def connection_thread(connection): #Set private key of service server database['service'] = common.sha256_hash('1234123412341234').hexdigest()[0:16] #set private key of tgs database['tgs'] = common.sha256_hash('1234123412341234').hexdigest()[0:16] #Set private key of user database['user'] = common.sha256_hash('1234123412341234').hexdigest()[0:16] #lifetime for messages to be valid lifetime = 3600 #Receive client ID client_ID = connection.recv(4096) #Get hashed password from database client_secretK = database[client_ID] message_a = common.MessageA(CLIENT_TGS_SESSION) message_a = common.encrypt_aes(message_a,client_secretK) #Set message B with TGT= clientID, ip address, lifetime, client/TGS sessionkey encrypted with secret TGS message_b = common.MessageB(client_ID,lifetime,CLIENT_TGS_SESSION) message_b = common.encrypt_aes(message_b,database['tgs']) #Send message A and B to client connection.sendall(message_a) connection.sendall(message_b) #receive message C with message B(TGT) and service id message_c = connection.recv(4096) #receive message D with authenticator(clientID,timestamp) encrypted with client/TGT session key message_d = connection.recv(4096) #Re serialize object from stream only C because it is not encrypted message_c = pickle.loads(message_c) #message_d = pickle.loads(message_d) decrypt_aes does this #open message C to get message B and service id message_b = common.decrypt_aes(message_c.ticket,database['tgs']) #message_b = common.MessageB(message_b.clientId,message_b.validityPeriod,message_b.clientSessionKey) #message_b = common.decrypt_aes(message_b,database['tgs']) #Decrypt message D with with client/TGS session key message_d = common.decrypt_aes(message_d,message_b.clientSessionKey) #Check validity period of message D.timestamp with B.lifetime if message_d.timestamp+message_b.validityPeriod > time.time(): #Create message E(client/server ticket(clientID,clientIP,lifetime,client/TGS session key)) encrypted with service sercret key message_e = common.MessageB(client_ID,lifetime,CLIENT_SERVICE_SESSION) message_e = common.encrypt_aes(message_e,database['service']) #Create message F(client/server session key) encrypted with client/tgs session key message_f = common.MessageF(CLIENT_SERVICE_SESSION) message_f = common.encrypt_aes(message_f,message_b.clientSessionKey) #Send message E connection.sendall(message_e) connection.sendall(message_f) else: print "Validity period of message D is not valid." print "Server finished"
def ss_connection(connection, message_e, message_f): """ Communication with SS """ # Client connects to the SS and sends message e encrypted with service's key and g encrypted using session key connection.connect((SS_IP, PORT)) print 'Connected successfully to ip ' + AUTH_IP connection.sendall(message_e) timestamp = time.time() message_g = common.MessageD('user', timestamp) # Session key missing encrypted_message_g = common.encrypt_aes(message_g, message_f.clientSessionKey) connection.sendall(encrypted_message_g) # Receives message h to confirm identity encrypted_message_h = connection.recv(4096) # Decrypt confirmation and check timestamp decrypted_message_h = common.decrypt_aes(encrypted_message_h, message_f.clientSessionKey) if decrypted_message_h.timestamp == timestamp: connection.sendall("I trust you!") return True else: connection.sendall("I dont trust you") return False
def tgs_connection(connection): # Client sends cleartext message with the user id requesting services connection.connect((AUTH_IP, PORT)) print 'Connected successfully to ip ' + AUTH_IP connection.sendall('user') # Receive Client/TGS Session key encrypted using the secret key of the client message_a = connection.recv(4096) # Receive Ticket-Granting-Ticket encrypted using the key of the TGS message_b = connection.recv(4096) # Decrypt session key with secret key of client decrypted_message_a = common.decrypt_aes(message_a, user_credentials['user']) session_key = decrypted_message_a.sessionKey # Message C composed with TGT and ID of requested service message_c = common.MessageC(message_b, 'service') # Message D authenticator with id and timestamp timestamp = time.time() message_d = common.MessageD('user', timestamp) encrypted_message_d = common.encrypt_aes(message_d, session_key) # Send message c and d message_c = pickle.dumps(message_c) connection.sendall(message_c) connection.sendall(encrypted_message_d) # Receive messages e and f from TGS message_e = connection.recv(4096) message_f = connection.recv(4096) message_f = common.decrypt_aes(message_f, session_key) messages = [message_e, message_f] return messages
def connection_thread(connection): # Receive 2 messages: # Message E: Client to server ticket encryted with services secret key # Message G: New authenticator(clientID, Timestamp) encrypted with session key message_e = connection.recv(4096) message_g = connection.recv(4096) # Decrypt ticket with SS secret key to retrieve session key ticket = common.decrypt_aes(message_e, PRIVATE_KEY) # Decrypt authenticator with session key authenticator = common.decrypt_aes(message_g, ticket.clientSessionKey) # Send message to Client # Message H: Timestamp in clients authenticator encrypted with session key message_h = common.MessageH(authenticator.timestamp) message_h = common.encrypt_aes(message_h, ticket.clientSessionKey) connection.sendall(message_h) # Wait for requests from Client data = connection.recv(4096) reply = 'Received ' + data print reply connection.close()