def resolve(target): """Return the generation number for target. As a side effect, record any new calculated data to the git repository. """ num = get_num(target) if num is not None: return num if git_tree(REF) is None: empty = git_mktree({}) ref = run_git('commit-tree', '-m', 'Initial commit from git-number', empty) run_git('update-ref', REF, ref) with ScopedPool() as pool: available = pool.apply_async(git_tree, args=(REF,), kwds={'recurse': True}) preload = set() rev_list = [] with StatusPrinter('Loading commits: %d') as inc: for line in run_git('rev-list', '--topo-order', '--parents', '--reverse', hexlify(target), '^'+REF).splitlines(): toks = map(unhexlify, line.split()) rev_list.append((toks[0], toks[1:])) preload.update(t[:PREFIX_LEN] for t in toks) inc() preload.intersection_update( unhexlify(k.replace('/', '')) for k in available.get().iterkeys() ) preload.difference_update((x,) for x in get_num_tree.cache) if preload: preload_iter = pool.imap_unordered(preload_tree, preload) with StatusPrinter('Preloading nurbs: (%%d/%d)' % len(preload)) as inc: for prefix, tree in preload_iter: get_num_tree.cache[prefix,] = tree inc() get_num_tree.default_enabled = True for ref, pars in rev_list: num = set_num(ref, max(map(get_num, pars)) + 1 if pars else 0) finalize(hexlify(target)) return num
def handle_ClientHello(sess, pdx, rx): rb = e64bs(number.long_to_bytes(random.getrandbits(16 * 8))).rstrip() if sess is None: sess = hexlify(number.long_to_bytes(random.getrandbits( 17 * 8))).decode() + '-' + e64bs( number.long_to_bytes(random.getrandbits(56 * 8)) + b'\0').rstrip() return ET.tostring(pdx).decode(), '''<?xml version="1.0" encoding="UTF-8"?> <ServerHello xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SessionID="{sess}" Status="Continue" Version="1.0"> <KeyType xmlns="">http://www.rsasecurity.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES</KeyType> <EncryptionAlgorithm xmlns="">http://www.w3.org/2001/04/xmlenc#rsa-1_5</EncryptionAlgorithm> <EncryptionKey xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:KeyValue xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:RSAKeyValue xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:Modulus>{mod}</ds:Modulus> <ds:Exponent>{exp}</ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </EncryptionKey> <Payload xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Nonce xmlns="">{rb}</Nonce> </Payload> <Extensions xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Extension xmlns:ct-kip="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Data>{rb}</Data> </Extension> </Extensions> <MacAlgorithm xmlns="">http://www.rsasecurity.com/rsalabs/otps/schemas/2005/11/ct-kip#ct-kip-prf-aes</MacAlgorithm> </ServerHello>'''.format(sess=sess, rb=rb, mod=e64bs(number.long_to_bytes(pubk.n)).rstrip(), exp=e64bs(number.long_to_bytes(pubk.e)).rstrip())
def handle_ClientNonce(sess, pdx, rx): # Decrypt the ClientNonce (this will be the token secret) ct = d64b(rx.find('.//EncryptedNonce', ns).text) print("ENcrypted ClientNonce: {}".format(hexlify(ct))) print("DEcrypted ClientNonce: {}".format(hexlify(cipher.decrypt(ct)))) tid = e64s('%012d' % random.randint( 1, 999999999999)).rstrip() # Random 12-digit decimal number, b64enc exp = '2019-01-01T00:00:00+00:00' # ISO9601 datetime rmb = e64bs(number.long_to_bytes(random.getrandbits( 16 * 8))).rstrip() # random MAC bytes... urk pdr = '''<?xml version="1.0"?>\n<ProvisioningData><PinType>0</PinType><AddPIN>1</AddPIN></ProvisioningData>''' r = '''<?xml version="1.0" encoding="UTF-8"?> <ServerFinished xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SessionID="{sess}" Status="Success" Version="1.0"> <TokenID xmlns="">{tid}</TokenID> <KeyID xmlns="">{tid}</KeyID> <KeyExpiryDate xmlns="">{exp}</KeyExpiryDate> <ServiceID xmlns="">RSA CT-KIP</ServiceID> <UserID xmlns=""/> <Extensions xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Extension xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Critical="true"> <OTPFormat>Decimal</OTPFormat> <OTPLength>8</OTPLength> <OTPMode xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Time xmlns="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" TimeInterval="60"/> </OTPMode> </Extension> </Extensions> <Mac xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" MacAlgorithm="http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#ct-kip-prf-aes"> {rmb} </Mac> </ServerFinished>'''.format(tid=e64s(tid).rstrip(), exp=exp, sess=sess, rmb=rmb) return pdr, r
def serverFinished(self, session_id, server_nonce, client_none=None): # generate and encrypt client nonce if client_none is None: client_nonce = random.getrandbits(16 * 8) cipher = PKCS1_OAEP.new(self.server_pubkey) client_nonce = client_nonce.to_bytes(16, byteorder='big') encrypted_client_nonce = cipher.encrypt(client_nonce) print( "Generated client nonce:\n\tplaintext: {}\n\tencrypted: {}".format( hexlify(client_nonce), hexlify(encrypted_client_nonce))) # send second request req2_filled = req2_tmpl.format( session_id=session_id, encrypted_client_nonce=e64bs(encrypted_client_nonce), server_nonce=e64bs(server_nonce)) if self.verbose: print(req2_filled) req2 = self.soap.make_ClientRequest('ServerFinished', pd, req2_filled) raw_res2 = self.s.send(self.s.prepare_request(req2)) if self.verbose: print(raw_res2) pd_res2, res2 = self.soap.parse_ServerResponse(raw_res2) if self.verbose: print(res2) # get stuff from response key_id = d64b(res2.find('TokenID').text) token_id = d64b(res2.find('KeyID').text) key_exp = res2.find('KeyExpiryDate').text mac = d64b(res2.find('Mac').text) return (key_id, token_id, key_exp, mac)
def main(): force = '-f' in sys.argv if force: sys.argv.remove('-f') StatusPrinter.ENABLED = True target = hexlify(parse_one_committish()) print 'Got Target: %s' % target fix_head(target) run_git('reset', '-q', target) if force: force_checkout(git_tree(target, recurse=True)) else: fancy_checkout()
def main(): p = argparse.ArgumentParser() p.add_argument('-v', '--verbose', action='count') p.add_argument('url') p.add_argument('activation_code') args = p.parse_args() client = CtKipClient(args.url, args.activation_code, args.verbose) session_id, server_nonce, pubk = client.startService() print("Got server nonce and RSA pubkey:\n{}\n{}".format( hexlify(server_nonce), pubk.exportKey('PEM').decode())) key_id, token_id, key_exp, mac = client.serverFinished( session_id, server_nonce) print("Got key ID, token ID, key expiration date, and MAC:" "\nKeyID: {}\nTokenID: {}\nExpiration: {}\nMAC: {}".format( key_id, token_id, key_exp, mac))
pd_res1, res1 = soap.parse_ServerResponse(raw_res1) if args.verbose: print(res1) session_id = res1.attrib['SessionID'] k = res1.find('.//{http://www.w3.org/2000/09/xmldsig#}RSAKeyValue') mod = number.bytes_to_long(d64sb(k.find( '{http://www.w3.org/2000/09/xmldsig#}Modulus').text)) exp = number.bytes_to_long(d64sb(k.find( '{http://www.w3.org/2000/09/xmldsig#}Exponent').text)) pubk = RSA.construct( (int(mod), int(exp)) ) pl = res1.find('.//Payload') server_nonce = d64sb(pl.find('Nonce').text) print("Got server nonce and RSA pubkey:\n{}\n{}".format( hexlify(server_nonce), pubk.exportKey('PEM').decode())) # generate and encrypt client nonce client_nonce = bytearray([random.getrandbits(8) for i in range(16)]) cipher = PKCS1_OAEP.new(pubk) encrypted_client_nonce = cipher.encrypt(hexlify(client_nonce)) print("Generated client nonce:\n\tplaintext: {}\n\tencrypted: {}".format( hexlify(client_nonce), hexlify(encrypted_client_nonce))) # send second request req2_filled = req2_tmpl.format( session_id=session_id, encrypted_client_nonce=hexlify(encrypted_client_nonce).decode(), server_nonce=hexlify(server_nonce).decode()) req2 = soap.make_ClientRequest('ServerFinished', pd, req2_filled) pd_res2, res2 = soap.parse_ServerResponse(s.send(s.prepare_request(req2)))