forked from DDJeri/ikev2_client-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
executable file
·49 lines (39 loc) · 2.05 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env python
# -*- coding:utf-8 -*-
from OpenSSL.crypto import load_privatekey, FILETYPE_ASN1,FILETYPE_PEM, sign,load_certificate,verify
import hmac
import hashlib
from binascii import b2a_hex, a2b_hex
from Crypto.Util.number import long_to_bytes, bytes_to_long
def priv_sign(signed,length):
# 私钥签名验证auth载荷
#ID initiator 载荷
RealMessage1 = signed[:length]
Nr = signed[length:length+32]
length += 32
sk_pi = signed[length:length+32]
length += 32
InitIDPayload = signed[length:len(signed)]
MACedIDForI = a2b_hex(hmac.new(sk_pi, InitIDPayload, digestmod=hashlib.sha256).hexdigest()) #hash值
#整个IKE数据包
InitiatorSignedOctets = RealMessage1 + Nr + MACedIDForI #签名内容
key = load_privatekey(FILETYPE_PEM, open("/home/sjx/桌面/clientkey.pem").read(),'123456')
AuthenticationPayloadOfInitiator = sign(key,InitiatorSignedOctets,'sha256') # 签名值
return AuthenticationPayloadOfInitiator,InitiatorSignedOctets #####测试
def pubkey_verify(buffer,signature,data,sha):
#modules = "00e096525f9f20f1b55f3ab017f74d20f75487d92977c7e60b251fe51e1f84eb338469dc21835995635e77067575ff5f6281784850ac14a58beb1fcbe935b124e531d236ea34ffa7bcc6299a3ee62272b398c342427ee052da2c55a5dd57ec38bab92afcca36464b3f7c26d5e29a24b87bec18a0f27f2232174ccec0d2acbfd673"
# e = int(e,16) #65537
# n = int(modules, 16)
# key = rsa.RSAPublicNumbers(e, n).public_key(default_backend())
# print type(key)
# pem = key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)
# with open('./pubkey.pem', 'w+') as f:
# f.writelines(pem.decode())
# #pubkey = load_publickey(FILETYPE_PEM,open("pubkey.pem").read())
# return verify("pubkey.pem",sign,data,'sha256')
#key = pow(bytes_to_long(signature), bytes_to_long(e), bytes_to_long(modules)) # B**a % p == g**ba % p
#print b2a_hex(long_to_bytes(key,32))
#print hashlib.sha256(data).hexdigest()
#return a2b_hex(hashlib.sha256(data).hexdigest()) == long_to_bytes(key,256)
cert = load_certificate(FILETYPE_ASN1,buffer)
verify(cert,signature,data,sha)