Beispiel #1
0
 def _gen_as_keys(self, topo_id, as_conf):
     sig_pub, sig_priv = generate_sign_keypair()
     enc_pub, enc_priv = generate_enc_keypair()
     self.sig_priv_keys[topo_id] = sig_priv
     self.sig_pub_keys[topo_id] = sig_pub
     self.enc_pub_keys[topo_id] = enc_pub
     self.enc_priv_keys[topo_id] = enc_priv
     sig_path = get_sig_key_file_path("")
     enc_path = get_enc_key_file_path("")
     self.cert_files[topo_id][sig_path] = base64.b64encode(sig_priv).decode()
     self.cert_files[topo_id][enc_path] = base64.b64encode(enc_priv).decode()
     if self.is_core(as_conf):
         # generate_sign_key_pair uses Ed25519
         on_root_pub, on_root_priv = generate_sign_keypair()
         off_root_pub, off_root_priv = generate_sign_keypair()
         core_sig_pub, core_sig_priv = generate_sign_keypair()
         self.pub_online_root_keys[topo_id] = on_root_pub
         self.priv_online_root_keys[topo_id] = on_root_priv
         self.pub_offline_root_keys[topo_id] = off_root_pub
         self.priv_offline_root_keys[topo_id] = off_root_priv
         self.pub_core_sig_keys[topo_id] = core_sig_pub
         self.priv_core_sig_keys[topo_id] = core_sig_priv
         online_key_path = get_online_key_file_path("")
         offline_key_path = get_offline_key_file_path("")
         core_sig_path = get_core_sig_key_file_path("")
         self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode()
         self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode()
         self.cert_files[topo_id][core_sig_path] = base64.b64encode(core_sig_priv).decode()
def _load_credentials(as_path, isd_as):
    print("Updating AS%s" % isd_as)
    # The element to get the credentials from.
    # We assume that the beacon server exists in every AS configuration.
    key_dict = {}
    core_key_dict = {}
    as_path = os.path.join(PROJECT_ROOT, GEN_PATH, 'ISD%s/AS%s' % (isd_as.isd_str(), isd_as.as_file_fmt()))
    instance_id = "bs%s-%s-1" % (isd_as.isd_str(), isd_as.as_file_fmt())
    instance_path = os.path.join(as_path, instance_id)
    topo_path = os.path.join(instance_path, TOPO_FILE)

    # Credential files for all ASes
    as_key_path = {
        'cert_path': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
        'trc_path': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
        'enc_key_path': get_enc_key_file_path(instance_path),
        'sig_key_path': get_sig_key_file_path(instance_path),
        'sig_key_raw_path': get_sig_key_raw_file_path(instance_path),
        'as_config_path': os.path.join(instance_path, AS_CONF_FILE),
    }

    # Credential files for core ASes
    core_key_path = {
        'core_sig_key_path': get_core_sig_key_file_path(instance_path),
        'core_sig_key_raw_path': get_core_sig_key_raw_file_path(instance_path),
        'online_key_path': get_online_key_file_path(instance_path),
        'online_key_raw_path': get_online_key_raw_file_path(instance_path),
        'offline_key_path': get_offline_key_file_path(instance_path),
        'offline_key_raw_path': get_offline_key_raw_file_path(instance_path),
    }

    for key, path in as_key_path.items():
        try:
            if key.startswith('cert'):
                cert = _json_file_to_str(path)
            elif key.startswith('trc'):
                trc = _json_file_to_str(path)
            elif key.startswith('as'):
                as_config_dict = _yaml_file_to_dict(path)
                key_dict['master_as_key'] = as_config_dict['MasterASKey']
            else:
                key_name = key[:len(key)-5]
                key_dict[key_name] = read_file(path)[:-1]
        except IOError as err:
            print("IOError({0}): {1}" % (err, path))
            exit(1)
    tp = Topology.from_file(topo_path)
    if tp.is_core_as:
        for key, path in core_key_path.items():
            try:
                key_name = key[:len(key)-5]
                core_key_dict[key_name] = read_file(path)[:-1]
            except IOError as err:
                print("IOError({0}): {1}" % (err, path))
                exit(1)

    return ASCredential(cert, trc, key_dict, core_key_dict)
Beispiel #3
0
def _write_keys(archive, elem_dir, as_):
    archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key)
    archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key)
    archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0),
                       as_.master_as_key)
    archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1),
                       as_.master_as_key)  # TODO
    if as_.is_core:
        archive.write_text(get_core_sig_key_file_path(elem_dir),
                           as_.core_sig_priv_key)
        archive.write_text(get_online_key_file_path(elem_dir),
                           as_.core_online_priv_key)
        archive.write_text(get_offline_key_file_path(elem_dir),
                           as_.core_offline_priv_key)
Beispiel #4
0
 def _write_keys(self, elem_dir):
     as_ = self.AS
     archive = self.archive
     archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key)
     archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key)
     archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0),
                        as_.master_as_key)
     archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1),
                        as_.master_as_key)
     if as_.is_core:
         archive.write_text(get_core_sig_key_file_path(elem_dir),
                            as_.core_sig_priv_key)
         archive.write_text(get_online_key_file_path(elem_dir),
                            as_.core_online_priv_key)
         archive.write_text(get_offline_key_file_path(elem_dir),
                            as_.core_offline_priv_key)
Beispiel #5
0
def write_certs_trc_keys(isd_as, as_obj, instance_path):
    """
    Writes the certificate and the keys for the given service
    instance of the given AS.
    :param ISD_AS isd_as: ISD the AS belongs to.
    :param obj as_obj: An object that stores crypto information for AS
    :param str instance_path: Location (in the file system) to write
    the configuration into.
    """
    # write keys
    as_key_path = {
        'cert':
        get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
        'trc':
        get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
        'enc_key':
        get_enc_key_file_path(instance_path),
        'sig_key':
        get_sig_key_file_path(instance_path),
        'sig_key_raw':
        get_sig_key_raw_file_path(instance_path),
    }
    core_key_path = {
        'core_sig_key': get_core_sig_key_file_path(instance_path),
        'core_sig_key_raw': get_core_sig_key_raw_file_path(instance_path),
        'online_key': get_online_key_file_path(instance_path),
        'online_key_raw': get_online_key_raw_file_path(instance_path),
        'offline_key': get_offline_key_file_path(instance_path),
        'offline_key_raw': get_offline_key_raw_file_path(instance_path),
    }
    for key, path in as_key_path.items():
        if key == 'cert':  # write certificates
            write_file(path, as_obj.certificate)
        elif key == 'trc':  # write trc
            write_file(path, as_obj.trc)
        else:  # write keys
            write_file(path, as_obj.keys[key])
    if as_obj.core_keys:
        for key, path in core_key_path.items():
            write_file(path, as_obj.core_keys[key])