def execute(self): breakSig = TackBreakSig.createFromParameters(self.key.getPublicKey(), self.key.getPrivateKey()) self.outputFile.write(self.addPemComments(breakSig.serializeAsPem())) if self.isVerbose(): sys.stderr.write(str(breakSig) + "\n")
def execute(self): breakSig = TackBreakSig.create(self.keyfile.getPublicKey(), self.keyfile.getPrivateKey()) self.outputFile.write(self.addPemComments(breakSig.serializeAsPem())) if self.isVerbose(): self.writeCryptoVersion() sys.stderr.write(str(breakSig))
def _getBreakSignatures(self): fileName = self._getOptionValue("-b") if fileName is None: return None contents = open(fileName, "r").read() return TackBreakSig.createFromPem(contents)
def _parseBreakSigs(self): sigsLen = self.getInt(2) if sigsLen > 1024: raise SyntaxError("break_sigs too large") elif sigsLen % TackBreakSig.LENGTH != 0: raise SyntaxError("break_sigs wrong size") break_sigs = [] b2 = self.getBytes(sigsLen) while b2: break_sigs.append(TackBreakSig(b2[:TackBreakSig.LENGTH])) b2 = b2[TackBreakSig.LENGTH:] return break_sigs
def test_BreakSig(self): s = """ -----BEGIN TACK BREAK SIG----- TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY= -----END TACK BREAK SIG-----""" tbs = TackBreakSig.createFromPem(s) assert(tbs.getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn") assert(tbs.signature == a2b_hex("41f29d34029ab638f2826c42d6a" "b48ca319d13581da698397c2ef7" "ee2eafc997c232a1200f5f5d637" "1b8fef766889c53ea82e1b66330" "df962aecbb93c6d24196"))
def test_BreakSig(self): s = """ -----BEGIN TACK BREAK SIG----- TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY= -----END TACK BREAK SIG-----""" tbs = TackBreakSig.createFromPem(s) assert (tbs.getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn") assert (tbs.signature == a2b_hex("41f29d34029ab638f2826c42d6a" "b48ca319d13581da698397c2ef7" "ee2eafc997c232a1200f5f5d637" "1b8fef766889c53ea82e1b66330" "df962aecbb93c6d24196"))
def test_BreakSigList(self): s = """ -----BEGIN TACK BREAK SIG----- TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY= -----END TACK BREAK SIG----- Created by TACK.py 0.9.6 Created at 2012-05-10T00:54:10Z -----BEGIN TACK BREAK SIG----- 73nkbxCcvFnrCIlcgtZx4iPevqxUFd9RFUNU18xfqzTCU8hV0jwYerdCwt8+VbkQ OvHEbbRHmGAX8yseGrYX1dNuoFfSN1fCLY08u/0NU+x8fmJ6tEewegVAHguw67eR PgegVlKuDULIASht9fvs6xTfxcFJDUgNaenZfcqAgAI= -----END TACK BREAK SIG----- """ tbsList = TackBreakSig.createFromPemList(s) assert(tbsList[0].getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn") assert(tbsList[1].getTackId() == "6xwgu.ydz7m.7cki3.kizmd.pt2f2") assert(len(tbsList) == 2) return 1
def test_BreakSigList(self): s = """ -----BEGIN TACK BREAK SIG----- TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY= -----END TACK BREAK SIG----- Created by TACK.py 0.9.6 Created at 2012-05-10T00:54:10Z -----BEGIN TACK BREAK SIG----- 73nkbxCcvFnrCIlcgtZx4iPevqxUFd9RFUNU18xfqzTCU8hV0jwYerdCwt8+VbkQ OvHEbbRHmGAX8yseGrYX1dNuoFfSN1fCLY08u/0NU+x8fmJ6tEewegVAHguw67eR PgegVlKuDULIASht9fvs6xTfxcFJDUgNaenZfcqAgAI= -----END TACK BREAK SIG----- """ tbsList = TackBreakSig.createFromPemList(s) assert (tbsList[0].getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn") assert (tbsList[1].getTackId() == "6xwgu.ydz7m.7cki3.kizmd.pt2f2") assert (len(tbsList) == 2) return 1
def execute(self): text, binary = self._readFile(self.argv) fileType = None try: if text: decoder = PEMDecoder(text) if decoder.containsEncoded("TACK PRIVATE KEY"): fileType = "Private Key" kf = TackKeyFile.createFromPem(text, None) print(str(kf)) return elif decoder.containsEncoded("TACK"): fileType = "TACK" tack = Tack.createFromPem(text) print(str(tack)) return elif decoder.containsEncoded("TACK BREAK SIG"): fileType = "Break Sig" tbsList = TackBreakSig.createFromPemList(text) s = "" for tbs in tbsList: s += str(tbs) print(s) return elif decoder.containsEncoded("CERTIFICATE"): fileType = "Certificate" sslc = TlsCertificate() sslc.parsePem(text) print(sslc.writeText()) return # Is it an SSL certificate? try: sslc = TlsCertificate() sslc.parse(binary) print(sslc.writeText()) except SyntaxError: self.printError("Unrecognized file type") except SyntaxError as e: self.printError("Error parsing %s: %s" % (fileType, e))
def serverTestCmd(argv): address = argv[0] dir = argv[1] #Split address into hostname/port tuple address = address.split(":") address = ( address[0], int(address[1]) ) #Connect to server lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) lsock.bind(address) lsock.listen(5) def connect(): return TLSConnection(lsock.accept()[0]) print "Test 0 - Anonymous server handshake" connection = connect() connection.handshakeServer(anon=True) testConnServer(connection) connection.close() print "Test 1 - good X.509" x509Cert = X509().parse(open(os.path.join(dir, "serverX509Cert.pem")).read()) x509Chain = X509CertChain([x509Cert]) s = open(os.path.join(dir, "serverX509Key.pem")).read() x509Key = parsePEMKey(s, private=True) connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key) assert(connection.session.serverName == address[0]) testConnServer(connection) connection.close() print "Test 1.a - good X.509, SSL v3" connection = connect() settings = HandshakeSettings() settings.minVersion = (3,0) settings.maxVersion = (3,0) connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings) testConnServer(connection) connection.close() if tackpyLoaded: tack = Tack.createFromPem(open("./TACK1.pem", "rU").read()) tackUnrelated = Tack.createFromPem(open("./TACKunrelated.pem", "rU").read()) breakSigs = TackBreakSig.createFromPemList( open("./TACK_Break_Sigs.pem").read()) settings = HandshakeSettings() settings.useExperimentalTackExtension = True print "Test 2.a - good X.509, TACK and Break Sigs" connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, tack=tack, breakSigs=breakSigs, settings=settings) testConnServer(connection) connection.close() print "Test 2.b - good X.509, TACK without Break Sigs" connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, tack=tack, pinActivation=True, settings=settings) testConnServer(connection) connection.close() print "Test 2.c - good X.509, Break Sigs without TACK" connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, breakSigs=breakSigs, pinActivation=True, settings=settings) testConnServer(connection) connection.close() print "Test 2.d - good X.509, TACK unrelated to cert chain" connection = connect() try: connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, tack=tackUnrelated, breakSigs=breakSigs, settings=settings) assert(False) except TLSRemoteAlert, alert: if alert.description != AlertDescription.illegal_parameter: raise
s = open(arg, "rb").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tack = Tack.createFromPem(s) elif opt == "-b": if tackpyLoaded: s = open(arg, "rU").read() breakSigs = TackBreakSig.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True else: assert False if not argv: printError("Missing address") if len(argv) > 1: printError("Too many arguments") # Split address into hostname/port tuple