def QUICK2(self): self.set_nonce() self.set_state(State.QUICK2) sapayload = payloads.SA(proposals = [ proposal.Proposal(None,1,const.ProtocolID.ESP , spi_len = 4,transforms = [ (('HMAC_SHA','TUNNEL'),128,) ]) ],next_payload=payloads.Type.Nonce) self.set_esp_SPIin(sapayload.spi) noncepayload = payloads.Nonce(nonce = self.Nb) data = struct.pack('!L',self.message_id) + self.Npeerb + sapayload.__bytes__() + self.Nb hash_data = hmac.new(self.SK_a, data, digestmod=sha1).digest() hashpayload = payloads.HASH(hash_data=hash_data,next_payload=payloads.Type.SA) plain_text = hashpayload.__bytes__() + sapayload.__bytes__() + noncepayload.__bytes__() #padding = AES128.padding(plain_text,self.symmetric / 8) padding = sm4.padding(plain_text,self.symmetric / 8) #Encrypted = AES128.encrypt(self.iven,self.SK_e,padding) Encrypted = sm4.cbc(1,padding,self.SK_e,self.iven) self.iven = Encrypted[-16:] pay = list() pay.append(hashpayload) pay.append(sapayload) pay.append(noncepayload) return self.send(pay)[:const.IKE_HEADER.size - 4] + struct.pack('!L',len(padding)+const.IKE_HEADER.size) + Encrypted
def init2(self): self.set_rSPI() pay = list() pay.append(payloads.SA(proposals = [ proposal.Proposal(None,1,const.ProtocolID.IKE , transforms = [ (('SM1','SHA','CERT'),1,) ]) ])) pay.append(payloads.CERT(cert_data = open('../ca.der').read())) pay.append(payloads.CERT(cert_data = open('../client.der').read())) return self.send(pay)
def auth_send( self, flag=True): #flag = true: initiator flag = flase: responder """ Generates the second (IKE_AUTH) packet for Initiator :return: bytes() containing a valid IKE_INIT packet """ #assert len(self.packets) == 2 packet = Packet(exchange_type=const.ExchangeType.IKE_AUTH, iSPI=self.iSPI, rSPI=self.rSPI, flag=flag) if flag: # Add IDi (35) id_payload = payloads.IDi() packet.add_payload(id_payload) # Add AUTH (39) #signed_octets = bytes(self.packets[0]) + self.Nr + prf(self.SK_pi, id_payload._data) ikedata = self.packets[0].__bytes__() signed_octets = ikedata + self.Nr + self.SK_pi + id_payload._data packet.add_payload( payloads.AUTH(signed_octets, length=len(ikedata))) #print b2a_hex(packet.payloads[-1].__bytes__()) # Add SA (33) self.esp_SPIin = os.urandom(4) packet.add_payload( payloads.SA(proposals=[ proposal.Proposal(protocol=const.ProtocolID.ESP, spi=self.esp_SPIin, last=True, transforms=[('ENCR_AES_CBC', 128), ('ESN', ), ('AUTH_HMAC_SHA1_96', )]) ])) #print b2a_hex(packet.payloads[-1].__bytes__()) #接口 cakeyinfo = open('../ca.der').read() cakeyinfo = cakeyinfo[195:195 + 162] hashinfo = sha1(cakeyinfo).hexdigest() packet.add_payload( payloads.CERTREQ(auth_data=binascii.a2b_hex(hashinfo))) #接口 packet.add_payload( payloads.CERT(cert_data=open('../client.der').read())) # Add TSi (44) leftaddress = self.left[0] leftaddress = leftaddress.split('.') left = int(leftaddress[0]) * 256**3 + int( leftaddress[1]) * 256**2 + int(leftaddress[2]) * 256**1 + int( leftaddress[3]) * 256**0 packet.add_payload(payloads.TSi(lsubnet=left, rsubnet=left + 255)) # Add TSr (45) rightaddress = self.right[0] rightaddress = rightaddress.split('.') right = int(rightaddress[0]) * 256**3 + int( rightaddress[1]) * 256**2 + int( rightaddress[2]) * 256**1 + int(rightaddress[3]) * 256**0 packet.add_payload(payloads.TSr(lsubnet=right, rsubnet=right + 255)) # Add N(INITIAL_CONTACT) packet.add_payload( payloads.Notify(notify_type=const.MessageType.INITIAL_CONTACT)) self.packets.append(packet) nopadding = packet.__bytes__() ########## #print b2a_hex(nopadding),len(nopadding) else: # Add IDr (36) id_payload = payloads.IDr() packet.add_payload(id_payload) # Add AUTH (39) #signed_octets = bytes(self.packets[0]) + self.Nr + prf(self.SK_pi, id_payload._data) ikedata = self.packets[1].__bytes__() signed_octets = ikedata + self.Ni + self.SK_pr + id_payload._data packet.add_payload( payloads.AUTH(signed_octets, length=len(ikedata))) self.esp_SPIin = os.urandom(4) packet.add_payload( payloads.SA(proposals=[ proposal.Proposal(protocol=const.ProtocolID.ESP, spi=self.esp_SPIin, last=True, transforms=[('ENCR_AES_CBC', 128), ('ESN', ), ('AUTH_HMAC_SHA1_96', )]) ])) packet.add_payload( payloads.CERT(cert_data=open('../client.der').read())) # Add TSi (44) rightaddress = self.right[0] rightaddress = rightaddress.split('.') right = int(rightaddress[0]) * 256**3 + int( rightaddress[1]) * 256**2 + int( rightaddress[2]) * 256**1 + int(rightaddress[3]) * 256**0 packet.add_payload(payloads.TSi(lsubnet=right, rsubnet=right + 255)) # Add TSr (45) leftaddress = self.left[0] leftaddress = leftaddress.split('.') left = int(leftaddress[0]) * 256**3 + int( leftaddress[1]) * 256**2 + int(leftaddress[2]) * 256**1 + int( leftaddress[3]) * 256**0 packet.add_payload(payloads.TSr(lsubnet=left, rsubnet=left + 255)) # Add N(INITIAL_CONTACT) packet.add_payload( payloads.Notify(notify_type=const.MessageType.INITIAL_CONTACT)) self.packets.append(packet) nopadding = packet.__bytes__() ########## a = int(ceil((len(nopadding) - 28) / 16.0)) b = a * 16 - (len(nopadding) - 28) if b > 0: padding = nopadding + b'\x01' * (b - 1) + struct.pack('!B', b - 1) else: padding = nopadding self.state = State.AUTH iv = os.urandom(16) if flag: ciphertext = AES128.encrypt(iv, self.SK_ei, padding) else: ciphertext = AES128.encrypt(iv, self.SK_er, padding) final = Packet(exchange_type=packet.exchange_type, iSPI=packet.iSPI, rSPI=packet.rSPI, message_id=1, flag=flag) sk = payloads.SK(next_payload=packet.payloads[0]._type, iv=iv, ciphertext=ciphertext) final.add_payload(sk) data = final.__bytes__() if flag: sign = AES128.hash256(iv, self.SK_ai, data) else: sign = AES128.hash256(iv, self.SK_ar, data) data = data[:-16] + sign[:16] return data
def post(self): logging.debug('SubmitNewProposalForRequest.post() request.body=' + self.request.body) # Collect inputs requestLogId = os.environ.get(conf.REQUEST_LOG_ID) responseData = {'success': False, 'requestLogId': requestLogId} inputData = json.loads(self.request.body) logging.debug('SubmitNewProposalForRequest.post() inputData=' + str(inputData)) requestLinkKeyStr = inputData['requestId'] title = text.formTextToStored(inputData['title']) detail = text.formTextToStored(inputData['detail']) initialReason1 = text.formTextToStored( inputData.get('initialReason1', None)) initialReason2 = text.formTextToStored( inputData.get('initialReason2', None)) initialReason3 = text.formTextToStored( inputData.get('initialReason3', None)) browserCrumb = inputData['crumb'] loginCrumb = inputData.get('crumbForLogin', '') logging.debug('SubmitNewProposalForRequest.post() requestLinkKeyStr=' + str(requestLinkKeyStr) + ' title=' + str(title) + ' detail=' + str(detail) + ' browserCrumb=' + str(browserCrumb) + ' loginCrumb=' + str(loginCrumb)) cookieData = httpServer.validate(self.request, inputData, responseData, self.response) if not cookieData.valid(): return userId = cookieData.id() # Check proposal length if not httpServer.isLengthOk(title, detail, conf.minLengthProposal): return httpServer.outputJson(cookieData, responseData, self.response, errorMessage=conf.TOO_SHORT) initialReasons = [ r for r in [initialReason1, initialReason2, initialReason3] if r is not None ] for initialReason in initialReasons: if initialReason is not None and not httpServer.isLengthOk( initialReason, None, conf.minLengthReason): httpServer.outputJsonError(conf.REASON_TOO_SHORT, responseData, self.response) return # Require link-key, and convert it to requestId. if requestLinkKeyStr is None: httpServer.outputJsonError('requestLinkKeyStr is null', responseData, self.response) return requestLinkKeyRec = linkKey.LinkKey.get_by_id(requestLinkKeyStr) logging.debug('SubmitNewProposalForRequest.post() requestLinkKeyRec=' + str(requestLinkKeyRec)) if requestLinkKeyRec is None: httpServer.outputJsonError('requestLinkKey not found', responseData, self.response) return if requestLinkKeyRec.destinationType != conf.REQUEST_CLASS_NAME: httpServer.outputJsonError('requestLinkKey not a request', responseData, self.response) return requestId = requestLinkKeyRec.destinationId if requestLinkKeyRec.loginRequired and not cookieData.loginId: return httpServer.outputJson(cookieData, responseData, self.response, errorMessage=conf.NO_LOGIN) # Get user id from cookie requestRec = requestForProposals.RequestForProposals.get_by_id( int(requestId)) if not requestRec: return # Construct new proposal record proposalRecord = proposal.Proposal( requestId=requestId, creator=userId, title=title, detail=detail, allowEdit=(len(initialReasons) == 0)) # Store proposal record proposalRecordKey = proposalRecord.put() proposalId = str(proposalRecordKey.id()) logging.debug('proposalRecordKey.id={}'.format(proposalRecordKey.id())) # For each initial reason... reasonDisplays = [] for initialReason in initialReasons: # Construct new reason record. reasonRecord = reason.Reason(requestId=requestId, proposalId=proposalId, creator=userId, proOrCon=conf.PRO, content=initialReason, allowEdit=True) # Store reason record. reasonRecordKey = reasonRecord.put() logging.debug('reasonRecordKey={}'.format(reasonRecordKey)) # Convert reason for display. reasonDisplays.append( httpServer.reasonToDisplay(reasonRecord, userId)) # Display proposal. proposalDisplay = httpServer.proposalToDisplay(proposalRecord, userId) responseData.update({ 'success': True, 'proposal': proposalDisplay, 'reasons': reasonDisplays }) httpServer.outputJson(cookieData, responseData, self.response) # Mark request-for-proposals as not editable. if (requestRec.allowEdit): requestForProposals.setEditable(requestId, False)
def post(self): logging.debug('SubmitNewProposal.post() request.body=' + self.request.body) # Collect inputs requestLogId = os.environ.get(conf.REQUEST_LOG_ID) responseData = {'success': False, 'requestLogId': requestLogId} inputData = json.loads(self.request.body) logging.debug('SubmitNewProposal.post() inputData=' + str(inputData)) title = text.formTextToStored(inputData.get('title', '')) detail = text.formTextToStored(inputData.get('detail', '')) loginRequired = inputData.get('loginRequired', False) browserCrumb = inputData.get('crumb', '') loginCrumb = inputData.get('crumbForLogin', '') logging.debug('SubmitNewProposal.post() title=' + str(title) + ' detail=' + str(detail) + ' browserCrumb=' + str(browserCrumb) + ' loginCrumb=' + str(loginCrumb) + ' loginRequired=' + str(loginRequired)) # Voter login not required to create initial proposal, though login may be required to use proposal cookieData = httpServer.validate(self.request, inputData, responseData, self.response, loginRequired=loginRequired) if not cookieData.valid(): return userId = cookieData.id() # Check proposal length. if not httpServer.isLengthOk(title, detail, conf.minLengthProposal): return httpServer.outputJson(responseData, self.response, errorMessage=conf.TOO_SHORT) # Construct new proposal record. proposalRecord = proposal.Proposal( creator=userId, title=title, detail=detail, allowEdit=True, ) # Store proposal record. proposalRecordKey = proposalRecord.put() logging.debug('proposalRecordKey.id={}'.format(proposalRecordKey.id())) # Construct and store link key. proposalId = str(proposalRecordKey.id()) proposalLinkKeyRecord = httpServer.createAndStoreLinkKey( conf.PROPOSAL_CLASS_NAME, proposalId, loginRequired, cookieData) # Display proposal linkKeyDisplay = httpServer.linkKeyToDisplay(proposalLinkKeyRecord) proposalDisplay = httpServer.proposalToDisplay(proposalRecord, userId) responseData.update({ 'success': True, 'linkKey': linkKeyDisplay, 'proposal': proposalDisplay }) httpServer.outputJson(cookieData, responseData, self.response)