Ejemplo n.º 1
0
    def e2etest(self, vector):
        initiator = NoiseConnection.from_name(vector['protocol_name'])
        responder = NoiseConnection.from_name(vector['protocol_name'])
        if 'init_psks' in vector and 'resp_psks' in vector:
            initiator.set_psks(psks=vector['init_psks'])
            responder.set_psks(psks=vector['resp_psks'])

        initiator.set_prologue(vector['init_prologue'])
        initiator.set_as_initiator()
        self._set_keypairs(vector, initiator, ephemeral=False)

        assert initiator.get_keypair(Keypair.STATIC).private.private_bytes(
            encoding=serialization.Encoding.Raw,
            format=serialization.PrivateFormat.Raw,
            encryption_algorithm=serialization.NoEncryption(
            )) == vector['init_static']

        responder.set_prologue(vector['resp_prologue'])
        responder.set_as_responder()
        self._set_keypairs(vector, responder, ephemeral=False)

        initiator.start_handshake()
        responder.start_handshake()

        # set sender and received
        s, r = initiator, responder

        # loop until both sides think the handshake has finished
        while not initiator.handshake_finished and not responder.handshake_finished:
            # exchange a message
            r.read_message(s.write_message())

            # Swap roles
            s, r = r, s

        assert initiator.get_keypair(
            Keypair.STATIC).public_bytes == responder.get_keypair(
                Keypair.REMOTE_STATIC).public_bytes

        pt = b'this is a test message'

        # make sure that the initiator can send a message
        ct = initiator.encrypt(pt)

        # and is decrypted by the responder
        assert pt == responder.decrypt(ct)

        # make sure that the responder can send a message
        ct = responder.encrypt(pt)

        # and is decrypted by the initiator
        assert pt == initiator.decrypt(ct)
Ejemplo n.º 2
0
    def connectToNoise(self, ip, port):

        print('Trying to connect to', ip + ":" + str(port))
        sock = socket.socket()
        sock.connect((ip, port))

        # Create instance of NoiseConnection, set up to use NN handshake pattern, Curve25519 for
        # elliptic curve keypair, ChaCha20Poly1305 as cipher function and SHA256 for hashing.
        proto = NoiseConnection.from_name(b'Noise_NN_25519_ChaChaPoly_SHA256')

        # Set role in this connection as initiator
        proto.set_as_initiator()
        # Enter handshake mode
        proto.start_handshake()

        # Perform handshake - as we are the initiator, we need to generate first message.
        # We don't provide any payload (although we could, but it would be cleartext for this pattern).
        message = proto.write_message()
        # Send the message to the responder - you may simply use sockets or any other way
        # to exchange bytes between communicating parties.
        sock.sendall(message)
        # Receive the message from the responder
        received = sock.recv(2048)
        # Feed the received message into noise
        payload = proto.read_message(received)

        self.connection = sock
        self.noise = proto
Ejemplo n.º 3
0
    def HandleNoiseConnection(self):
        s = socket.socket()
        s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        s.bind(('localhost', self.port))
        s.listen(1)

        print("Waiting connections...")

        conn, addr = s.accept()
        print('Accepted connection from', addr)

        self.noise = NoiseConnection.from_name(
            b'Noise_NN_25519_ChaChaPoly_SHA256')

        self.noise.set_as_responder()
        self.noise.start_handshake()

        # Perform handshake. Break when finished
        for action in cycle(['receive', 'send']):
            if self.noise.handshake_finished:
                break
            elif action == 'send':
                ciphertext = self.noise.write_message()
                # print('cipherText',ciphertext)
                conn.sendall(ciphertext)
            elif action == 'receive':
                data = conn.recv(2048)
                plaintext = self.noise.read_message(data)
                # print('receive',plaintext)

        print("Noise handshake finished with", addr)
        self.connection = conn
Ejemplo n.º 4
0
    async def accept_connection(self, reader: asyncio.StreamReader,
                                writer: asyncio.StreamWriter):
        """Responder side"""
        self.reader = reader
        self.writer = writer
        self.noise = NoiseConnection.from_name(
            b"Noise_XK_25519_ChaChaPoly_BLAKE2s")
        self.noise.set_as_responder()
        self.noise.set_keypair_from_private_bytes(Keypair.STATIC,
                                                  self.private_key_bytes)
        self.noise.start_handshake()

        first_message = await self.reader.readexactly(0x30)
        logger.debug("NOISE: Resp -> e, es (%#x bytes)", len(first_message))
        self.noise.read_message(first_message)
        second_message = self.noise.write_message()
        logger.debug("NOISE: Resp <- e, ee (%#x bytes)", len(second_message))
        assert len(second_message) == 0x30
        self.writer.write(second_message)

        third_message = await self.reader.readexactly(0x40)
        logger.debug("NOISE: Resp -> s, se (%#x bytes)", len(third_message))
        self.noise.read_message(third_message)
        assert self.noise.handshake_finished

        # Exchange the "x" coordinate of the secret shares
        self.send_encrypted(self.my_secret_x.to_bytes(32, "big"))
        peer_secret = await self.recv_exactly_encrypted(32)
        self.peer_secret_x = int.from_bytes(peer_secret, "big")
        logger.debug("NOISE: Responded to encrypted connection %d <- %d",
                     self.my_secret_x, self.peer_secret_x)
Ejemplo n.º 5
0
    async def _perform_handshake(self, expected_name: Optional[str]) -> None:
        await self._write_frame(b"")  # ClientHello
        prologue = b"NoiseAPIInit" + b"\x00\x00"

        server_hello = await self._read_frame()  # ServerHello
        if not server_hello:
            raise HandshakeAPIError("ServerHello is empty")

        # First byte of server hello is the protocol the server chose
        # for this session. Currently only 0x01 (Noise_NNpsk0_25519_ChaChaPoly_SHA256)
        # exists.
        chosen_proto = server_hello[0]
        if chosen_proto != 0x01:
            raise HandshakeAPIError(
                f"Unknown protocol selected by client {chosen_proto}")

        # Check name matches expected name (for noise sessions, this is done
        # during hello phase before a connection is set up)
        # Server name is encoded as a string followed by a zero byte after the chosen proto byte
        server_name_i = server_hello.find(b"\0", 1)
        if server_name_i != -1:
            # server name found, this extension was added in 2022.2
            server_name = server_hello[1:server_name_i].decode()
            if expected_name is not None and expected_name != server_name:
                raise BadNameAPIError(
                    f"Server sent a different name '{server_name}'",
                    server_name)

        self._proto = NoiseConnection.from_name(
            b"Noise_NNpsk0_25519_ChaChaPoly_SHA256")
        self._proto.set_as_initiator()
        self._proto.set_psks(_decode_noise_psk(self._noise_psk))
        self._proto.set_prologue(prologue)
        self._proto.start_handshake()

        _LOGGER.debug("Starting handshake...")
        do_write = True
        while not self._proto.handshake_finished:
            if do_write:
                msg = self._proto.write_message()
                await self._write_frame(b"\x00" + msg)
            else:
                msg = await self._read_frame()
                if not msg:
                    raise HandshakeAPIError("Handshake message too short")
                if msg[0] != 0:
                    explanation = msg[1:].decode()
                    if explanation == "Handshake MAC failure":
                        raise InvalidEncryptionKeyAPIError(
                            "Invalid encryption key")
                    raise HandshakeAPIError(
                        f"Handshake failure: {explanation}")
                self._proto.read_message(msg[1:])

            do_write = not do_write

        _LOGGER.debug("Handshake complete!")
        self._ready_event.set()
    def _create_noise_channel(self, noise_config: BitBoxNoiseConfig) -> NoiseConnection:
        if self._raw_query(OP_I_CAN_HAS_HANDSHAEK) != RESPONSE_SUCCESS:
            self.close()
            raise Exception("Couldn't kick off handshake")

        # init noise channel
        noise = NoiseConnection.from_name(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.set_as_initiator()
        private_key = noise_config.get_app_static_privkey()
        if private_key is None:
            private_key = os.urandom(32)
            noise_config.set_app_static_privkey(private_key)
        noise.set_keypair_from_private_bytes(Keypair.STATIC, private_key)
        noise.set_prologue(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.start_handshake()
        start_handshake_status, start_handshake_reply = self._handshake_query(noise.write_message())
        if start_handshake_status != RESPONSE_SUCCESS:
            self.close()
            raise Exception("Handshake process request failed.")
        noise.read_message(start_handshake_reply)
        remote_static_key = noise.noise_protocol.handshake_state.rs.public_bytes
        assert not noise.handshake_finished
        send_msg = noise.write_message()
        assert noise.handshake_finished
        pairing_code = base64.b32encode(noise.get_handshake_hash()).decode("ascii")
        handshake_finish_status, response = self._handshake_query(send_msg)
        if handshake_finish_status != RESPONSE_SUCCESS:
            self.close()
            raise Exception("Handshake conclusion failed.")

        # Check if we recognize the device's public key
        pairing_verification_required_by_host = True
        if noise_config.contains_device_static_pubkey(remote_static_key):
            pairing_verification_required_by_host = False

        pairing_verification_required_by_device = response == b"\x01"
        if pairing_verification_required_by_host or pairing_verification_required_by_device:

            def get_device_response() -> bool:
                device_response = self._raw_query(OP_I_CAN_HAS_PAIRIN_VERIFICASHUN)
                if device_response == RESPONSE_SUCCESS:
                    return True
                if device_response == RESPONSE_FAILURE:
                    return False
                raise Exception(f"Unexpected pairing response: f{device_response}")

            client_response_success = noise_config.show_pairing(
                "{} {}\n{} {}".format(
                    pairing_code[:5], pairing_code[5:10], pairing_code[10:15], pairing_code[15:20]
                ),
                get_device_response,
            )
            if not client_response_success:
                self.close()
                raise Exception("pairing rejected by the user")

            noise_config.add_device_static_pubkey(remote_static_key)
        return noise
Ejemplo n.º 7
0
    def __init__(self,
                 device_info,
                 show_pairing_callback,
                 attestation_check_callback=None):
        self.debug = False
        serial_number = device_info["serial_number"]
        self.version = parse_device_version(serial_number)
        if self.version is None:
            raise ValueError(f"Could not parse version from {serial_number}")
        self.device = hid.device()
        self.device.open_path(device_info["path"])

        if self.version > semver.VersionInfo(1, 0, 0):
            if attestation_check_callback is not None:
                # Perform attestation
                attestation_check_callback(self._perform_attestation())

            # Invoke unlock workflow on the device.
            # In version <=1.0.0, the device did this automatically.
            self._query(OP_UNLOCK)

        if self._query(OP_I_CAN_HAS_HANDSHAEK) != RESPONSE_SUCCESS:
            raise Exception("Couldn't kick off handshake")

        # init noise channel
        noise = NoiseConnection.from_name(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.set_as_initiator()
        dummy_private_key = os.urandom(32)
        noise.set_keypair_from_private_bytes(Keypair.STATIC, dummy_private_key)
        noise.set_prologue(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.start_handshake()
        noise.read_message(self._query(noise.write_message()))
        assert not noise.handshake_finished
        send_msg = noise.write_message()
        assert noise.handshake_finished
        pairing_code = base64.b32encode(
            noise.get_handshake_hash()).decode("ascii")
        show_pairing_callback("{} {}\n{} {}".format(pairing_code[:5],
                                                    pairing_code[5:10],
                                                    pairing_code[10:15],
                                                    pairing_code[15:20]))
        response = self._query(send_msg)

        # Can be set to False if the remote static pubkey was previously confirmed.
        pairing_verification_required_by_host = True

        pairing_verification_required_by_device = response == b"\x01"
        if pairing_verification_required_by_host or pairing_verification_required_by_device:
            pairing_response = self._query(OP_I_CAN_HAS_PAIRIN_VERIFICASHUN)
            if pairing_response == RESPONSE_SUCCESS:
                pass
            elif pairing_response == RESPONSE_FAILURE:
                raise Exception("pairing rejected by the user")
            else:
                raise Exception("unexpected response")
        self.noise = noise
Ejemplo n.º 8
0
def _do_test_for(key_type: str, keys: _Keys):
    noise_name = 'Noise_XX_{}_ChaChaPoly_SHA256'.format(key_type).encode()
    initiator = NoiseConnection.from_name(noise_name)
    responder = NoiseConnection.from_name(noise_name)
    initiator.set_as_initiator()
    responder.set_as_responder()

    initiator.set_keypair_from_private_bytes(Keypair.STATIC,
                                             keys.initiator_private)
    responder.set_keypair_from_private_bytes(Keypair.STATIC,
                                             keys.responder_private)

    initiator.start_handshake()
    responder.start_handshake()
    message = b'public-key-test'

    assert message == responder.read_message(initiator.write_message(message))
    with pytest.raises(NoiseGetPublicKeyError):
        initiator.get_public_bytes(Keypair.REMOTE_STATIC)
    with pytest.raises(NoiseGetPublicKeyError):
        responder.get_public_bytes(Keypair.REMOTE_STATIC)

    assert message == initiator.read_message(responder.write_message(message))
    with pytest.raises(NoiseGetPublicKeyError):
        responder.get_public_bytes(Keypair.REMOTE_STATIC)

    assert message == responder.read_message(initiator.write_message(message))

    # Test ability to get remote static public key,
    # which is essential for application layer to validate peer identity
    assert keys.responder_public == initiator.get_public_bytes(
        Keypair.REMOTE_STATIC)
    assert keys.initiator_public == responder.get_public_bytes(
        Keypair.REMOTE_STATIC)

    # Other tests
    assert initiator.get_public_bytes(
        Keypair.REMOTE_EPHEMERAL) == responder.get_public_bytes(
            Keypair.EPHEMERAL)
    assert responder.get_public_bytes(
        Keypair.REMOTE_EPHEMERAL) == initiator.get_public_bytes(
            Keypair.EPHEMERAL)
Ejemplo n.º 9
0
 def __init__(self, host_key, packetizer, debug=False):
     self.debug = debug
     self.packetizer = packetizer
     self.static_local = host_key
     self.proto = NoiseConnection.from_name(b'Noise_XX_25519_ChaChaPoly_BLAKE2s')
     self.proto.set_as_initiator()
     self.proto.set_keypair_from_private_bytes(Keypair.STATIC, self.static_local)
     self.proto.start_handshake()
     self.handshake = self.proto.noise_protocol.handshake_state # save for later because someone didn't think
     self.paired = False
     self.connected = False
Ejemplo n.º 10
0
    def __init__(self,
                 connection,
                 security=b'Noise_NN_25519_ChaChaPoly_SHA256',
                 debug=False):
        self.conn = connection
        super(SecureConnection, self).__init__('NOISE')
        self._debug = debug

        if self.conn.type == 6:
            self.type = 'SERVER'
        elif self.conn.type == 5:
            self.type = 'CLIENT'
        self.noise = NoiseConnection.from_name(security)
Ejemplo n.º 11
0
    def do_test_connection(self, name):
        key = b"\x00" * 32
        left = NoiseConnection.from_name(name)
        left.set_psks(key)
        left.set_as_initiator()
        left.start_handshake()

        right = NoiseConnection.from_name(name)
        right.set_psks(key)
        right.set_as_responder()
        right.start_handshake()

        h = left.write_message()
        _ = right.read_message(h)
        h2 = right.write_message()
        left.read_message(h2)

        assert left.handshake_finished
        assert right.handshake_finished

        enc = left.encrypt(b"hello")
        dec = right.decrypt(enc)
        assert dec == b"hello"
Ejemplo n.º 12
0
    def __init__(self,
                 test,
                 itf,
                 endpoint,
                 port,
                 allowed_ips,
                 persistent_keepalive=15):
        self._test = test
        self.itf = itf
        self.endpoint = endpoint
        self.port = port
        self.allowed_ips = allowed_ips
        self.persistent_keepalive = persistent_keepalive

        # remote peer's public
        self.private_key = X25519PrivateKey.generate()
        self.public_key = self.private_key.public_key()

        self.noise = NoiseConnection.from_name(NOISE_HANDSHAKE_NAME)
Ejemplo n.º 13
0
    async def connect_peer(self, peer_public_info):
        """Initiator side"""
        self.reader, self.writer = await asyncio.open_connection(
            host=peer_public_info["addr"] or "127.0.0.1",
            port=peer_public_info["port"])
        peer_public_key = base64.b64decode(peer_public_info["public_key"])

        self.noise = NoiseConnection.from_name(
            b"Noise_XK_25519_ChaChaPoly_BLAKE2s")
        self.noise.set_as_initiator()
        self.noise.set_keypair_from_private_bytes(Keypair.STATIC,
                                                  self.private_key_bytes)
        self.noise.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC,
                                                 peer_public_key)
        self.noise.start_handshake()

        # Send a SECU command to the peer
        first_message = b"SECU" + self.noise.write_message()
        logger.debug("NOISE: Init -> e, es (%#x bytes)",
                     len(first_message) - 4)
        assert len(first_message) == 4 + 0x30
        self.writer.write(first_message)

        second_message = await self.reader.readexactly(0x30)
        self.noise.read_message(second_message)
        logger.debug("NOISE: Init <- e, ee (%#x bytes)", len(second_message))
        third_message = self.noise.write_message()
        logger.debug("NOISE: Init -> s, se (%#x bytes)", len(third_message))
        self.writer.write(third_message)
        assert self.noise.handshake_finished

        # Exchange the "x" coordinate of the secret shares
        self.send_encrypted(self.my_secret_x.to_bytes(32, "big"))
        peer_secret = await self.recv_exactly_encrypted(32)
        self.peer_secret_x = int.from_bytes(peer_secret, "big")
        logger.debug("NOISE: Initiated encrypted connection %d -> %d",
                     self.my_secret_x, self.peer_secret_x)
Ejemplo n.º 14
0
    def __init__(
        self,
        device_info: DeviceInfo,
        show_pairing_callback: Callable[[str], None],
        attestation_check_callback: Optional[Callable[[bool], None]] = None,
    ):
        self.debug = False
        serial_number = device_info["serial_number"]

        self.version = parse_device_version(serial_number)
        if self.version is None:
            raise ValueError(f"Could not parse version from {serial_number}")
        # Delete the prelease part, as it messes with the comparison (e.g. 3.0.0-pre < 3.0.0 is
        # True, but the 3.0.0-pre has already the same API breaking changes like 3.0.0...).
        self.version = semver.VersionInfo(
            self.version.major, self.version.minor, self.version.patch, build=self.version.build
        )

        self.device = hid.device()
        self.device.open_path(device_info["path"])

        if self.version >= semver.VersionInfo(2, 0, 0):
            if attestation_check_callback is not None:
                # Perform attestation
                attestation_check_callback(self._perform_attestation())

            # Invoke unlock workflow on the device.
            # In version <2.0.0, the device did this automatically.
            unlock_result = self._query(OP_UNLOCK)
            if self.version < semver.VersionInfo(3, 0, 0):
                assert unlock_result == b""
            else:
                # since 3.0.0, unlock can fail if cancelled
                if unlock_result == RESPONSE_FAILURE:
                    raise Exception("Unlock process aborted")

        if self._query(OP_I_CAN_HAS_HANDSHAEK) != RESPONSE_SUCCESS:
            raise Exception("Couldn't kick off handshake")

        # init noise channel
        noise = NoiseConnection.from_name(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.set_as_initiator()
        dummy_private_key = os.urandom(32)
        noise.set_keypair_from_private_bytes(Keypair.STATIC, dummy_private_key)
        noise.set_prologue(b"Noise_XX_25519_ChaChaPoly_SHA256")
        noise.start_handshake()
        noise.read_message(self._query(noise.write_message()))
        assert not noise.handshake_finished
        send_msg = noise.write_message()
        assert noise.handshake_finished
        pairing_code = base64.b32encode(noise.get_handshake_hash()).decode("ascii")
        show_pairing_callback(
            "{} {}\n{} {}".format(
                pairing_code[:5], pairing_code[5:10], pairing_code[10:15], pairing_code[15:20]
            )
        )
        response = self._query(send_msg)

        # Can be set to False if the remote static pubkey was previously confirmed.
        pairing_verification_required_by_host = True

        pairing_verification_required_by_device = response == b"\x01"
        if pairing_verification_required_by_host or pairing_verification_required_by_device:
            pairing_response = self._query(OP_I_CAN_HAS_PAIRIN_VERIFICASHUN)
            if pairing_response == RESPONSE_SUCCESS:
                pass
            elif pairing_response == RESPONSE_FAILURE:
                raise Exception("pairing rejected by the user")
            else:
                raise Exception("unexpected response")
        self.noise = noise
Ejemplo n.º 15
0
from hashlib import blake2s
import socket
import struct

from scapy.layers.inet import IP, ICMP

from noise.connection import NoiseConnection, Keypair

address = ('demo.wireguard.com', 12913)

our_private = base64.b64decode('WAmgVYXkbT2bCtdcDwolI88/iVi/aV3/PHcUBTQSYmo=')
their_public = base64.b64decode('qRCwZSKInrMAq5sepfCdaCsRJaoLe5jhtzfiw7CjbwM=')
preshared = base64.b64decode('FpCyhws9cxwWoV4xELtfJvjJN+zQVRPISllRWgeopVE=')
prologue = b'WireGuard v1 zx2c4 [email protected]'

noise = NoiseConnection.from_name(b'Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s')
noise.set_as_initiator()
noise.set_keypair_from_private_bytes(Keypair.STATIC, our_private)
noise.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, their_public)
noise.set_psks(psk=preshared)
noise.set_prologue(prologue)
noise.start_handshake()

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# 1. Prepare and send handshake initiation packet
now = datetime.datetime.now()
tai = struct.pack('!qi', 4611686018427387914 + int(now.timestamp()),
                  int(now.microsecond * 1e3))
initiation_packet = b'\x01'  # Type: initiation
initiation_packet += b'\x00' * 3  # Reserved
Ejemplo n.º 16
0
 def create_noise_state(self) -> NoiseState:
     noise_state = NoiseState.from_name(self.protocol_name)
     noise_state.set_keypair_from_private_bytes(
         NoiseKeypairEnum.STATIC, self.noise_static_key.to_bytes())
     return noise_state
Ejemplo n.º 17
0
    def test_vector(self, vector):
        if b'_XK_448_' in vector['protocol_name']:
            self.e2etest(vector)
        initiator = NoiseConnection.from_name(vector['protocol_name'])
        responder = NoiseConnection.from_name(vector['protocol_name'])
        if 'init_psks' in vector and 'resp_psks' in vector:
            initiator.set_psks(psks=vector['init_psks'])
            responder.set_psks(psks=vector['resp_psks'])

        initiator.set_prologue(vector['init_prologue'])
        initiator.set_as_initiator()
        self._set_keypairs(vector, initiator)

        responder.set_prologue(vector['resp_prologue'])
        responder.set_as_responder()
        self._set_keypairs(vector, responder)

        initiator.start_handshake()
        responder.start_handshake()

        initiator_to_responder = True
        handshake_finished = False
        for message in vector['messages']:
            if not handshake_finished:
                if initiator_to_responder:
                    sender, receiver = initiator, responder
                else:
                    sender, receiver = responder, initiator

                sender_result = sender.write_message(message['payload'])
                assert sender_result == message['ciphertext']

                receiver_result = receiver.read_message(sender_result)
                assert receiver_result == message['payload']

                if not (sender.handshake_finished
                        and receiver.handshake_finished):
                    # Not finished with handshake, fail if one would finish before other
                    assert sender.handshake_finished == receiver.handshake_finished
                else:
                    # Handshake done
                    handshake_finished = True

                    # Verify handshake hash
                    if 'handshake_hash' in vector:
                        assert initiator.noise_protocol.handshake_hash == responder.noise_protocol.handshake_hash == vector[
                            'handshake_hash']

                    # Verify split cipherstates keys
                    assert initiator.noise_protocol.cipher_state_encrypt.k == responder.noise_protocol.cipher_state_decrypt.k
                    if not initiator.noise_protocol.pattern.one_way:
                        assert initiator.noise_protocol.cipher_state_decrypt.k == responder.noise_protocol.cipher_state_encrypt.k
                    else:
                        assert initiator.noise_protocol.cipher_state_decrypt is responder.noise_protocol.cipher_state_encrypt is None
            else:
                if initiator.noise_protocol.pattern.one_way or initiator_to_responder:
                    sender, receiver = initiator, responder
                else:
                    sender, receiver = responder, initiator
                ciphertext = sender.encrypt(message['payload'])
                assert ciphertext == message['ciphertext']
                plaintext = receiver.decrypt(message['ciphertext'])
                assert plaintext == message['payload']
            initiator_to_responder = not initiator_to_responder
Ejemplo n.º 18
0
import socket
from itertools import cycle

from noise.connection import NoiseConnection

if __name__ == '__main__':
    s = socket.socket()
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.bind(('localhost', 2000))
    s.listen(1)

    conn, addr = s.accept()
    print('Accepted connection from', addr)

    noise = NoiseConnection.from_name(b'Noise_NN_25519_ChaChaPoly_SHA256')
    print(noise)
    noise.set_as_responder()
    noise.start_handshake()

    # Perform handshake. Break when finished
    for action in cycle(['receive', 'send']):
        if noise.handshake_finished:
            break
        elif action == 'send':
            ciphertext = noise.write_message()
            #print('cipherText',ciphertext)
            conn.sendall(ciphertext)
        elif action == 'receive':
            data = conn.recv(2048)
            plaintext = noise.read_message(data)
            #print('receive',plaintext)
Ejemplo n.º 19
0
import socket
import struct

from scapy.layers.inet import IP, ICMP

from noise.connection import NoiseConnection, Keypair


address = ('demo.wireguard.com', 12913)

our_private = base64.b64decode('WAmgVYXkbT2bCtdcDwolI88/iVi/aV3/PHcUBTQSYmo=')
their_public = base64.b64decode('qRCwZSKInrMAq5sepfCdaCsRJaoLe5jhtzfiw7CjbwM=')
preshared = base64.b64decode('FpCyhws9cxwWoV4xELtfJvjJN+zQVRPISllRWgeopVE=')
prologue = b'WireGuard v1 zx2c4 [email protected]'

noise = NoiseConnection.from_name(b'Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s')
noise.set_as_initiator()
noise.set_keypair_from_private_bytes(Keypair.STATIC, our_private)
noise.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, their_public)
noise.set_psks(psk=preshared)
noise.set_prologue(prologue)
noise.start_handshake()

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)


# 1. Prepare and send handshake initiation packet
now = datetime.datetime.now()
tai = struct.pack('!qi', 4611686018427387914 + int(now.timestamp()), int(now.microsecond * 1e3))
initiation_packet = b'\x01'  # Type: initiation
initiation_packet += b'\x00' * 3  # Reserved