def ctSSL_initialize(multithreading=False):
"""
Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error
strings. Optionally initializes OpenSSL multithreading support.
Should always be called before any other ctSSL function.
"""
# Initialize multithreading
multithreading=False # TODO: Clean start. Disabled for now, causes issues
# Might not be required ?
if multithreading:
openSSL_threading_init()
openSSL_threading = True
# Initialize libraries and error strings
libssl.SSL_library_init()
libssl.SSL_load_error_strings()
if libcrypto.RAND_status() != 1:
raise ctSSLInitError('OpenSSL PRNG not seeded with enough data.')
# Tell ctypes the arguments and return types for every C function that is exposed
BIO.init_BIO_functions()
SSL_CTX.init_SSL_CTX_functions()
SSL.init_SSL_functions()
SSL_SESSION.init_SSL_SESSION_functions()
X509.init_X509_functions()
errors.init_ERR_functions()
def ctSSL_initialize(multithreading=False, zlib=False):
"""
Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error
strings. Should always be called before any other ctSSL function.
@type multithreading: boolean
@param multithreading: Initialize OpenSSL multithreading support.
TODO: This actually doesn't do anything ATM.
@type zlib: boolean
@param zlib: Initialize support for Zlib compression.
"""
# Initialize multithreading
multithreading = False # TODO: Clean start. Disabled for now, causes issues
# Might not be required ?
if multithreading:
openSSL_threading_init()
openSSL_threading = True
# Initialize libraries and error strings
libssl.SSL_library_init()
libssl.SSL_load_error_strings()
if libcrypto.RAND_status() != 1:
raise ctSSLInitError('OpenSSL PRNG not seeded with enough data.')
# Tell ctypes the arguments and return types for every C function that is exposed
BIO.init_BIO_functions()
SSL_CTX.init_SSL_CTX_functions()
SSL.init_SSL_functions()
SSL_SESSION.init_SSL_SESSION_functions()
X509.init_X509_functions()
errors.init_ERR_functions()
if zlib: # Enable Zlib compression. Can only be done globally.
try:
libcrypto.COMP_zlib.argtypes = []
libcrypto.COMP_zlib.restype = c_void_p
libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p]
libssl.SSL_COMP_add_compression_method.restype = c_int
zlib_comp_p = libcrypto.COMP_zlib()
has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p)
except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ?
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?"
)
except: # TODO: Check for common errors here and add meaningful error message
raise
if has_zlib != 0:
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: OpenSSL was not built with Zlib support ?"
)
features_not_available.ZLIB_NOT_AVAIL = False
def ctSSL_initialize(multithreading=False, zlib=False):
"""
Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error
strings. Should always be called before any other ctSSL function.
@type multithreading: boolean
@param multithreading: Initialize OpenSSL multithreading support.
TODO: This actually doesn't do anything ATM.
@type zlib: boolean
@param zlib: Initialize support for Zlib compression.
"""
# Initialize multithreading
multithreading = False # TODO: Clean start. Disabled for now, causes issues
# Might not be required ?
if multithreading:
openSSL_threading_init()
openSSL_threading = True
# Initialize libraries and error strings
libssl.SSL_library_init()
libssl.SSL_load_error_strings()
if libcrypto.RAND_status() != 1:
raise ctSSLInitError("OpenSSL PRNG not seeded with enough data.")
# Tell ctypes the arguments and return types for every C function that is exposed
BIO.init_BIO_functions()
SSL_CTX.init_SSL_CTX_functions()
SSL.init_SSL_functions()
SSL_SESSION.init_SSL_SESSION_functions()
X509.init_X509_functions()
errors.init_ERR_functions()
if zlib: # Enable Zlib compression. Can only be done globally.
try:
libcrypto.COMP_zlib.argtypes = []
libcrypto.COMP_zlib.restype = c_void_p
libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p]
libssl.SSL_COMP_add_compression_method.restype = c_int
zlib_comp_p = libcrypto.COMP_zlib()
has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p)
except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ?
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?"
)
except: # TODO: Check for common errors here and add meaningful error message
raise
if has_zlib != 0:
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: OpenSSL was not built with Zlib support ?"
)
features_not_available.ZLIB_NOT_AVAIL = False
def load_key_bio(self,
keybio,
certbio=None,
callback=util.passphrase_callback):
if certbio is None:
certbio = keybio
self.pkey = EVP.load_key_bio(keybio, callback)
self.x509 = X509.load_cert_bio(certbio)
def load_key(self,
keyfile,
certfile=None,
callback=util.passphrase_callback):
if certfile is None:
certfile = keyfile
self.pkey = EVP.load_key(keyfile, callback)
self.x509 = X509.load_cert(certfile)
def get_peer_certificate(self):
"""
Return the peer's certificate.
Directly calls OpenSSL's SSL_get_peer_certificate().
@rtype: ctSSL.X509.X509
@return: The peer's certificate.
@raise ctSSLEmptyValue: OpenSSL returned a NULL pointer, meaning there's
no peer certificate available for the current connection.
"""
cert = X509.X509(libssl.SSL_get_peer_certificate(self._ssl_struct_p))
return cert
def load_key_bio(self, keybio, certbio=None, callback=util.passphrase_callback):
if certbio is None:
certbio = keybio
self.pkey = EVP.load_key_bio(keybio, callback)
self.x509 = X509.load_cert_bio(certbio)
def load_key(self, keyfile, certfile=None, callback=util.passphrase_callback):
if certfile is None:
certfile = keyfile
self.pkey = EVP.load_key(keyfile, callback)
self.x509 = X509.load_cert(certfile)
def receive(self, safe_only=False):
s = SafeUser()
num = input("Please enter how many email you wish to receive: ")
mail = imaplib.IMAP4_SSL('imap.gmail.com')
mail.login(raw_input("Please enter you account: "), getpass.getpass())
mail.select('inbox')
typ, data = mail.search(None, 'ALL')
ids = data[0]
id_list = ids.split()
#get the most recent email id
latest_email_id = int( id_list[-1] )
total_count = 1
safe_count = 1
#iterate messages through descending order
for i in range( latest_email_id, latest_email_id-num, -1 ):
typ, data = mail.fetch( i, '(RFC822)' )
for response_part in data:
if isinstance(response_part, tuple):
msg = email.message_from_string(response_part[1])
subject = msg['Subject']
#payload = msg.get_payload()
if not safe_only:
print "--------------------- START OF MESSAGE ---------------------"
print "This is mail #%d: " %(total_count)
print "Subject: "+subject
print "Payload:"
print msg.get_payload()
total_count = total_count + 1
print "--------------------- END OF MESSAGE ---------------------"
elif subject[:7] == "(Safe)-":
content = safe_mail_payload(**(ast.literal_eval(msg.get_payload())))
encrypted_key = content.key
sender_dev_cert = content.cert
device_id = content.dev_id
namespace = device_id.split('.')[0]
peer_ns_cert = None
for peer in s.peer_list:
peer_name = str(peer).split("#")[0]
if peer_name == namespace:
peer_ns_cert = s.get_metadata(peer)['cert_pem']
if peer_ns_cert == None:
peer_ns_cert = s.cert_pem
if not peer_ns_cert == None:
x = X509.load_certificate_from_PEM(sender_dev_cert)
if not x.validate_cert(peer_ns_cert):
print "Warning: This mail is not sent from a trutesd device"
x = X509.load_certificate_from_PEM(sender_dev_cert)
try:
if not verify_signature(sender_dev_cert, encrypted_key,
base64.decodestring(content.sig)):
print "This mail is cannot be verified"
else:
print "--------------------- START OF MESSAGE ---------------------"
key = decrypt_with_privkey(s.privkey_pem, encrypted_key)
plaintext = AES_decrypt(content.body, key)
print "This is mail #%d: " %(safe_count)
print "Subject: "+subject
print "Payload:"
print plaintext
safe_count = safe_count + 1
print "--------------------- END OF MESSAGE ---------------------"
except:
print "Something went wrong with the email format"
mail.close()
mail.logout()
#100557027
#Alexander Yan
#100649393
import symmetric
import SHA512
import X509
import TripleDES
import CaesarCipher
if __name__ == "__main__":
while (True):
print("1. 3DES encryption")
print("2. AES encryption")
print("3. SHA512")
print("4. X509 certification")
print("5. Caesar Cipher")
print("0. Exit")
x = int(input("Enter the numbmer corresponding task: "))
if (x == 1):
TripleDES.TripleDES()
elif (x == 2):
symmetric.AES()
elif (x == 3):
SHA512.SHA512()
elif (x == 4):
X509.X509()
elif (x == 5):
CaesarCipher.CaesarCipher()
elif (x == 0):
break
def get_certs(self, certs):
return X509.X509_Stack(m2.pkcs7_get_certs(self.pkcs7, certs.stack))
def get0_signers(self, certs, flags=0):
return X509.X509_Stack(
m2.pkcs7_get0_signers(self.pkcs7, certs.stack, flags), 1)
