159 lines
3.7 KiB
Python
159 lines
3.7 KiB
Python
import base64
|
|
import hashlib
|
|
import socket
|
|
import sys
|
|
|
|
def error(*args):
|
|
print('%s: Error:' % sys.argv[0], *args, file = sys.stderr)
|
|
sys.exit(1)
|
|
|
|
def enc_len(length):
|
|
assert 0 <= length < 1<<16
|
|
high_byte = length >> 8
|
|
low_byte = length & 0xff
|
|
return bytes([low_byte, high_byte])
|
|
|
|
def dec_len(encoded):
|
|
low_byte, high_byte = encoded
|
|
return (high_byte << 8) | low_byte
|
|
|
|
def server(server_pubkey, port):
|
|
sock = None
|
|
for res in socket.getaddrinfo(None, port, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
|
|
af, socktype, proto, canonname, sa = res
|
|
try:
|
|
sock = socket.socket(af, socktype, proto)
|
|
except OSError:
|
|
sock = None
|
|
continue
|
|
try:
|
|
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
sock.bind(sa)
|
|
sock.listen(1)
|
|
except OSError:
|
|
sock.close()
|
|
sock = None
|
|
continue
|
|
break
|
|
|
|
if sock is None:
|
|
error('Could not bind on port %i' % port)
|
|
|
|
conn, addr = sock.accept()
|
|
with conn:
|
|
remote_host, remote_port = addr
|
|
print('Connection from %s' % remote_host)
|
|
|
|
client_pubkey_len = dec_len(conn.recv(2))
|
|
client_pubkey = bytearray()
|
|
while len(client_pubkey) < client_pubkey_len:
|
|
data = conn.recv(1024)
|
|
if not data:
|
|
sock.close()
|
|
error('Client public key could not be received')
|
|
client_pubkey.extend(data)
|
|
|
|
conn.sendall(enc_len(len(server_pubkey)))
|
|
conn.sendall(server_pubkey)
|
|
|
|
conn.shutdown(socket.SHUT_RDWR)
|
|
|
|
sock.close()
|
|
|
|
return bytes(client_pubkey)
|
|
|
|
def client(client_pubkey, host, port):
|
|
sock = None
|
|
for res in socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM):
|
|
af, socktype, proto, canonname, sa = res
|
|
try:
|
|
sock = socket.socket(af, socktype, proto)
|
|
except OSError:
|
|
sock = None
|
|
continue
|
|
try:
|
|
sock.connect(sa)
|
|
except OSError:
|
|
sock.close()
|
|
sock = None
|
|
continue
|
|
break
|
|
|
|
if sock is None:
|
|
error('Could not connect to %s on port %i' % (host, port))
|
|
|
|
print('Connected to %s' % host)
|
|
|
|
with sock:
|
|
sock.sendall(enc_len(len(client_pubkey)))
|
|
sock.sendall(client_pubkey)
|
|
|
|
server_pubkey_len = dec_len(sock.recv(2))
|
|
server_pubkey = bytearray()
|
|
while len(server_pubkey) < server_pubkey_len:
|
|
data = sock.recv(1024)
|
|
if not data:
|
|
error('Server public key could not be received')
|
|
server_pubkey.extend(data)
|
|
|
|
sock.shutdown(socket.SHUT_RDWR)
|
|
|
|
return bytes(server_pubkey)
|
|
|
|
def sha512(x):
|
|
h = hashlib.sha512()
|
|
h.update(x)
|
|
return h.digest()
|
|
|
|
def auth_hash(client_pubkey, server_pubkey):
|
|
client_pubkey_hash = sha512(enc_len(len(client_pubkey)) + client_pubkey)
|
|
server_pubkey_hash = sha512(enc_len(len(server_pubkey)) + server_pubkey)
|
|
combined_hash = sha512(client_pubkey_hash + server_pubkey_hash)
|
|
|
|
truncated_hash = combined_hash[:32]
|
|
hash_check = sha512(truncated_hash)[:4]
|
|
return truncated_hash + hash_check
|
|
|
|
def chunk(sliceable, length):
|
|
for i in range(0, len(sliceable), length):
|
|
yield sliceable[i:i + length]
|
|
|
|
def format_hash(hash_bytes):
|
|
hash_base64 = base64.b64encode(hash_bytes).decode()
|
|
chunked_base64 = chunk(hash_base64, 4)
|
|
return '-'.join(chunked_base64)
|
|
|
|
def verify(client_pubkey, server_pubkey):
|
|
own_hash = auth_hash(client_pubkey, server_pubkey)
|
|
print('Authentication hash: %s' % format_hash(own_hash))
|
|
|
|
# TODO: Actually verify
|
|
|
|
def main():
|
|
# TODO: Actual agument parsing
|
|
# TODO: Read pubkeys from files
|
|
# TODO: Write pubkeys to files
|
|
if sys.argv[1] == 'server':
|
|
port = int(sys.argv[2])
|
|
server_pubkey = b'server\n'
|
|
|
|
client_pubkey = server(server_pubkey, port)
|
|
|
|
verify(client_pubkey, server_pubkey)
|
|
|
|
elif sys.argv[1] == 'client':
|
|
host = sys.argv[2]
|
|
port = int(sys.argv[3])
|
|
client_pubkey = b'client\n'
|
|
|
|
server_pubkey = client(client_pubkey, host, port)
|
|
|
|
verify(client_pubkey, server_pubkey)
|
|
|
|
else:
|
|
print('Usage: %s server PORT')
|
|
print('Usage: %s client HOST PORT')
|
|
|
|
if __name__ == '__main__':
|
|
main()
|