def execute(self):
breakSig = TackBreakSig.createFromParameters(self.key.getPublicKey(),
self.key.getPrivateKey())
self.outputFile.write(self.addPemComments(breakSig.serializeAsPem()))
if self.isVerbose():
sys.stderr.write(str(breakSig) + "\n")
def execute(self):
breakSig = TackBreakSig.create(self.keyfile.getPublicKey(), self.keyfile.getPrivateKey())
self.outputFile.write(self.addPemComments(breakSig.serializeAsPem()))
if self.isVerbose():
self.writeCryptoVersion()
sys.stderr.write(str(breakSig))
def _getBreakSignatures(self):
fileName = self._getOptionValue("-b")
if fileName is None:
return None
contents = open(fileName, "r").read()
return TackBreakSig.createFromPem(contents)
def _getBreakSignatures(self):
fileName = self._getOptionValue("-b")
if fileName is None:
return None
contents = open(fileName, "r").read()
return TackBreakSig.createFromPem(contents)
def _parseBreakSigs(self):
sigsLen = self.getInt(2)
if sigsLen > 1024:
raise SyntaxError("break_sigs too large")
elif sigsLen % TackBreakSig.LENGTH != 0:
raise SyntaxError("break_sigs wrong size")
break_sigs = []
b2 = self.getBytes(sigsLen)
while b2:
break_sigs.append(TackBreakSig(b2[:TackBreakSig.LENGTH]))
b2 = b2[TackBreakSig.LENGTH:]
return break_sigs
def test_BreakSig(self):
s = """
-----BEGIN TACK BREAK SIG-----
TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o
hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX
wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY=
-----END TACK BREAK SIG-----"""
tbs = TackBreakSig.createFromPem(s)
assert(tbs.getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn")
assert(tbs.signature == a2b_hex("41f29d34029ab638f2826c42d6a"
"b48ca319d13581da698397c2ef7"
"ee2eafc997c232a1200f5f5d637"
"1b8fef766889c53ea82e1b66330"
"df962aecbb93c6d24196"))
def test_BreakSig(self):
s = """
-----BEGIN TACK BREAK SIG-----
TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o
hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX
wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY=
-----END TACK BREAK SIG-----"""
tbs = TackBreakSig.createFromPem(s)
assert (tbs.getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn")
assert (tbs.signature == a2b_hex("41f29d34029ab638f2826c42d6a"
"b48ca319d13581da698397c2ef7"
"ee2eafc997c232a1200f5f5d637"
"1b8fef766889c53ea82e1b66330"
"df962aecbb93c6d24196"))
def test_BreakSigList(self):
s = """
-----BEGIN TACK BREAK SIG-----
TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o
hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX
wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY=
-----END TACK BREAK SIG-----
Created by TACK.py 0.9.6
Created at 2012-05-10T00:54:10Z
-----BEGIN TACK BREAK SIG-----
73nkbxCcvFnrCIlcgtZx4iPevqxUFd9RFUNU18xfqzTCU8hV0jwYerdCwt8+VbkQ
OvHEbbRHmGAX8yseGrYX1dNuoFfSN1fCLY08u/0NU+x8fmJ6tEewegVAHguw67eR
PgegVlKuDULIASht9fvs6xTfxcFJDUgNaenZfcqAgAI=
-----END TACK BREAK SIG-----
"""
tbsList = TackBreakSig.createFromPemList(s)
assert(tbsList[0].getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn")
assert(tbsList[1].getTackId() == "6xwgu.ydz7m.7cki3.kizmd.pt2f2")
assert(len(tbsList) == 2)
return 1
def test_BreakSigList(self):
s = """
-----BEGIN TACK BREAK SIG-----
TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o
hecRrWElh3yThwgYQRgbS0HynTQCmrY48oJsQtarSMoxnRNYHaaYOXwu9+4ur8mX
wjKhIA9fXWNxuP73ZoicU+qC4bZjMN+WKuy7k8bSQZY=
-----END TACK BREAK SIG-----
Created by TACK.py 0.9.6
Created at 2012-05-10T00:54:10Z
-----BEGIN TACK BREAK SIG-----
73nkbxCcvFnrCIlcgtZx4iPevqxUFd9RFUNU18xfqzTCU8hV0jwYerdCwt8+VbkQ
OvHEbbRHmGAX8yseGrYX1dNuoFfSN1fCLY08u/0NU+x8fmJ6tEewegVAHguw67eR
PgegVlKuDULIASht9fvs6xTfxcFJDUgNaenZfcqAgAI=
-----END TACK BREAK SIG-----
"""
tbsList = TackBreakSig.createFromPemList(s)
assert (tbsList[0].getTackId() == "nkufh.czttd.5cmlw.7cxtv.k6srn")
assert (tbsList[1].getTackId() == "6xwgu.ydz7m.7cki3.kizmd.pt2f2")
assert (len(tbsList) == 2)
return 1
def execute(self):
text, binary = self._readFile(self.argv)
fileType = None
try:
if text:
decoder = PEMDecoder(text)
if decoder.containsEncoded("TACK PRIVATE KEY"):
fileType = "Private Key"
kf = TackKeyFile.createFromPem(text, None)
print(str(kf))
return
elif decoder.containsEncoded("TACK"):
fileType = "TACK"
tack = Tack.createFromPem(text)
print(str(tack))
return
elif decoder.containsEncoded("TACK BREAK SIG"):
fileType = "Break Sig"
tbsList = TackBreakSig.createFromPemList(text)
s = ""
for tbs in tbsList:
s += str(tbs)
print(s)
return
elif decoder.containsEncoded("CERTIFICATE"):
fileType = "Certificate"
sslc = TlsCertificate()
sslc.parsePem(text)
print(sslc.writeText())
return
# Is it an SSL certificate?
try:
sslc = TlsCertificate()
sslc.parse(binary)
print(sslc.writeText())
except SyntaxError:
self.printError("Unrecognized file type")
except SyntaxError as e:
self.printError("Error parsing %s: %s" % (fileType, e))
def execute(self):
text, binary = self._readFile(self.argv)
fileType = None
try:
if text:
decoder = PEMDecoder(text)
if decoder.containsEncoded("TACK PRIVATE KEY"):
fileType = "Private Key"
kf = TackKeyFile.createFromPem(text, None)
print(str(kf))
return
elif decoder.containsEncoded("TACK"):
fileType = "TACK"
tack = Tack.createFromPem(text)
print(str(tack))
return
elif decoder.containsEncoded("TACK BREAK SIG"):
fileType = "Break Sig"
tbsList = TackBreakSig.createFromPemList(text)
s = ""
for tbs in tbsList:
s += str(tbs)
print(s)
return
elif decoder.containsEncoded("CERTIFICATE"):
fileType = "Certificate"
sslc = TlsCertificate()
sslc.parsePem(text)
print(sslc.writeText())
return
# Is it an SSL certificate?
try:
sslc = TlsCertificate()
sslc.parse(binary)
print(sslc.writeText())
except SyntaxError:
self.printError("Unrecognized file type")
except SyntaxError as e:
self.printError("Error parsing %s: %s" % (fileType, e))
def execute(self):
breakSig = TackBreakSig.createFromParameters(self.key.getPublicKey(), self.key.getPrivateKey())
self.outputFile.write(self.addPemComments(breakSig.serializeAsPem()))
if self.isVerbose():
sys.stderr.write(str(breakSig) + "\n")
def serverTestCmd(argv):
address = argv[0]
dir = argv[1]
#Split address into hostname/port tuple
address = address.split(":")
address = ( address[0], int(address[1]) )
#Connect to server
lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
lsock.bind(address)
lsock.listen(5)
def connect():
return TLSConnection(lsock.accept()[0])
print "Test 0 - Anonymous server handshake"
connection = connect()
connection.handshakeServer(anon=True)
testConnServer(connection)
connection.close()
print "Test 1 - good X.509"
x509Cert = X509().parse(open(os.path.join(dir, "serverX509Cert.pem")).read())
x509Chain = X509CertChain([x509Cert])
s = open(os.path.join(dir, "serverX509Key.pem")).read()
x509Key = parsePEMKey(s, private=True)
connection = connect()
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key)
assert(connection.session.serverName == address[0])
testConnServer(connection)
connection.close()
print "Test 1.a - good X.509, SSL v3"
connection = connect()
settings = HandshakeSettings()
settings.minVersion = (3,0)
settings.maxVersion = (3,0)
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings)
testConnServer(connection)
connection.close()
if tackpyLoaded:
tack = Tack.createFromPem(open("./TACK1.pem", "rU").read())
tackUnrelated = Tack.createFromPem(open("./TACKunrelated.pem", "rU").read())
breakSigs = TackBreakSig.createFromPemList(
open("./TACK_Break_Sigs.pem").read())
settings = HandshakeSettings()
settings.useExperimentalTackExtension = True
print "Test 2.a - good X.509, TACK and Break Sigs"
connection = connect()
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
tack=tack, breakSigs=breakSigs, settings=settings)
testConnServer(connection)
connection.close()
print "Test 2.b - good X.509, TACK without Break Sigs"
connection = connect()
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
tack=tack, pinActivation=True, settings=settings)
testConnServer(connection)
connection.close()
print "Test 2.c - good X.509, Break Sigs without TACK"
connection = connect()
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
breakSigs=breakSigs, pinActivation=True, settings=settings)
testConnServer(connection)
connection.close()
print "Test 2.d - good X.509, TACK unrelated to cert chain"
connection = connect()
try:
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
tack=tackUnrelated, breakSigs=breakSigs, settings=settings)
assert(False)
except TLSRemoteAlert, alert:
if alert.description != AlertDescription.illegal_parameter:
raise
s = open(arg, "rb").read()
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tack = Tack.createFromPem(s)
elif opt == "-b":
if tackpyLoaded:
s = open(arg, "rU").read()
breakSigs = TackBreakSig.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
else:
assert False
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
# Split address into hostname/port tuple
