def client(sock_type, do_wrap, listen_addr): do_patch() # we might be in a new process sock = socket.socket(AF_INET4_6, sock_type) if do_wrap: wrap = ssl.wrap_socket(sock, ciphers="NULL") else: wrap = sock wrap.connect(listen_addr) transfer_out(wrap) drops = transfer_in(wrap) wrap.shutdown(socket.SHUT_RDWR) wrap.close() return drops
def init_config(self, **args): """Initialize the package configuration according to the configuration file. Usually, this function should be called before other function calls. It reads the configuration files according to the given keywords list and initialize the DTLS environment. The acceptable keywords are: config, SK, CERT, TYPE, CACERT, CERT_REQS. Specifically, the keyword "config" sets the configuration file of the class. If arguments are passed to this function, the specified configuration file will be updated. :param args: dictionary of passed arguments. """ if args.get('config', '') != '': self.dtls_cnf = os.path.expanduser(args['config']) if not os.path.isfile(self.dtls_cnf): raise IOError('configuration file \"' + self.dtls_cnf + '\" doesn\'t exist or it is not a file.') self.config = self.utl.read_config(self.dtls_cnf, self.config) # Set run-time configuration which will overwrite the settings in configuration file. update = 0 for key, value in self.config.iteritems(): if args.get(key, '') != '' and args[key] is not None: self.config[key] = args[key] update += 1 if update > 0: self.utl.update_config(self.dtls_cnf, self.config) # Backup configuration file self.utl.call('cp -f ' + self.dtls_cnf + ' ' + self.config['TYPE'] + '.dtls.bck', shell=True) do_patch()
def send_with_dtlslib(self, address): from os import path import ssl from logging import basicConfig, DEBUG basicConfig(level=DEBUG) # set now for dtls import code from dtls import do_patch from dtls.wrapper import DtlsSocket import socket import os do_patch() ISSUER_CERTFILE_EC = os.path.join( os.path.dirname(__file__) or os.curdir, "certs", "ca-cert_ec.pem") cert_path = path.join(path.abspath(path.dirname(__file__)), "certs") s = DtlsSocket( socket.socket(socket.AF_INET, socket.SOCK_DGRAM), keyfile=None, certfile=None, # cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_DTLSv1_2, ca_certs=ISSUER_CERTFILE_EC, ciphers='ECDHE:EECDH', curves='prime256v1', sigalgs=None, user_mtu=None) s.connect(address) s.send('Hi there'.encode()) print(s.recv().decode()) s = s.unwrap() s.close()
def main(): do_patch() # applies DTLS patches to openssl host = sys.argv[1] port = int(sys.argv[2]) if check(host, port): print "Vulnerable!" else: print "Not vulnerable!"
def main(): do_patch() # applies DTLS patches to openssl host = sys.argv[1] port = int(sys.argv[2]) if check(host, port): print "Vulnerable!" f = open("BlueGate.txt", "a") f.write(sys.argv[1]) f.write("\n") f.close() else: print "Not vulnerable!"
def __init__(self, request_handler, connector, address="0.0.0.0", server_port=5682, ssl_args=None, *args, **kw): """Initializes the CoAP server. :param request_handler: Handler called with generated RequestIndications :param connector: Base uri used to reach this server (coap://IP:PORT or coaps://IP:PORT) :param address: IP listening to :param server_port: Port listening to :param ssl_args: contains two keywords: "keyfile" and "certfile" containing paths to respective files, None for regular CoAP """ self.server_port = server_port self.connector = connector self.request_handler = request_handler self.subs = {} self.address = address if address == "::": self.__addresses = self._get_addresses(AF_INET6) | \ self._get_addresses(AF_INET) self._resolve_host = self._resolve_host_ipv6 elif address in ("", "0.0.0.0"): self.__addresses = self._get_addresses(AF_INET) else: self.__addresses = get_iterable(address) do_patch() self.logger.debug("Starting Coap Server on %s:%s" % (self.address, self.server_port)) if ssl_args: self.server = DtlsServer((address, self.server_port), self.handle_request, **ssl_args) else: self.server = DatagramServer((address, self.server_port), self.handle_request) self.block1_pending_payload = {} self.block2_pending_payload = {} self.actual_requests = [] self.req_queue = Queue.Queue() start_new_thread(self.request_runner, ())
def __init__(self, host, port): #print("server_key:"+pem_server_key) #print("ca_cert :"+pem_server_key) #logger.debug("cert_chain :"+cert_chain) #inicializacao do DTLS self.sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # do_patch() self.sock = wrap_server( sock=self.sock, keyfile=caminho_serv_key, #pem_server_key, certfile=caminho_server_cert, #pem_server_key)#, ca_certs=caminho_ca_cert, #, ciphers="ECDHE+AESGCM") #pem_server_key) #cert_reqs, #ssl_version, #, #do_handshake_on_connect, #suppress_ragged_eofs, #ciphers, #curves, #sigalgs, #user_mtu, #server_key_exchange_curve, #server_cert_options logger.debug("inicializou socket ssl") #self.sock.bind((host,port)) self.sock.bind(host_address) self.sock.listen(0) logger.debug("fez o bind") self.server = CoAP((host, port), starting_mid=None, sock=self.sock) logger.debug("instanciou servidor") #CoAP.__init__(self, (host, port)) self.server.add_resource('basic/', BasicResource()) self.server.add_resource('teste', TesteResource()) self.server.add_resource('sala/teste', TesteResource()) self.server.add_resource('jardim/teste', TesteResource()) logger.debug("adicionou recursos")
#define TLS_ENCRYPTION "AES128-CCM-8" #define TLS_CIPHER_SUITE TLS_AUTHENTICATION "-" TLS_ENCRYPTION """ # pip install Dtls import ssl from socket import socket, AF_INET, SOCK_DGRAM from dtls import do_patch do_patch() # https://docs.python.org/3/library/ssl.html#ssl.SSLContext.set_ciphers context = ssl.create_default_context() context.set_ciphers('ECDHE-ECDSA-AES128-CCM8') sock = socket(AF_INET, SOCK_DGRAM) sslsock = ssl.wrap_socket(sock) sslsock.connect(('omnireltest2.dev.cyanconnode.com', 5684)) sslsock.send('Hi there')
if args.server: start_client_manager(args.server) suites = { "Raw TCP": (socket.SOCK_STREAM, False), "Raw UDP": (socket.SOCK_DGRAM, False), "SSL (TCP)": (socket.SOCK_STREAM, True), "DTLS (UDP)": (socket.SOCK_DGRAM, True), } selector = { 0: "Exit", 1: "Raw TCP", 2: "Raw UDP", 3: "SSL (TCP)", 4: "DTLS (UDP)", } do_patch() while True: print("\nSelect protocol:\n") for key in sorted(selector): print("\t" + str(key) + ": " + selector[key]) try: choice = input("\nProtocol: ") choice = int(choice) if choice < 0 or choice >= len(selector): raise ValueError("Invalid selection input") except (ValueError, OverflowError): print("Invalid selection input") continue except EOFError: break if not choice:
def main(): do_patch() # applies DTLS patches to openssl host = sys.argv[1] port = int(sys.argv[2]) dos(host, port)
import threading from ctypes import ( c_char, c_char_p, c_int, c_uint, c_void_p, CFUNCTYPE, POINTER, memmove, ) import dtls dtls.do_patch() _LOGGER = logging.getLogger(__name__) SSL_CB_ALERT = 0x4000 # /* used in callback */ CLIENTPSKFUNC = CFUNCTYPE( c_uint, c_void_p, c_char_p, POINTER(c_char), c_uint, POINTER(c_char), c_uint, ) SERVERPSKFUNC = CFUNCTYPE(c_uint, c_void_p, c_char_p, POINTER(c_char), c_uint)