def QUICK2(self):
self.set_nonce()
self.set_state(State.QUICK2)
sapayload = payloads.SA(proposals = [
proposal.Proposal(None,1,const.ProtocolID.ESP , spi_len = 4,transforms = [
(('HMAC_SHA','TUNNEL'),128,)
])
],next_payload=payloads.Type.Nonce)
self.set_esp_SPIin(sapayload.spi)
noncepayload = payloads.Nonce(nonce = self.Nb)
data = struct.pack('!L',self.message_id) + self.Npeerb + sapayload.__bytes__() + self.Nb
hash_data = hmac.new(self.SK_a, data, digestmod=sha1).digest()
hashpayload = payloads.HASH(hash_data=hash_data,next_payload=payloads.Type.SA)
plain_text = hashpayload.__bytes__() + sapayload.__bytes__() + noncepayload.__bytes__()
#padding = AES128.padding(plain_text,self.symmetric / 8)
padding = sm4.padding(plain_text,self.symmetric / 8)
#Encrypted = AES128.encrypt(self.iven,self.SK_e,padding)
Encrypted = sm4.cbc(1,padding,self.SK_e,self.iven)
self.iven = Encrypted[-16:]
pay = list()
pay.append(hashpayload)
pay.append(sapayload)
pay.append(noncepayload)
return self.send(pay)[:const.IKE_HEADER.size - 4] + struct.pack('!L',len(padding)+const.IKE_HEADER.size) + Encrypted
def init2(self):
self.set_rSPI()
pay = list()
pay.append(payloads.SA(proposals = [
proposal.Proposal(None,1,const.ProtocolID.IKE , transforms = [
(('SM1','SHA','CERT'),1,)
])
]))
pay.append(payloads.CERT(cert_data = open('../ca.der').read()))
pay.append(payloads.CERT(cert_data = open('../client.der').read()))
return self.send(pay)
def auth_send(
self,
flag=True): #flag = true: initiator flag = flase: responder
"""
Generates the second (IKE_AUTH) packet for Initiator
:return: bytes() containing a valid IKE_INIT packet
"""
#assert len(self.packets) == 2
packet = Packet(exchange_type=const.ExchangeType.IKE_AUTH,
iSPI=self.iSPI,
rSPI=self.rSPI,
flag=flag)
if flag:
# Add IDi (35)
id_payload = payloads.IDi()
packet.add_payload(id_payload)
# Add AUTH (39)
#signed_octets = bytes(self.packets[0]) + self.Nr + prf(self.SK_pi, id_payload._data)
ikedata = self.packets[0].__bytes__()
signed_octets = ikedata + self.Nr + self.SK_pi + id_payload._data
packet.add_payload(
payloads.AUTH(signed_octets, length=len(ikedata)))
#print b2a_hex(packet.payloads[-1].__bytes__())
# Add SA (33)
self.esp_SPIin = os.urandom(4)
packet.add_payload(
payloads.SA(proposals=[
proposal.Proposal(protocol=const.ProtocolID.ESP,
spi=self.esp_SPIin,
last=True,
transforms=[('ENCR_AES_CBC',
128), ('ESN', ),
('AUTH_HMAC_SHA1_96', )])
]))
#print b2a_hex(packet.payloads[-1].__bytes__())
#接口
cakeyinfo = open('../ca.der').read()
cakeyinfo = cakeyinfo[195:195 + 162]
hashinfo = sha1(cakeyinfo).hexdigest()
packet.add_payload(
payloads.CERTREQ(auth_data=binascii.a2b_hex(hashinfo)))
#接口
packet.add_payload(
payloads.CERT(cert_data=open('../client.der').read()))
# Add TSi (44)
leftaddress = self.left[0]
leftaddress = leftaddress.split('.')
left = int(leftaddress[0]) * 256**3 + int(
leftaddress[1]) * 256**2 + int(leftaddress[2]) * 256**1 + int(
leftaddress[3]) * 256**0
packet.add_payload(payloads.TSi(lsubnet=left, rsubnet=left + 255))
# Add TSr (45)
rightaddress = self.right[0]
rightaddress = rightaddress.split('.')
right = int(rightaddress[0]) * 256**3 + int(
rightaddress[1]) * 256**2 + int(
rightaddress[2]) * 256**1 + int(rightaddress[3]) * 256**0
packet.add_payload(payloads.TSr(lsubnet=right,
rsubnet=right + 255))
# Add N(INITIAL_CONTACT)
packet.add_payload(
payloads.Notify(notify_type=const.MessageType.INITIAL_CONTACT))
self.packets.append(packet)
nopadding = packet.__bytes__() ##########
#print b2a_hex(nopadding),len(nopadding)
else:
# Add IDr (36)
id_payload = payloads.IDr()
packet.add_payload(id_payload)
# Add AUTH (39)
#signed_octets = bytes(self.packets[0]) + self.Nr + prf(self.SK_pi, id_payload._data)
ikedata = self.packets[1].__bytes__()
signed_octets = ikedata + self.Ni + self.SK_pr + id_payload._data
packet.add_payload(
payloads.AUTH(signed_octets, length=len(ikedata)))
self.esp_SPIin = os.urandom(4)
packet.add_payload(
payloads.SA(proposals=[
proposal.Proposal(protocol=const.ProtocolID.ESP,
spi=self.esp_SPIin,
last=True,
transforms=[('ENCR_AES_CBC',
128), ('ESN', ),
('AUTH_HMAC_SHA1_96', )])
]))
packet.add_payload(
payloads.CERT(cert_data=open('../client.der').read()))
# Add TSi (44)
rightaddress = self.right[0]
rightaddress = rightaddress.split('.')
right = int(rightaddress[0]) * 256**3 + int(
rightaddress[1]) * 256**2 + int(
rightaddress[2]) * 256**1 + int(rightaddress[3]) * 256**0
packet.add_payload(payloads.TSi(lsubnet=right,
rsubnet=right + 255))
# Add TSr (45)
leftaddress = self.left[0]
leftaddress = leftaddress.split('.')
left = int(leftaddress[0]) * 256**3 + int(
leftaddress[1]) * 256**2 + int(leftaddress[2]) * 256**1 + int(
leftaddress[3]) * 256**0
packet.add_payload(payloads.TSr(lsubnet=left, rsubnet=left + 255))
# Add N(INITIAL_CONTACT)
packet.add_payload(
payloads.Notify(notify_type=const.MessageType.INITIAL_CONTACT))
self.packets.append(packet)
nopadding = packet.__bytes__() ##########
a = int(ceil((len(nopadding) - 28) / 16.0))
b = a * 16 - (len(nopadding) - 28)
if b > 0:
padding = nopadding + b'\x01' * (b - 1) + struct.pack('!B', b - 1)
else:
padding = nopadding
self.state = State.AUTH
iv = os.urandom(16)
if flag:
ciphertext = AES128.encrypt(iv, self.SK_ei, padding)
else:
ciphertext = AES128.encrypt(iv, self.SK_er, padding)
final = Packet(exchange_type=packet.exchange_type,
iSPI=packet.iSPI,
rSPI=packet.rSPI,
message_id=1,
flag=flag)
sk = payloads.SK(next_payload=packet.payloads[0]._type,
iv=iv,
ciphertext=ciphertext)
final.add_payload(sk)
data = final.__bytes__()
if flag:
sign = AES128.hash256(iv, self.SK_ai, data)
else:
sign = AES128.hash256(iv, self.SK_ar, data)
data = data[:-16] + sign[:16]
return data
def post(self):
logging.debug('SubmitNewProposalForRequest.post() request.body=' +
self.request.body)
# Collect inputs
requestLogId = os.environ.get(conf.REQUEST_LOG_ID)
responseData = {'success': False, 'requestLogId': requestLogId}
inputData = json.loads(self.request.body)
logging.debug('SubmitNewProposalForRequest.post() inputData=' +
str(inputData))
requestLinkKeyStr = inputData['requestId']
title = text.formTextToStored(inputData['title'])
detail = text.formTextToStored(inputData['detail'])
initialReason1 = text.formTextToStored(
inputData.get('initialReason1', None))
initialReason2 = text.formTextToStored(
inputData.get('initialReason2', None))
initialReason3 = text.formTextToStored(
inputData.get('initialReason3', None))
browserCrumb = inputData['crumb']
loginCrumb = inputData.get('crumbForLogin', '')
logging.debug('SubmitNewProposalForRequest.post() requestLinkKeyStr=' +
str(requestLinkKeyStr) + ' title=' + str(title) +
' detail=' + str(detail) + ' browserCrumb=' +
str(browserCrumb) + ' loginCrumb=' + str(loginCrumb))
cookieData = httpServer.validate(self.request, inputData, responseData,
self.response)
if not cookieData.valid(): return
userId = cookieData.id()
# Check proposal length
if not httpServer.isLengthOk(title, detail, conf.minLengthProposal):
return httpServer.outputJson(cookieData,
responseData,
self.response,
errorMessage=conf.TOO_SHORT)
initialReasons = [
r for r in [initialReason1, initialReason2, initialReason3]
if r is not None
]
for initialReason in initialReasons:
if initialReason is not None and not httpServer.isLengthOk(
initialReason, None, conf.minLengthReason):
httpServer.outputJsonError(conf.REASON_TOO_SHORT, responseData,
self.response)
return
# Require link-key, and convert it to requestId.
if requestLinkKeyStr is None:
httpServer.outputJsonError('requestLinkKeyStr is null',
responseData, self.response)
return
requestLinkKeyRec = linkKey.LinkKey.get_by_id(requestLinkKeyStr)
logging.debug('SubmitNewProposalForRequest.post() requestLinkKeyRec=' +
str(requestLinkKeyRec))
if requestLinkKeyRec is None:
httpServer.outputJsonError('requestLinkKey not found',
responseData, self.response)
return
if requestLinkKeyRec.destinationType != conf.REQUEST_CLASS_NAME:
httpServer.outputJsonError('requestLinkKey not a request',
responseData, self.response)
return
requestId = requestLinkKeyRec.destinationId
if requestLinkKeyRec.loginRequired and not cookieData.loginId:
return httpServer.outputJson(cookieData,
responseData,
self.response,
errorMessage=conf.NO_LOGIN)
# Get user id from cookie
requestRec = requestForProposals.RequestForProposals.get_by_id(
int(requestId))
if not requestRec: return
# Construct new proposal record
proposalRecord = proposal.Proposal(
requestId=requestId,
creator=userId,
title=title,
detail=detail,
allowEdit=(len(initialReasons) == 0))
# Store proposal record
proposalRecordKey = proposalRecord.put()
proposalId = str(proposalRecordKey.id())
logging.debug('proposalRecordKey.id={}'.format(proposalRecordKey.id()))
# For each initial reason...
reasonDisplays = []
for initialReason in initialReasons:
# Construct new reason record.
reasonRecord = reason.Reason(requestId=requestId,
proposalId=proposalId,
creator=userId,
proOrCon=conf.PRO,
content=initialReason,
allowEdit=True)
# Store reason record.
reasonRecordKey = reasonRecord.put()
logging.debug('reasonRecordKey={}'.format(reasonRecordKey))
# Convert reason for display.
reasonDisplays.append(
httpServer.reasonToDisplay(reasonRecord, userId))
# Display proposal.
proposalDisplay = httpServer.proposalToDisplay(proposalRecord, userId)
responseData.update({
'success': True,
'proposal': proposalDisplay,
'reasons': reasonDisplays
})
httpServer.outputJson(cookieData, responseData, self.response)
# Mark request-for-proposals as not editable.
if (requestRec.allowEdit):
requestForProposals.setEditable(requestId, False)
def post(self):
logging.debug('SubmitNewProposal.post() request.body=' +
self.request.body)
# Collect inputs
requestLogId = os.environ.get(conf.REQUEST_LOG_ID)
responseData = {'success': False, 'requestLogId': requestLogId}
inputData = json.loads(self.request.body)
logging.debug('SubmitNewProposal.post() inputData=' + str(inputData))
title = text.formTextToStored(inputData.get('title', ''))
detail = text.formTextToStored(inputData.get('detail', ''))
loginRequired = inputData.get('loginRequired', False)
browserCrumb = inputData.get('crumb', '')
loginCrumb = inputData.get('crumbForLogin', '')
logging.debug('SubmitNewProposal.post() title=' + str(title) +
' detail=' + str(detail) + ' browserCrumb=' +
str(browserCrumb) + ' loginCrumb=' + str(loginCrumb) +
' loginRequired=' + str(loginRequired))
# Voter login not required to create initial proposal, though login may be required to use proposal
cookieData = httpServer.validate(self.request,
inputData,
responseData,
self.response,
loginRequired=loginRequired)
if not cookieData.valid(): return
userId = cookieData.id()
# Check proposal length.
if not httpServer.isLengthOk(title, detail, conf.minLengthProposal):
return httpServer.outputJson(responseData,
self.response,
errorMessage=conf.TOO_SHORT)
# Construct new proposal record.
proposalRecord = proposal.Proposal(
creator=userId,
title=title,
detail=detail,
allowEdit=True,
)
# Store proposal record.
proposalRecordKey = proposalRecord.put()
logging.debug('proposalRecordKey.id={}'.format(proposalRecordKey.id()))
# Construct and store link key.
proposalId = str(proposalRecordKey.id())
proposalLinkKeyRecord = httpServer.createAndStoreLinkKey(
conf.PROPOSAL_CLASS_NAME, proposalId, loginRequired, cookieData)
# Display proposal
linkKeyDisplay = httpServer.linkKeyToDisplay(proposalLinkKeyRecord)
proposalDisplay = httpServer.proposalToDisplay(proposalRecord, userId)
responseData.update({
'success': True,
'linkKey': linkKeyDisplay,
'proposal': proposalDisplay
})
httpServer.outputJson(cookieData, responseData, self.response)