def test_when_point_is_scalar_multiplied_then_point_is_in_subgroup(self):
p1 = ec.Point(self.curve, 3, 6)
self.assertEqual(ec.Point(self.curve, 3, 6), p1 * 1)
self.assertEqual(ec.Point(self.curve, 80, 10), 2 * p1 * 1)
self.assertEqual(ec.Point(self.curve, 3, 91), 2 * p1 * 2)
self.assertEqual(ec.Point(self.curve, 80, 10), p1 * -3)
self.assertEqual(ec.Inf(self.curve), p1 * 10)
def decompressPoint(point, curve_name='secp192r1'):
"""
Takes a compressed point of the form (x, even/odd)
:param point: Compressed point in the form (x, even/odd)
:param curve_name: Name of the elliptic curve employed.
:return: EC Point
"""
curve = reg.get_curve(curve_name)
p = curve.field.p
y = sqrtmod(pow(point.x, 3, p) + curve.a * point.x + curve.b, p)
if point.y:
return ec.Point(curve, point.x, y)
else:
return ec.Point(curve, point.x, p - y)
def test_when_point_is_not_on_curve_then_warning_is_raised(self):
import warnings
p1 = ec.Point(self.curve, 22, 5)
with warnings.catch_warnings():
warnings.filterwarnings("error")
with self.assertRaises(UserWarning):
ec.Point(self.curve, 94, 31)
with warnings.catch_warnings():
warnings.filterwarnings("ignore")
p2 = ec.Point(self.curve, 94, 31)
with warnings.catch_warnings():
warnings.filterwarnings("error")
with self.assertRaises(UserWarning):
p1 + p2
def chiffrement(self, msg, name):
k = random.randint(1, self.courbe.field.n)
point = []
liste = self.mappingChaine(msg)
r = random.randint(30, 55)
for i in range(len(liste)):
for j in range(1, r):
pi = Pair()
pi.x = (liste[i] * r + j) % self.p
pi.y = ((pi.x**3 + self.a * pi.x + self.b)**2) % self.p
if ec.Point(self.courbe, pi.x, pi.y).on_curve == True:
break
point.append(pi)
#print(point)
p1 = self.doublePoint(k, self.g, self.p)
p2 = self.doublePoint(k, name.publick, self.p)
crypt = []
for i in range(len(point)):
crypt.append(self.add(point[i], p2, self.p))
path = os.getcwd() + "/" + str(name.name)
filecrypt = open(path + "/msgcrypte.txt", "w")
filecrypt.write("#p1.x= #" + str(p1.x))
filecrypt.write("#p1.y= #" + str(p1.y))
filecrypt.write("#msgcrypte= #" + str(crypt))
filecrypt.write("#r= #" + str(r))
filecrypt.close()
def readPublicKey(init_file):
FileCredibility.fullStop(init_file)
with open(init_file, 'r') as out:
content = out.readline().replace('[', '').replace(']', '').split(',')
return ec.Point(registry.get_curve(content[0]), int(content[1]),
int(content[2]))
def test_scrypt():
A_curve = getCurve(5)
A_pri = getPri(A_curve)
A_pub = getPub(A_pri, A_curve)
B_curve = getCurve(5)
B_pri = getPri(B_curve)
B_pub = getPub(B_pri, B_curve)
A_sym = getShairKey(A_pri, B_pub)
B_sym = getShairKey(B_pri, A_pub)
A_Parts = ( A_pub.curve.name, A_pub.x, A_pub.y )
print(A_Parts)
p1 = ec.Point( registry.get_curve(A_Parts[0]), A_Parts[1], A_Parts[2] )
P_sym = getShairKey(B_pri, p1)
#print(f'P is {p1}')
#print(f'A_sym:', compress(A_sym))
#print(f'B_sym:', compress(B_sym))
#print(f'P_sym:', compress(P_sym))
print("Are eq:", A_sym == B_sym)
print(f'p1 is a sutable replacement:{A_sym == P_sym}')
def str_to_ec_point(ansi_str, ec_curve):
if not ansi_str.startswith("\x04"):
raise ValueError("ANSI octet string missing point prefix (0x04)")
ansi_str = ansi_str[1:]
if len(ansi_str) % 2 != 0:
raise ValueError("Can't parse curve point. Odd ANSI string length")
str_to_int = lambda x: int(binascii.hexlify(x), 16)
x, y = str_to_int(ansi_str[:len(ansi_str) // 2]), str_to_int(ansi_str[len(ansi_str) // 2:])
return ec.Point(ec_curve, x, y)
def compute_shared_secret(private_key_point, remote_public_key_x,
remote_public_key_y):
""" Calc Diffiehellman key and compute secret
"""
remote_public_key_point = ec2.Point(curve, remote_public_key_x,
remote_public_key_y)
shared_point = private_key_point * remote_public_key_point
shared_secret = shared_point.x.to_bytes(PUBLIC_KEY_X_SIZE,
byteorder="little")
return shared_secret
def getSharedKey(self, remotePublicKey):
keyX = int('0x' + binascii.hexlify(remotePublicKey[8:8 + 66]).decode(),
16)
keyY = int(
'0x' +
binascii.hexlify(remotePublicKey[8 + 66:8 + 66 + 66]).decode(), 16)
point = ec.Point(self.curve, keyX, keyY)
shared = self.private_key * point
key = hex(shared.x)[2:]
key = (binascii.unhexlify('0' + key) if len(key) %
2 else binascii.unhexlify(key)).rjust(66, b'\x00')
return hashlib.sha256(key).digest()
def test_when_point_are_on_curve_then_add_result_is_on_curve(self):
p1 = ec.Point(self.curve, 22, 5)
p2 = ec.Point(self.curve, 95, 31)
self.assertEqual(ec.Point(self.curve, 29, 43), p1 + p2)
p1 = ec.Point(self.curve, 24, 2)
p2 = ec.Point(self.curve, 96, 0)
self.assertEqual(ec.Point(self.curve, 38, 90), p1 + p2)
def processTLSpacket(self,pkt):
mtls=TLS(pkt)
if scapy_ssl_tls.ssl_tls.TLSServerHello in mtls:
self.serverrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSServerHello])[2:34]
print 'Server Random Found'
if scapy_ssl_tls.ssl_tls.TLSClientHello in mtls:
self.clientrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[2:34]
#mtls[scapy_ssl_tls.ssl_tls.TLSClientHello].show2()
#print [ord(i) for i in str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[:40]]
print [ord(i) for i in self.clientrandom]
print 'Client Random Found'
if scapy_ssl_tls.ssl_tls.TLSServerKeyExchange in mtls:
server_kex = mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange]
a = server_kex[scapy_ssl_tls.ssl_tls.TLSServerECDHParams]
point = scapy_ssl_tls.ssl_tls_keystore.ansi_str_to_point(a.p)
self.serverpub=a.p
curve = ec_reg.get_curve('secp256r1')
scapy_ssl_tls.ssl_tls_keystore.ECDHKeyStore(curve, ec.Point(curve, *point))
# PREMASTER KEY
ec_curve = ec_reg.get_curve('secp256r1')
server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve))
client_keypair=pickle.load(open('/home/gabriel/waterfall/decoy/scapy_ssl_tls/clientpriv'))
secret_point = ec.ECDH(client_keypair).get_secret(server_keypair)
mk = int_to_str(secret_point.x) # masalan premaster key
sec_params = scapy_ssl_tls.ssl_tls_crypto.TLSSecurityParameters.from_pre_master_secret(self.prf, scapy_ssl_tls.ssl_tls.TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256,
mk, self.clientrandom,
self.serverrandom)
sym_keystore = sec_params.server_keystore
# print("SYYYYYN JEEEEEET", sym_keystore.key)
self.server_write_key = sym_keystore.key
self.server_write_iv = sym_keystore.iv
self.candecrypt = True
# ecdh=scapy_ssl_tls.ssl_tls.TLSServerECDHParams(str(mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange]))
# self.serverpub=ecdh.p
# print 'server public Found'
# self.driveKeys()
if self.candecrypt:
# print 'decrypting '
# mtls.show2()
if scapy_ssl_tls.ssl_tls.TLSCiphertext in mtls:
# print 'decryptable'
plain=self.decrypt(mtls[scapy_ssl_tls.ssl_tls.TLSCiphertext].data)
if mtls.records[0].content_type==23:
self.startreplace=True
#print plain[:60]
self.addHTTPpacket(plain)
def ECDHE_Key_Point(self, rfc5480_pubkey, curve_type_byte):
curve_type_str = analyze_dict(
curve_type_byte, Define().define_named_curve)
curve_type = registry.get_curve(curve_type_str)
x_byte = rfc5480_pubkey[1:33]
x = int.from_bytes(x_byte, 'big')
y_byte = rfc5480_pubkey[33:65]
y = int.from_bytes(y_byte, 'big')
pubkey = ec.Point(curve_type, x, y)
return pubkey
def decrypt(self, cipher_bytes: bytes) -> bytes:
key_file = open("ecc_key.json", 'r')
keyDetails = json.load(key_file)
key_file.close()
nonce = bytes.fromhex(keyDetails['nonce'])
authTag = bytes.fromhex(keyDetails['authTag'])
ciphertextPubKey = ec.Point(self.curve, keyDetails['x'],
keyDetails['y'])
privateKey = int(keyDetails['privateKey'])
decryptedMsg = self.decrypt_helper(cipher_bytes, nonce, authTag,
ciphertextPubKey, privateKey)
return decryptedMsg
def test_client_ecdh_parameters_generation_matches_fixed_data(self):
tls_ctx = tlsc.TLSSessionCtx()
secp256r1 = reg.get_curve("secp256r1")
public = ec.Point(secp256r1, 71312736565121892539464098105317518227531978702333415386264829982789952731614,
108064706642599821618918248475955325719985341096102200103424860263181813987462)
tls_ctx.server_ctx.kex_keystore = tlsk.ECDHKeyStore(secp256r1, public)
client_privkey = 15320484772785058360598040144348894600917526501829289880527760633524785596585
client_keys = ec.Keypair(secp256r1, client_privkey)
client_pubkey = tls_ctx.get_client_ecdh_pubkey(client_privkey)
self.assertTrue(client_pubkey.startswith("\x04"))
self.assertEqual("\x04%s%s" % (tlsc.int_to_str(client_keys.pub.x), tlsc.int_to_str(client_keys.pub.y)),
client_pubkey)
self.assertEqual(client_keys.pub, tls_ctx.client_ctx.kex_keystore.public)
self.assertEqual("'(\x17\x94l\xd7AO\x03\xd4Fi\x05}mP\x1aX5C7\xf0_\xa9\xb0\xac\xba{r\x1f\x12\x8f",
tls_ctx.premaster_secret)
def generateSharedSecret(client_publickey):
global shared_key
try:
print("generateSharedSecret --> Init")
coordinate_x = client_publickey['x_coordinate']
coortinate_y = client_publickey['y_coordinate']
client_curve_point = ec.Point(curve, int(coordinate_x),
int(coortinate_y))
print("generateSharedSecret --> Client public curve point: ",
client_curve_point, "type: ", type(client_curve_point))
shared_key = server_private_key * client_curve_point
print("generateSharedSecret --> Shared Key generated successful:",
compress_point2(shared_key))
return True
except Exception as ex:
print("ERROR --> generate_shared_secret --> ", ex)
return False
def tls_group_to_keystore(named_group_id, point_str):
import scapy_ssl_tls.ssl_tls as tls
try:
point = ansi_str_to_point(point_str)
named_group_name = tls.TLS_SUPPORTED_GROUPS[named_group_id]
# Unknown curve case. Just record raw values, but do nothing with them
except KeyError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unknown TLS defined group id: %d" % named_group_id)
# We are on a known group
else:
try:
group = ec_reg.get_curve(named_group_name)
keystore = ECDHKeyStore(group, ec.Point(group, *point))
except ValueError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unsupported TinyEC group: %s" % named_group_name)
return keystore
def _osp2ec(self, bytes):
compressed = self._from_bytes(bytes)
y = compressed >> self._bits
x = compressed & (1 << self._bits) - 1
if x == 0:
y = self._curve.b
else:
result = self.sqrtp(x**3 + self._curve.a * x + self._curve.b,
self._curve.field.p)
if len(result) == 1:
y = result[0]
elif len(result) == 2:
y1, y2 = result
y = y1 if (y1 & 1 == y) else y2
else:
return None
return ec.Point(self._curve, x, y)
def on_receive_message_1(client, userdata, msg):
"""
Handles the registration request coming from a device.
Check the algorithms specified by this device and proceed
as indicated to negotiate a shared key (HAND-SHAKE).
It builds the message 2 to be sent to the device with
the ephemeral public key of the platform for the DH or ECDH
process.
"""
global encriptor, shared_key
global asymmetricAlgorithm, symmetricAlgorithm
# Received message 1 for the registration process
auth = msg.get("auth", "")
if auth != "":
asymmetricAlgorithm = auth.get("asymmetric", "")
if asymmetricAlgorithm == "dh":
g = auth.get("g", "")
p = auth.get("p", "")
device_pub_key = auth.get("public_key", "")
if g == "" and p == "" and device_pub_key == "":
# Cannot be empty.
return False
# Generate private key and public key for platform
# in the registration process
pn = dh.DHParameterNumbers(p, g)
parameters = pn.parameters(default_backend())
private_key, public_key = utils.dhGenKeys(parameters)
# Generate shared key
device_pub_key = utils.load_key(device_pub_key)
shared_key = utils.dhGenSharedKey(private_key, device_pub_key)
# Building message two.
answer_registration_request = {
"auth": {
"public_key": public_key.public_bytes( Encoding.PEM,\
PublicFormat.SubjectPublicKeyInfo ).decode( "utf-8" )
}
}
elif asymmetricAlgorithm == "ecdh":
x = auth.get("x", "")
y = auth.get("y", "")
if x == "" and y == "":
# Cannot be empty.
return False
private_key, public_key = utils.ecdhGenKeys(utils.curve)
device_pub_key = ec.Point(utils.curve, x, y)
shared_key = utils.ecdhGenSharedKey(private_key, device_pub_key)
# Building message two.
answer_registration_request = {
"auth": {
"x": public_key.x,
"y": public_key.y
}
}
if shared_key == "":
# Cannot be empty.
return False
symmetricAlgorithm = auth.get("symmetric", "")
if symmetricAlgorithm == "fernet":
encriptor = Fernet(base64.urlsafe_b64encode(shared_key))
elif symmetricAlgorithm == "chacha":
encriptor = ChaCha20Poly1305(shared_key)
message = add_header_message( answer_registration_request, userdata,\
REGISTRATION_TOPIC, 2 )
utils.send(client, None, message)
return True
return False
def test_when_point_is_added_to_infinity_then_point_is_returned(self):
p1 = ec.Point(self.curve, 22, 5)
p2 = ec.Inf(self.curve)
self.assertEqual(p1, p1 + p2)
self.assertEqual(p1, p2 + p1)
print()
print("The public keys are: ")
print(P_a)
print(P_b)
# Secret key by user A(sender):
K_a = n_a * P_b
# Secret key by user B(receiver):
K_b = n_b * P_a
print("Secret key on User A: ", K_a)
print("Secret key on User B: ", K_b)
# On sender's side
K_a = ec.Point(curve, K_a.x, K_a.y)
Message = input("Enter the x and y coordinates by space seperated: ")
Message = list(map(int, Message.split(" ")))
message_point = ec.Point(curve, Message[0], Message[1])
# k is a random number
k = int(input("Enter a random number: "))
Cipher_point_x = k * curve.g
print("Cipher text 1st component(point on My_curve): ", Cipher_point_x)
Cipher_point_y = message_point + k * P_b
print("Cipher text 2nd component(point on My_curve): ", Cipher_point_y)
# On receiver's side
Plain_point = Cipher_point_x * n_b
Plain_point = (message_point + k * P_b) - Plain_point
def convertToPoint(value):
s = ec.Point(curve, int(value[0], 16), int(value[1], 16))
return s
def test_when_same_points_are_added_then_result_is_on_curve(self):
p1 = ec.Point(self.curve, 24, 2)
self.assertEqual(ec.Point(self.curve, 65, 65), p1 + p1)
def test_when_points_have_opposite_ordinates_then_result_is_infinite(self):
p1 = ec.Point(self.curve, 12, 3)
p2 = ec.Point(self.curve, 12, 94)
self.assertEqual(ec.Inf(self.curve), p1 + p2)
def send_eap_tls_client_key(self):
"""
Generate Client_Certificate, Client_KeyExchange, Client_CertificateVerify,
Client_ChangeCipherSpec & FINISHED Message and send it to the server
"""
if self.state != "TLS HANDSHAKE 1":
print("Wrong Connection State for Client_Key Message: {0} - should be 'TLS HANDSHAKE 1'".format(self.state))
return 1
#May have to move this to the _init_ field
packet_head = Dot11(addr1=self.bssid ,addr2=self.sta_mac ,addr3=self.bssid ,type=2 ,subtype=8 , FCfield="to-DS" )/ Dot11QoS('\x00\x00')/LLC(dsap=0xaa,ssap=0xaa,ctrl=3)/ SNAP(OUI=0x0, code=0x888e) / EAPOL(version=1,type=0)
#---------------------------------------------------------------------------#
x509_1 = X509()
x509_1.parse(self.public_cert_file)
x509_2 = X509()
x509_2.parse(self.ca_certs_file)
cert1 = x509_1.writeBytes()
cert2 = x509_2.writeBytes()
#Add 3 Bytes for every Certificate as Length-Field has to be included
chainLength = len(cert1)+3+len(cert2)+3
cert1_len_hex = "{:06x}".format(len(cert1))
cert2_len_hex = "{:06x}".format(len(cert2))
cert1_len = binascii.unhexlify(cert1_len_hex)
cert2_len = binascii.unhexlify(cert2_len_hex)
client_certs = cert1_len + cert1 + cert2_len + cert2
#We use str() because client_certs is a byte-array
client_cert_load = TLSCertificate(certslen=chainLength, certs=str(client_certs))
print("#########################################################")
print("Generating CLIENT CERTIFICATE PAYLOAD")
print("#########################################################")
client_cert_load.show2()
client_cert = TLS(type="handshake", version="TLS 1.0", iv="", msg=client_cert_load)
print("#########################################################")
print("Generating CLIENTCERTIFICATE")
print("#########################################################")
client_cert.show2()
self.handshake_log = self.handshake_log / client_cert[TLSCertificate]
print("#################################################################################################")
#---------------------------------------------------------------------------#
#Generating ClientKey
curve = reg.get_curve("secp256r1")
self.client_secret = random.getrandbits(256)
client_pubKey = curve.g * self.client_secret
#04 Prefix for "uncompressed" and "41" for length of pubKey as scapy cant parse it right
pubKey_head = binascii.unhexlify("4104")
#This one is for sending
raw_full_client_pubKey = pubKey_head + long_to_bytes(client_pubKey.x) + long_to_bytes(client_pubKey.y)
print("#########################################################")
print("Generated following Coordinates:")
print("X:")
print(client_pubKey.x)
print("Y:")
print(client_pubKey.y)
print("#########################################################")
#Parsing ServerKey
raw_full_server_pubKey = self.handshake_log[TLSServerKeyExchange].params.point
#Remove "uncompressed" indicator
full_server_pubKey = raw_full_server_pubKey[1:]
#splitting the x and y coordinates
server_key_x_raw = full_server_pubKey[0:32]
server_key_y_raw = full_server_pubKey[32:64]
server_key_x = bytes_to_long(server_key_x_raw)
server_key_y = bytes_to_long(server_key_y_raw)
server_parse = ec.Point(curve, server_key_x, server_key_y)
print("#########################################################")
print("Parsed following Server Coordinates:")
print("X:")
print(server_parse.x)
print("Y:")
print(server_parse.y)
print("#########################################################")
#Calculating the pre-master-secret (Returned as a long)
long_premaster = (server_parse * self.client_secret).x
self.premaster = long_to_bytes(long_premaster)
#Generating ClientKeyExchange Layer
print("#########################################################")
print("Generating CLIENTKEYEXCHANGE Payload:")
print("#########################################################")
client_key_load = TLSClientKeyExchange(exchkeys=Raw(load=raw_full_client_pubKey))
client_key_load.show2()
client_key = TLS(type="handshake", version="TLS 1.0", iv="", msg=client_key_load)
print("#########################################################")
print("Generating CLIENTKEYEXCHANGE")
print("#########################################################")
client_key.show2()
self.handshake_log = self.handshake_log / client_key_load
print("#################################################################################################")
#---------------------------------------------------------------------------#
#Generating CertificateVerify Layer
#Hash-Value Calculation
temp = hashlib.md5()
temp.update(str(self.handshake_log))
m_string = temp.digest()
temp = hashlib.sha1()
temp.update(str(self.handshake_log))
s_string = temp.digest()
concat_string = m_string + s_string
concat_string_hex = binascii.hexlify(concat_string)
#Padding Calculation
head = "0001"
bottom = "00"
body = ""
for i in range(0,434):
body = body + "F"
#Combining Hash & Padding
concat_string_build = head + body + bottom + concat_string_hex
concat_string_raw = binascii.unhexlify(concat_string_build)
#Signing Message with M2Crypto using no_padding mode
m2_key = RSA.load_key(self.private_key_file)
signature_m2 = m2_key.private_encrypt(concat_string_raw, m2.no_padding)
#Parsing the Certificate Verify Layer from Wireshark as Scapy has problems generating it
certificate_verify_head = binascii.unhexlify("0f0001020100")
#Works, as the signature has same length every time
certificate_verify_load = TLSCertificateVerify(certificate_verify_head + signature_m2)
certificate_verify = TLS(type="handshake", version="TLS 1.0", iv="", msg=certificate_verify_load)
print("#########################################################")
print("Generated CERTIFICATEVERIFY")
print("#########################################################")
certificate_verify.show2()
#Used for FINISHED Message later
self.handshake_log = self.handshake_log / certificate_verify[TLSCertificateVerify]
print("#################################################################################################")
#---------------------------------------------------------------------------#
#Generate ChangeCipherSpec Message
#IS NOT RELEVANT FOR FINISHED MESSAGE -> Therefore not saved to log
cipher_spec_load = TLSChangeCipherSpec()
cipher_spec = TLS(type="change_cipher_spec", version="TLS 1.0", iv="", msg=cipher_spec_load)
print("#########################################################")
print("Generated CHANGECIPHERSPEC")
print("#########################################################")
cipher_spec.show2()
print("#################################################################################################")
#---------------------------------------------------------------------------#
#Via Scapy: gmt_unix_time + random_bytes = FULL Random_bytes
parsed_time_client = "{0:02x}".format(self.handshake_log[TLSClientHello].gmt_unix_time).zfill(8)
parsed_time_server = "{0:02x}".format(self.handshake_log[TLSServerHello].gmt_unix_time).zfill(8)
client_random = binascii.unhexlify(parsed_time_client) + self.handshake_log[TLSClientHello].random_bytes
server_random = binascii.unhexlify(parsed_time_server) + self.handshake_log[TLSServerHello].random_bytes
print("#########################################################")
print("Parsed following random_bytes:")
print("Client Random:")
print(binascii.hexlify(client_random))
print("Server Random:")
print(binascii.hexlify(server_random))
#master bitaray with length 48 Bytes
self.master = tlslite.mathtls.calcMasterSecret((3,1), None, self.premaster, client_random, server_random)
print("#########################################################")
print("Calculated Master-Secret:")
print(binascii.hexlify(str(self.master)))
print("#########################################################")
#---------------------------------------------------------------------------#
#Calculate FINISHED Message via tlslite
#handshakeHash = MD5(handshake_messages) + SHA-1(handshake_messages)
#No Padding like RSA Signatur PKCS!
#Method expects handshakeHash as byteArray -> makes no difference here
print("#################################################################################################")
#Hash-Value Calculation exactly as in ClientVerify but now with ClientVerify appended to the log
temp = hashlib.md5()
temp.update(str(self.handshake_log))
m_string = temp.digest()
temp = hashlib.sha1()
temp.update(str(self.handshake_log))
s_string = temp.digest()
handshakeHash = m_string + s_string
#content of FINISHED-Message:
verifyData = tlslite.mathtls.PRF(self.master, "client finished", handshakeHash, 12)
#Creating Header for Handshake-Layer (NOT Record!):
#14 -> ContentType 20 = FINISHED
#00000C -> Length of Content = 12 Bytes = VerifyData.length
header_hex = "1400000C"
header = binascii.unhexlify(header_hex)
finished_payload = header + verifyData
#Generating Key-Material to calculate required Keys for Sending:
#Required: client_write_MAC, client_write_key , client_write_IV
#client_write_MAC with SHA-1 -> 20 Bytes
#client_write_key with AES-256 -> 256 Bit -> 32 Bytes
#client/server IV still uses 128 bit blocks, so 128-bit IV -> 16 Bytes
#key_block = PRF(master_secret, "key expansion", server_random + client_random)
#KEYLENGTH = 20 (MAC) + 20(Server MAC) + 32 (AES256) + 32 (AES256 Server) + 16 (IV) + 16 (Server IV) = 136 bytes
#Order of Keys : client_write_MAC , server_write_MAC, client_write_key, server_write_key, client_write_IV, server_write_IV
keys = tlslite.mathtls.PRF(self.master, "key expansion", server_random + client_random, 136)
#20 Bytes per Key (SHA-1)
client_mac_key = keys[0:20]
server_mac_key = keys[20:40]
#32 Bytes per Key (AES-256)
client_write_key = keys[40:72]
server_write_key = keys[72:104]
#16 Bytes per Key (AES-CBC)
client_write_iv = keys[104:120]
server_write_iv = keys[120:136]
print("#########################################################")
print("Client_Mac_Key:")
print(binascii.hexlify(str(client_mac_key)))
print("Server_Mac_Key:")
print(binascii.hexlify(str(server_mac_key)))
print("Client_Write_Key:")
print(binascii.hexlify(str(client_write_key)))
print("Server_Write_Key:")
print(binascii.hexlify(str(server_write_key)))
print("Client_Write_IV:")
print(binascii.hexlify(str(client_write_iv)))
print("Server_Write_IV:")
print(binascii.hexlify(str(server_write_iv)))
print("#########################################################")
#HMAC_SHA1(client_write_mac_key, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment)
#client_write_mac_key = get from master_secret
#seq_num = 0 as 8 Bytes -> 0x0000000000000000
#TLSCompressed.type = 0x16 = 22 from Record-Layer
#TLSCompressed.version = 0x0301
#TLSCompressed.length = length(header+verifyData) -> 0x0010 because we have 16 bytes
#TLSCompressed.fragment = header+verifyData
#label = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length
label = binascii.unhexlify("0000000000000000") + binascii.unhexlify("16") + binascii.unhexlify("0301") + binascii.unhexlify("0010")
fin_mac = hmac.new(client_mac_key, label+finished_payload, hashlib.sha1).digest()
#Padding: (We need 12 Bytes Padding, so 11-Bytes with Value '11' and one Padding-Length-Byte with Value '11')
padding_hex = ""
for i in range(0,11):
padding_hex = padding_hex + "0B"
#Adding the Padding-Length
padding_hex = padding_hex + "0B"
padding = binascii.unhexlify(padding_hex)
#Encrypt the Layer:
#USING IN THIS ORDER : finished_payload + fin_mac + padding
encryptor = EVP.Cipher(alg="aes_256_cbc", key=client_write_key, iv=client_write_iv, op=1, padding=0)
encrypted_payload = encryptor.update(finished_payload + fin_mac + padding)
encrypted_payload += encryptor.final()
#Generate TLS Record Layer:
finished_head = binascii.unhexlify("1603010030")
finished = finished_head + encrypted_payload
print("#########################################################")
print("Generated FINISHED")
print("#########################################################")
#---------------------------------------------------------------------------#
#Construct the whole packet:
packet_tls = str(client_cert) + str(client_key) + str(certificate_verify) + str(cipher_spec) + str(finished)
#Fragment the packet: (In this Case - Fragments of the size of about 1266 Bytes)
fragment1_payload = packet_tls[0:1266]
fragment2_payload = packet_tls[1266:2532]
fragment3_payload = packet_tls[2532:]
#EAP Packet Head -> Remember ID regarding Fragmentation and "More Fragments"-Flag
packet1 = packet_head / EAP_TLS(code="Response", id=(self.current_id - 1), type="EAP-TLS", L=1, M=1, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment1_payload)
packet1[Dot11].SC = 0x0090
packet2 = packet_head / EAP_TLS(code="Response", id=self.current_id , type="EAP-TLS", L=1, M=1, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment2_payload)
packet2[Dot11].SC = 0x00A0
self.current_id += 1
packet3 = packet_head / EAP_TLS(code="Response", id=self.current_id , type="EAP-TLS", L=1, M=0, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment3_payload)
packet3[Dot11].SC = 0x00B0
print("#########################################################")
print("Generated 3 Fragments:")
print("#########################################################")
print("Fragment 1 :")
packet1.show2()
print("#########################################################")
print("Fragment 2 :")
packet2.show2()
print("#########################################################")
print("Fragment 3 :")
packet3.show2()
print("#########################################################")
fragments = list()
#First packet will be sent directly!
fragments.append(packet2)
fragments.append(packet3)
#Send it away!
result_queue = multiprocessing.Queue()
send_process = multiprocessing.Process(
target=self.mon_ifc.send_packet,
args=(packet1,None, ))
send_and_receive_process = multiprocessing.Process(
target=self.mon_ifc.search_eap_tls_server_response,
args=(result_queue, fragments,))
send_and_receive_process.start()
time.sleep(.250)
send_process.start()
send_process.join()
send_and_receive_process.join()
if result_queue.get():
self.state = "TLS SUCCESS"
def test_when_point_is_substracted_from_infinity_then_point_is_returned(self):
p1 = ec.Point(self.curve, 22, 5)
p2 = ec.Inf(self.curve)
self.assertEqual(p1, p1 - p2)
self.assertEqual(p1, p2 - p1)
def test_when_point_are_on_curve_then_substracted_result_is_on_curve(self):
p1 = ec.Point(self.curve, 22, 5)
p2 = ec.Point(self.curve, 95, 66)
# -31 % 97 == 66
p3 = ec.Point(self.curve, 95, 31)
self.assertEqual(p1 + p2, p1 - p3)
def test_when_point_is_not_multiplied_by_an_int_then_error_is_raised(self):
p1 = ec.Point(self.curve, 3, 6)
with self.assertRaises(TypeError):
p1 * p1
