def test_when_no_public_key_is_provided_then_it_is_calculated_from_private_key( self): keypair = ec.make_keypair(self.curve) keys = ec.Keypair(self.curve, keypair.priv) self.assertEqual(keypair.pub, keys.pub) self.assertTrue(keys.can_encrypt) self.assertTrue(keys.can_sign)
def test_when_dh_secret_is_generated_then_it_matches_on_both_keypairs(self): keypair1 = ec.make_keypair(self.curve) keypair2 = ec.make_keypair(self.curve) self.assertNotEqual(keypair1.priv, keypair2.priv) self.assertNotEqual(keypair1.pub, keypair2.pub) ecdh1 = ec.ECDH(keypair1) ecdh2 = ec.ECDH(keypair2) self.assertEqual(ecdh1.get_secret(keypair2), ecdh2.get_secret(keypair1)) # Test that secret computation works without priv key keypair3 = ec.Keypair(self.curve, pub=keypair1.pub) ecdh3 = ec.ECDH(keypair3) self.assertEqual(ecdh3.get_secret(keypair2), ecdh2.get_secret(keypair3))
def processTLSpacket(self,pkt): mtls=TLS(pkt) if scapy_ssl_tls.ssl_tls.TLSServerHello in mtls: self.serverrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSServerHello])[2:34] print 'Server Random Found' if scapy_ssl_tls.ssl_tls.TLSClientHello in mtls: self.clientrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[2:34] #mtls[scapy_ssl_tls.ssl_tls.TLSClientHello].show2() #print [ord(i) for i in str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[:40]] print [ord(i) for i in self.clientrandom] print 'Client Random Found' if scapy_ssl_tls.ssl_tls.TLSServerKeyExchange in mtls: server_kex = mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange] a = server_kex[scapy_ssl_tls.ssl_tls.TLSServerECDHParams] point = scapy_ssl_tls.ssl_tls_keystore.ansi_str_to_point(a.p) self.serverpub=a.p curve = ec_reg.get_curve('secp256r1') scapy_ssl_tls.ssl_tls_keystore.ECDHKeyStore(curve, ec.Point(curve, *point)) # PREMASTER KEY ec_curve = ec_reg.get_curve('secp256r1') server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve)) client_keypair=pickle.load(open('/home/gabriel/waterfall/decoy/scapy_ssl_tls/clientpriv')) secret_point = ec.ECDH(client_keypair).get_secret(server_keypair) mk = int_to_str(secret_point.x) # masalan premaster key sec_params = scapy_ssl_tls.ssl_tls_crypto.TLSSecurityParameters.from_pre_master_secret(self.prf, scapy_ssl_tls.ssl_tls.TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256, mk, self.clientrandom, self.serverrandom) sym_keystore = sec_params.server_keystore # print("SYYYYYN JEEEEEET", sym_keystore.key) self.server_write_key = sym_keystore.key self.server_write_iv = sym_keystore.iv self.candecrypt = True # ecdh=scapy_ssl_tls.ssl_tls.TLSServerECDHParams(str(mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange])) # self.serverpub=ecdh.p # print 'server public Found' # self.driveKeys() if self.candecrypt: # print 'decrypting ' # mtls.show2() if scapy_ssl_tls.ssl_tls.TLSCiphertext in mtls: # print 'decryptable' plain=self.decrypt(mtls[scapy_ssl_tls.ssl_tls.TLSCiphertext].data) if mtls.records[0].content_type==23: self.startreplace=True #print plain[:60] self.addHTTPpacket(plain)
def __init__(self, curve, public, private=None): self.curve = curve self.public = public self.private = private if self.curve is None: self.unknown_curve = True self.size = 0 self.keys = (self.private, self.public) else: self.unknown_curve = False self.size = nb_bits(self.curve.field.p) self.keys = ec.Keypair(curve, self.private, self.public) super(ECDHKeyStore, self).__init__("ECDH Keystore", public, private)
def test_client_ecdh_parameters_generation_matches_fixed_data(self): tls_ctx = tlsc.TLSSessionCtx() secp256r1 = reg.get_curve("secp256r1") public = ec.Point(secp256r1, 71312736565121892539464098105317518227531978702333415386264829982789952731614, 108064706642599821618918248475955325719985341096102200103424860263181813987462) tls_ctx.server_ctx.kex_keystore = tlsk.ECDHKeyStore(secp256r1, public) client_privkey = 15320484772785058360598040144348894600917526501829289880527760633524785596585 client_keys = ec.Keypair(secp256r1, client_privkey) client_pubkey = tls_ctx.get_client_ecdh_pubkey(client_privkey) self.assertTrue(client_pubkey.startswith("\x04")) self.assertEqual("\x04%s%s" % (tlsc.int_to_str(client_keys.pub.x), tlsc.int_to_str(client_keys.pub.y)), client_pubkey) self.assertEqual(client_keys.pub, tls_ctx.client_ctx.kex_keystore.public) self.assertEqual("'(\x17\x94l\xd7AO\x03\xd4Fi\x05}mP\x1aX5C7\xf0_\xa9\xb0\xac\xba{r\x1f\x12\x8f", tls_ctx.premaster_secret)
def driveKeys(self): #pk= ec.generate_private_key(ec.SECP256R1, backend) ec_curve = ec_reg.get_curve('secp256r1') server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve)) client_keypair=pickle.load(open('clientpriv')) secret_point = ec.ECDH(client_keypair).get_secret(server_keypair) mk = int_to_str(secret_point.x) pshare=self.prf.get_bytes(mk,'master secret',self.clientrandom+self.serverrandom,num_bytes=48) target_len=128 blockkey=self.prf.get_bytes(pshare,'key expansion',self.serverrandom+self.clientrandom,num_bytes=target_len) print [ord(i) for i in blockkey] i = 0 self.client_write_MAC_key = blockkey[i:i+self.mac_key_length] i += self.mac_key_length self.server_write_MAC_key = blockkey[i:i+self.mac_key_length] i += self.mac_key_length self.client_write_key = blockkey[i:i+self.cipher_key_length] i += self.cipher_key_length self.server_write_key = blockkey[i:i+self.cipher_key_length] i += self.cipher_key_length self.client_write_IV = blockkey[i:i+self.iv_length] i += self.iv_length self.server_write_IV = blockkey[i:i+self.iv_length] i += self.iv_length self.httpcarry='' self.initDecryptor() #print [ord(i) for i in self.clientrandom] #print [ord(i) for i in self.serverrandom] #print [ord(i) for i in self.ivkey] print 'Keys are in place'
def test_when_no_keys_are_provided_then_error_is_raised(self): with self.assertRaises(ValueError): ec.Keypair(self.curve, None, None)