In [1]:
import io, os, time
from multiprocessing import set_start_method, Pipe, Process
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import dh, dsa
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)
import cryptography.exceptions

buffer_size = 4096
msg_size = 1024

In [2]:
def derive(shared_key):
    derived_key = HKDF(
        algorithm=hashes.SHA256(),
        length=32,
        salt=None,
        info=b'handshake data',
        backend=default_backend(),
    ).derive(shared_key)
    return derived_key

In [3]:
def encrypt(key, iv, plaintext):
    # inicialização
    encryptor = Cipher(
        algorithms.AES(key),
        modes.CTR(iv),
        backend=default_backend(),
    ).encryptor()
    
    # cifrar a mensagem
    return encryptor.update(plaintext)

In [4]:
def decrypt(key, iv, ciphertext):
    # inicialização
    decryptor = Cipher(
        algorithms.AES(key),
        modes.CTR(iv),
        backend=default_backend(),
    ).decryptor()

    # decifrar a mensagem
    return decryptor.update(ciphertext)

In [5]:
def sign_message(key, message):
    return key.sign(message, hashes.SHA256())

In [6]:
def validate_signature(key, message, signature):
    try:
        key.verify(signature, message, hashes.SHA256())
    except InvalidSignature:
        return False
    return True  

In [7]:
def get_hmac(key, message):
    h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
    h.update(message)
    return h.finalize()

In [8]:
def validate_hmac(key, message, signature):
    try:
        h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
        h.update(message)
        h.verify(signature)
    except InvalidSignature:
        return False
    return True    

In [9]:
def prepare_bundle(key, message, dsa_key):
    # gerar o nonce
    iv = os.urandom(16)
    # obtenção do criptograma
    ct = encrypt(key, iv, message)
    # assinatura do criptograma
    signature = sign_message(dsa_key, ct)
    print(len(signature))
    # junção do iv, assinatura e criptograma
    pre_bundle = iv + signature + ct
    # 'prepending' do hmac
    bundle = get_hmac(key, pre_bundle) + pre_bundle 
    return bundle    

In [10]:
def execucaoemitter(conn, private_key, receiver_public_key, private_dsa_key, receiver_dsa_key):
    # gerar a chave combinada
    shared_key = private_key.exchange(receiver_public_key)
    # derivar a chave 
    derived_key = derive(shared_key)    
    
    while True:
        msg = input('Emitter: ').encode()
        if len(msg) > msg_size:
            break
        bundle = prepare_bundle(derived_key, msg, private_dsa_key)
        conn.send(bundle)
        try:
            buffer = bytearray(buffer_size)
            buffer = conn.recv()
            mac = buffer[0:32]
            pre_bundle = buffer[32:]
            if validate_hmac(derived_key, pre_bundle, mac):
                iv = pre_bundle[0:16]
                signature = pre_bundle[16:86]
                ct = pre_bundle[86:]
                if validate_signature(receiver_dsa_key, ct, signature):
                    clear_text = decrypt(derived_key, iv, ct)
                    print('Emitter got: ', clear_text.decode())
                else:
                    print('Emitter got bad signature!')
                    break
            else:
                print('Emitter got bad MAC!')
                break
        except EOFError:
            break    
    conn.close()
    inputs.close()   

In [11]:
def execucaoreceiver(conn, private_key, emitter_public_key, private_dsa_key, emitter_dsa_key):
    # gerar a chave combinada
    shared_key = private_key.exchange(emitter_public_key)
    # derivar a chave 
    derived_key = derive(shared_key)
    
    while True:
        try:
            buffer = bytearray(buffer_size)
            buffer = conn.recv()
            mac = buffer[0:32]
            pre_bundle = buffer[32:]
            if validate_hmac(derived_key, pre_bundle, mac):
                iv = pre_bundle[0:16]
                signature = pre_bundle[16:86]
                ct = pre_bundle[86:]
                if validate_signature(emitter_dsa_key, ct, signature):
                    clear_text = decrypt(derived_key, iv, ct)
                    print('Emitter got: ', clear_text.decode())
                else:
                    print('Emitter got bad signature!')
                    break
            else:
                print('Emitter got bad MAC!')
                break
        except EOFError:
            break
        msg = "ok"
        msg = msg.encode()
        if len(msg) > msg_size:
            break
        bundle = prepare_bundle(derived_key, msg, private_dsa_key)
        conn.send(bundle)
    conn.close()

In [12]:
try:
    set_start_method('fork')     ## a alteração principal
except:
    pass

receiver_conn, emitter_conn = Pipe()

# parametros para o par de chaves
parameters = dh.generate_parameters(generator=2, key_size=2048, backend=default_backend())

# par de chaves do emitter
emitter_private_key = parameters.generate_private_key()
# chave publica do emitter
emitter_public_key = emitter_private_key.public_key()

# par de chaves do receiver
receiver_private_key = parameters.generate_private_key()
# chave publica do receiver
receiver_public_key = receiver_private_key.public_key()

# par de chaves dsa do emitter
emitter_private_dsa_key = dsa.generate_private_key(key_size=2048, backend=default_backend())
# chave publica dsa do emitter
emitter_public_dsa_key = emitter_private_dsa_key.public_key()

# par de chaves dsa do receiver
receiver_private_dsa_key = dsa.generate_private_key(key_size=2048, backend=default_backend())
# chave publica dsa do receiver
receiver_public_dsa_key = receiver_private_dsa_key.public_key()

q = Process(target=execucaoreceiver, args=(receiver_conn, receiver_private_key, emitter_public_key, receiver_private_dsa_key, emitter_public_dsa_key,))

q.start()
execucaoemitter(emitter_conn, emitter_private_key, receiver_public_key, emitter_private_dsa_key, receiver_public_dsa_key)

q.join(timeout=120)

Emitter: a
Emitter got:  a
70
70
Emitter got:  ok


Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
  File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
  File "<ipython-input-11-829dd67599b3>", line 10, in execucaoreceiver
    buffer = conn.recv()
  File "/usr/lib/python3.8/multiprocessing/connection.py", line 250, in recv
    buf = self._recv_bytes()
  File "/usr/lib/python3.8/multiprocessing/connection.py", line 414, in _recv_bytes
    buf = self._recv(4)
  File "/usr/lib/python3.8/multiprocessing/connection.py", line 379, in _recv
    chunk = read(handle, remaining)
KeyboardInterrupt


KeyboardInterrupt: Interrupted by user