user authentication complete

Author: vineeth-ravindra

MISC/playGround.py

@@ -3,9 +3,9 @@
 import pickle
 import socket
 import json
-import handelConnection
 import hashlib 
 import pymongo
+from datetime import datetime
 
 # ***************************
 # Part of opening connection and sending i am online
@@ -58,6 +58,6 @@
 # Tests to connect to mongo client
 # ***************************
 client = pymongo.MongoClient()
-db = client.superTest
-db.log_events.create_index("date", expireAfterSeconds=15)
-db.log_events.insert({"hahaha":"hello world", "date": utc_timestamp})
+db = client.MongoLabs
+db.test.create_index("date", expireAfterSeconds=15)
+db.test.insert({"hahaha":"hello world", "date": datetime.utcnow()})

Server/Auth.py

@@ -0,0 +1,31 @@
+class Auth:
+    def __init__(self,quiz):
+        self.__challenge = True
+        self.__response = False
+        self.__sha384 = ""
+        self.__quizz = quiz
+        self.__sharedSecret = ""
+
+    def isChallengeComplete(self):
+        return self.__challenge
+
+    def isResponseComplete(self):
+        return self.__response
+
+    def getSha384(self):
+        return self.__sha384
+
+    def getQuizz(self):
+        return self.__quizz
+
+    def getSharedSecret(self):
+        return self.__sharedSecret
+
+    def setSharedSecret(self,secret):
+        self.__sharedSecret = secret
+
+    def setSha348(self,sha348):
+        self.__sha384 = sha348
+
+    def setResponse(self):
+        self.__response = True

Server/handelConnection.py

@@ -1,5 +1,6 @@
 import os,sys,DH,pickle,binascii
 import hashlib,zlib,json
+from Auth import Auth
 from random import randint
 from cryptography.hazmat.primitives import serialization,hashes
 from cryptography.hazmat.primitives.asymmetric import padding
@@ -20,7 +21,9 @@ def __init__(self):
                 Purpose : 1) Initialise Connection object
                           2) Read server private key for future use
         '''
-        self.diffiObj = DH.DiffieHellman()
+        self.__diffiObj = DH.DiffieHellman()
+        self.__authDict      = {}
+        self.__sessionKeyDict = {}
         with open("private_key.pem", "rb") as key_file:
             try:
                 self.__privateKey = serialization.load_pem_private_key(
@@ -32,7 +35,7 @@ def __init__(self):
                 sys.exit(0)
 
 
-    def __nowOnlineResponse(self):
+    def __nowOnlineResponse(self,senderObj):
         '''
             __nowOnlineResponse(None):
                 Input  : None
@@ -47,11 +50,20 @@ def __nowOnlineResponse(self):
         sha = hashlib.sha256()
         sha.update(rand+str(t))
         guess = sha.digest()
+        self.__authDict[senderObj["user"]] = Auth(str(t))
         obj = {"message-type":"quiz","challange":rand,"answer":guess}
         ret = pickle.dumps(obj)
         return ret
 
     def __findPasswordHashForUser(self,user):
+        '''
+            __findPasswordHashForUser(String):
+                Input   :   (String) UserName
+                Output  :   False  -> If username not found
+                            String -> Password hash
+                Purpose :   Given a username searches if the user is registerd
+                            and returns the username
+        '''
         with open("SERVER.conf") as json_file:
             json_data = json.load(json_file)
             if user.lower() in json_data:
@@ -64,30 +76,60 @@ def __challangeResponse(self,senderObj):
             __challangeResponse(Object):
             Input  : Object {messageType:"quiz-response", encoded } (Response from server to challenge)
                             encoded -> {g^a mod p,response}s
-            Output : Object {}
+            Output : String
             Message format :
                         {messageType:"initiageSecret", sha256(g^ab mod p + g^bw mod p), g^b mod p}
             Purpose : Send server public secret and augmented information
 
         '''
 
-        pubKey = self.diffiObj.gen_public_key()                                               # This is (gb mod p)
-        self.__sharedSecret = self.diffiObj.gen_shared_key(long(senderObj["pubKey"]))         # This is (gab mop p)
-        print "Shared Secret is : ", self.__sharedSecret
+        if senderObj["user"] in self.__authDict:
+            authInfo = self.__authDict[senderObj["user"]]
+            print "Server side quizz",authInfo.getQuizz()
+            print "Client Side", senderObj["answer"]
+            if authInfo.getQuizz() == str(senderObj["answer"]):
+                return self.__challangeResponseHelper(senderObj, authInfo)
+            else :
+                self.__authDict.pop(senderObj["user"])
+        return False
+
+    def __challangeResponseHelper(self,senderObj,authInfo):
+        '''
+            __challangeResponseHelper(Object,Object):
+                    Input   : The  Objectified stream data from user
+                                and Authentication info on server
+                    Output : String (Data to be send on wire)
+                     Message format :
+                        {messageType:"initiageSecret", sha256(g^ab mod p + g^bw mod p), g^b mod p}
+
+        '''
+        pubKey = self.__diffiObj.gen_public_key()                                 # This is (gb mod p)
+        sharedSecret = self.__diffiObj.gen_shared_key(long(senderObj["pubKey"]))  # This is (gab mop p)
+        authInfo.setResponse()
+        authInfo.setSharedSecret(sharedSecret)
         userPassHash = self.__findPasswordHashForUser(senderObj["user"])
         if userPassHash:
-            gpowbw = self.diffiObj.gen_gpowxw(pubKey,userPassHash)
-            sha = hashlib.sha256()
-            sha.update(str(gpowbw)+str(self.__sharedSecret))
-            hash = int(binascii.hexlify(sha.digest()), base=16)
+            gpowbw = self.__diffiObj.gen_gpowxw(pubKey, userPassHash)
+            hash256 = self.__genShaX(hashlib.sha256(),str(gpowbw) + str(sharedSecret))
+            hash384 = self.__genShaX(hashlib.sha384(),str(gpowbw) + str(sharedSecret))
+            authInfo.setSha348(hash384)
             return pickle.dumps({
-                    "messageType" : "initiateSecret",
-                    "hash"        :hash,
-                    "pubKey"      :pubKey,
-                })
+                "messageType": "initiateSecret",
+                "hash": hash256,
+                "pubKey": pubKey,
+            })
         return False
 
+    def __genShaX(self,sha,message):
+        '''
+            __genShaX(Object,String):
+                    Input   : Object,Strint (THe sha object ie.sha256,384,512 and the message
+                                            to be encrypted)
+                    Output  : String (Returns the digest of the message)
 
+        '''
+        sha.update(message)
+        return int(binascii.hexlify(sha.digest()), base=16)
 
     def __decryptMessageUsingPrivateKey(self, message):
         '''
@@ -134,20 +176,31 @@ def __gen384Hash(self,gpowbw,sharedSecret):
         hash = int(binascii.hexlify(sha.digest()), base=16)
         return hash
 
-    def __completeAuth(self,data):
+    def __completeAuth(self,senderObj):
         '''
             __completeAuth(Object) :
-                Input  : Object
-                Output :
-
-        '''
-        hash = data["hash"]
-        #TODO  : Verify if sha384 is same
-        #TODO  : Store sesssion key and complete this whole process
-        print "Hurray Hurry"
+                Input  : Object (The sender Objectified stream data from user
+                                and Authentication info on server)
+                Output : False -> If sha384 doesnt match
+                        True -> Password is verified and session key is established
+
+        '''
+        if senderObj["user"] in self.__authDict:
+            if senderObj["hash"] == self.__authDict[senderObj["user"]].getSha384() :
+                print "User " + senderObj["user"] + " Connected"
+                self.__sessionKeyDict[senderObj["user"]] = self.__authDict[senderObj["user"]].getSharedSecret()
+                return True
+            else:
+                self.__authDict.pop(senderObj["user"])
         return False
 
     def __loadPickledData(self,message):
+        '''
+            __loadPickledData(String):
+                Input  : String (Stream data from socket)
+                Output : Object
+                Purpose : Convert the stream data to object
+        '''
         try:
             return pickle.loads(message)
         except Exception as e:
@@ -182,13 +235,11 @@ def parseData(self,data,address):
         decryptedResponse = self.__parseStreamData(data)
         ret = False
         if decryptedResponse["messageType"] == "now-online":
-            ret = self.__nowOnlineResponse()
+            ret = self.__nowOnlineResponse(decryptedResponse)
         elif decryptedResponse["messageType"] == "quiz-response":
             ret = self.__challangeResponse(decryptedResponse)
         elif decryptedResponse["messageType"] == "complete":
             ret = self.__completeAuth(decryptedResponse)
         if not ret:
             self.__logErrors("Response from sender",address)
-            return "unknownMessage"
-        else :
-            return ret
+        return ret

Server/server.py

@@ -69,7 +69,7 @@ def run(self,connectionHandel):
         while True:
             data , address = self.sock.recvfrom(4096)
             data = connectionHandel.parseData(data,address)
-            if data:
+            if not isinstance(data, (int)):
                 self.__sendData(data,address)
 
     def signal_handler(self, signal, frame):
@@ -87,4 +87,4 @@ def signal_handler(self, signal, frame):
 if __name__ == "__main__":
     c = handelConnection.Connection()
     s = server()
-    s.run(c)
+    s.run(c)