def resolve(target):
"""Return the generation number for target.
As a side effect, record any new calculated data to the git repository.
"""
num = get_num(target)
if num is not None:
return num
if git_tree(REF) is None:
empty = git_mktree({})
ref = run_git('commit-tree', '-m', 'Initial commit from git-number', empty)
run_git('update-ref', REF, ref)
with ScopedPool() as pool:
available = pool.apply_async(git_tree, args=(REF,), kwds={'recurse': True})
preload = set()
rev_list = []
with StatusPrinter('Loading commits: %d') as inc:
for line in run_git('rev-list', '--topo-order', '--parents',
'--reverse', hexlify(target), '^'+REF).splitlines():
toks = map(unhexlify, line.split())
rev_list.append((toks[0], toks[1:]))
preload.update(t[:PREFIX_LEN] for t in toks)
inc()
preload.intersection_update(
unhexlify(k.replace('/', ''))
for k in available.get().iterkeys()
)
preload.difference_update((x,) for x in get_num_tree.cache)
if preload:
preload_iter = pool.imap_unordered(preload_tree, preload)
with StatusPrinter('Preloading nurbs: (%%d/%d)' % len(preload)) as inc:
for prefix, tree in preload_iter:
get_num_tree.cache[prefix,] = tree
inc()
get_num_tree.default_enabled = True
for ref, pars in rev_list:
num = set_num(ref, max(map(get_num, pars)) + 1 if pars else 0)
finalize(hexlify(target))
return num
def handle_ClientHello(sess, pdx, rx):
rb = e64bs(number.long_to_bytes(random.getrandbits(16 * 8))).rstrip()
if sess is None:
sess = hexlify(number.long_to_bytes(random.getrandbits(
17 * 8))).decode() + '-' + e64bs(
number.long_to_bytes(random.getrandbits(56 * 8)) +
b'\0').rstrip()
return ET.tostring(pdx).decode(), '''<?xml version="1.0" encoding="UTF-8"?>
<ServerHello xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SessionID="{sess}" Status="Continue" Version="1.0">
<KeyType xmlns="">http://www.rsasecurity.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES</KeyType>
<EncryptionAlgorithm xmlns="">http://www.w3.org/2001/04/xmlenc#rsa-1_5</EncryptionAlgorithm>
<EncryptionKey xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:KeyValue xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:RSAKeyValue xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:Modulus>{mod}</ds:Modulus>
<ds:Exponent>{exp}</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</EncryptionKey>
<Payload xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Nonce xmlns="">{rb}</Nonce>
</Payload>
<Extensions xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Extension xmlns:ct-kip="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Data>{rb}</Data>
</Extension>
</Extensions>
<MacAlgorithm xmlns="">http://www.rsasecurity.com/rsalabs/otps/schemas/2005/11/ct-kip#ct-kip-prf-aes</MacAlgorithm>
</ServerHello>'''.format(sess=sess,
rb=rb,
mod=e64bs(number.long_to_bytes(pubk.n)).rstrip(),
exp=e64bs(number.long_to_bytes(pubk.e)).rstrip())
def handle_ClientNonce(sess, pdx, rx):
# Decrypt the ClientNonce (this will be the token secret)
ct = d64b(rx.find('.//EncryptedNonce', ns).text)
print("ENcrypted ClientNonce: {}".format(hexlify(ct)))
print("DEcrypted ClientNonce: {}".format(hexlify(cipher.decrypt(ct))))
tid = e64s('%012d' % random.randint(
1, 999999999999)).rstrip() # Random 12-digit decimal number, b64enc
exp = '2019-01-01T00:00:00+00:00' # ISO9601 datetime
rmb = e64bs(number.long_to_bytes(random.getrandbits(
16 * 8))).rstrip() # random MAC bytes... urk
pdr = '''<?xml version="1.0"?>\n<ProvisioningData><PinType>0</PinType><AddPIN>1</AddPIN></ProvisioningData>'''
r = '''<?xml version="1.0" encoding="UTF-8"?>
<ServerFinished xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SessionID="{sess}" Status="Success" Version="1.0">
<TokenID xmlns="">{tid}</TokenID>
<KeyID xmlns="">{tid}</KeyID>
<KeyExpiryDate xmlns="">{exp}</KeyExpiryDate>
<ServiceID xmlns="">RSA CT-KIP</ServiceID>
<UserID xmlns=""/>
<Extensions xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Extension xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Critical="true">
<OTPFormat>Decimal</OTPFormat>
<OTPLength>8</OTPLength>
<OTPMode xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Time xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" TimeInterval="60"/>
</OTPMode>
</Extension>
</Extensions>
<Mac xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" MacAlgorithm="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#ct-kip-prf-aes">
{rmb}
</Mac>
</ServerFinished>'''.format(tid=e64s(tid).rstrip(),
exp=exp,
sess=sess,
rmb=rmb)
return pdr, r
def serverFinished(self, session_id, server_nonce, client_none=None):
# generate and encrypt client nonce
if client_none is None:
client_nonce = random.getrandbits(16 * 8)
cipher = PKCS1_OAEP.new(self.server_pubkey)
client_nonce = client_nonce.to_bytes(16, byteorder='big')
encrypted_client_nonce = cipher.encrypt(client_nonce)
print(
"Generated client nonce:\n\tplaintext: {}\n\tencrypted: {}".format(
hexlify(client_nonce), hexlify(encrypted_client_nonce)))
# send second request
req2_filled = req2_tmpl.format(
session_id=session_id,
encrypted_client_nonce=e64bs(encrypted_client_nonce),
server_nonce=e64bs(server_nonce))
if self.verbose:
print(req2_filled)
req2 = self.soap.make_ClientRequest('ServerFinished', pd, req2_filled)
raw_res2 = self.s.send(self.s.prepare_request(req2))
if self.verbose:
print(raw_res2)
pd_res2, res2 = self.soap.parse_ServerResponse(raw_res2)
if self.verbose:
print(res2)
# get stuff from response
key_id = d64b(res2.find('TokenID').text)
token_id = d64b(res2.find('KeyID').text)
key_exp = res2.find('KeyExpiryDate').text
mac = d64b(res2.find('Mac').text)
return (key_id, token_id, key_exp, mac)
def main():
force = '-f' in sys.argv
if force:
sys.argv.remove('-f')
StatusPrinter.ENABLED = True
target = hexlify(parse_one_committish())
print 'Got Target: %s' % target
fix_head(target)
run_git('reset', '-q', target)
if force:
force_checkout(git_tree(target, recurse=True))
else:
fancy_checkout()
def main():
p = argparse.ArgumentParser()
p.add_argument('-v', '--verbose', action='count')
p.add_argument('url')
p.add_argument('activation_code')
args = p.parse_args()
client = CtKipClient(args.url, args.activation_code, args.verbose)
session_id, server_nonce, pubk = client.startService()
print("Got server nonce and RSA pubkey:\n{}\n{}".format(
hexlify(server_nonce),
pubk.exportKey('PEM').decode()))
key_id, token_id, key_exp, mac = client.serverFinished(
session_id, server_nonce)
print("Got key ID, token ID, key expiration date, and MAC:"
"\nKeyID: {}\nTokenID: {}\nExpiration: {}\nMAC: {}".format(
key_id, token_id, key_exp, mac))
pd_res1, res1 = soap.parse_ServerResponse(raw_res1)
if args.verbose:
print(res1)
session_id = res1.attrib['SessionID']
k = res1.find('.//{http://www.w3.org/2000/09/xmldsig#}RSAKeyValue')
mod = number.bytes_to_long(d64sb(k.find(
'{http://www.w3.org/2000/09/xmldsig#}Modulus').text))
exp = number.bytes_to_long(d64sb(k.find(
'{http://www.w3.org/2000/09/xmldsig#}Exponent').text))
pubk = RSA.construct( (int(mod), int(exp)) )
pl = res1.find('.//Payload')
server_nonce = d64sb(pl.find('Nonce').text)
print("Got server nonce and RSA pubkey:\n{}\n{}".format(
hexlify(server_nonce), pubk.exportKey('PEM').decode()))
# generate and encrypt client nonce
client_nonce = bytearray([random.getrandbits(8) for i in range(16)])
cipher = PKCS1_OAEP.new(pubk)
encrypted_client_nonce = cipher.encrypt(hexlify(client_nonce))
print("Generated client nonce:\n\tplaintext: {}\n\tencrypted: {}".format(
hexlify(client_nonce), hexlify(encrypted_client_nonce)))
# send second request
req2_filled = req2_tmpl.format(
session_id=session_id, encrypted_client_nonce=hexlify(encrypted_client_nonce).decode(),
server_nonce=hexlify(server_nonce).decode())
req2 = soap.make_ClientRequest('ServerFinished', pd, req2_filled)
pd_res2, res2 = soap.parse_ServerResponse(s.send(s.prepare_request(req2)))
