예제 #1
0
파일: tls.py 프로젝트: DonnchaC/leekspin
def createTLSLinkCert(lifetime=7200):
    """Create a certificate for the TLS link layer.

    The TLS certificate used for the link layer between Tor relays, and
    between clients and their bridges/guards, has a shorter lifetime than the
    other certificates. Currently, these certs expire after two hours.

    :param integer lifetime: The time, in seconds, that the certificate should
        remain valid for.
    :rtype: :class:`OpenSSL.crypto.X509`
    :returns: A certificate, unsigned, and without a key attached to it.
    """
    cert = createTLSCert(lifetime)
    cert.get_subject().CN = 'www.' + util.getHexString(16) + '.net'
    cert.get_issuer().CN = 'www.' + util.getHexString(10) + '.com'
    return cert
예제 #2
0
def createTLSLinkCert(lifetime=7200):
    """Create a certificate for the TLS link layer.

    The TLS certificate used for the link layer between Tor relays, and
    between clients and their bridges/guards, has a shorter lifetime than the
    other certificates. Currently, these certs expire after two hours.

    :param integer lifetime: The time, in seconds, that the certificate should
        remain valid for.
    :rtype: :class:`OpenSSL.crypto.X509`
    :returns: A certificate, unsigned, and without a key attached to it.
    """
    cert = createTLSCert(lifetime)
    cert.get_subject().CN = 'www.' + util.getHexString(16) + '.net'
    cert.get_issuer().CN = 'www.' + util.getHexString(10) + '.com'
    return cert
예제 #3
0
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port):
    """Create an OR extra-info document.

    See §2.2 "Extra-info documents" in torspec.git/dir-spec.txt.

    :param str nickname: The router's nickname.
    :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of
        the OR's private identity key. See :func:`convertToSpaceyFingerprint`.
    :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`.
    :param str ipv4: An IPv4 address.
    :param str port: The OR's ORPort.
    :rtype: str
    :returns: An extra-info document (unsigned).
    """
    extra = []
    extra.append("extra-info %s %s" % (nickname, fingerprint))
    extra.append("published %s" % ts)
    extra.append("write-history %s (900 s) 3188736,2226176,2866176" % ts)
    extra.append("read-history %s (900 s) 3891200,2483200,2698240" % ts)
    extra.append("dirreq-write-history %s (900 s) 1024,0,2048" % ts)
    extra.append("dirreq-read-history %s (900 s) 0,0,0" % ts)
    extra.append("geoip-db-digest %s" % util.getHexString(40))
    extra.append("geoip6-db-digest %s" % util.getHexString(40))
    extra.append("dirreq-stats-end %s (86400 s)" % ts)
    extra.append("dirreq-v3-ips")
    extra.append("dirreq-v3-reqs")
    extra.append("dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0")
    extra.append("dirreq-v3-direct-dl complete=0,timeout=0,running=0")
    extra.append("dirreq-v3-tunneled-dl complete=12,timeout=0,running=0")
    extra.append("transport obfs3 %s:%d" % (ipv4, port + 1))
    extra.append("transport obfs2 %s:%d" % (ipv4, port + 2))
    extra.append("bridge-stats-end %s (86400 s)" % ts)
    extra.append("bridge-ips ca=8")
    extra.append("bridge-ip-versions v4=8,v6=0")
    extra.append("bridge-ip-transports <OR>=8")
    extra.append("router-signature\n")

    return '\n'.join(extra)
예제 #4
0
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port, bridge=True):
    """Create an OR extra-info document.

    See §2.2 "Extra-info documents" in torspec.git/dir-spec.txt.

    For ``transport scramblesuit`` lines, the ``password`` parameter *always*
    is ``ABCDEFGHIJKLMNOPQRSTUVWXYZ234567``, i.e.::

        transport scramblesuit 10.0.1.111:4444 password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567

    :param str nickname: The router's nickname.
    :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of
        the OR's private identity key. See :func:`convertToSpaceyFingerprint`.
    :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`.
    :param str ipv4: An IPv4 address.
    :param str port: The OR's ORPort.
    :rtype: str
    :returns: An extra-info document (unsigned).
    """
    extra = []
    extra.append(b"extra-info %s %s" % (nickname, fingerprint))
    extra.append(b"published %s" % ts)
    extra.append(b"write-history %s (900 s) 3188736,2226176,2866176" % ts)
    extra.append(b"read-history %s (900 s) 3891200,2483200,2698240" % ts)
    extra.append(b"dirreq-write-history %s (900 s) 1024,0,2048" % ts)
    extra.append(b"dirreq-read-history %s (900 s) 0,0,0" % ts)
    extra.append(b"geoip-db-digest %s" % util.getHexString(40))
    extra.append(b"geoip6-db-digest %s" % util.getHexString(40))
    extra.append(b"dirreq-stats-end %s (86400 s)" % ts)
    extra.append(b"dirreq-v3-ips")
    extra.append(b"dirreq-v3-reqs")
    extra.append(b"dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0")
    extra.append(b"dirreq-v3-direct-dl complete=0,timeout=0,running=0")
    extra.append(b"dirreq-v3-tunneled-dl complete=12,timeout=0,running=0")

    if bridge:
        scramblesuitPassword = b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'

        obfs4iatMode = bytes(random.getrandbits(1))  # 0 or 1
        # hexadecimal, 40 chars long:
        obfs4nodeID = hashlib.sha1(bytes(random.getrandbits(8))).hexdigest()
        # hexadecimal, 64 chars long:
        obfs4publicKey = hashlib.sha256(bytes(random.getrandbits(8))).hexdigest()

        extra.append(b"transport obfs3 %s:%d" % (ipv4, port + 1))
        extra.append(b"transport obfs2 %s:%d" % (ipv4, port + 2))
        extra.append(b"transport scramblesuit %s:%d password=%s" %
                     (ipv4, port + 3, scramblesuitPassword))
        # PT args are comma-separated in the bridge-extrainfo descriptors:
        extra.append(b"transport obfs4 %s:%d iat-mode=%s,node-id=%s,public-key=%s" %
                     (ipv4, port + 4, obfs4iatMode, obfs4nodeID, obfs4publicKey))
        extra.append(b"bridge-stats-end %s (86400 s)" % ts)
        extra.append(b"bridge-ips ca=8")
        extra.append(b"bridge-ip-versions v4=8,v6=0")
        extra.append(b"bridge-ip-transports <OR>=8")

    extra.append(b"router-signature\n")

    extrainfoDoc = b'\n'.join(extra)

    return extrainfoDoc
예제 #5
0
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port, bridge=True):
    """Create an OR extra-info document.

    See §2.2 "Extra-info documents" in dir-spec.txt_.

    For ``transport scramblesuit`` lines, the ``password`` parameter *always*
    is ``ABCDEFGHIJKLMNOPQRSTUVWXYZ234567``, i.e.::

        transport scramblesuit 10.0.1.111:4444 password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567


    .. _dir-spec.txt: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt

    :param str nickname: The router's nickname.
    :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of
        the OR's private identity key. See :func:`convertToSpaceyFingerprint`.
    :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`.
    :param str ipv4: An IPv4 address.
    :param str port: The OR's ORPort.
    :rtype: str
    :returns: An extra-info document (unsigned).
    """
    extra = []
    extra.append(b"extra-info %s %s" % (nickname, fingerprint))
    extra.append(b"published %s" % ts)
    extra.append(b"write-history %s (900 s) 3188736,2226176,2866176" % ts)
    extra.append(b"read-history %s (900 s) 3891200,2483200,2698240" % ts)
    extra.append(b"dirreq-write-history %s (900 s) 1024,0,2048" % ts)
    extra.append(b"dirreq-read-history %s (900 s) 0,0,0" % ts)
    extra.append(b"geoip-db-digest %s" % util.getHexString(40))
    extra.append(b"geoip6-db-digest %s" % util.getHexString(40))
    extra.append(b"dirreq-stats-end %s (86400 s)" % ts)
    extra.append(b"dirreq-v3-ips")
    extra.append(b"dirreq-v3-reqs")
    extra.append(
        b"dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0"
    )
    extra.append(b"dirreq-v3-direct-dl complete=0,timeout=0,running=0")
    extra.append(b"dirreq-v3-tunneled-dl complete=12,timeout=0,running=0")

    if bridge:
        scramblesuitPassword = b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'

        obfs4iatMode = bytes(random.getrandbits(1))  # 0 or 1
        # hexadecimal, 40 chars long:
        obfs4nodeID = hashlib.sha1(bytes(random.getrandbits(8))).hexdigest()
        # hexadecimal, 64 chars long:
        obfs4publicKey = hashlib.sha256(bytes(
            random.getrandbits(8))).hexdigest()

        extra.append(b"transport obfs3 %s:%d" % (ipv4, port + 1))
        extra.append(b"transport obfs2 %s:%d" % (ipv4, port + 2))
        extra.append(b"transport scramblesuit %s:%d password=%s" %
                     (ipv4, port + 3, scramblesuitPassword))
        # PT args are comma-separated in the bridge-extrainfo descriptors:
        extra.append(
            b"transport obfs4 %s:%d iat-mode=%s,node-id=%s,public-key=%s" %
            (ipv4, port + 4, obfs4iatMode, obfs4nodeID, obfs4publicKey))
        extra.append(b"bridge-stats-end %s (86400 s)" % ts)
        extra.append(b"bridge-ips ca=8")
        extra.append(b"bridge-ip-versions v4=8,v6=0")
        extra.append(b"bridge-ip-transports <OR>=8")

    extra.append(b"router-signature\n")

    extrainfoDoc = b'\n'.join(extra)

    return extrainfoDoc