" + str(
self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n"
self.s.send(cmd + self.data)
# Read at UDPListener
self.wait()
print >> sys.stderr, "test: Separate TUNNEL cmd from data on TCP"
for i in range(0, NREPEATS):
self.randsize = random.randint(1, 2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:" + str(
self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n"
self.s.send(cmd)
sleep(.1)
self.s.send(self.data)
# Read at UDPListener
self.wait()
print >> sys.stderr, "test: Add command after TUNNEL"
for i in range(0, NREPEATS):
self.randsize = random.randint(1, 2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:" + str(
self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n"
cmd2 = "SETMOREINFO 979152e57a82d8781eb1f2cd0c4ab8777e431012 1\r\n"
self.s.send(cmd + self.data + cmd2)
# Read at UDPListener
self.wait()
print >> sys.stderr, "test: Send data in parts"
for i in range(0, NREPEATS):
self.randsize = random.randint(1, 2048)
self.data = Rand.rand_bytes(self.randsize)
cmd = "TUNNELSEND 127.0.0.1:" + str(
self.peer1port) + "/ffffffff " + str(self.randsize) + "\r\n"
self.s.send(cmd)
self.s.send(self.data[0:self.randsize / 2])
self.s.send(self.data[self.randsize / 2:])
# Read at UDPListener
self.wait()
print >> sys.stderr, "test: Send UDP, receive TCP"
self.s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
totaldata = ''
for i in range(0, NREPEATS):
self.randsize = random.randint(1, 2048)
self.data = Rand.rand_bytes(self.randsize)
# Send data over UDP
print >> sys.stderr, "test: TCP: Sending swift UDP bytes", self.randsize
swiftmsg = "\xff\xff\xff\xff" + self.data
nsend = self.s2.sendto(swiftmsg, 0, ("127.0.0.1", self.swiftport))
# Receive data via TCP
print >> sys.stderr, "test: TCP: Recv"
crlfidx = -1
while crlfidx == -1:
gotdata = self.s.recv(5000)
print >> sys.stderr, "test: TCP: Got cmd bytes", len(gotdata)
if len(gotdata) == 0:
break
totaldata += gotdata
crlfidx = totaldata.find('\r\n')
cmd = totaldata[0:crlfidx]
print >> sys.stderr, "test: TCP: Got cmd", cmd
totaldata = totaldata[crlfidx + 2:] # strip cmd
words = cmd.split()
if words[0] == "TUNNELRECV":
srcstr = words[1]
size = int(words[2])
while len(totaldata) < size:
gotdata = self.s.recv(5000)
print >> sys.stderr, "test: TCP: Got tunnel bytes", len(
gotdata)
if len(gotdata) == 0:
break
totaldata += gotdata
tunneldata = totaldata[0:size]
totaldata = totaldata[size:]
self.assertEqual(self.randsize, len(tunneldata))
self.assertEqual(self.data, tunneldata)
print >> sys.stderr, "test: TCP: Done"
else:
self.assertEqual(words[0], "TUNNELRECV")
def __init__(self):
# type: () -> None
self._key = Rand.rand_bytes(self._keylen)
def create_and_register_query_id(self, query, usercallback):
id = Rand.rand_bytes(QUERY_ID_SIZE)
queryrec = {'query': query, 'usercallback': usercallback}
self.query_ids2rec[id] = queryrec
return id
def rand_bytes(n_bytes):
return Rand.rand_bytes(n_bytes)
def decrypt(self, key):
''' decrypt the message using the specified symmetric algorithm '''
self._symmetric(key, 0)
def _symmetric(self, key, mode = 1):
''' perform ymmetric encryption or decryption based on the mode '''
cipher = EVP.Cipher(
alg = self.metadata['enc_algo'],
key = key,
iv = self.metadata['iv'],
op = mode
)
v = cipher.update(self.data)
self.data = v + cipher.final()
# module unit-test
if __name__ == '__main__':
msg = Message('foo', 'bar', 'message')
key1 = Rand.rand_bytes(16)
key2 = Rand.rand_bytes(16)
print msg.data
msg.encrypt(key1)
msg.sign(key2)
print msg.auth
print msg.data
print msg.verify(key2)
msg.decrypt(key1)
print msg.data
def generate_challenge():
randomB = Rand.rand_bytes(num_random_bits/8)
return [randomB,bencode(randomB)]
def encrypt(self, key):
''' encrypt the message using the specified symmetric algorithm '''
self.metadata['iv'] = Rand.rand_bytes(16)
self._symmetric(key)
def handle_message(from_jid, to_jid, body):
try:
resp = None
if 0: print 'handle_message: %s->%s, %r' % (from_jid, to_jid, body[0:])
print body
if body.startswith('CONNECT '):
_, addr_port, conn_id, ek = body.split(' ')
from_jid_norecource , _ = from_jid.split('/') # no need to specify the Recource in .conf files, or if not then no error occur
c = Connection()
c.id = conn_id # needed in line 216 if errors occur
if addr_port in exposed and ('*' in exposed[addr_port] or from_jid in exposed[addr_port] or from_jid_norecource in exposed[addr_port]): # also chek if jid without Recource is in .conf
print 'im_tcp_tunneler: connection allowed for %s to %s' % (from_jid, addr_port)
addr, port = addr_port.split(':')
port = int(port)
c.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.sock.connect((addr, port))
c.remote_jid = from_jid
if get_jid_keyid(c.remote_jid):
print 'im_tcp_tunneler: connection from %s to %s ENCRYPTED' % (from_jid, addr_port)
dekey = decrypt_gpg(c.remote_jid, decode(ek))
c.decipher = EVP.Cipher(alg='aes_256_cbc', key=dekey[0:32], iv=dekey[32:64], op=0, padding=0)
enkey = Rand.rand_bytes(64)
c.encipher = EVP.Cipher(alg='aes_256_cbc', key=enkey[0:32], iv=enkey[32:64], op=1, padding=0)
ek2 = encode(encrypt_gpg(c.remote_jid, enkey))
else:
ek2 = '-'
with lock:
conns[c.id] = c
if DBG2: print conns
t = threading.Thread(target=connection_handler, args=(c,))
t.setDaemon(True)
t.start()
resp = 'CONNECT_RESULT %s OK %s' % (c.id, ek2)
else:
if DBG1:
print 'im_tcp_tunneler: connection refused for %s to %s' % (from_jid, addr_port) #useful for debugging which adress gets refused
resp = 'CONNECT_RESULT %s ERROR -' % c.id
elif body.startswith('CONNECT_RESULT '):
_, conn_id, status, ek = body.split(' ')
with lock:
c = conns.get(conn_id, None)
if DBG2: print conns
if c:
if status == 'OK':
if get_jid_keyid(c.remote_jid):
dekey = decrypt_gpg(c.remote_jid, decode(ek))
c.decipher = EVP.Cipher(alg='aes_256_cbc', key=dekey[0:32], iv=dekey[32:64], op=0, padding=0)
else:
c.sock.close()
if DBG2: print 'sock.close:', c
elif body.startswith('CLOSE '):
_, conn_id = body.split()
with lock:
c = conns.get(conn_id, None)
if DBG2: print conns
if c:
c.sock.close()
if DBG2: print 'sock.close:', c
elif body.startswith('DATA '):
a = body.find(' ')+1
b = body.find(' ', a)
conn_id = body[a:b]
data = body[b+1:]
with lock:
c = conns.get(conn_id, None)
if DBG2: print conns
if c:
data = decode(data)
if c.decipher:
data = c.decipher.update(data)+c.decipher.final()
hsz = struct.calcsize('!I')
size, = struct.unpack('!I', data[0:hsz])
data = data[hsz:hsz+size]
print data
if DBG2: print 'data: %r' % data
c.sock.send(data)
#time.sleep(0.01)
# resp = 'DATA_RESULT %s OK' % conn_id
else:
resp = 'DATA_RESULT %s ERROR unknown connection id' % conn_id
if resp is not None:
send_xmpp_message(to_jid, from_jid, resp)
else:
# send_xmpp_message(to_jid, from_jid, 'ACK')
pass
except:
traceback.print_exc()
sock.bind((src_addr, src_port))
sock.listen(5)
while 1:
conn, addr = sock.accept()
if DBG1:
print 's2x_socket_listener(%s:%d->%s:%d!%s), accepted: %r' % (
src_addr, src_port, dst_addr, dst_port, dst_jid, (conn, addr))
c = Connection()
c.sock = conn
c.remote_jid = dst_jid
with lock:
conns[c.id] = c
if DBG2: print conns
if get_jid_keyid(c.remote_jid):
print 'im_tcp_tunneler: connection to %s:%d!%s ENCRYPTED' % (dst_addr, dst_port, dst_jid)
enkey = Rand.rand_bytes(64)
c.encipher = EVP.Cipher(alg='aes_256_cbc', key=enkey[0:32], iv=enkey[32:64], op=1, padding=0)
ek = encode(encrypt_gpg(c.remote_jid, enkey))
else:
ek = '-'
send_xmpp_message(get_client_jid(), c.remote_jid,
'CONNECT %s:%d %s %s' % (dst_addr, dst_port, c.id, ek))
t = threading.Thread(target=connection_handler, args=(c,))
t.setDaemon(True)
t.start()
def connection_handler(c):
def send_data(data):
if c.encipher:
data = struct.pack('!I', len(data)) + data
if len(data)%16 > 0: data += Rand.rand_bytes(16 - (len(data)%16))
def __init__(self):
# type: () -> None
self._key = Rand.rand_bytes(self._keylen)
def keygen(length=40):
return binascii.b2a_base64(Rand.rand_bytes(length))
