def gen_config(threshold, log_no, monitor_no):
try:
os.mkdir('conf/')
except FileExistsError:
pass
os.system("rm -f " + CONF_DIR + CONF_FILE + " %s*.priv" % CONF_DIR)
#
dict_ = {"threshold": threshold}
dict_["logs"] = {}
dict_["monitors"] = {}
# First logs
for i in range(1, log_no + 1):
log_id = "log%d" % i
isd_as = random.choice(ASes)
ip = str(ipaddress.ip_address("127.0.1.0") + i)
pub, priv = generate_sign_keypair()
dict_["logs"][log_id] = [isd_as, ip, pub]
with open(CONF_DIR + "%s.priv" % log_id, "wb") as f:
f.write(priv)
# Then monitors
for i in range(1, monitor_no + 1):
monitor_id = "monitor%d" % i
isd_as = random.choice(ASes)
ip = str(ipaddress.ip_address("127.0.2.0") + i)
pub, priv = generate_sign_keypair()
dict_["monitors"][monitor_id] = [isd_as, ip, pub]
with open(CONF_DIR + "%s.priv" % monitor_id, "wb") as f:
f.write(priv)
# Save on disc
blob = cbor.dumps(dict_)
with open(CONF_DIR + CONF_FILE, "wb") as f:
f.write(blob)
print("config generated")
def _gen_as_keys(self, topo_id, as_conf):
sig_pub, sig_priv = generate_sign_keypair()
enc_pub, enc_priv = generate_enc_keypair()
self.sig_priv_keys[topo_id] = sig_priv
self.sig_pub_keys[topo_id] = sig_pub
self.enc_pub_keys[topo_id] = enc_pub
self.enc_priv_keys[topo_id] = enc_priv
sig_path = get_sig_key_file_path("")
enc_path = get_enc_key_file_path("")
self.cert_files[topo_id][sig_path] = base64.b64encode(sig_priv).decode()
self.cert_files[topo_id][enc_path] = base64.b64encode(enc_priv).decode()
if self.is_core(as_conf):
# generate_sign_key_pair uses Ed25519
on_root_pub, on_root_priv = generate_sign_keypair()
off_root_pub, off_root_priv = generate_sign_keypair()
core_sig_pub, core_sig_priv = generate_sign_keypair()
self.pub_online_root_keys[topo_id] = on_root_pub
self.priv_online_root_keys[topo_id] = on_root_priv
self.pub_offline_root_keys[topo_id] = off_root_pub
self.priv_offline_root_keys[topo_id] = off_root_priv
self.pub_core_sig_keys[topo_id] = core_sig_pub
self.priv_core_sig_keys[topo_id] = core_sig_priv
online_key_path = get_online_key_file_path("")
offline_key_path = get_offline_key_file_path("")
core_sig_path = get_core_sig_key_file_path("")
self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode()
self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode()
self.cert_files[topo_id][core_sig_path] = base64.b64encode(core_sig_priv).decode()
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file, core_cert_file, trc_file):
"""
"""
core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file))
# AS cert is always expired one second before the expiration of the Core AS cert
validity = core_ia_chain.core_as_cert.expiration_time - int(time.time()) - 1
comment = "AS Certificate"
core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file))
public_key_sign, private_key_sign = generate_sign_keypair()
public_key_encr, private_key_encr = generate_enc_keypair()
cert = Certificate.from_values(
str(joining_ia), str(core_ia), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment,
False, validity, public_key_encr, public_key_sign, core_ia_sig_priv_key)
sig_priv_key = base64.b64encode(private_key_sign).decode()
enc_priv_key = base64.b64encode(private_key_encr).decode()
sig_priv_key_raw = base64.b64encode(SigningKey(private_key_sign)._signing_key).decode()
joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert]).to_json()
trc = open(trc_file).read()
master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8')
key_dict = {
'enc_key': enc_priv_key,
'sig_key': sig_priv_key,
'sig_key_raw': sig_priv_key_raw,
'master_as_key': master_as_key,
}
as_obj = ASCredential(joining_ia_chain, trc, key_dict)
return as_obj
def request_new_as_id(request):
current_page = request.META.get('HTTP_REFERER')
# check the validity of parameters
if not request.POST["inputISDtojoin"].isdigit():
messages.error(request, 'ISD to join has to be a number!')
return redirect(current_page)
isd_to_join = int(request.POST["inputISDtojoin"])
# get the key and secret necessary to query SCION-coord
coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id)
# generate the sign and encryption keys
private_key_sign, public_key_sign = generate_sign_keypair()
public_key_encr, private_key_encr = generate_enc_keypair()
join_request_dict = {
"isd_to_join": isd_to_join,
"sigkey": to_b64(public_key_sign),
"enckey": to_b64(public_key_encr)
}
request_url = urljoin(
COORD_SERVICE_URI,
posixpath.join(UPLOAD_JOIN_REQUEST_SVC, coord.key, coord.secret))
headers = {'content-type': 'application/json'}
logger.info("Request = %s\nJoin Request Dict = %s", request_url,
join_request_dict)
try:
r = requests.post(request_url, json=join_request_dict, headers=headers)
except requests.RequestException:
messages.error(request,
'Failed to submit ISD join request at scion-coord!')
return redirect(current_page)
if r.status_code != 200:
messages.error(
request, 'Submitting join request '
'failed with code %s!' % r.status_code)
return redirect(current_page)
resp = r.json()
request_id = resp['id']
logger.info("request_id = %s", request_id)
JoinRequest.objects.update_or_create(request_id=request_id,
created_by=request.user,
isd_to_join=isd_to_join,
status=REQ_SENT,
sig_pub_key=to_b64(public_key_sign),
sig_priv_key=to_b64(private_key_sign),
enc_pub_key=to_b64(public_key_encr),
enc_priv_key=to_b64(private_key_encr))
messages.success(
request, 'Join Request Submitted Successfully.'
' Request ID = %s' % request_id)
return redirect(current_page)
def _gen_as_keys(self, topo_id, as_conf):
sig_pub, sig_priv = generate_sign_keypair()
enc_pub, enc_priv = generate_enc_keypair()
self.sig_priv_keys[topo_id] = sig_priv
self.sig_pub_keys[topo_id] = sig_pub
self.enc_pub_keys[topo_id] = enc_pub
self.enc_priv_keys[topo_id] = enc_priv
sig_path = get_sig_key_file_path("")
enc_path = get_enc_key_file_path("")
self.cert_files[topo_id][sig_path] = base64.b64encode(
sig_priv).decode()
self.cert_files[topo_id][enc_path] = base64.b64encode(
enc_priv).decode()
def request_join_isd(request):
"""
Sends the join request to SCION Coordination Service.
:param HttpRequest request: Django HTTP request passed on through urls.py.
:returns: Django HTTP Response object.
:rtype: HttpResponse.
"""
current_page = request.META.get('HTTP_REFERER')
# check the validity of parameters
if not request.POST["inputISDToJoin"].isdigit():
messages.error(request, 'ISD to join has to be a number!')
return redirect(current_page)
isd_to_join = int(request.POST["inputISDToJoin"])
join_as_a_core = request.POST["inputJoinAsACore"]
# get the account_id and secret necessary to query SCION-coord.
coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id)
# generate the sign and encryption keys
public_key_sign, private_key_sign = generate_sign_keypair()
public_key_encr, private_key_encr = generate_enc_keypair()
join_req = JoinRequest.objects.create(
created_by=request.user,
isd_to_join=isd_to_join,
join_as_a_core=join_as_a_core.lower() == "true",
sig_pub_key=to_b64(public_key_sign),
sig_priv_key=to_b64(private_key_sign),
enc_pub_key=to_b64(public_key_encr),
enc_priv_key=to_b64(private_key_encr))
join_req_dict = {
"RequestId": join_req.id,
"IsdToJoin": isd_to_join,
"JoinAsACoreAS": join_req.join_as_a_core,
"SigPubKey": to_b64(public_key_sign),
"EncPubKey": to_b64(public_key_encr)
}
request_url = urljoin(
COORD_SERVICE_URI,
posixpath.join(UPLOAD_JOIN_REQUEST_SVC, coord.account_id,
coord.secret))
_, error = post_req_to_scion_coord(request_url, join_req_dict,
"join request %s" % join_req.id)
if error:
return error
logger.info("Request = %s, Join Request Dict = %s", request_url,
join_req_dict)
join_req.status = REQ_SENT
join_req.save()
messages.success(
request, 'Join Request Submitted Successfully.'
' Request ID = %s' % join_req.id)
return redirect(current_page)
def request_join_isd(request):
"""
Sends the join request to SCION Coordination Service.
:param HttpRequest request: Django HTTP request passed on through urls.py.
:returns: Django HTTP Response object.
:rtype: HttpResponse.
"""
current_page = request.META.get('HTTP_REFERER')
# check the validity of parameters
if not request.POST["inputISDToJoin"].isdigit():
messages.error(request, 'ISD to join has to be a number!')
return redirect(current_page)
isd_to_join = int(request.POST["inputISDToJoin"])
join_as_a_core = request.POST["inputJoinAsACore"]
# get the account_id and secret necessary to query SCION-coord.
coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id)
# generate the sign and encryption keys
public_key_sign, private_key_sign = generate_sign_keypair()
public_key_encr, private_key_encr = generate_enc_keypair()
join_req = JoinRequest.objects.create(
created_by=request.user,
isd_to_join=isd_to_join,
join_as_a_core=join_as_a_core.lower() == "true",
sig_pub_key=to_b64(public_key_sign),
sig_priv_key=to_b64(private_key_sign),
enc_pub_key=to_b64(public_key_encr),
enc_priv_key=to_b64(private_key_encr)
)
join_req_dict = {
"RequestId": join_req.id,
"IsdToJoin": isd_to_join,
"JoinAsACoreAS": join_req.join_as_a_core,
"SigPubKey": to_b64(public_key_sign),
"EncPubKey": to_b64(public_key_encr)
}
request_url = urljoin(COORD_SERVICE_URI, posixpath.join(
UPLOAD_JOIN_REQUEST_SVC, coord.account_id,
coord.secret))
_, error = post_req_to_scion_coord(request_url, join_req_dict,
"join request %s" % join_req.id)
if error:
return error
logger.info("Request = %s, Join Request Dict = %s", request_url,
join_req_dict)
join_req.status = REQ_SENT
join_req.save()
messages.success(request, 'Join Request Submitted Successfully.'
' Request ID = %s' % join_req.id)
return redirect(current_page)
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file,
core_cert_file, trc_file):
"""
"""
validity = Certificate.AS_VALIDITY_PERIOD
comment = "AS Certificate"
core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file))
public_key_sign, private_key_sign = generate_sign_keypair()
public_key_encr, private_key_encr = generate_enc_keypair()
cert = Certificate.from_values(str(joining_ia), str(core_ia),
INITIAL_TRC_VERSION, INITIAL_CERT_VERSION,
comment, False, validity, public_key_encr,
public_key_sign, core_ia_sig_priv_key)
core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file))
sig_priv_key = base64.b64encode(private_key_sign).decode()
enc_priv_key = base64.b64encode(private_key_encr).decode()
joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert
]).to_json()
trc = open(trc_file).read()
master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8')
as_obj = ASCredential(sig_priv_key, enc_priv_key, joining_ia_chain, trc,
master_as_key)
return as_obj
def _self_sign_keys(self):
topo_id = TopoID.from_values(0, 0)
self.sig_pub_keys[topo_id], self.sig_priv_keys[topo_id] = generate_sign_keypair()
self.enc_pub_keys[topo_id], self.enc_priv_keys[topo_id] = generate_enc_keypair()
