diff --git a/.client_test_3.py.swp b/.client_test_3.py.swp new file mode 100644 index 0000000..b8a671a Binary files /dev/null and b/.client_test_3.py.swp differ diff --git a/.clients_keys b/.clients_keys index ac4d505..e2c1763 100644 --- a/.clients_keys +++ b/.clients_keys @@ -12,3 +12,17 @@ fd05a547-8032-450c-a0f1-6a204aa1288e -n2gtRIBrlDpRisHeno-1pxYLXn5muuct7CHuJXCsbI 20a03a39-d9f0-495b-ae38-016e3350ede3 78J-gIZ710ozVxg4Iu4S9r3olhZCMtcKYRC3_H4hCxU= 0 9c5b6d7c-6317-4db1-a14a-d4be911ef45f u4SdDIORALLuPoKtJ076rZzpJk1ZiUCRWERZwQdNsxY= 0 f6325f18-2909-4665-b681-a0f764fa6c68 _d0ywQ34kEgiRopLnr8R8RDjjDLbH7JTZJp1_FkwgWw= 0 +5dfb41b5-edfa-487b-a000-11f4fc7eb191 DBVK8tjl3vMe08QrSYEWTJb3UOhtCH2A2Gj7xpiqHVs= 0 +2822aedb-22c6-4063-880e-5daddc6f4789 fyH3UTGRpaztPFiLuBezND3-1OrwpgTsj7uemxzTKrs= 0 +05d79777-9f0f-46b8-b69a-67024a37d9e4 XyNF4tFsFb6WgPBybLBLvensO0fglO371E-AGlaGqCI= 0 +f0bf481d-71c6-4f2d-8881-13afdd8901f0 UkS-005VTwKUMnm2mDAHd-y_wsnfqvL8e4N7OxyGcW8= 0 +c3c91ea4-bc4a-424a-a8fc-3daeb0c94002 NTEQ0pW5mImMGwsvnDTPIsmgZv5h95iKrfIjyCdsRI0= 0 +82f0b861-54e5-4cad-a55e-71c0857ac410 nmxMpRZYhhQX5JmsD4AK2Y_CZlFN4Bo6HlO0sbLKwc0= 0 +89982b07-b9c3-4d4a-b31e-88672b06d526 E6jPdbcKhygBLsKjiXg0onftF-6XNv5q6sA_dSoLzJw= 0 +6c584e84-0a4a-4e1f-9e38-c58f740b3303 VCLE6cBO3qT-lQ2zrYoXYI8vnJuHLrvb_CCEC_P56ow= 0 +24bd5c2a-8f30-4a8f-999a-22532a2bb42c v4u0W88oesXaSCBE81dgMwLQDdf1zsvmiS63xG4vo-0= 0 +ca902056-92e8-4a63-8498-382003098cdf tO3N2oc7C_Pwhdcp6g3XcC-IR4yAw8CHQ5FOmkce2AA= 0 +3543e331-a8d3-42a0-9e25-c1b4349c8682 JuVYT6cTJ-vJgcfeBeVU4dxt3x5sLEqG2kgdc1E5nkA= 0 +8f5807f5-28c4-494c-b961-6c59c556733d T1kflpNULJtgoyjcgF10OM3jDWZ3gN3hWhS3S1x9GbU= 0 +ee0b2669-63e8-4aa3-ac22-039f0c70188e XEzFplSYOZFjVUBU1YTWuz64dsBwxH3PgblNr7wxzAc= 0 +bb0e3173-4df3-4b39-95b8-9214bda026f7 lxhvklnDrhayi14jSq6_4wMbODuaNYezwCW7rI7N-s4= 0 diff --git a/.server_test_3.py.swp b/.server_test_3.py.swp new file mode 100644 index 0000000..40c5603 Binary files /dev/null and b/.server_test_3.py.swp differ diff --git a/client_test_3.py b/client_test_3.py index 6abcd39..4b4a812 100644 --- a/client_test_3.py +++ b/client_test_3.py @@ -11,6 +11,7 @@ from cryptography.hazmat.primitives import serialization # Home made RSA Utils from utils.rsa_tenamortech_utils import * from utils.client_keys_manager import * +from utils.symmetric_keys_manager_1 import * host = socket.gethostname() port = 2004 @@ -30,19 +31,46 @@ def de_serialize_pub_key(public_key_pem): while MESSAGE != 'exit': data = tcpClientA.recv(BUFFER_SIZE) if not got_pub_key_server: - public_key_server = de_serialize_pub_key(data) - got_pub_key_server = True - # Now we have the pub key of the server, we will send our pub key too - #encrypted_public_key = encrypt_msg(public_key_pem, public_key_server) - #encrypted_public_key = encrypt_msg(bytes("test123456789000000000000000000000000000iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii000", 'utf-8'), public_key_server) - print("Server public key received") - print("Sending current client public key [ ... ] ") - tcpClientA.send(public_key_pem) - print("Sending current client public key [ OK ] ") - + print("[DEBUG] Checking for SessionID [ ... ]") + (session_id,symmetric_key,public_key_server) = reload_session_by_host(host) + print("[DEBUG] Checking for SessionID [ OK ]") + if(session_id != -1): + tcpClientA.send(encrypt_msg(session_id.encode('utf-8'), public_key_server)) + got_pub_key_server = True + print("[DEBUG] SessionID Found ! [ OK ]") + else: + #if find sessionID load it and negociate with server + #else send public key ... + print("[DEBUG] Receiving Server Public Key [ ... ]") + public_key_server = de_serialize_pub_key(data) + got_pub_key_server = True + print("[DEBUG] Receiving Server Public Key [ OK ]") + # Now we have the pub key of the server, we will send our pub key too + print("[DEBUG] Sending current Client Public Key [ ... ] ") + tcpClientA.send(public_key_pem) + print("[DEBUG] Sending current Client Public Key [ OK ] ") + print("[DEBUG] Waiting for new Symmetric Key and New SessionID [ ... ] ") + data = tcpClientA.recv(BUFFER_SIZE) + new_symmetric_key_and_session_id = decrypt_msg(data, private_key) + new_symmetric_key_and_session_id = new_symmetric_key_and_session_id.decode('utf-8') + new_symmetric_key_and_session_id = new_symmetric_key_and_session_id.split('|') + new_symmetric_key = new_symmetric_key_and_session_id[0] + new_session_id = new_symmetric_key_and_session_id[1] + + print("[DEBUG] Waiting for new Symmetric Key and New SessionID [ OK ] ") + print("[DEBUG] Symmetric Key: [" + str(new_symmetric_key) + "]") + print("[DEBUG] SessionID : [" + new_session_id + "]") + + print("[DEBUG] Saving basic HandShake infos [ ... ] ") + save_sym_key_by_host(host, new_session_id, new_symmetric_key, public_key_server) + print("[DEBUG] Saving basic HandShake infos [ OK ] ") + data = tcpClientA.recv(BUFFER_SIZE) + decrypted_data = decrypt_msg(data, private_key) + print(decrypted_data.decode('utf-8')) + else: print(" Client2 received data:", data) - MESSAGE = input("tcpClientA: Enter message to continue/ Enter exit:").encode('utf-8') - tcpClientA.send(MESSAGE) + MESSAGE = input("Working !").encode('utf-8') + tcpClientA.send(encrypt_msg(MESSAGE, public_key_server)) tcpClientA.close() diff --git a/server_test_3.py b/server_test_3.py index 8d8884a..533caa3 100644 --- a/server_test_3.py +++ b/server_test_3.py @@ -1,7 +1,8 @@ import socket from threading import Thread from socketserver import ThreadingMixIn -from utils.keys_manager_1 import * +#from utils.keys_manager_1 import * +from utils.server_keys_manager import * from utils.symmetric_keys_manager_1 import * from utils.rsa_tenamortech_utils import * # --- Init keys --- @@ -39,7 +40,8 @@ class ClientThread(Thread): print("[DEBUG] Waiting for SessionID validation [ ... ]") msg = decrypt_msg(data, private_key) if(len(msg) == 36): # SessionID length should be 36 char. - print("[DEBUG] SessionID format looks correct [ ~ ]") + print("[DEBUG] SessionID format looks correct [ ~ ]") + print("[DEBUG] (Given SessionID: [" + msg.decode('utf-8') + "]") session_id = msg (symmetric_key,public_key_client) = reload_session_sym_key(session_id) @@ -48,27 +50,33 @@ class ClientThread(Thread): if(symmetric_key == -1): print("[DEBUG] Waiting for SessionID validation [ FAIL ]") print("[DEBUG] Invalid SessionID, will now abort negociation [ FAIL ]") + conn.close() break else: able_to_retrieve_session_id = True print("[DEBUG] Waiting for SessionID validation [ OK ]") print("[DEBUG] SessionID is valid, symmetric_key and current Client Public key were retrieved successfully") print("[DEBUG] I'm all yours... [ :) ]") + conn.send(encrypt_msg("login:".encode('utf-8'), public_key_client)) # --- SessionID that the client sent is valid, we got all the required infos # --- Client sent did not send sessionID but sent his public Key # --- Create a new session for it, (gen sessionID, create new symmetric Key, store his public key) if able_to_retrieve_session_id == False: print("[DEBUG] No existing Session, will now initiate new Session [ ... ]") # --- This function will create a sessionID, return a symmetric key and store the pub key - symmetric_key = gen_sym_key_and_save(public_key_client) - print("[DEBUG] No existing Session, will now initiate new Session [ OK ]") - print("[DEBUG] I'm all yours... [ :) ]") + (symmetric_key,session_id) = gen_sym_key_and_save(public_key_client) + print("[DEBUG] Sending encrypted Symmetric Key to Client [ ... ]") + sym_key_and_session_id = (str((symmetric_key).decode('utf-8')) + "|" + session_id).encode('utf-8') + conn.send(encrypt_msg(sym_key_and_session_id, public_key_client)) + print("[DEBUG] Sending encrypted Symmetric Key to Client [ OK ]") + print("[DEBUG] I'm all yours... [ :) ]") + conn.send(encrypt_msg("login:".encode('utf-8'), public_key_client)) - print("Server received data:", data) + #print("Server received data:", data) MESSAGE = input("Multithreaded Python server : Enter Response from Server/Enter exit:").encode('utf-8') if MESSAGE == 'exit': break - conn.send(MESSAGE) # echo + conn.send(MESSAGE) # echo # Multithreaded Python server : TCP Server Socket Program Stub TCP_IP = '0.0.0.0' diff --git a/utils/__pycache__/__init__.cpython-36.pyc b/utils/__pycache__/__init__.cpython-36.pyc index e6e4fcc..1233d60 100644 Binary files a/utils/__pycache__/__init__.cpython-36.pyc and b/utils/__pycache__/__init__.cpython-36.pyc differ diff --git a/utils/__pycache__/client_keys_manager.cpython-36.pyc b/utils/__pycache__/client_keys_manager.cpython-36.pyc index c58fb0c..43ca59f 100644 Binary files a/utils/__pycache__/client_keys_manager.cpython-36.pyc and b/utils/__pycache__/client_keys_manager.cpython-36.pyc differ diff --git a/utils/__pycache__/keys_manager_1.cpython-36.pyc b/utils/__pycache__/keys_manager_1.cpython-36.pyc index 88cf825..cec09c6 100644 Binary files a/utils/__pycache__/keys_manager_1.cpython-36.pyc and b/utils/__pycache__/keys_manager_1.cpython-36.pyc differ diff --git a/utils/__pycache__/rsa_tenamortech_utils.cpython-36.pyc b/utils/__pycache__/rsa_tenamortech_utils.cpython-36.pyc index 44e7053..a87b88e 100644 Binary files a/utils/__pycache__/rsa_tenamortech_utils.cpython-36.pyc and b/utils/__pycache__/rsa_tenamortech_utils.cpython-36.pyc differ diff --git a/utils/__pycache__/server_keys_manager.cpython-36.pyc b/utils/__pycache__/server_keys_manager.cpython-36.pyc new file mode 100644 index 0000000..9c4f741 Binary files /dev/null and b/utils/__pycache__/server_keys_manager.cpython-36.pyc differ diff --git a/utils/__pycache__/symmetric_keys_manager_1.cpython-36.pyc b/utils/__pycache__/symmetric_keys_manager_1.cpython-36.pyc index 7742166..9c1f4bf 100644 Binary files a/utils/__pycache__/symmetric_keys_manager_1.cpython-36.pyc and b/utils/__pycache__/symmetric_keys_manager_1.cpython-36.pyc differ diff --git a/utils/client_keys_manager.py b/utils/client_keys_manager.py index c89779d..7e54807 100644 --- a/utils/client_keys_manager.py +++ b/utils/client_keys_manager.py @@ -72,4 +72,4 @@ def check_for_existing_keys(): print('Find private key from file [ FAIL ]') print('New keys will be generated') return generate_keys(1) -check_for_existing_keys() +#check_for_existing_keys() diff --git a/utils/server_keys_manager.py b/utils/server_keys_manager.py index 938584c..6a3cb6e 100644 --- a/utils/server_keys_manager.py +++ b/utils/server_keys_manager.py @@ -25,7 +25,7 @@ from cryptography.hazmat.primitives import serialization from pathlib import Path # Home made RSA Keys lib -from rsa_tenamortech_utils import * +from utils.rsa_tenamortech_utils import * def check_for_existing_keys(): keys_dir_path = Path.home() / '.auth_server_test' / 'server' @@ -72,4 +72,4 @@ def check_for_existing_keys(): print('Find private key from file [ FAIL ]') print('New keys will be generated') return generate_keys(0) -check_for_existing_keys() +#check_for_existing_keys() diff --git a/utils/symmetric_keys_manager_1.py b/utils/symmetric_keys_manager_1.py index c526fe7..7575aff 100644 --- a/utils/symmetric_keys_manager_1.py +++ b/utils/symmetric_keys_manager_1.py @@ -10,71 +10,134 @@ from pathlib import Path # Home made RSA Keys lib from utils.rsa_tenamortech_utils import * + def gen_rand_session_id(): return str(uuid.uuid4()) +# --- Used by Server def gen_sym_key_and_save(public_key_client): key = Fernet.generate_key() - root_file_path = '.auth_server_test/' - path = root_file_path + 'server' - path_clients_pub_keys = root_file_path + 'server/clients_pub_keys' + root_file_path = Path.home() / '.auth_server_test/server' + path_public_keys_clients = root_file_path / 'public_keys_clients' + # Path exists ? If not we will create it + path_public_keys_clients.mkdir(exist_ok=True) session_id = gen_rand_session_id() - file = open('.clients_keys', 'ab') # changed from 'wb' to 'w+' ... + file = open(str(root_file_path) + '/.known_clients', 'ab') # changed from 'wb' to 'w+' ... file.write((session_id + " ").encode('utf-8')) file.write(key + (" ").encode('utf-8')) # The key is type bytes still file.write(('0\n').encode('utf-8')) file.close() # --- Store the client public Key for next time. - # --- Public keys are stored in '.auth_server_test/server/clients_pub_keys/session_id.pub' - keys_dir_path = Path.home() / path_clients_pub_keys - # Path exists ? If not we will create it - keys_dir_path.mkdir(exist_ok=True) - + # --- Public keys are stored in '.auth_server_test/server/pubilic_keys_clients/session_id.pub' public_key_client_pem = public_key_serializer(public_key_client) - key_path = keys_dir_path / (str(session_id) + '.pub') + key_path = path_public_keys_clients / (str(session_id) + '.pub') with open(str(key_path), 'wb') as f: f.write(public_key_client_pem) - return key + return (key,session_id) +# --- Used by server def reload_session_sym_key(sessionid): - root_file_path = '.auth_server_test/' - path = root_file_path + 'server/' - path_clients_pub_keys = path + 'clients_pub_keys/' - filename='.clients_keys' + root_file_path = Path.home() / '.auth_server_test/server' + path_public_keys_clients = root_file_path / 'public_keys_clients' + # Path exists ? If not we will create it + path_public_keys_clients.mkdir(exist_ok=True) session_id_found = False # --- Open session file - with open(filename) as f: + with open(str(root_file_path) + "/.known_clients") as f: line = f.readline().rstrip() while(line and session_id_found == False): # each line contains (session_id, sym_key, sym_key_nb_use) # Those infos are spaced with "space" char, so we use 'split' fuction to get an array cur_client_infos = line.split() # If we find the given sessionID: - if(cur_client_infos[0] == sessionid): # cur_client_info[0] is the session_id stored in the cur line + #print(cur_client_infos[0] + "|" + sessionid.decode('utf-8')) + if(cur_client_infos[0] == sessionid.decode('utf-8')): # cur_client_info[0] is the session_id stored in the cur line session_id_found = True line = f.readline().rstrip() # --- We found the given sessionID, so we will now load the corresponding client public key we previously stored. if session_id_found == True: - with open(str(path_clients_pub_keys + cur_client_infos[0] + '.pub'), "rb") as key_file: + with open(str(path_public_keys_clients) + "/" + cur_client_infos[0] + '.pub', "rb") as key_file: public_key_client = serialization.load_pem_public_key( key_file.read(), backend=default_backend() ) # --- Return the Symmetric Key used with this client and the PEM formated client public Key - return (cur_client_infos[1],public_key_client_pem) + return (cur_client_infos[1],public_key_client) else: # Return Error tuple - return (-1,'') + return (-1,-1) + + +# --- Used by client +def reload_session_by_host(host): + root_file_path = Path.home() / '.auth_server_test/client' + path_public_keys_servers = root_file_path / 'public_keys_servers' + # Path exists ? If not we will create it + path_public_keys_servers.mkdir(exist_ok=True) + host_found = False + + # --- Open session file + with open(str(root_file_path) + "/.known_hosts") as f: + line = f.readline().rstrip() + while(line and host_found == False): + # each line contains (host session_id, sym_key) + # Those infos are spaced with "space" char, so we use 'split' fuction to get an array + cur_server_infos = line.split() + # If we find the given host: + if(cur_server_infos[0] == host): # cur_client_info[0] is the host stored in the cur line + host_found = True + line = f.readline().rstrip() + + # --- We found the given host, so we will now load the corresponding server public key we previously stored. + if host_found == True: + with open(str(path_public_keys_servers) + "/" + cur_server_infos[1] + '.pub', "rb") as key_file: + public_key_server = serialization.load_pem_public_key( + key_file.read(), + backend=default_backend() + ) + # --- Return the SessionID, the Symmetric Key and the PEM formated server public Key used with this server + return (cur_server_infos[1], cur_server_infos[2], public_key_server) + else: + # Return Error tuple + return (-1,-1,-1) + + +# --- Used by client +def save_sym_key_by_host(host, session_id, sym_key, public_key_server): + root_file_path = Path.home() / '.auth_server_test/client' + path_public_keys_servers = root_file_path / 'public_keys_servers' + # Path exists ? If not we will create it + path_public_keys_servers.mkdir(exist_ok=True) + + line_to_add = str(host) + " " + session_id + " " + sym_key + # dont forget to save public key server in separate file ! + + file = open(str(root_file_path) + '/.known_hosts', 'ab') # changed from 'wb' to 'ab' ... + file.write(line_to_add.encode('utf-8')) + file.write(('\n').encode('utf-8')) + file.close() + + # --- Store the server public Key for next time. + # --- Public keys are stored in '.auth_server_test/client/public_keys_servers/session_id.pub' + public_key_server_pem = public_key_serializer(public_key_server) + key_path = path_public_keys_servers / (str(session_id) + '.pub') + + with open(str(key_path), 'wb') as f: + f.write(public_key_server_pem) + + + +# --- Used by Client and Server def encrypt_msg_symmetric(msg, key): msg = msg.encode() f_key = Fernet(key)