def __init__(self,socet,ip_port,s):
self.alice = DiffieHellman()
self.key = None
self.socet = socet
self.ip = ip_port[0]
self.port = ip_port[1]
self.alice.generate_public_key()
def __init__(self, adress):
self.sock.connect((adress, 9876))
if os.path.isfile('User.private.pem') == False or os.path.isfile(
'client1.cert.pem') == False:
createCSR('User', 'heslo', {'CN': 'USER_FQDN'})
self.poslatCertReq()
print("ZADAM SI CERTIFIKAT")
else:
print("NACITAM ZE SLOZKY JAK BOSSs")
self.cert = OpenSSL.crypto.load_certificate(
crypto.FILETYPE_PEM,
open('client1.cert.pem').read())
self.poslatCert()
self.cli = DiffieHellman()
self.cli.generate_public_key()
#presunout do runu
self.vyzadatKlic()
iThread = threading.Thread(target=self.sendMessage)
iThread.daemon = True
iThread.start()
self.run()
def __init__(self, host, port, login, password):
asyncore.dispatcher.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
self.connect((host, port))
self.login = login
self.password = password
self.Key = DiffieHellman()
self.Key.generate_public_key()
self.buffer = json.dumps({'action': 'handshake', 'data': {'pubkey': int_to_base_str(self.Key.public_key)}}).encode()
self.cipher = None
class Node:
def __init__(self, node_id):
self.node_id = node_id
self.authorised_users = []
self.transaction_history = []
# Set up crypto
self.diffie = DiffieHellman()
self.exchange_keys()
self.sync()
print("Node Established.")
def sync(self):
conn = socket.socket()
conn.connect((SERVER_IP, SERVER_PORT))
conn.send(self.crypt(b"SYNC"))
def update_authorised_users(self):
pass
def send_transactions(self):
pass
def main_loop(self):
pass
def exchange_keys(self):
self.diffie.generate_public_key()
conn = socket.socket()
conn.connect((SERVER_IP, SERVER_PORT))
conn.send(self.crypt(self.node_id.zfill(8).encode()))
conn.send(b"KEYX")
key_len = str(len(str(self.diffie.public_key))).zfill(4).encode()
conn.send(key_len)
conn.send(str(self.diffie.public_key).encode())
server_key_len = int(conn.recv(4))
server_key = int(conn.recv(server_key_len))
self.diffie.generate_shared_secret(server_key)
conn.close()
def crypt(self, text):
key = self.diffie.shared_key
if type(text) == str:
text = text.encode()
if type(key) == str:
key = key.encode()
assert type(text) == type(key) == bytes
output_values = []
for i, b in enumerate(text):
output_values.append(b ^ key[i % len(key)])
return bytes(output_values)
def __init__(self):
self._sock_to_receiver = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
self._sock_to_mb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._df = DiffieHellman()
self._df.generate_private_key()
self._df.generate_public_key()
self._session_key = None
self._k = None
self._k_rand = None
def __init__(self, node_id):
self.node_id = node_id
self.authorised_users = []
self.transaction_history = []
# Set up crypto
self.diffie = DiffieHellman()
self.exchange_keys()
self.sync()
print("Node Established.")
def __init__(self, adress='127.0.0.1'):
self.sock.connect((adress, 9876))
self.cli = DiffieHellman()
self.cli.generate_public_key()
self.vyzadatKlic()
iThread = threading.Thread(target=self.sendMessage)
iThread.daemon = True
iThread.start()
self.run()
class MessangerClient(asyncore.dispatcher):
def __init__(self, host, port, login, password):
asyncore.dispatcher.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
self.connect((host, port))
self.login = login
self.password = password
self.Key = DiffieHellman()
self.Key.generate_public_key()
self.buffer = json.dumps({'action': 'handshake', 'data': {'pubkey': int_to_base_str(self.Key.public_key)}}).encode()
self.cipher = None
def handle_connect(self):
pass
def handle_close(self):
self.close()
def handle_read(self):
data = self.recv(4024).decode('utf-8')
if data:
if self.cipher is not None:
j = json.loads(self.cipher.decrypt(data))
else:
j = json.loads(data)
print(j)
if j["action"] == "handshake":
tmp = base_str_to_int(j["data"]["pubkey"])
h = SHA.new(j["data"]["pubkey"].encode()).digest()
self.Key.generate_shared_secret(tmp)
SignR = int(j["data"]["SignR"])
SignS = int(j["data"]["SignS"])
if not ElGamalKey.verify(h, (SignR, SignS)):
raise("BAD SIGNATURE")
self.cipher = AESCipher(str(self.Key.shared_key).encode())
self.buffer = json.dumps({'action': 'auth', 'data': {'login': login, 'pass': password}}).encode('utf-8')
def writable(self):
return len(self.buffer) > 0
def handle_write(self):
if self.cipher is not None:
sent = self.send(self.cipher.encrypt(self.buffer.decode()))
self.buffer = self.buffer[sent:]
else:
sent = self.send(self.buffer)
self.buffer = self.buffer[sent:]
def __init__(self):
self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._sock_to_mb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._sock.bind(ADDRESS)
self._sock.listen(10)
self._df = DiffieHellman()
self._df.generate_private_key()
self._df.generate_public_key()
self._session_key = None
self._k = None
self._k_rand = None
class client:
def __init__(self,socet,ip_port,s):
self.alice = DiffieHellman()
self.key = None
self.socet = socet
self.ip = ip_port[0]
self.port = ip_port[1]
self.alice.generate_public_key()
#self.ip = ip
def df(self):
m_df = {["alice":self.alice.public_key]}
self.socet.send(json.dumps(m_df))
data = self.socet.recv(json.dumps(m_df))
if data:
def main():
"""Main loop
See vpn.md for details
"""
# Create the socket
server_sckt = socket(AF_INET, SOCK_STREAM)
server_sckt.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
server_sckt.bind((HOST, PORT))
server_sckt.listen()
print(f"Listening on {HOST}:{PORT}")
conn, client = server_sckt.accept()
print(f"New client: {client[0]}:{client[1]}")
# Negotiating the cipher
print("Negotiating the cipher")
msg_in = conn.recv(4096).decode('utf-8')
proposed = parse_proposal(msg_in)
cipher_name, key_size = select_cipher(SUPPORTED_CIPHERS, proposed)
print(f"We are going to use {cipher_name}{key_size}")
msg_out = generate_cipher_response(cipher_name, key_size)
conn.send(msg_out.encode())
# Negotiating the key
print("Negotiating the key")
dh = DiffieHellman()
dh.generate_public_key()
msg_in = conn.recv(4096).decode('utf-8')
client_public_key = parse_dhm_request(msg_in)
dh.generate_shared_secret(client_public_key)
msg_out = generate_dhm_response(dh.public_key)
conn.send(msg_out.encode())
cipher, key, iv = get_key_and_iv(dh.shared_key, cipher_name, key_size)
print("The key has been established")
print("Initializing cryptosystem")
crypto = cipher.new(key, cipher.MODE_CBC, iv)
hashing = HMAC.new(key, digestmod=SHA256)
print("All systems ready")
while True:
msg_in = conn.recv(4096)
if len(msg_in) < 1:
conn.close()
break
msg, hmac = read_message(msg_in, crypto)
validate_hmac(msg_in, hmac, hashing)
print(f"Received: {msg}")
msg_out = f"Server says: {msg[::-1]}"
conn.send(msg_out.encode())
def main():
"""Main event loop
See vpn.md for details
"""
# Start the server
client_sckt = socket(AF_INET, SOCK_STREAM)
client_sckt.connect((HOST, PORT))
print(f"Connected to {HOST}:{PORT}")
# Negotiating the cipher
print("Negotiating the cipher")
# Send proposal to the server
msg_out = generate_cipher_proposal(SUPPORTED_CIPHERS)
client_sckt.send(msg_out.encode())
msg_in = client_sckt.recv(4096).decode('utf-8')
cipher_name, key_size = parse_cipher_selection(msg_in)
print(f"We are going to use {cipher_name}{key_size}")
# Negotiating the key
print("Negotiating the key")
dh = DiffieHellman()
dh.generate_public_key()
msg_out = generate_dhm_request(dh.public_key)
client_sckt.send(msg_out.encode())
msg_in = client_sckt.recv(4096).decode('utf-8')
server_public_key = parse_dhm_response(msg_in)
dh.generate_shared_secret(server_public_key)
cipher, key, iv = get_key_and_iv(dh.shared_key, cipher_name, key_size)
print("The key has been established")
# Initialize Cryptosystem
print("Initializing cryptosystem")
crypto = cipher.new(key, cipher.MODE_CBC, iv)
hashing = HMAC.new(key, digestmod=SHA256)
print("All systems ready")
while True:
msg = input("Enter message: ")
if msg == "\\quit":
client_sckt.close()
break
ciph_out, hmac_out = encrypt_message(msg, crypto, hashing)
client_sckt.send(ciph_out + hmac_out.encode())
msg_in = client_sckt.recv(4096)
print(msg_in.decode("utf-8"))
def key_exchange(self, conn, addr):
diffie = DiffieHellman()
diffie.generate_public_key()
public_key = diffie.public_key
key_to_send = str(public_key).encode()
key_len = str(len(key_to_send)).zfill(4).encode()
client_key_len = int(conn.recv(4))
client_key = int(conn.recv(client_key_len))
conn.send(key_len)
conn.send(key_to_send)
diffie.generate_shared_secret(client_key)
client_id = crypt(conn.recv(8), diffie.shared_key).decode()
conn.close()
self.store_node(client_id, addr, diffie.shared_key)
def session(self):
alice = DiffieHellman(group=5, key_length=200)
alice.generate_public_key()
self.Message_send.message = str(alice.public_key)
# send puzzle answer and ga mod p
self.send_message()
# receive the session key of server
self.receive_message()
alice.generate_shared_secret(int(self.Message_rec.gb_mod_p))
# set up the session key Kas
self.Kas = str(alice.shared_secret)[:16].encode()
self.iv = self.Message_rec.iv
# print("Shared secret is:", int.from_bytes(self.Kas, sys.byteorder))
# Decryption
plain_text = self.decryption_with_timestamp()
# Verify signature
correct_message = str(
alice.public_key) + "|" + self.Message_rec.gb_mod_p
correct_message = correct_message.encode()
## load public key
with open("public_key.der", "rb") as key_file:
public_key = serialization.load_der_public_key(
key_file.read(), backend=default_backend())
## verify the signature
try:
public_key.verify(
plain_text, correct_message,
paddings.PSS(mgf=paddings.MGF1(hashes.SHA256()),
salt_length=paddings.PSS.MAX_LENGTH),
hashes.SHA256())
# print("Signature verify success!")
except:
print('Error in verifying the signature!')
sys.exit(1)
class Sender:
def __init__(self):
self._sock_to_receiver = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
self._sock_to_mb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._df = DiffieHellman()
self._df.generate_private_key()
self._df.generate_public_key()
self._session_key = None
self._k = None
self._k_rand = None
def connect(self, address):
"""
The sender(S) in this connect method will attempt to connect
to the receiver(R) by a regular sock connection. If the
connection is set up successfully, S and R will execute a key
exchange protocol then both of them will get a shared secret
key. After that three keys (a session key Kssl, a key K used in our
detection protocol, and a key Krand used as a seed) will be derived
from this secret key. Then, S will try to connect to the middle-
box by another regular sock connection. If the connection is
set up successfully, S will execute a secure computation with MB
so that MB can obtain rules encrypted with key K without knowing K.
:param address: the receiver's address
:return:
"""
try:
self._sock_to_receiver.connect(address)
except socket.error as error:
print(f'Could not connect with the receiver: {error}')
exit(1)
except TypeError as error:
print(f'Type error: {error}')
exit(1)
else:
self._key_exchange(self._df.public_key)
self._derive_from_secret()
print('session key', self._session_key)
try:
self._sock_to_mb.connect(BLINDBOX_ADDRESS)
except socket.error as error:
print(f'Could not connect with blindBox: {error}')
exit(1)
except TypeError as error:
print(f'Type error: {error}')
exit(1)
else:
self._rule_preparation()
def _key_exchange(self, public_key):
"""
After a key exchange using Diffie-Hellman algorithm,
the sender will agree on a shared secret with the receiver.
:param public_key: The sender's public key for key exchange.
:return: None
"""
key_to_bytes = str(public_key).encode()
self._sock_to_receiver.sendall(key_to_bytes)
data = self._sock_to_receiver.recv(20480)
print(f'data received from the receiver {data}')
try:
pk_from_receiver = int(data)
except ValueError:
print('Invalid data type!')
else:
if self._df.verify_public_key(pk_from_receiver):
self._df.generate_shared_secret(pk_from_receiver)
print('I got the shared key:', self._df.shared_key)
else:
raise ValueError('Invalid public key from the sender!')
def _derive_from_secret(self):
"""
Use the shared key to derive three keys by using a pseudorandom
generator.
_session_key: used to encrypt the traffic in the socket.
_k: used in the detection protocol
_k_rand: used as a seed for randomness. Since both end-points have the same seed,
they will generate the same randomness.
:return: None
"""
key_to_bytes = str(self._df.shared_key).encode()
randoms = Randoms()
self._session_key = derive_key(key_to_bytes, randoms.random1)
self._k = derive_key(key_to_bytes, randoms.random2)
self._k_rand = derive_key(key_to_bytes, randoms.random3)
def _rule_preparation(self):
"""
Sender will use garbled circuits to compute AES(r,k) with the BlindBox while
the sender do not know the rule and the BlindBox do not know the key k.
:return:
"""
key_numbers = int(self._sock_to_mb.recv(1024))
for i in range(key_numbers):
output = subprocess.getoutput(OBLIVC_AES_PATH + "/a.out 1235 -- " +
self._k.decode())
while output == "TCP accept failed":
output = subprocess.getoutput(OBLIVC_AES_PATH +
"/a.out 1235 -- " +
self._k.decode())
def send(self, data):
encrypted_data = aes_encrypt(data.encode(), self._session_key)
self._sock_to_mb.sendall(encrypted_data)
sleep(0.4)
tokens = nltk.word_tokenize(data)
encrypted_tokens = b''
for token in tokens:
encrypted_tokens += dpi_encrypt(token.encode(), self._session_key)
encrypted_tokens += b' '
self._sock_to_mb.sendall(encrypted_tokens)
def setUp(self):
self.alice = DiffieHellman()
self.bob = DiffieHellman()
class TestDiffieHellman(unittest.TestCase):
def setUp(self):
self.alice = DiffieHellman()
self.bob = DiffieHellman()
def test_equality_of_keys(self):
self.alice.generate_public_key()
self.bob.generate_public_key()
alices_shared_key = self.alice.generate_shared_secret(
self.bob.public_key)
bobs_shared_key = self.bob.generate_shared_secret(
self.alice.public_key)
self.assertEqual(
alices_shared_key, bobs_shared_key,
"There is a mismatch between two shared secrets. Both shared secrets should be the same. This is bad."
)
def test_decorators_private_key(self):
self.alice.generate_public_key()
self.assertIn("_DiffieHellman__private_key", self.alice.__dict__)
def test_generate_private_key(self):
self.alice.generate_private_key()
self.assertIn("_DiffieHellman__private_key", self.alice.__dict__)
def test_generate_public_key(self):
self.alice.generate_public_key()
self.assertIn("public_key", self.alice.__dict__)
def test_verify_public_key(self):
self.alice.generate_public_key()
self.bob.generate_public_key()
self.assertTrue(self.alice.verify_public_key(self.bob.public_key))
self.assertFalse(self.alice.verify_public_key(2))
self.assertFalse(self.alice.verify_public_key(self.alice.prime - 1))
class Client:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
mujAES = None
cli = None
cislo = 0
def __init__(self, adress):
self.sock.connect((adress, 9876))
if os.path.isfile('User.private.pem') == False or os.path.isfile(
'client1.cert.pem') == False:
createCSR('User', 'heslo', {'CN': 'USER_FQDN'})
self.poslatCertReq()
print("ZADAM SI CERTIFIKAT")
else:
print("NACITAM ZE SLOZKY JAK BOSSs")
self.cert = OpenSSL.crypto.load_certificate(
crypto.FILETYPE_PEM,
open('client1.cert.pem').read())
self.poslatCert()
self.cli = DiffieHellman()
self.cli.generate_public_key()
#presunout do runu
self.vyzadatKlic()
iThread = threading.Thread(target=self.sendMessage)
iThread.daemon = True
iThread.start()
self.run()
def run(self):
while True:
data = self.sock.recv(BUFSIZE)
#misto na hrani si s daty
if not data:
#ukonceni komunikace
break
elif data[0:1] == b"\x66":
with open('client1.cert.pem', 'wb') as cert:
cert.write(data[1:])
self.nastavitCert(data[1:])
#self.cert=OpenSSL.crypto.load_certificate(crypto.FILETYPE_PEM,data[1:])
elif data[0:1] == b"\x11":
#kdyz prijde ridici znak x11-posleme na vyzadani klic
self.poslatKlic()
elif data[0:1] == b"\x98":
createCSR('User', 'heslo', {'CN': 'USER_FQDN'})
self.poslatCertReq()
elif data[0:1] == b"\x12":
#kdyz prijde ridici znak x12 tak si nastavime klic ktery nasleduje po tomto bytu
self.nastavitKlic(data[1:])
elif data[0:1] == b"\x13":
#nezasifrovana komunikace
print(data.decode())
#vynuceni DH pokud prijde nezasifrovana zprava
#self.sock.send(b'\x11')
elif data[0:1] == b"\x14":
#nastaveni klice v pripade ze byl vyzadan nebo tak neco
self.jinenastaveniklice(data[1:])
elif data[0:1] == b'\x20':
self.nastavitCert(data[1:])
else:
#vychozi stav- prijdou data bez ridiciho znaku-> predpokladame ze jsou zasifrovana AESem podle dohodnuteho hesla
data = self.mujAES.decrypt(data)
try:
print("client " + str(self.cislo) + ":" + data.decode())
except:
continue
def vyzadatCert(self):
self.sock.send(b'\x65')
def nastavitCert(self, data):
#self.cert=OpenSSL.crypto.load_certificate_request(crypto.FILETYPE_PEM, data)
self.cert = OpenSSL.crypto.load_certificate(crypto.FILETYPE_PEM, data)
def poslatCert(self):
text = OpenSSL.crypto.dump_certificate(crypto.FILETYPE_PEM, self.cert)
self.sock.send(b'\x33' + text)
def poslatCertReq(self):
#posle certifikat na podepsani¨
with open('User.CSR.pem') as cert:
certificate = OpenSSL.crypto.load_certificate_request(
crypto.FILETYPE_PEM, cert.read())
certext = OpenSSL.crypto.dump_certificate_request(
crypto.FILETYPE_PEM, certificate)
print(certext)
self.sock.send(b'\x15' + certext)
def poslatKlic(self):
#posle ridici znak nasledovany klicem
self.sock.send(b'\x12' + str(self.cli.public_key).encode())
def jinenastaveniklice(self, data):
#dela zajimave veci, ale jen v urcitem pripade
self.cli.generate_shared_secret(int(data.decode()),
echo_return_key=True)
superklic = str(self.cli.shared_secret)
xy = hashlib.sha256(superklic.encode()).hexdigest()[:32]
print("2222222222222222222222222222")
self.cislo = 2
print(xy)
self.mujAES = Encryptor.Encryptor(xy)
def nastavitKlic(self, data):
#nastavuje klic na zaklade dat ktere dostane
self.cli.generate_shared_secret(int(data.decode()),
echo_return_key=True)
superklic = str(self.cli.shared_secret)
xy = hashlib.sha256(superklic.encode()).hexdigest()[:32]
print("111111111111111111111")
self.cislo = 1
print(xy)
self.mujAES = Encryptor.Encryptor(xy)
self.sock.send(b'\x14' + str(self.cli.public_key).encode())
def vyzadatKlic(self):
#nemam klic ale chci, poslu ridici znak
self.sock.send(b'\x11')
def sendMessage(self):
#hlavni chatova smycka
while True:
msg = str(input(""))
if self.mujAES is not None:
msg = self.mujAES.encrypt(msg.encode())
self.sock.send(msg)
else:
msg = msg.encode()
self.sock.send(b'\x13' + msg)
def requestHandler(conn, addr):
'''
This method handles a new download request
'''
# First generate a public-private key pair
dh = DiffieHellman()
dh.generate_public_key()
publicKey = dh.public_key
# Next, send the public key using KEY_EXCHANGE. The segment size is 2479.
conn.sendall(('KEY_EXCHANGE\n' + str(publicKey)).encode('utf-8',
errors='ignore'))
# Receive a similar segment from client. This segment contains the client's public key.
data = receiveData(conn, 2479)
messageType = data.decode('utf-8', errors='ignore').split('\n')[0]
if messageType != 'KEY_EXCHANGE':
print("The client sent an illegal response. Closing connection..")
conn.close()
return
clientPublicKey = int(data.decode('utf-8', errors='ignore').split('\n')[1])
sharedKey = ''
# Generate the shared key using Diffie Hellman algorithm and the public key of client and server
try:
dh.generate_shared_secret(clientPublicKey)
sharedKey = bytes.fromhex(dh.shared_key)
except Exception as e:
print("The client sent an illegal response. Closing connection..")
conn.close()
return
print('Key exchange successful: ' + dh.shared_key)
print('Generating Ciphers..')
# Generate a cipher which will use the shared key to encrypt all outgoing data
cipher = AES.new(sharedKey, AES.MODE_CBC,
'jdirlfhixhtkwlif'.encode('utf-8'))
print('Encrypting File list..')
# Encrypt the file list with the cipher
sharedFilesList = []
for i in sharedFiles:
sharedFilesList.append(i)
fileList = ('\n'.join(sharedFilesList)).encode('utf-8')
encryptedFileList = cipher.encrypt(pad(fileList, AES.block_size))
requiredSize = len(encryptedFileList)
# Send the file list size. We use FILELIST to send the file list size
print('Sending File List..')
conn.sendall(
('FILELIST\n' + padInteger(requiredSize, 20)).encode('utf-8',
errors='ignore'))
# Wait till the server doesn't receive READY signal indicating that the client is ready to take the data
data = receiveData(conn, 5).decode('utf-8', errors='ignore')
if data != 'READY':
print('Client is not ready to receive file list..')
conn.close()
return
# Send the encrypted file list now. The segments contain only body and no header
conn.sendall(encryptedFileList)
# Wait for acknowloedgement
data = receiveData(conn, 3).decode('utf-8', errors='ignore')
if data == 'ACK':
print('File list was received successfully by client..')
else:
print('No Acknowledgement received..')
conn.close()
return
# Wait for a file request
print('Waiting for request..')
data = receiveData(conn, 28).decode('utf-8', errors='ignore').split('\n')
idx = int(data[1])
if data[0] != 'REQUEST':
print('The client sent an illegal response. Closing connection..')
conn.close()
else:
if idx < 0 or idx >= len(sharedFilesList):
print(
'\n\nThe client sent an illegal response. Closing connection..'
)
conn.close()
return
else:
# Open the requested file. Encrypt it with the cipher and send it.
fileName = sharedFilesList[idx].split('/')
fileName = fileName[len(fileName) - 1]
file = open(sharedFilesList[idx], 'rb')
unencryptedData = file.read()
file.close()
cipher = AES.new(sharedKey, AES.MODE_CBC,
'jdirlfhixhtkwlif'.encode('utf-8'))
encryptedData = cipher.encrypt(pad(unencryptedData,
AES.block_size))
requiredPackets = len(encryptedData)
# Send the file size. We use FILE to send the file size
conn.sendall(('FILE\n' + padInteger(requiredPackets, 20)).encode(
'utf-8', errors='ignore'))
# Wait for the ready signal
data = receiveData(conn, 5).decode('utf-8', errors='ignore')
if data != 'READY':
print('Client is not ready to receive the file..')
conn.close()
return
print("Sending the file '" + fileName + "'.")
# Sent the encrypted file
conn.sendall(encryptedData)
print("Sent! Awaiting Acknowledgement..")
# Wait for acknowledgement
data = receiveData(conn, 3).decode('utf-8', errors='ignore')
if data == 'ACK':
print('Client received the file successfully')
conn.close()
else:
print('An unknown error occured in file transfer')
conn.close()
class TestDiffieHellman(unittest.TestCase):
def setUp(self):
self.alice = DiffieHellman()
self.bob = DiffieHellman()
def test_equality_of_keys(self):
self.alice.generate_public_key()
self.bob.generate_public_key()
alices_shared_key = self.alice.generate_shared_secret(self.bob.public_key)
bobs_shared_key = self.bob.generate_shared_secret(self.alice.public_key)
self.assertEqual(alices_shared_key, bobs_shared_key,
"There is a mismatch between two shared secrets. Both shared secrets should be the same. This is bad.")
def test_decorators_private_key(self):
self.alice.generate_public_key()
self.assertIn("_DiffieHellman__private_key", self.alice.__dict__)
def test_generate_private_key(self):
self.alice.generate_private_key()
self.assertIn("_DiffieHellman__private_key", self.alice.__dict__)
def test_generate_public_key(self):
self.alice.generate_public_key()
self.assertIn("public_key", self.alice.__dict__)
def test_verify_public_key(self):
self.alice.generate_public_key()
self.bob.generate_public_key()
self.assertTrue(self.alice.verify_public_key(self.bob.public_key))
self.assertFalse(self.alice.verify_public_key(2))
self.assertFalse(self.alice.verify_public_key(self.alice.prime - 1))
def handle_sock(self, sock, addr): # sock 的流程
##############################
#### Handle a new request#####
#### #####
##############################
while True:
data = sock.recv(4096)
# print ("I have received a new message!")
MessageRec = COMM_MESSAGE()
MessageRec.ParseFromString(data)
if (MessageRec.type == COMM_MESSAGE.TYPE.LOGOUT):
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, self.socket_from_list[src][1],
self.socket_from_list[src][2])
plain_text = plain_text.decode()
print("I received log out request_1")
print(plain_text)
if (plain_text == "log out"):
MessageSend = COMM_MESSAGE()
MessageSend.type = COMM_MESSAGE.TYPE.CONFIRM
plain_text = 'log out confirmed'.encode() + str(
int(time.time())).encode()
MessageSend = self.encryption_in_client(
MessageSend, self.socket_from_list[src][1],
self.socket_from_list[src][2], plain_text)
self.socket_from_list[src][0].sendall(
MessageSend.SerializeToString())
self.socket_from_list[src][0].close()
del self.socket_from_list[src]
del self.user_online[src]
if (MessageRec.type == COMM_MESSAGE.TYPE.CLIENT_TO_CLIENT):
plain_text = self.decryption_of_ticket_with_timestamp(
MessageRec.ticket, MessageRec.ticket_tag)
plain_text = plain_text.decode()
src = plain_text.split(" ")[0]
# self.socket_from_list[src] = []
# self.socket_from_list[src].append (sock)
kab_temp = plain_text.split(" ")[1].encode()
iv_temp = plain_text.split(" ")[2].encode()
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, kab_temp, iv_temp)
plain_text = plain_text.decode()
N1 = int(plain_text)
y = os.urandom(8)
x = y.hex()
N2 = int(x, 16)
plain_text = (str(N1 - 1) + " " + str(N2)).encode() + str(
int(time.time())).encode()
# .encode() + " ".encode + str(N2).encode()
MessageSend = COMM_MESSAGE()
bob = DiffieHellman(group=5, key_length=200)
bob.generate_public_key()
MessageSend.gb_mod_p = str(bob.public_key)
MessageSend = self.encryption_in_client(
MessageSend, kab_temp, iv_temp, plain_text)
sock.sendall(MessageSend.SerializeToString())
MessageRec = COMM_MESSAGE()
data = sock.recv(4096)
MessageRec.ParseFromString(data)
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, kab_temp, iv_temp)
N2_rec = int(plain_text.decode())
if N2 - 1 == N2_rec:
bob.generate_shared_secret(int(MessageRec.message))
kas = str(bob.shared_secret)[:16].encode()
# self.socket_list[src].append(str(bob.shared_secret)[:16].encode())
temp = os.urandom(16)
iv = temp.hex()[:16].encode()
# self.socket_list[src].append(iv)
plain_text = ("Confirm " +
self.client_name).encode() + str(
int(time.time())).encode()
MessageSend = COMM_MESSAGE()
MessageSend.iv = iv
MessageSend = self.encryption_in_client(
MessageSend, kas, iv, plain_text)
sock.sendall(MessageSend.SerializeToString())
MessageRec = COMM_MESSAGE()
data = sock.recv(4096)
MessageRec.ParseFromString(data)
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, kas, iv)
plain_text = plain_text.decode()
if plain_text.split(
" ")[0] == "Confirm" and plain_text.split(
" ")[1] == src:
client_sk = socket.socket()
client_sk.connect(('127.0.0.1', addr[1]))
# print ("I will use this socket to talk to",src,":", client_sk)
self.socket_from_list[src] = []
self.socket_from_list[src].append(client_sk)
self.socket_from_list[src].append(kas)
self.socket_from_list[src].append(iv)
# print("I have succeed in setting up connection with", src, "with session key:", kas)
# print("We use this socket to chatting:", sock)
else:
print("The adversary modify the CONFIRM message")
else:
print("N2 puzzle wrong!")
sys.exit(1)
else:
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, self.socket_from_list[src][1],
self.socket_from_list[src][2])
plain_text = plain_text.decode()
print("From", src, ":", plain_text)
def client_setup_connection(self, dest):
client_sk = socket.socket()
client_sk.connect(('127.0.0.1', int(self.user_online[dest][1])))
self.socket_list[dest] = []
self.socket_list[dest].append(client_sk)
port = client_sk.getsockname()[1]
# print ("Port is:", port)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
server.bind(("127.0.0.1", port))
#########################
### Set up ######
### the connection ######
#########################
MessageSend = COMM_MESSAGE()
MessageRec = COMM_MESSAGE()
MessageSend.type = COMM_MESSAGE.TYPE.CLIENT_TO_CLIENT
MessageSend.ticket = self.user_online[dest][4]
MessageSend.ticket_tag = self.user_online[dest][5]
kabtemp = self.user_online[dest][2].encode()
ivtemp = self.user_online[dest][3].encode()
y = os.urandom(8)
x = y.hex()
N1 = int(x, 16)
plain_text = str(N1).encode() + str(int(time.time())).encode()
MessageSend = self.encryption_in_client(MessageSend, kabtemp, ivtemp,
plain_text)
self.socket_list[dest][0].sendall(MessageSend.SerializeToString())
data = self.socket_list[dest][0].recv(4096)
MessageRec.ParseFromString(data)
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, kabtemp, ivtemp)
plain_text = plain_text.decode()
N1_rec = int(plain_text.split(" ")[0])
if N1 - 1 == N1_rec:
MessageSend = COMM_MESSAGE()
MessageSend.type = COMM_MESSAGE.TYPE.CLIENT_TO_CLIENT
### Set up the new Kab ###
alice = DiffieHellman(group=5, key_length=200)
alice.generate_public_key()
MessageSend.message = str(alice.public_key)
alice.generate_shared_secret(int(MessageRec.gb_mod_p))
# set up the session key Kas
self.socket_list[dest].append(
str(alice.shared_secret)[:16].encode())
N2_rec = int(plain_text.split(" ")[1])
N2_send = N2_rec - 1
plain_text = str(N2_send).encode() + str(int(time.time())).encode()
MessageSend.iv = self.user_online[dest][3].encode()
MessageSend = self.encryption_in_client(MessageSend, kabtemp,
ivtemp, plain_text)
self.socket_list[dest][0].sendall(MessageSend.SerializeToString())
data = self.socket_list[dest][0].recv(4096)
MessageRec.ParseFromString(data)
plain_text = self.decryption_with_timestamp_in_client(
MessageRec, self.socket_list[dest][1], MessageRec.iv)
plain_text = plain_text.decode()
if plain_text.split(" ")[0] == "Confirm" and plain_text.split(
" ")[1] == dest:
self.socket_list[dest].append(MessageRec.iv)
plain_text = ("Confirm " + self.client_name).encode() + str(
int(time.time())).encode()
MessageSend = COMM_MESSAGE()
MessageSend.type = COMM_MESSAGE.TYPE.CLIENT_TO_CLIENT
MessageSend.iv = self.socket_list[dest][2]
self.socket_list[dest].append(server)
client_thread_listen_from_existing_connection = threading.Thread(
target=self.listen_from_existed_connection,
args=(dest, )) # 把sock 加入线程内
client_thread_listen_from_existing_connection.start() # 启动线程
MessageSend = self.encryption_in_client(
MessageSend, self.socket_list[dest][1],
self.socket_list[dest][2], plain_text)
self.socket_list[dest][0].sendall(
MessageSend.SerializeToString())
# print ("I have succeed in setting up connection with", dest)
# print("We use this socket to chatting:", self.socket_list[dest][0])
else:
print("Set up connection with", dest, "failed!")
sys.exit(1)
else:
print("N1 verify failed!")
sys.exit(1)
def _createAndSaveKeyHandler(self):
keyHandler = DiffieHellman(key_length=200, group=5)
keyHandler.generate_public_key()
self._insertKeyHandlerIntoDb(keyHandler)
return keyHandler
def setup_keys(self):
self.dhke = DiffieHellman(key_length=1024)
self.dhke.generate_public_key()
self.__dh_sharedkey = None
self.dh_pub = str(self.dhke.public_key).encode('utf8')
(self.pubkey, self.__privkey) = rsa.newkeys(1024)
class EncryptionPacket:
PACKET_MAGIC_CODE = struct.pack('>BBBB', 0x43, 0x52, 0x59, 0x54)
FUNCTION_INITIALIZE_HANDSHAKE = 0x00
FUNCTION_SECURE_COMMUNICATION = 0x02
def __init__(self, device, other):
self.device = device
self.other = other
self._user = None
def generate_key(self):
self._user = DiffieHellman()
self._user.generate_public_key()
def send_complete_public_data(self):
data = bytearray(EncryptionPacket.PACKET_MAGIC_CODE) + struct.pack(
">BB", EncryptionPacket.FUNCTION_INITIALIZE_HANDSHAKE, 0x55)
self.other.send(data)
def recv_public_data(self, data):
hash_length = data[0]
hash_value = data[1:hash_length + 1]
hash_str = str()
for i in range(0, len(hash_value)):
hash_str += '{:02x}'.format(int(hex(hash_value[i]), 16))
print("Digest: {}".format(hash_str))
public_key_data = data[hash_length + 1:]
public_key = str()
for i in range(0, len(public_key_data)):
public_key += '{:02X}'.format(int(hex(public_key_data[i]), 16))
m = hashlib.sha256()
m.update(public_key.encode('utf-8'))
other_hash_value = m.hexdigest()
print("Calculated digest: {}".format(other_hash_value))
# the public key is not matched
if hash_str != other_hash_value:
return -1
# Convert str to big-integer
received_public_key = int(public_key)
self._user.generate_shared_secret(received_public_key)
print("Shared key: {}".format(self._user.shared_key))
return 0
def init_encryption_data(self, generated=True, mode=0):
if generated:
self.generate_key()
if self.other is None:
raise ConnectionError("You need to connect the other deivce!")
else:
print("Initializing encryption handshake ...", end='')
key = str(self._user.public_key)
key_array = bytearray()
for i in range(0, len(key), 2):
hex_number = key[i:i + 2]
hex_number = '0x' + str(hex_number)
key_array += struct.pack(">B", int(hex_number, base=16))
print("Generated public key -> len=[{}]".format(len(key_array)))
print("Sending the public key ...")
m = hashlib.sha256()
m.update(key.encode('utf-8'))
result_hash = m.hexdigest()
result_hash_array = bytearray()
for i in range(0, len(result_hash), 2):
hex_number = result_hash[i:i + 2]
hex_number = '0x' + str(hex_number)
result_hash_array += struct.pack(">B", int(hex_number,
base=16))
fih = struct.pack(">B",
EncryptionPacket.FUNCTION_INITIALIZE_HANDSHAKE)
hash_str_length = struct.pack(">B", len(result_hash_array))
self.other.send(EncryptionPacket.PACKET_MAGIC_CODE + fih +
struct.pack(">B", mode) + hash_str_length +
result_hash_array + key_array)
if mode == 0:
print("Awaiting the received public key ...")
def setUp(self):
self.alice = DiffieHellman()
self.bob = DiffieHellman()
def generate_key(self):
self._user = DiffieHellman()
self._user.generate_public_key()
def setup_keys(self):
self.aes_keys = {}
self.dhke = DiffieHellman()
self.dhke.generate_public_key()
self.dh_pub = str(self.dhke.public_key).encode('utf8')
self.__dh_sharedkey = None
import modbus_socket
import sys
import crypto
import time
from diffiehellman.diffiehellman import DiffieHellman
host = 'localhost'
port = 501
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('localhost', 501))
data = 'CRYT'.encode('utf-8')
dh = DiffieHellman()
dh.generate_public_key()
# Generate user
ep = packet.EncryptionPacket(None, sock)
ep._user = dh
# Handshake
sock.send(data + struct.pack(">B", 0x00))
time.sleep(0.3)
# receiving initialize public key
data = sock.recv(2048)
ep.recv_public_data(data[6:])
time.sleep(0.3)
class Client:
def __init__(self, node_table):
self.next_node = ""
self.id = "client"
self.node_table = node_table
self.send_ops = {
OP.CREATE: self.get_create_packet,
OP.EXTEND: self.get_extend_packet
}
self.setup_keys()
self.connect_to_signals()
def setup_keys(self):
self.aes_keys = {}
self.dhke = DiffieHellman()
self.dhke.generate_public_key()
self.dh_pub = str(self.dhke.public_key).encode('utf8')
self.__dh_sharedkey = None
def connect_to_signals(self):
dispatcher.connect(self.handle_created, signal=OP.CREATED, sender=dispatcher.Any)
dispatcher.connect(self.handle_extended, signal=OP.EXTENDED, sender=dispatcher.Any)
dispatcher.connect(self.handle_extended, signal=OP.EXTEND, sender=dispatcher.Any)
def get_create_packet(self, receivers):
iniciopKp=time.time()
receiver = self.node_table[receivers[0]]
msg = self.dh_pub
enc_msg = rsa.encrypt(msg, receiver.pubkey)
packet = Packet(src_id="client", op=OP.CREATE,
dest=receiver.id, payload=(enc_msg, None))
print("client: Sending CREATE packet to {}".format(receiver))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return packet
def send_message(self, receivers, op):
iniciopKp=time.time()
receivers = receivers.split()
self.next_node = receivers[len(receivers) - 1]
packet = self.send_ops[op](receivers)
dispatcher.send(signal=op, sender=self, packet=packet)
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
def handle_created(self, packet):
if packet.dest != self.id:
return
iniciopKp=time.time()
print("client: Handling CREATED packet from {}".format(packet.src))
(other_key, key_hash) = packet.msg
# Generate the shared key
self.dhke.generate_shared_secret(other_key)
shared = self.dhke.shared_key
m_key_hash = hashlib.sha1(str(shared).encode("utf-8")).hexdigest()
if m_key_hash == key_hash:
print("{}: DH Hash Comparison from {} SUCCESS".format(self.id, packet.src))
self.__dh_sharedkey = shared
self.aes_keys[packet.src] = shared
print("client: Entry node is now set to: ", self.next_node)
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return
print("{}: DH Hash Comparison from {} FAIL".format(self.id, packet.src))
def handle_extended(self, packet):
if packet.dest != self.id:
return
iniciopKp=time.time()
print("client: Handling CREATED packet from {}".format(packet.src))
if not packet.decrypt_aes(self.aes_keys[packet.src]):
print("{}: Decryption of EXTENDED packet from {} FAIL".format(self.id, packet.src))
return
print("{}: Decryption of EXTENDED packet from {} SUCCESS".format(self.id, packet.src))
(other_key, key_hash) = tuple(packet.msg.split('|||'))
other_key = int(other_key)
key_hash = key_hash.strip()
self.dhke.generate_shared_secret(other_key)
shared = self.dhke.shared_key
m_key_hash = hashlib.sha1(str(shared).encode("utf-8")).hexdigest()
if m_key_hash == key_hash: # Only go through if hash matches
print("{}: DH Hash Comparison from {} SUCCESS".format(self.id, packet.src))
self.__dh_sharedkey = shared
self.aes_keys[packet.src] = shared
print("client: Connection established with {}".format(self.next_node))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return
print("{}: DH Hash Comparison from {} FAIL".format(self.id, packet.src))
# Extend always gets wrapped with everything in the the AES Keys list
def get_extend_packet(self, receivers):
msg = "Type: Extend"
iniciopKp=time.time()
extend_messages = {}
for j in range(len(receivers) - 1):
extend_messages[receivers[j]] = aes_encrypt(msg, self.aes_keys[receivers[j]])
def recursive_extend(recs, node_index):
if node_index == len(recs) - 1:
create_packet = self.get_create_packet(recs[node_index:])
create_packet.src = recs[node_index - 1]
return create_packet
return Packet(src_id="client", op=OP.EXTEND, dest=recs[0],
payload=(extend_messages[recs[node_index]], recursive_extend(recs, node_index + 1)))
packet = recursive_extend(receivers, 0)
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return packet
import json
from diffiehellman.diffiehellman import DiffieHellman
CERT = os.getcwd()+'/certs/cert.pem'
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
server = ssl.wrap_socket(server,cert_reqs=ssl.CERT_REQUIRED, ca_certs = CERT)
server.settimeout(5)
IP_address = '192.168.168.184'
Port = 8202
server.connect((IP_address, Port))
bob = DiffieHellman()
bob.generate_public_key()
x = {"bob":bob.public_key}
server.send(json.dumps(x).encode("utf-8"))
total_data=""
# ########################################## REC #############################################
while True:
try:
message = ""
message = server.recv(100)
while message is not "":
total_data+=message.decode("utf-8")
message = ""
message = server.recv(100)
else:
break
class Node:
def __init__(self, id):
self.setup_keys()
self.connect_to_signals()
self.id = id
self.send_ops = {
OP.CREATED: self.get_created_packet,
OP.EXTENDED: self.get_extended_packet
}
self.hop_table = {1: HopPair(prev=None, next=None)}
def setup_keys(self):
self.dhke = DiffieHellman(key_length=1024)
self.dhke.generate_public_key()
self.__dh_sharedkey = None
self.dh_pub = str(self.dhke.public_key).encode('utf8')
(self.pubkey, self.__privkey) = rsa.newkeys(1024)
def connect_to_signals(self):
dispatcher.connect(self.handle_extend, signal=OP.EXTEND, sender=dispatcher.Any)
dispatcher.connect(self.handle_create,
signal=OP.CREATE, sender=dispatcher.Any)
dispatcher.connect(self.handle_created, signal=OP.CREATED, sender=dispatcher.Any)
def handle_extend(self, packet):
if packet.dest != self.id:
return None
iniciopKp=time.time()
print("{}: Handling EXTEND packet from {}".format(self.id, packet.src))
if packet.decrypt_aes(self.__dh_sharedkey):
print("{}: Decryption of EXTEND packet from {} SUCCESS".format(self.id, packet.src))
forward_packet = packet.payload
self.hop_table[1].next = packet.dest
dispatcher.send(signal=forward_packet.op, sender=self, packet=forward_packet)
return
print("{}: Decryption of EXTEND packet from {} FAIL".format(self.id, packet.src))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
def handle_create(self, packet):
if packet.dest != self.id:
return None
iniciopKp=time.time()
print("{}: Handling CREATE packet from {}".format(self.id, packet.src))
if not packet.decrypt_rsa(self.__privkey):
print("{}: Decryption of CREATE packet from {} FAIL".format(self.id, packet.src))
return
print("{}: Decryption of CREATE packet from {} SUCCESS".format(self.id, packet.src))
other_key = int(packet.payload)
self.dhke.generate_shared_secret(other_key)
self.__dh_sharedkey = self.dhke.shared_key
self.hop_table[1].prev = packet.src
self.send_packet(self.hop_table[1].prev, OP.CREATED)
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
def send_packet(self, receiver, op, payload=None):
iniciopKp=time.time()
packet = self.send_ops[op](receiver, payload)
dispatcher.send(signal=op, sender=self, packet=packet)
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
def get_created_packet(self, receiver, payload=None):
iniciopKp=time.time()
key_hash = hashlib.sha1(
str(self.__dh_sharedkey).encode("utf-8")).hexdigest()
msg = (self.dhke.public_key, key_hash)
packet = Packet(src_id=self.id, op=OP.CREATED,
dest=receiver, payload=(msg, None))
print("{}: Sending CREATED packet to {}".format(self.id, receiver))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return packet
def get_extended_packet(self, receiver, payload):
iniciopKp=time.time()
packet = Packet(self.id, OP.EXTENDED, receiver, payload)
print("{}: Sending EXTENDED packet to {}".format(self.id, receiver))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
return packet
def handle_created(self, packet):
if packet.dest != self.id:
return None
iniciopKp=time.time()
print("{}: Handling CREATE packet from {}".format(self.id, packet.src))
dh_pub_key, key_hash = packet.msg
encrypted_dh_pair = aes_encrypt("{}|||{}".format(dh_pub_key, key_hash), self.__dh_sharedkey)
self.send_packet(self.hop_table[1].prev, OP.EXTENDED, (encrypted_dh_pair, None))
finpKp=time.time()
print('########## Tiempo ##########:',(finpKp-iniciopKp), 'segundos')
def __str__(self):
return self.id