def __init__(self, PORT):
self.client_port, self.server_port = PORT
self.serv_secret = random.randint(500, 1500)
self.target_server_port = ''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.proto_sock = Protocol(sock)
self.proto_sock.start(self.server_port)
self.hellman = DiffieHellman()
def __init__(self):
super(MainWindow, self).__init__()
loadUi(os.getcwd() + '/gui.ui', self)
self.constraint_input()
self.connect_buttons()
self.elgamal = Elgamal()
self.rsa = RSA()
self.dh = DiffieHellman()
self.mode = None
self.format = None
def __init__(self, port):
self.server_port = ''
self.port = port
self.client_secret = random.randint(500, 1500)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.read_sock = Protocol(sock)
self.read_sock.start(port)
self.hellman = DiffieHellman()
self.write_sock = Protocol(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM))
self.main()
def create_dh() -> DiffieHellman:
p = 233970423115425145524320034830162017933
curve = WeierstrassCurve(p, -95051, 11279326)
point = (182, 85518893674295321206118380980485522083)
point_order = 29246302889428143187362802287225875743
return DiffieHellman(curve, point, point_order)
class DiffieHellmanTest(unittest.TestCase): def setUp(self): # sharedSecret = 17 base = 5 modulo = 23 self.alice = DiffieHellman(modulo, base) self.bob = DiffieHellman(modulo, base) def test(self): aPair = self.alice.partialSessionKeyGen() bPair = self.bob.partialSessionKeyGen() a = self.alice.computeTotalSessionKey(bPair[0]) b = self.bob.computeTotalSessionKey(aPair[0]) self.assertEqual(a,b)
def test_map():
curve = MontgomeryCurve(p, 534, 1)
w_curve = WeierstrassCurve(p, -95051, 11279326)
point = (4, 85518893674295321206118380980485522083)
dh = DiffieHellman(curve, point, point_order=given_point_order)
expected = (182, 85518893674295321206118380980485522083)
assert m_point_to_w_curve(point) == expected
alice_keypair = dh.generate_keypair()
alice_public = alice_keypair.public
assert curve.is_identity(curve.scalar_mult(alice_public,
given_point_order))
assert w_curve.is_identity(
w_curve.scalar_mult(m_point_to_w_curve(alice_public),
given_point_order))
async def on_ready():
print("-" * 40)
print('Started the bot as:', bot.user)
print("BOT:", database)
users = bot.users
for user in users:
print(user)
df = DiffieHellman()
k1 = df.generate_k()
database['chats'][str(user.id)] = []
database['users'][str(user.id)] = {
'name': user.name,
'key': df
}
print("Sending to:", user)
u = await bot.fetch_user(user.id)
try:
await u.send(f'===KEYEXCH===\nvalue:{k1}')
except:
print("Erorr sending key-exchange to:", user)
print("-" * 40)
def __init__(self):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Init:'
self.alive = True
# Flower Socket
self.flower = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Deflector Socket
self.deflector = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Diffie Hellman
self.dh = DiffieHellman()
self.exchange = False
# Stream
self.stream = Stream()
async def on_message(message):
#Ignore MSGs if they're not DMs
#TODO implement end-to-end group chatting
if message.author == bot.user or not isinstance(message.channel, discord.DMChannel):
return
#database['chats'][str(message.author.id)].append(message.content)
if message.content.startswith("===KEYEXCH==="):
# Perform a Diffie-Hellman key exchange
print(f"Key exchange started with {message.author.name}")
k2 = message.content.find("value:")
df = DiffieHellman()
k1 = df.generate_k()
key = df.generate_full_key(k2)
database['users'][str(message.author.id)]['key'] = df
print("Key with user: "******" is ", database['users'][str(message.author.id)]['key'].key)
await message.author.send(f"===KEYACK===\nvalue:{k1}")
elif message.content.startswith("===KEYACK==="):
value = message.content.find("value:")
k2 = message.content[value+6:]
df = database['users'][str(message.author.id)]['key']
df.generate_full_key(k2)
database['users'][str(message.author.id)]['key'] = df
print("Key with user: "******" is ", database['users'][str(message.author.id)]['key'].key)
elif message.content.startswith("===MSG==="):
# Recieve a message:
content = message.content[9:]
try:
key = database['users'][str(message.author.id)]['key'].key
aes = AESCipher( key )
decrypted = aes.decrypt(content)
except:
print("Error while decrypting message")
return
print(content)
print(decrypted)
# 0 - Sent by someone
# 1 - Sent by you
database['chats'][str(message.author.id)].append( [0, decrypted] )
def get_line():
line = None
while line is None:
line = conn.recv()
return line
if len(sys.argv) == 2: # server
try:
conn.listen(int(sys.argv[1]))
except:
print "Unable to open port %d" % int(sys.argv[1])
sys.exit()
dh = DiffieHellman()
p, g, A = dh.generate_public_broadcast()
conn.send(str(p))
conn.send(str(g))
conn.send(str(A))
B = int(get_line())
crypto_protocol = CryptoProtocol(dh.get_shared_secret(B))
elif len(sys.argv) == 3: # client
try:
conn.connect(sys.argv[1], int(sys.argv[2]))
except:
print "Unable to connect to %s at port %d" % (sys.argv[1],
int(sys.argv[2]))
sys.exit()
p = int(get_line())
g = int(get_line())
class MainWindow(QMainWindow):
def __init__(self):
super(MainWindow, self).__init__()
loadUi(os.getcwd() + '/gui.ui', self)
self.constraint_input()
self.connect_buttons()
self.elgamal = Elgamal()
self.rsa = RSA()
self.dh = DiffieHellman()
self.mode = None
self.format = None
def constraint_input(self):
self.onlyInt = QIntValidator()
self.RSA_key_e_value.setValidator(self.onlyInt)
self.RSA_key_d_value.setValidator(self.onlyInt)
self.RSA_key_n_value.setValidator(self.onlyInt)
self.RSA_sess_n_value.setValidator(self.onlyInt)
self.RSA_sess_g_value.setValidator(self.onlyInt)
self.RSA_sess_x_value.setValidator(self.onlyInt)
self.RSA_sess_y_value.setValidator(self.onlyInt)
self.EG_key_p_value.setValidator(self.onlyInt)
self.EG_key_g_value.setValidator(self.onlyInt)
self.EG_key_x_value.setValidator(self.onlyInt)
self.EG_key_y_value.setValidator(self.onlyInt)
self.EG_sess_n_value.setValidator(self.onlyInt)
self.EG_sess_g_value.setValidator(self.onlyInt)
self.EG_sess_x_value.setValidator(self.onlyInt)
self.EG_sess_y_value.setValidator(self.onlyInt)
self.RSA_output_text.setReadOnly(True)
self.EG_output_text.setReadOnly(True)
def connect_buttons(self):
# Main menu buttons
self.rsabutton.clicked.connect(
lambda: self.stackedWidget.setCurrentIndex(1))
self.egbutton.clicked.connect(
lambda: self.stackedWidget.setCurrentIndex(2))
# RSA buttons
self.RSA_key_savebutton.clicked.connect(self.rsa_save_key)
self.RSA_act_execbutton.clicked.connect(self.rsa_execute)
self.RSA_key_genbutton.clicked.connect(self.rsa_generate_key)
self.RSA_key_filebutton.clicked.connect(self.rsa_import_key)
self.RSA_act_decbutton.clicked.connect(self.set_mode_dec)
self.RSA_act_encbutton.clicked.connect(self.set_mode_enc)
self.RSA_input_filebutton.clicked.connect(self.rsa_get_input_file)
self.RSA_fmt_txtbutton.clicked.connect(self.set_format_txt)
self.RSA_fmt_filebutton.clicked.connect(self.set_format_file)
self.RSA_returnbutton.clicked.connect(
lambda: self.stackedWidget.setCurrentIndex(0))
self.RSA_sess_genbutton.clicked.connect(
self.rsa_diffiehellman_generate_key)
# Elgamal buttons
self.EG_key_savebutton.clicked.connect(self.elgamal_save_key)
self.EG_act_execbutton.clicked.connect(self.elgamal_execute)
self.EG_key_genbutton.clicked.connect(self.elgamal_generate_key)
self.EG_key_filebutton.clicked.connect(self.elgamal_import_key)
self.EG_act_decbutton.clicked.connect(self.set_mode_dec)
self.EG_act_encbutton.clicked.connect(self.set_mode_enc)
self.EG_input_filebutton.clicked.connect(self.elgamal_get_input_file)
self.EG_fmt_txtbutton.clicked.connect(self.set_format_txt)
self.EG_fmt_filebutton.clicked.connect(self.set_format_file)
self.EG_returnbutton.clicked.connect(
lambda: self.stackedWidget.setCurrentIndex(0))
self.EG_sess_genbutton.clicked.connect(
self.eg_diffiehellman_generate_key)
# DIFFIE HELMAN STUFF
def rsa_diffiehellman_generate_key(self):
self.dh.generate_parameters()
n, g, x, y = self.dh.get_parameters()
self.RSA_sess_n_value.setText(str(n))
self.RSA_sess_g_value.setText(str(g))
self.RSA_sess_x_value.setText(str(x))
self.RSA_sess_y_value.setText(str(y))
sess_key = self.dh.get_session_key()
self.RSA_sess_result.setText(str(sess_key))
def eg_diffiehellman_generate_key(self):
self.dh.generate_parameters()
n, g, x, y = self.dh.get_parameters()
self.EG_sess_n_value.setText(str(n))
self.EG_sess_g_value.setText(str(g))
self.EG_sess_x_value.setText(str(x))
self.EG_sess_y_value.setText(str(y))
sess_key = self.dh.get_session_key()
self.EG_sess_result.setText(str(sess_key))
# RSA STUFF
def rsa_save_key(self):
fileNamePub, _ = QFileDialog.getSaveFileName(
None, "Save RSA Public Key", "", "Public Key File (*.pub)")
fileNamePri, _ = QFileDialog.getSaveFileName(
None, "Save RSA Private Key", "", "Private Key File (*.pri)")
# self.rsa.generate_key()
self.rsa.save_generated_keys(fileNamePub, fileNamePri)
def rsa_set_public_key(self):
e = int(self.RSA_key_e_value.text())
n = int(self.RSA_key_n_value.text())
self.rsa.set_public_key(e, n)
def rsa_set_private_key(self):
d = int(self.RSA_key_d_value.text())
n = int(self.RSA_key_n_value.text())
self.rsa.set_private_key(d, n)
def rsa_execute(self):
self.rsa_set_public_key()
self.rsa_set_private_key()
st = time.time()
if self.mode == 'enc':
if self.format == 'txt':
self.rsa.get_input(
bytes(self.RSA_input_text.toPlainText(),
'UTF-8',
errors='ignore'))
self.rsa.encrypt()
self.RSA_output_text.setText(self.rsa.get_cipher_text())
# print("RSA get cipher text: ", bytes(self.rsa.get_cipher_text(), 'UTF-8'))
elif self.format == 'file':
if self.rsa_inpfile == None:
self.display_value_error("File belum dipilih")
return
assert self.rsa_inpfile is not None
self.rsa.enc_from_file(self.rsa_inpfile)
self.rsa.encrypt()
fileName, _ = QFileDialog.getSaveFileName(
None, "Save Encrypted File", "", "All Files (*)")
print("tes({})".format(fileName))
if fileName == "":
return
self.rsa.enc_write_file(fileName)
# Print file size
self.RSA_size_value.setText(
str(os.path.getsize(fileName) / 1000))
else:
self.display_value_error("Format belum dipilih")
return
elif self.mode == 'dec':
if self.format == 'txt':
check = self.RSA_input_text.toPlainText()
print("RSA_input toPlainText ", check)
print("length of text = {}".format(len(check)))
for c in check:
print(c, end='')
print()
self.rsa.get_input(
bytes(self.RSA_input_text.toPlainText(),
'UTF-8',
errors='ignore'))
self.rsa.parse_msg_to_enc()
self.rsa.decrypt()
self.RSA_output_text.setText(self.rsa.get_plain_text())
elif self.format == 'file':
if self.rsa_inpfile == None:
self.display_value_error("File belum dipilih")
return
assert self.rsa_inpfile is not None
self.rsa.dec_from_file(self.rsa_inpfile)
self.rsa.decrypt()
fileName, _ = QFileDialog.getSaveFileName(
None, "Save Encrypted File", "", "All Files (*)")
print("tes({})".format(fileName))
if fileName == "":
return
self.rsa.dec_write_file(fileName)
# Print file size
self.RSA_size_value.setText(
str(os.path.getsize(fileName) / 1000))
else:
self.display_value_error("Format belum dipilih")
return
else:
self.display_value_error("Aksi belum dipilih")
return
end = str(time.time() - st)
# Set time execution
self.RSA_time_value.setText(end)
def rsa_generate_key(self):
self.rsa.generate_key()
d, n1 = self.rsa.get_private_key()
e, n2 = self.rsa.get_public_key()
assert n1 == n2
self.RSA_key_n_value.setText(str(n1))
self.RSA_key_d_value.setText(str(d))
self.RSA_key_e_value.setText(str(e))
def rsa_import_key(self):
fileNamePub, _ = QFileDialog.getOpenFileName(
None, "Import RSA Public Key", "", "Public Key File (*.pub)")
fileNamePri, _ = QFileDialog.getOpenFileName(
None, "Import RSA Private Key", "", "Private Key File (*.pri)")
self.rsa.import_public_key(fileNamePub)
self.rsa.import_private_key(fileNamePri)
# display the imported key in the text box
d, n1 = self.rsa.get_private_key()
e, n2 = self.rsa.get_public_key()
assert n1 == n2
self.RSA_key_n_value.setText(str(n1))
self.RSA_key_d_value.setText(str(d))
self.RSA_key_e_value.setText(str(e))
def rsa_get_input_file(self):
fileName, _ = QFileDialog.getOpenFileName(None, "Get Input File", "",
"All Files (*)")
self.rsa_inpfile = fileName
fileName = fileName.split('/')[-1]
self.RSA_inp_file_label.setText("Chosen file: {}".format(fileName))
# ELGAMAL STUFF
def elgamal_save_key(self):
fileNamePub, _ = QFileDialog.getSaveFileName(
None, "Save Elgamal Public Key", "", "Public Key File (*.pub)")
fileNamePri, _ = QFileDialog.getSaveFileName(
None, "Save Elgamal Private Key", "", "Private Key File (*.pri)")
self.elgamal.generate_key()
self.elgamal.save_generated_keys(fileNamePub, fileNamePri)
def elgamal_set_public_key(self):
p = int(self.EG_key_p_value.text())
g = int(self.EG_key_g_value.text())
y = int(self.EG_key_y_value.text())
self.elgamal.set_public_key(p, g, y)
def elgamal_set_private_key(self):
p = int(self.EG_key_p_value.text())
x = int(self.EG_key_x_value.text())
self.elgamal.set_private_key(p, x)
def elgamal_execute(self):
self.elgamal_set_public_key()
self.elgamal_set_private_key()
st = time.time()
if self.mode == 'enc':
if self.format == 'txt':
self.elgamal.get_input(
bytes(self.EG_input_text.toPlainText(),
'UTF-8',
errors='ignore'))
self.elgamal.encrypt()
self.EG_output_text.setText(self.elgamal.get_cipher_text())
elif self.format == 'file':
self.elgamal.enc_from_file(self.elgamal_inpfile)
self.elgamal.encrypt()
fileName, _ = QFileDialog.getSaveFileName(
None, "Save Encrypted File", "", "All Files (*)")
self.elgamal.enc_write_file(fileName)
# Print file size
self.EG_size_value.setText(
str(os.path.getsize(fileName) / 1000))
else:
self.display_value_error("Format belum dipilih")
return
elif self.mode == 'dec':
if self.format == 'txt':
self.elgamal.get_input(
bytes(self.EG_input_text.toPlainText(),
'UTF-8',
errors='ignore'))
self.elgamal.parse_msg_to_enc()
self.elgamal.decrypt()
self.EG_output_text.setText(self.elgamal.get_plain_text())
elif self.format == 'file':
self.elgamal.dec_from_file(self.elgamal_inpfile)
self.elgamal.decrypt()
fileName, _ = QFileDialog.getSaveFileName(
None, "Save Encrypted File", "", "All Files (*)")
self.elgamal.dec_write_file(fileName)
# Print file
self.EG_size_value.setText(
str(os.path.getsize(fileName) / 1000))
else:
self.display_value_error("Format belum dipilih")
return
else:
self.display_value_error("Aksi belum dipilih")
return
end = str(time.time() - st)
# Set time execution
self.EG_time_value.setText(end)
def elgamal_get_input_file(self):
fileName, _ = QFileDialog.getOpenFileName(None, "Get Input File", "",
"All Files (*)")
self.elgamal_inpfile = fileName
fileName = fileName.split('/')[-1]
self.EG_inp_file_label.setText("Chosen file: {}".format(fileName))
def elgamal_import_key(self):
fileNamePub, _ = QFileDialog.getOpenFileName(
None, "Import Elgamal Public Key", "", "Public Key File (*.pub)")
fileNamePri, _ = QFileDialog.getOpenFileName(
None, "Import Elgamal Private Key", "", "Private Key File (*.pri)")
self.elgamal.import_public_key(fileNamePub)
self.elgamal.import_private_key(fileNamePri)
def elgamal_generate_key(self):
self.elgamal.generate_key()
g, y, p = self.elgamal.get_public_key()
x, p = self.elgamal.get_private_key()
self.EG_key_p_value.setText(str(p))
self.EG_key_g_value.setText(str(g))
self.EG_key_x_value.setText(str(x))
self.EG_key_y_value.setText(str(y))
# OTHER STUFF
def set_mode_enc(self):
self.mode = 'enc'
def set_mode_dec(self):
self.mode = 'dec'
def set_format_txt(self):
self.format = 'txt'
def set_format_file(self):
self.format = 'file'
# VALIDATION STUFF
def display_value_error(self, err_msg: str):
msg = QMessageBox()
msg.setIcon(QMessageBox.Warning)
msg.setText("Error")
msg.setInformativeText(err_msg)
msg.setWindowTitle("Error")
msg.setStandardButtons(QMessageBox.Ok)
retval = msg.exec_()
class Client:
def __init__(self, port):
self.server_port = ''
self.port = port
self.client_secret = random.randint(500, 1500)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.read_sock = Protocol(sock)
self.read_sock.start(port)
self.hellman = DiffieHellman()
self.write_sock = Protocol(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM))
self.main()
def listening(self):
while True:
data = self.read_sock.read()
data = json.loads(data)
if 'encry' in data.keys():
msg = self.hellman.decry(data['data'], self.top_secret_key)
print('msg: ', msg)
else:
print('something ', data['data'])
def speak(self):
while True:
data = input()
self.write_sock.write(
self.make_header(self.hellman.encry(data,
self.top_secret_key)),
self.server_port)
def check_header(self, data):
fdata = json.loads(data)
if fdata['type'] == 'SERVER':
self.server_port = fdata['addr']
else:
print('ciota neto')
def make_header(self, data):
fdata = {"type": "CLIENT", "addr": self.port, "data": data}
return json.dumps(fdata)
def handshake(self):
self.write_sock.write(self.make_header('SYN'), self.server_port)
data = self.read_sock.read()
data = json.loads(data)
self.top_secret_key = self.hellman.get_secret_key(
data['key'], self.client_secret)
data.update({
'encry': 'Diffie Hellman',
'key': self.hellman.generate_key(self.client_secret)
})
data = json.dumps(data)
self.write_sock.write(data, self.server_port)
def main(self):
data = self.read_sock.read()
self.check_header(data)
print('SERVER PORT -> ', self.server_port, '\n',
json.loads(data)['data'])
self.handshake()
start_new_thread(self.speak, ())
self.listening()
def main():
#replace g with 1, p, p-1...
#just watch the generated secret key result
#1 : all secret keys are 1
#p : all secret keys are 0
#p-1: half secret keys are 1
# half secret keys are p-1
dh = DiffieHellman(DiffieHellman.p, 1)
a_pri, a_pub, a_p, a_g = dh.gen_key_pair()
b_pri, b_pub, b_p, b_g = dh.gen_key_pair()
a_sk = dh.gen_sec_key(b_pub, a_pri)
key_a = sha1.sha1(str(a_sk))[:16]
print a_sk
print binascii.hexlify(key_a)
dh = DiffieHellman(DiffieHellman.p, DiffieHellman.p)
a_pri, a_pub, a_p, a_g = dh.gen_key_pair()
b_pri, b_pub, b_p, b_g = dh.gen_key_pair()
a_sk = dh.gen_sec_key(b_pub, a_pri)
key_a = sha1.sha1(str(a_sk))[:16]
print a_sk
print binascii.hexlify(key_a)
dh = DiffieHellman(DiffieHellman.p, DiffieHellman.p-1)
a_pri, a_pub, a_p, a_g = dh.gen_key_pair()
b_pri, b_pub, b_p, b_g = dh.gen_key_pair()
a_sk = dh.gen_sec_key(b_pub, a_pri)
key_a = sha1.sha1(str(a_sk))[:16]
print a_sk
print binascii.hexlify(key_a)
def setUp(self): # sharedSecret = 17 base = 5 modulo = 23 self.alice = DiffieHellman(modulo, base) self.bob = DiffieHellman(modulo, base)
def main():
random.seed(time.time())
# regular communication
message = "This is a secret message".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
print "Alice's key:"
print "%r" % (alice.session_key(),)
print "Bob's key:"
print "%r" % (bob.session_key(),)
assert bob.session_key() == alice.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], alice_message)[16:], IV = bob_iv)
# mitm'd
message = "Tm8gb25lIGNhbiByZWFkIHRoaXM=".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
mitm = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
alice.make_secret()
bob.make_secret()
bob.get_response(NIST_PRIME)
alice.get_response(NIST_PRIME)
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(0).strip("0xL")).hexdigest().decode("hex")
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
def __init__(self, q, alpha):
self.__tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.__s_des = SimpleDes()
self.__rc4 = RC4()
self.__encryption = None
self.__diffie_hellman = DiffieHellman(q, alpha)
from sha1 import SHA1 from diffie_hellman import DiffieHellman from rsa_dsa import RSADSA # RSA DSA keys = rsa_keys.generate_rsa_keys(256) rsa_dsa = RSADSA(keys['n']) sign = rsa_dsa.sign(SHA1, 'ARTYOM', keys['d']) print(rsa_dsa.verify(SHA1, sign, keys['e'])) curve = EllipticCurve(67) # Diffie-Hellman dh = DiffieHellman(curve, curve.points[3]) a_private = 7 a_public = dh.gen_public(a_private) b_private = 13 b_public = dh.gen_public(b_private) secret = dh.gen_secret(a_private, b_public) print(dh.gen_secret(a_private, b_public) == dh.gen_secret(b_private, a_public)) # EC DSA point = curve.prime_order_point() ec_dsa = ECDSA(curve, point) private = 4
def mutualAuthentication(self):
bits = 16
nonce = self.mutual_auth.generate_nonce(bits)
self.dh = DiffieHellman.defaultInstance()
if self.mode == 'client':
# send client challenge
self.socket.sendall('im alice,' + str(nonce) + TERMINATORS)
print '[MutualAuthentication] client sent: im alice,' + str(nonce)
# receive challenge response from client
server_response = self.receiveData()
server_nonce = server_response.split(',',1)[0]
server_encrypted = server_response.split(',',1)[1]
print '[MutualAuthentication] client received nonce from server: ' + server_nonce
print '[MutualAuthentication] client received encrypted text: ' + server_encrypted
plaintext = self.mutual_auth.decrypt_ciphertext(server_encrypted)
print '[MutualAuthentication] client decrypted plaintext: ' + plaintext
# check that nonce is correct and you weren't the one to encrypt it
if(not self.mutual_auth.check_name(plaintext) and self.mutual_auth.check_nonce(plaintext)):
# extract partial key sent by server
server_partial_session_key = self.mutual_auth.get_partner_dh_value(plaintext)
print '[MutualAuthentication] extracted server partial key: ' + str(server_partial_session_key)
# generate client partial key
client_partial_session_key = self.dh.partialSessionKeyGen()[0]
# compute the session key
self.total_session_key = self.dh.computeTotalSessionKey(server_partial_session_key)
# encrypt server nonce and client partial key with shared secret and send
encrypted = self.mutual_auth.encrypt_nonce(server_nonce, client_partial_session_key)
self.socket.sendall(encrypted + TERMINATORS)
print '[MutualAuthentication] client sending encrypted text: ' + encrypted
print '[MutualAuthentication] success in authenticating server'
return True
else:
print '[MutualAuthentication] cannot authenticate server, check falied'
return False
# server mode
else:
#server
# wait to receive nonce from client
client_response = self.receiveData()
client_nonce = client_response.split(',')[1]
print '[MutualAuthentication] received client_nonce:'+str(client_nonce)
# generate server partial key
server_partial_session_key = self.dh.partialSessionKeyGen()[0]
# encrypt client nonce and server partial key with shared secret
encrypted = self.mutual_auth.encrypt_nonce(client_nonce, server_partial_session_key)
# send server nonce along with encrypter message
self.socket.sendall(str(nonce) + ',' + encrypted + TERMINATORS)
print '[MutualAuthentication] server sending nonce: ' + str(nonce)
print '[MutualAuthentication] server sending encrypted text: ' + encrypted
# receive client challenge response
client_second_response = self.receiveData()
print '[MutualAuthentication] server received client response: ' + str(client_second_response)
# decrypt client response
plaintext = self.mutual_auth.decrypt_ciphertext(client_second_response)
print '[MutualAuthentication] server decrypted plaintext: ' + plaintext
# check that nonce is correct and you weren't the one to encrypt it
if(not self.mutual_auth.check_name(plaintext) and self.mutual_auth.check_nonce(plaintext)):
# extract client partial key
client_partial_session_key = self.mutual_auth.get_partner_dh_value(plaintext)
print '[MutualAuthentication] extracted the client partial key: ' + str(client_partial_session_key)
# compute session key
self.total_session_key = self.dh.computeTotalSessionKey(client_partial_session_key)
print '[MutualAuthentication] success in authenticating client'
return True
else:
print '[MutualAuthentication] cannot authenticate client, check falied'
return False
class Client:
__port = 5354
__key: str
def __init__(self, q, alpha):
self.__tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.__s_des = SimpleDes()
self.__rc4 = RC4()
self.__encryption = None
self.__diffie_hellman = DiffieHellman(q, alpha)
def connect(self, host: str):
dest = (host, self.__port)
self.__tcp.connect(dest)
sockets_list = [sys.stdin, self.__tcp]
while True:
read_sockets, write_socket, error_socket = select.select(sockets_list, [], [])
for socks in read_sockets:
if socks == self.__tcp:
socks: socket.socket
messages: list = socks.recv(2048).decode().split("\x02")
controls = messages[1].split(" ")
if controls[0] == "\dh_end":
kp = controls[1]
self.__key = self.__diffie_hellman.calculate_sessionkey(int(kp))
print("Chave de diffie hellman trocadas!")
#self.__key = bin(self.__key)[2:].zfill(10)[-10:]
elif controls[0] == "\dh_begin":
kp = controls[1]
y = self.__diffie_hellman.calculate_pubkey()
self.__key = self.__diffie_hellman.calculate_sessionkey(int(kp))
print("Chave de diffie hellman trocadas!")
#self.__key = bin(self.__key)[2:].zfill(10)[-10:]
msg = "\dh_end " + str(y)
self.__tcp.send(bytes(msg.encode()))
else:
decrypted_message = self.__verify_encryption(messages[1])
print(messages[0] + decrypted_message)
else:
message: str = sys.stdin.readline()[:-1]
self.__erase_line()
if message[:5] == "\exit":
exit(1)
if message == "\dh_begin":
y = self.__diffie_hellman.calculate_pubkey()
msg = "\dh_begin " + str(y)
self.__tcp.send(bytes(msg.encode()))
else:
if self.__encryption:
encrypted_message: str = self.__encryption(message, True)
self.__tcp.send(bytes(encrypted_message.encode()))
else:
self.__tcp.send(bytes(message.encode()))
sys.stdout.write("<You> {}".format(self.__verify_start_encryption(message) + "\n"))
sys.stdout.flush()
def __use_s_des(self, message: str, encrypt: bool):
if encrypt:
execute = self.__s_des.encrypt
else:
execute = self.__s_des.decrypt
bin_message = list(format(ord(x), 'b') for x in message)
s_des_message = self.__execute_s_des(bin_message, execute)
return self.__binary_list_to_ascii(s_des_message)
def __execute_s_des(self, bin_message, execute: SimpleDes.encrypt) -> list:
s_des_message = list()
for byte in bin_message:
byte: str
s_des_message.append(execute(byte.zfill(8), self.__key))
return s_des_message
@staticmethod
def __binary_list_to_ascii(text: list) -> str:
return "".join([chr(int(i, 2)) for i in text])
def __verify_encryption(self, message: str):
if self.__encryption is None:
return self.__verify_start_encryption(message)
else:
decrypt_message = self.__encryption(message, False)
return self.__verify_start_encryption(decrypt_message)
def __use_rc4(self, message: str, encrypt: bool):
return self.__rc4.execute(message, self.__key)
def __start_encryption(self, message: str) -> bool:
commands = message.split(" ")
if commands[0] == "\crypt":
type_encryption = commands[1]
if type_encryption == "sdes":
self.__encryption = self.__use_s_des
self.__key = bin(int(self.__key))[2:].zfill(10)[-10:]
#self.__key = bin(self.__key)[2:].zfill(10)[-10:]
return True
'''if self.__have_quotes(commands[2]):
key = commands[2][1:-1]
self.__encryption = self.__use_s_des
if len(key) < 10:
self.__key = key.zfill(10)
else:
self.__key = key[:10]
return True
return False'''
elif type_encryption == "rc4":
self.__encryption = self.__use_rc4
self.__key = str(self.__key)
'''if self.__have_quotes(commands[2]):
self.__encryption = self.__use_rc4
#self.__key = commands[2][1:-1]
return True
return False'''
elif type_encryption == "none":
self.__encryption = None
return True
else:
return False
return False
def __check_type_encryption(self, message: str):
if self.__start_encryption(message):
if self.__encryption == self.__use_s_des:
return "Cifra Simple DES ativada"
elif self.__encryption == self.__use_rc4:
return "Cifra RC4 ativada"
else:
return "Comunicação sem cifra"
else:
return message
def __verify_start_encryption(self, message: str):
if self.__start_encryption(message):
return self.__check_type_encryption(message)
return message
def __erase_line(self):
CURSOR_UP_ONE = '\x1b[1A'
ERASE_LINE = '\x1b[2K'
sys.stdout.write(CURSOR_UP_ONE)
sys.stdout.write(ERASE_LINE)
@staticmethod
def __have_quotes(command: str) -> bool:
if command[0] == command[-1] == "\"":
return True
return False
def __del__(self):
print("saindo do chat...")
self.__tcp.close()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# pylint: disable=C0330
"""key_exchange.py
Test script for Diffie-Hellman implemented within this folder.
"""
from __future__ import absolute_import
from random import getrandbits
from diffie_hellman import DiffieHellman
XA, XB = getrandbits(512), getrandbits(512)
for i in [
(589_559_306_225_789_680_238_449, 99_848_060_646_461_381_236_408),
(1_076_504_068_900_685_093_590_721, 594_761_277_746_183_138_644_459),
]:
alice = DiffieHellman(XA, *i)
bob = DiffieHellman(XB, *i)
A = alice.gen_shared_secret(bob.gen_public_key())
B = bob.gen_shared_secret(alice.gen_public_key())
assert A == B
class Server:
def __init__(self, PORT):
self.client_port, self.server_port = PORT
self.serv_secret = random.randint(500, 1500)
self.target_server_port = ''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.proto_sock = Protocol(sock)
self.proto_sock.start(self.server_port)
self.hellman = DiffieHellman()
def handshake(self, data):
dat = json.loads(data)
if 'encry' not in dat.keys():
dat.update({'key': self.hellman.generate_key(self.serv_secret)})
dat1 = json.dumps(dat)
self.proto_sock.write(dat1, dat['addr'])
data = self.proto_sock.read()
data = json.loads(data)
self.top_secret_key = self.hellman.get_secret_key(data['key'], self.serv_secret)
def listening(self):
first = {"type": "SERVER", "addr" : self.server_port, "data": 'bib-bib-bib...'}
first = json.dumps(first)
self.proto_sock.write(first, self.client_port)
data = self.proto_sock.read()
self.handshake(data)
while True:
data = self.proto_sock.read()
dta, typ = self.check_header(data)
if typ == 'CLIENT':
self.waiting_for_conn()
else:
self.connected_state()
def waiting_for_conn(self):
print('waiting_for_conn')
self.proto_sock.write(self.make_header(self.encry('Enter number(target server port): ')), self.client_port)
while True:
data = self.proto_sock.read()
dte, typ = self.check_header(data)
dte = self.hellman.decry(dte, self.top_secret_key)
if dte.isdigit():
self.target_server_port += dte
self.proto_sock.write(self.make_header(self.encry('next digit')), self.client_port)
else:
self.proto_sock.write(self.make_header(self.encry('speak pls')), self.client_port)
self.connected_state()
def encry(self, data):
return self.hellman.encry(data, self.top_secret_key)
def connected_state(self):
print('connected_state')
self.proto_sock.write(self.make_header('connection successful'), int(self.target_server_port))
while True:
data = self.proto_sock.read()
dta, typ = self.check_header(data)
if typ == 'CLIENT':
data = self.hellman.decry(dta, self.top_secret_key)
self.proto_sock.write(self.make_header(data), int(self.target_server_port))
else:
self.proto_sock.write(self.make_header(self.encry(dta)), self.client_port)
def make_header(self, data):
fdata = {"type": "SERVER", "addr" : self.server_port, "data": data, "encry": "Diffie Hellman"}
return json.dumps(fdata)
def check_header(self, data):
fdata = json.loads(data)
if fdata['type'] == 'SERVER':
self.target_server_port = fdata['addr']
return fdata['data'], fdata['type']
def handle(self, flower):
DEBUG_POSITION = 'Symbiosis_Server:Server:Handle:'
dh = DiffieHellman()
data_proxy = b''
keys = []
aes_recv = None
timeout = TIMEOUT
while self.running:
(read, _, exception) = select.select([flower], [], [flower], timeout)
if exception:
if DEBUG: print(DEBUG_POSITION, 'select exception이 발생했습니다:')
if DEBUG: print(exception)
return
elif read:
for i in read:
try:
# Receive Data
data_proxy = data_proxy + i.recv(1024)
if len(data_proxy) >= 1024:
# Raw Cell
raw_cell, data_proxy = data_proxy[0:1024], data_proxy[1024:]
# Decode Cell
cell = decodeCell(raw_cell)
if cell['type'] == SYMBIOSIS_CELL_TYPE_REQUEST:
# Decrypt
data = cell['data']
decrypted = b''
while len(data) >= 16:
decrypted = decrypted + aes_recv.decrypt(data[:16])
data = data[16:]
decrypted = decrypted + data
# Digest
digest = SHA256.new(decrypted + keys[0]).digest()
if digest != cell['digest']: continue
# Connect to Squid with streamID
if not cell['streamID'] in self.stream.streams.keys():
if self.stream.connect('localhost', 3128, cell['streamID']) == False:
if DEBUG: print(DEBUG_POSITION, 'Squid에 연결할 수 없습니다.')
continue
# Send Data
self.stream.send(cell['streamID'], decrypted)
elif cell['type'] == SYMBIOSIS_CELL_TYPE_KEY_REQUEST:
print("Key Exchange: Start")
# g_x
g_x = cell['data']
# g_y
g_y = dh.publicKey.to_bytes((dh.publicKey.bit_length() + 7) // 8, 'big')
# H(K)
dh.genKey(int.from_bytes(g_x, byteorder='big'))
K = dh.getKey()
# h_k = SHA256.new(K.decode('utf-8')).digest()
h = hashlib.sha256()
h.update(str(K).encode(encoding='utf_8', errors='strict'))
h_k = h.digest()
# certificate
crt = open("./ss.crt").read().encode()
# sig = sign(SHA256(g_y))
prk = RSA.importKey(open('private.key','r').read())
hash = SHA256.new(g_y).digest()
n = int(prk.sign(hash, '')[0])
sig = n.to_bytes((n.bit_length() + 7) // 8, 'big')
# Keys
for i in range(4):
keys = keys + [ str(i).encode() + K[1:] ]
aes_recv = AES.new(keys[1], AES.MODE_ECB)
aes_send = AES.new(keys[3], AES.MODE_ECB)
# crt:1099, g_y:512, sig:256, h_k:32
data = crt + g_y + sig + h_k
while len(data) > 0:
if len(data) <= 987: end = 1
else: end = 0
flower.send(encodeCell(SYMBIOSIS_CELL_TYPE_KEY_RESPONSE, len(data[:987]), end, bytes(32), data[:987]))
data = data[987:]
self.exchange = True
print('Key Exchange: End')
except socket.error as e:
if DEBUG: print(DEBUG_POSITION, '알 수 없는 오류가 발생했습니다:')
if DEBUG: print(e)
return
if self.exchange == True:
self.stream.select(flower, SYMBIOSIS_CELL_TYPE_RESPONSE, aes_send, keys[2])
def mutualAuthentication(self):
bits = 16
nonce = self.mutual_auth.generate_nonce(bits)
self.dh = DiffieHellman.defaultInstance()
if self.mode == 'client':
# send client challenge
self.socket.sendall('im alice,' + str(nonce) + TERMINATORS)
print '[MutualAuthentication] client sent: im alice,' + str(nonce)
# receive challenge response from client
server_response = self.receiveData()
server_nonce = server_response.split(',', 1)[0]
server_encrypted = server_response.split(',', 1)[1]
print '[MutualAuthentication] client received nonce from server: ' + server_nonce
print '[MutualAuthentication] client received encrypted text: ' + server_encrypted
plaintext = self.mutual_auth.decrypt_ciphertext(server_encrypted)
print '[MutualAuthentication] client decrypted plaintext: ' + plaintext
# check that nonce is correct and you weren't the one to encrypt it
if (not self.mutual_auth.check_name(plaintext)
and self.mutual_auth.check_nonce(plaintext)):
# extract partial key sent by server
server_partial_session_key = self.mutual_auth.get_partner_dh_value(
plaintext)
print '[MutualAuthentication] extracted server partial key: ' + str(
server_partial_session_key)
# generate client partial key
client_partial_session_key = self.dh.partialSessionKeyGen()[0]
# compute the session key
self.total_session_key = self.dh.computeTotalSessionKey(
server_partial_session_key)
# encrypt server nonce and client partial key with shared secret and send
encrypted = self.mutual_auth.encrypt_nonce(
server_nonce, client_partial_session_key)
self.socket.sendall(encrypted + TERMINATORS)
print '[MutualAuthentication] client sending encrypted text: ' + encrypted
print '[MutualAuthentication] success in authenticating server'
return True
else:
print '[MutualAuthentication] cannot authenticate server, check falied'
return False
# server mode
else:
#server
# wait to receive nonce from client
client_response = self.receiveData()
client_nonce = client_response.split(',')[1]
print '[MutualAuthentication] received client_nonce:' + str(
client_nonce)
# generate server partial key
server_partial_session_key = self.dh.partialSessionKeyGen()[0]
# encrypt client nonce and server partial key with shared secret
encrypted = self.mutual_auth.encrypt_nonce(
client_nonce, server_partial_session_key)
# send server nonce along with encrypter message
self.socket.sendall(str(nonce) + ',' + encrypted + TERMINATORS)
print '[MutualAuthentication] server sending nonce: ' + str(nonce)
print '[MutualAuthentication] server sending encrypted text: ' + encrypted
# receive client challenge response
client_second_response = self.receiveData()
print '[MutualAuthentication] server received client response: ' + str(
client_second_response)
# decrypt client response
plaintext = self.mutual_auth.decrypt_ciphertext(
client_second_response)
print '[MutualAuthentication] server decrypted plaintext: ' + plaintext
# check that nonce is correct and you weren't the one to encrypt it
if (not self.mutual_auth.check_name(plaintext)
and self.mutual_auth.check_nonce(plaintext)):
# extract client partial key
client_partial_session_key = self.mutual_auth.get_partner_dh_value(
plaintext)
print '[MutualAuthentication] extracted the client partial key: ' + str(
client_partial_session_key)
# compute session key
self.total_session_key = self.dh.computeTotalSessionKey(
client_partial_session_key)
print '[MutualAuthentication] success in authenticating client'
return True
else:
print '[MutualAuthentication] cannot authenticate client, check falied'
return False
try:
bogus_point = curve.find_point_of_order(r, curve_order)
confused_response = bob_keypair.compute_secret(bogus_point)
# brute for which r for confused response
current_point = bogus_point
for x in range(1, r):
if current_point == confused_response:
yield (x, r)
break
current_point = curve.add_points(current_point, bogus_point)
except ValueError as err:
continue
if __name__ == "__main__":
dh = DiffieHellman(given_curve, point, point_order=given_order)
alice_keypair = dh.generate_keypair()
bob_keypair = dh.generate_keypair()
alice_key = alice_keypair.compute_secret(bob_keypair.public)
bob_key = bob_keypair.compute_secret(alice_keypair.public)
assert alice_key == bob_key, 'Key should have been shared'
# Begin Subgroup Confinement Attack
bad_curve1 = WeierstrassCurve(p, -95051, 210)
order_curve1 = 233970423115425145550826547352470124412
bad_curve2 = WeierstrassCurve(p, -95051, 504)
order_curve2 = 233970423115425145544350131142039591210
bad_curve3 = WeierstrassCurve(p, -95051, 727)
order_curve3 = 233970423115425145545378039958152057148
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# pylint: disable=C0330
"""key_exchange.py
Test script for Diffie-Hellman implemented within this folder.
"""
from __future__ import absolute_import
from random import getrandbits
from diffie_hellman import DiffieHellman
XA, XB = getrandbits(512), getrandbits(512)
for i in [
(589_559_306_225_789_680_238_449, 99_848_060_646_461_381_236_408),
(1_076_504_068_900_685_093_590_721, 594_761_277_746_183_138_644_459),
]:
alice = DiffieHellman(XA, *i)
bob = DiffieHellman(XB, *i)
A = alice.gen_shared_secret(bob.gen_public_key())
B = bob.gen_shared_secret(alice.gen_public_key())
assert A == B
from binascii import hexlify
from diffie_hellman import DiffieHellman
p = 11
g = 2
d1 = DiffieHellman(generator=g, prime=p, key_length=3)
# d2 = DiffieHellman(generator=g, prime=p, key_length=3)
# print(d1.public_key)
# print(d2.public_key)
# d1.gen_key(d2.public_key)
# d2.gen_key(d1.public_key)
d1.gen_key(2)
print('Public key: ' + str(d1.public_key))
print('Private key: ' + str(d1.private_key))
print(d1.get_key())
# d1.show_params()
# d1.show_results()
# d2.show_params()
# d2.show_results()
# if d1.get_key() == d2.get_key():
# print('Shared keys match')
# print('Key: ', hexlify(bytes(d1.key, 'ascii')))
# print(d1.get_key())
# else:
# print("Shared secrets didn't match!")
# print("Shared secret A: ", d1.gen_secret(d2.public_key))
except:
print "Unable to open port %d" % client_port
sys.exit()
try:
conn_server.connect(server_ip, server_port)
except:
print "Unable to connect to %s at port %d" % (server_ip, server_port)
# Key exchange: Later can be added some other variants too.#######
p_server = int(get_line(conn_server))
g_server = int(get_line(conn_server))
A_server = int(get_line(conn_server))
dh_server = DiffieHellman(p_server, g_server)
_, _, B_server = dh_server.generate_public_broadcast()
conn_server.send(str(B_server))
crypto_protocol_server = CryptoProtocol(dh_server.get_shared_secret(A_server))
p_client = p_server
g_client = g_server
dh_client = DiffieHellman(p_server, g_server)
_, _, A_client = dh_client.generate_public_broadcast()
conn_client.send(str(p_client))
conn_client.send(str(g_client))
conn_client.send(str(A_client))
B_client = int(get_line(conn_client))
except:
print "Unable to open port %d" % client_port
sys.exit()
try:
conn_server.connect(server_ip, server_port)
except:
print "Unable to connect to %s at port %d" % (server_ip, server_port)
# Key exchange: Later can be added some other variants too.#######
p_server = int(get_line(conn_server))
g_server = int(get_line(conn_server))
A_server = int(get_line(conn_server))
dh_server = DiffieHellman(p_server, g_server)
_, _, B_server = dh_server.generate_public_broadcast()
conn_server.send(str(B_server))
crypto_protocol_server = CryptoProtocol(dh_server.get_shared_secret(A_server))
p_client = p_server
g_client = g_server
dh_client = DiffieHellman(p_server, g_server)
_, _, A_client = dh_client.generate_public_broadcast()
conn_client.send(str(p_client))
conn_client.send(str(g_client))
conn_client.send(str(A_client))
B_client = int(get_line(conn_client))
class Bee:
def __init__(self):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Init:'
self.alive = True
# Flower Socket
self.flower = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Deflector Socket
self.deflector = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Diffie Hellman
self.dh = DiffieHellman()
self.exchange = False
# Stream
self.stream = Stream()
def fly(self, flower_host, flower_port, deflector_host, deflector_port):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Fly:'
# Connect to Deflector
# try:
# self.deflector.connect((deflector_host, deflector_port))
# except socket.error as e:
# if DEBUG: print(DEBUG_POSITION, 'Deflector와의 연결에 실패하였습니다:')
# if DEBUG: print(e)
# return
# Connect to Flower
try:
self.flower.connect((flower_host, flower_port))
except socket.error as e:
if DEBUG: print(DEBUG_POSITION, 'Flower와의 연결에 실패하였습니다:')
if DEBUG: print(e)
return
if DEBUG: print('Key Exchange: Start')
self.exchange = False
# Key Exchange
data = self.dh.publicKey.to_bytes((self.dh.publicKey.bit_length() + 7) // 8, 'big')
self.flower.send(encodeCell(SYMBIOSIS_CELL_TYPE_KEY_REQUEST, len(data), 0, bytes(32), data))
# Catch : Select
_thread.start_new_thread(self.catch, (self.flower, self.deflector))
# self.catch(self.flower, self.deflector)
# Feel : Browsing
self.feel()
# Die
self.die()
def feel(self):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Feel:'
try:
listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
listener.bind(('', SYMBIOSIS_BEE_PORT))
listener.listen(5)
while self.alive:
if self.exchange == False: continue
# Accept
conn, _ = listener.accept()
# Stream
self.stream.add(conn)
except socket.error as e:
if listener:
listener.close()
if DEBUG: print(DEBUG_POSITION, 'Browser의 요청을 기다리던 도중 오류가 발생했습니다:')
if DEBUG: print(e)
def catch(self, flower, deflector):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Catch:'
data_flower = b''
data_deflector = b''
key_data = b''
keys = []
aes_recv = None
timeout = TIMEOUT
while self.alive:
# (read, _, exception) = select.select([flower, deflector], [], [flower, deflector], timeout)
(read, _, exception) = select.select([flower], [], [flower], timeout)
if exception:
if DEBUG: print(DEBUG_POSITION, 'select exception이 발생했습니다:')
if DEBUG: print(exception)
return
elif read:
for i in read:
if i == flower:
try:
# Receive Data
data_flower = data_flower + i.recv(1024)
if len(data_flower) >= 1024:
# Raw Cell
raw_cell, data_flower = data_flower[0:1024], data_flower[1024:]
# Decode Cell
cell = decodeCell(raw_cell)
#printCell(cell)
if cell['type'] == SYMBIOSIS_CELL_TYPE_RESPONSE:
# Decrypt
data = cell['data']
decrypted = b''
while len(data) >= 16:
decrypted = decrypted + aes_recv.decrypt(data[:16])
data = data[16:]
decrypted = decrypted + data
# Digest
digest = SHA256.new(decrypted + keys[2]).digest()
if digest != cell['digest']: continue
# Send Data
self.stream.send(cell['streamID'], decrypted)
elif cell['type'] == SYMBIOSIS_CELL_TYPE_REQUEST:
# Flower Request
print('FLOWER REQ > BEE > DEFLECTOR:')
#printCell(cell)
deflector.send(raw_cell)
pass
elif cell['type'] == SYMBIOSIS_CELL_TYPE_KEY_REQUEST:
# Flower Key Request
#deflector.send(raw_cell)
pass
elif cell['type'] == SYMBIOSIS_CELL_TYPE_KEY_RESPONSE:
# crt:1099, g_y:512, sig:256, h_k:32
key_data = key_data + cell['data']
if cell['streamID'] == 0: continue
# split
crt = key_data[:1099]
g_y = key_data[1099:1099+512]
sig = (int.from_bytes(key_data[1099+512:1099+512+256], byteorder='big'), )
h_k = key_data[1099+512+256:]
key_data = b''
# get public key from crt
pem = crt.decode('utf-8')
lines = pem.replace(" ",'').split()
der = a2b_base64(''.join(lines[1:-1]).encode('ascii'))
cert = DerSequence()
cert.decode(der)
tbsCertificate = DerSequence()
tbsCertificate.decode(cert[0])
subjectPublicKeyInfo = tbsCertificate[5]
puk = RSA.importKey(subjectPublicKeyInfo)
# verify
hash = SHA256.new(g_y).digest()
if puk.verify(hash, sig):
print("Key Exchange: Verify")
self.dh.genKey(int.from_bytes(g_y, byteorder='big'))
# h.digest() = SHA256.new(K).digest()
K = self.dh.getKey()
h = hashlib.sha256()
h.update(str(K).encode(encoding='utf_8', errors='strict'))
if h_k == h.digest():
print("Key Exchange: Complete")
K = self.dh.getKey()
aes = AES.new(K, AES.MODE_ECB)
# Keys
for i in range(4):
keys = keys + [ str(i).encode() + K[1:] ]
aes_recv = AES.new(keys[3], AES.MODE_ECB)
aes_send = AES.new(keys[1], AES.MODE_ECB)
self.exchange = True
else:
print("Key Exchange: Retry")
data = self.dh.publicKey.to_bytes((self.dh.publicKey.bit_length() + 7) // 8, 'big')
self.flower.send(encodeCell(SYMBIOSIS_CELL_TYPE_KEY_REQUEST, len(data), 0, bytes(32), data))
else:
print("Key Exchange: Retry")
data = self.dh.publicKey.to_bytes((self.dh.publicKey.bit_length() + 7) // 8, 'big')
self.flower.send(encodeCell(SYMBIOSIS_CELL_TYPE_KEY_REQUEST, len(data), 0, bytes(32), data))
except socket.error as e:
if DEBUG: print(DEBUG_POSITION, '알 수 없는 오류가 발생했습니다:flower')
if DEBUG: print(e)
return
elif i == deflector:
try:
# Receive Data
data_deflector = data_deflector + i.recv(1024)
if len(data_deflector) >= 1024:
# Raw Cell
raw_cell, data_deflector = data_deflector[0:1024], data_deflector[1024:]
# Deflector Response
print('DEFLECTOR RES > BEE > FLOWER')
flower.send(raw_cell)
except socket.error as e:
if DEBUG: print(DEBUG_POSITION, '알 수 없는 오류가 발생했습니다:deflector')
if DEBUG: print(e)
return
if self.exchange == True:
self.stream.select(flower, SYMBIOSIS_CELL_TYPE_REQUEST, aes_send, keys[0])
def die(self):
DEBUG_POSITION = 'Symbiosis_Bee:Bee:Die:'
self.alive = False
self.stream.clear()
self.stream = None
self.deflector.close()
self.deflector = None
self.flower.close()
self.flower = None
def main():
random.seed(time.time())
# regular communication
message = "This is a secret message".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
# g = 1
# 1^x = 1 mod p for any x
message = "ZyA9IDEgc3V4=".decode("base64")
alice = DiffieHellman(1, NIST_PRIME)
bob = DiffieHellman(1, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(1).strip("0xL")).hexdigest().decode("hex")
print "g = 1:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
# g = p
# p^x = 0 mod p for any x
message = "ZyA9IHAgaXMgdXNlbGVzcw==".decode("base64")
alice = DiffieHellman(NIST_PRIME, NIST_PRIME)
bob = DiffieHellman(NIST_PRIME, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(0).strip("0xL")).hexdigest().decode("hex")
print "g = p:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
# g = p - 1
# If the exponent is even the result will be 1, if odd, it will be (p-1)
# for that reason, in any combination of results, the final session key will always be either 1 or p-1 (only if both a & b turned out odd thus g^a == g^b == p-1 == g^ab)
message = "ZXZlbiBvciBvZGQ/".decode("base64")
alice = DiffieHellman(NIST_PRIME-1 , NIST_PRIME)
bob = DiffieHellman(NIST_PRIME-1, NIST_PRIME)
alice_secret = alice.make_secret()
bob_secret = bob.make_secret()
bob.get_response(alice_secret)
alice.get_response(bob_secret)
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
if (alice_secret + bob_secret == 2*(NIST_PRIME-1)):
# 25% chance of the session key being p-1
injected_key = sha1.sha1(hex(NIST_PRIME-1).strip("0xL")).hexdigest().decode("hex")
else:
injected_key = sha1.sha1(hex(1).strip("0xL")).hexdigest().decode("hex")
print "g = p-1:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
