def connection_made(self, transport):
logger.debug("{} CRAP: connection made".format(self._mode))
self.transport = transport
self.crap_transport = CrapTransport(self.transport)
self.crap_transport.set_protocol(self)
if self._mode == "client":
self.client_private_key = ec.generate_private_key(
ec.SECP384R1(), default_backend())
self.client_public_key = self.client_private_key.public_key()
self.client_sign_pvk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
self.client_sign_pbk = self.client_sign_pvk.public_key()
root_CA_cert = open(
'/home/student_20194/.playground/connectors/crap/20194_root.cert',
'rb').read()
team5_CA_cert = open(
'/home/student_20194/.playground/connectors/crap/team5_signed.cert',
'rb').read()
team5_CA_private_key = open(
'/home/student_20194/.playground/connectors/crap/private_key.pem',
'rb').read()
self.team5_CA_sign_pvk = load_pem_private_key(
team5_CA_private_key, password=None, backend=default_backend())
self.root_CA_cert = x509.load_pem_x509_certificate(
root_CA_cert, default_backend())
self.team5_CA_cert = x509.load_pem_x509_certificate(
team5_CA_cert, default_backend())
self.team5_CA_sign_pbk = self.team5_CA_sign_pvk.public_key()
self.root_CA_sign_pbk = self.root_CA_cert.public_key()
print("load cert success!")
self.cnonce = randrange(2**32)
self.serialized_cnonce = str(self.cnonce).encode('ASCII')
self.rule = 0
if self.rule == 0:
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.20.30'),
]))
builder = builder.issuer_name(self.team5_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(private_key=self.team5_CA_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
if self.rule == 1:
#client_certification is not signed by team CA
wrong_signk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.20.30'),
]))
builder = builder.issuer_name(self.team5_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(private_key=wrong_signk,
algorithm=hashes.SHA256(),
backend=default_backend())
if self.rule == 2:
#team_certification is not signed by root
wrong_signk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'20194.5.'),
]))
builder = builder.issuer_name(self.root_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.team5_CA_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.")]),
critical=False)
team5_certificate = builder.sign(private_key=wrong_signk,
algorithm=hashes.SHA256(),
backend=default_backend())
team5_CA_cert = team5_certificate.public_bytes(Encoding.PEM)
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.20.30'),
]))
builder = builder.issuer_name(self.root_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(private_key=self.team5_CA_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
if self.rule == 3:
#common name not match
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.1.1'),
]))
builder = builder.issuer_name(self.team5_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.1.1")]),
critical=False)
certificate = builder.sign(private_key=self.team5_CA_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
if self.rule == 4:
#certification not signed by right team CA, have to change playground address
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.4.20.30'),
]))
builder = builder.issuer_name(self.root_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(
days=90)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(
days=90)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.20.30")]),
critical=False)
certificate = builder.sign(private_key=self.team5_CA_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
client_cert = certificate.public_bytes(Encoding.PEM)
data = self.client_public_key.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
sigA = self.client_sign_pvk.sign(
data,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tls_handshake_packet = HandshakePacket(status=0)
tls_handshake_packet.pk = data
tls_handshake_packet.signature = sigA
tls_handshake_packet.nonce = self.cnonce
tls_handshake_packet.cert = client_cert
tls_handshake_packet.certChain = [team5_CA_cert]
self.transport.write(tls_handshake_packet.__serialize__())
logger.debug("Client send TLS handshake!")
def test_ecc_decode_compressed_point_prime_characteristic_two(patch_pow):
patch_pow.return_value = 1
_, y = _ecc_decode_compressed_point(curve=ec.SECP384R1(), compressed_point=VALUES["ecc_compressed_point"])
assert y == 1
def from_jwk(jwk):
try:
if isinstance(jwk, str):
obj = json.loads(jwk)
elif isinstance(jwk, dict):
obj = jwk
else:
raise ValueError
except ValueError:
raise InvalidKeyError("Key is not valid JSON")
if obj.get("kty") != "EC":
raise InvalidKeyError("Not an Elliptic curve key")
if "x" not in obj or "y" not in obj:
raise InvalidKeyError("Not an Elliptic curve key")
x = base64url_decode(obj.get("x"))
y = base64url_decode(obj.get("y"))
curve = obj.get("crv")
if curve == "P-256":
if len(x) == len(y) == 32:
curve_obj = ec.SECP256R1()
else:
raise InvalidKeyError(
"Coords should be 32 bytes for curve P-256")
elif curve == "P-384":
if len(x) == len(y) == 48:
curve_obj = ec.SECP384R1()
else:
raise InvalidKeyError(
"Coords should be 48 bytes for curve P-384")
elif curve == "P-521":
if len(x) == len(y) == 66:
curve_obj = ec.SECP521R1()
else:
raise InvalidKeyError(
"Coords should be 66 bytes for curve P-521")
elif curve == "secp256k1":
if len(x) == len(y) == 32:
curve_obj = ec.SECP256K1()
else:
raise InvalidKeyError(
"Coords should be 32 bytes for curve secp256k1")
else:
raise InvalidKeyError(f"Invalid curve: {curve}")
public_numbers = ec.EllipticCurvePublicNumbers(
x=int.from_bytes(x, byteorder="big"),
y=int.from_bytes(y, byteorder="big"),
curve=curve_obj,
)
if "d" not in obj:
return public_numbers.public_key()
d = base64url_decode(obj.get("d"))
if len(d) != len(x):
raise InvalidKeyError("D should be {} bytes for curve {}",
len(x), curve)
return ec.EllipticCurvePrivateNumbers(
int.from_bytes(d, byteorder="big"),
public_numbers).private_key()
def connection_made(self, transport):
logger.debug(">>>>> Crap Connection Made Start: {} <<<<<".format(
self.mode))
print("connection made connection made connection made")
self.transport = transport
self.higher_transport = CRAPTransport(transport)
self.higher_transport.connect_protocol(self)
if self.mode == "client":
print(">>>>> Client: Send First Packet START <<<<<")
# create the secret key and public key
self.privkA = ec.generate_private_key(ec.SECP384R1(),
default_backend())
self.pubkA = self.privkA.public_key()
# create a signing key
self.signkA = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
# FIXME note: cert_t4.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
# create a certification with current playground address
cert_root_data = open('20194_root.cert', 'rb').read()
cert_t4_data = open('csr_team4_signed.cert', 'rb').read()
privk_t4_data = open('key_team4.pem', 'rb').read()
self.cert_root = cryptography.x509.load_pem_x509_certificate(
cert_root_data, default_backend())
self.cert_t4 = cryptography.x509.load_pem_x509_certificate(
cert_t4_data, default_backend())
self.privk_t4 = serialization.load_pem_private_key(
privk_t4_data,
password=b'passphrase',
backend=default_backend())
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"Maryland"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Baltimore"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Team 4"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.4.4"),
])
print("aaaaaaa")
self.certA = x509.CertificateBuilder().subject_name(
subject).issuer_name(self.cert_t4.subject).public_key(
self.signkA.public_key()).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=10)).add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.4.4")]),
critical=False,
).sign(self.privk_t4, hashes.SHA256(),
default_backend())
print("aaaaaaa")
certA_bytes = self.certA.public_bytes(Encoding.PEM)
# create a signature for the public key
pubkA_bytes = self.pubkA.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
self.sigA = self.signkA.sign(
pubkA_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# create a challenge (256 bits) and a signature for this challenge
# self.nonceA = int.from_bytes(uuid.uuid4().bytes + uuid.uuid4().bytes, "little")
# self.nonceA = uuid.uuid4().int
self.nonceA = random.randint(0, 999999)
self.certChain = [cert_t4_data]
# create a new packet
new_packet = HandshakePacket(status=0,
nonce=self.nonceA,
pk=pubkA_bytes,
signature=self.sigA,
cert=certA_bytes,
certChain=self.certChain)
# transport the new packet
self.transport.write(new_packet.__serialize__())
print(">>>>> Client: Send First Packet END <<<<<")
logger.debug(">>>>> Crap Connection Made End: {} <<<<<".format(
self.mode))
def test_ecc_decode_compressed_point_infinity():
with pytest.raises(NotSupportedError) as excinfo:
_ecc_decode_compressed_point(curve=ec.SECP384R1(), compressed_point=b"")
excinfo.match(r"Points at infinity are not allowed")
def crap_handshake_recv(self, packet):
if self.crap_status == "ESTABLISHED":
logger.debug("recvive a handshake packet when connect ESTABLISHED")
return
if self.mode == "server":
if packet.status == 0:
logger.debug("Server start Hello")
# Load the cert of intermediate CA and root CA
root_cert_data = open('20194_root.cert', 'rb').read()
team4_cert_data = open('csr_team4_signed.cert', 'rb').read()
team4_privk_data = open('key_team4.pem', 'rb').read()
self.root_cert = x509.load_pem_x509_certificate(
root_cert_data, default_backend())
self.team4_cert = x509.load_pem_x509_certificate(
team4_cert_data, default_backend())
self.team4_privk = load_pem_private_key(
team4_privk_data,
password=b'passphrase',
backend=default_backend())
# Receive from client
certification = x509.load_pem_x509_certificate(
packet.cert, default_backend())
self.extract_pubkA = certification.public_key()
try:
print("start server verify hello")
# Check the signature from client
self.extract_pubkA.verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Check the playground address
team4_addr = self.team4_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
recv_addr = certification.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print("Team address:", team4_addr)
print("Client address:", recv_addr)
# if team4_addr in recv_addr:
# print("Verify success")
# pass
# else:
# raise
except Exception as error:
logger.debug(
"Server 0 verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
# Create Server ephemeral key key
self.privkB = ec.generate_private_key(ec.SECP384R1(),
default_backend())
pubkB = self.privkB.public_key()
# Create pk in packet (serialization)
self.dataB = pubkB.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
# Generate shared key
recv_pubk = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkB.exchange(ec.ECDH(), recv_pubk)
# Create long term for signing
self.signkB = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
self.pubk_sigB = self.signkB.public_key()
# Create self cert subject
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"MD"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Baltimore"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"JHU"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.4.4"),
])
# Build self cert
builder = x509.CertificateBuilder()
builder = builder.subject_name(subject)
builder = builder.issuer_name(
self.team4_cert.subject) # change the issuer
builder = builder.public_key(
self.pubk_sigB) # put self pubk in cert
builder = builder.serial_number(x509.random_serial_number())
builder = builder.not_valid_before(datetime.datetime.utcnow())
builder = builder.not_valid_after(datetime.datetime.utcnow() +
datetime.timedelta(days=30))
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.4.4")]),
critical=False)
# Sign the self with intermediate CA's private key
certificate = builder.sign(private_key=self.team4_privk,
algorithm=hashes.SHA256(),
backend=default_backend())
print("sign the self cert success!!!")
# Create CertB to transmit (serialization)
certB = certificate.public_bytes(Encoding.PEM)
# Create certificate chain
self.cert_chain = [team4_cert_data]
# Create signature
sigB = self.signkB.sign(
self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Create nonceB
tmp_nonceB = randrange(2**32)
self.nonceB = str(tmp_nonceB).encode('ASCII')
# Received nonceA
nonceA = str(packet.nonce).encode('ASCII')
# Create nonceSignatureB (bytes)
nonceSignatureB = self.signkB.sign(
nonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
new_secure_packet = HandshakePacket(
status=1,
pk=self.dataB,
signature=sigB,
nonce=tmp_nonceB,
nonceSignature=nonceSignatureB,
cert=certB,
certChain=self.cert_chain)
self.transport.write(new_secure_packet.__serialize__())
print("server hello sending finished!!!")
elif packet.status == 1:
try:
self.extract_pubkA.verify(
packet.nonceSignature, self.nonceB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
"Server verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
print("Server Handshake complete")
# Start Generate hash --------------------------------------------------
# Create hash 1, IVA, IVB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("server iva:", self.ivA)
print("server ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.decB = hash2[0:16]
print("server dec:", self.decB)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.encB = hash3[0:16]
print("server enc:", self.encB)
self.crap_status = "ESTABLISHED"
self.higherProtocol().connection_made(self.higher_transport)
if self.mode == "client":
if packet.status == 1:
certification = x509.load_pem_x509_certificate(
packet.cert, default_backend())
extract_pubkB = certification.public_key()
try:
# Check the signature of nonce and key
extract_pubkB.verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
extract_pubkB.verify(
packet.nonceSignature, self.nonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Check the playground address
team4_addr = self.team4_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
recv_addr = certification.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print("Team address:", team4_addr)
print("Client address:", recv_addr)
if team4_addr in recv_addr:
print("Verify success")
pass
else:
raise
except Exception as error:
logger.debug(
"client verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
# Generate shared key
recv_pubk = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkA.exchange(ec.ECDH(), recv_pubk)
# Reveive nonceB
nonceB = str(packet.nonce).encode('ASCII')
nonceSignatureA = self.signkA.sign(
nonceB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
new_secure_packet = HandshakePacket(
status=1, nonceSignature=nonceSignatureA)
self.transport.write(new_secure_packet.__serialize__())
print("Client Handshake complete")
# Start Generate hash --------------------------------------------------
# Create hash 1, IVA, IVB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("client iva:", self.ivA)
print("client ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.encA = hash2[0:16]
print("client enc:", self.encA)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.decA = hash3[0:16]
print("client dec:", self.decA)
self.crap_status = "ESTABLISHED"
self.higherProtocol().connection_made(self.higher_transport)
else:
logger.debug("client wrong!")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
def pub_priv_creater(mysf, myqd, key_pass):
if mysf == 'RSA':
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=int(myqd),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
elif mysf == 'DSA':
private_key = dsa.generate_private_key(key_size=int(myqd),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
elif mysf == 'ECDSA':
if myqd == 'P192':
private_key = ec.generate_private_key(curve=ec.SECP192R1(),
backend=default_backend())
elif myqd == 'P224':
private_key = ec.generate_private_key(curve=ec.SECP224R1(),
backend=default_backend())
elif myqd == 'P256':
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
elif myqd == 'P384':
private_key = ec.generate_private_key(curve=ec.SECP384R1(),
backend=default_backend())
elif myqd == 'P521':
private_key = ec.generate_private_key(curve=ec.SECP521R1(),
backend=default_backend())
else:
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
else:
return {'error': False, 'pub_key': u'选择加密算法错误!'}
def connection_made(self, transport):
logger.debug("{} CRAP: connection made".format(self.mode))
self.transport = transport
self.crap_transport = CrapTransport(self.transport)
self.crap_transport.set_protocol(self)
if self.mode == "client":
client_privak = ec.generate_private_key(ec.SECP384R1(),
default_backend())
client_pubk = client_privak.public_key()
client_sign_pvk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
client_sign_pbk = client_sign_pvk.public_key()
root_cert = open('20194_root.cert', 'rb').read()
team5_CA_cert = open('team5_signed.cert', 'rb').read()
team5_CA_private_key = open('private_key.pem', 'rb').read()
self.team5_sign_pvk = load_pem_private_key(
team5_CA_private_key, password=None, backend=default_backend())
self.root_cert = x509.load_pem_x509_certificate(
root_cert, default_backend())
self.team5_CA_cert = x509.load_pem_x509_certificate(
team5_CA_cert, default_backend())
self.team5_CA_sign_pbk = self.team5_sign_pvk.public_key()
self.root_sign_pbk = self.root_cert.public_key()
NonceA = randrange(2**32)
self.serialized_NonceA = str(NonceA).encode('ASCII')
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'20194.5.20.30'),
]))
builder = builder.issuer_name(self.team5_CA_cert.subject)
builder = builder.not_valid_before(datetime.datetime.today() -
(datetime.timedelta(days=10)))
builder = builder.not_valid_after(datetime.datetime.today() +
(datetime.timedelta(days=10)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(client_sign_pbk)
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(private_key=self.team5_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
client_cert = certificate.public_bytes(Encoding.PEM)
data = client_pubk.public_bytes(Encoding.PEM,
PublicFormat.SubjectPublicKeyInfo)
sigA = client_sign_pvk.sign(
data,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
secure_new_packet = HandshakePacket(status=0,
pk=data,
signature=sigA,
nonce=NonceA,
cert=client_cert,
certChain=[team5_CA_cert])
self.transport.write(secure_new_packet.__serialize__())
logger.debug("Client send secure handshake!")
def process_craphandshake_packet(pkt):
logger.debug(
"***{} CRAP: Received a secure handshakepacket".format(
self.mode))
if self.mode == "server":
root_cert = open('20194_root.cert', 'rb').read()
team5_CA_cert = open('team5_signed.cert', 'rb').read()
team5_CA_private_key = open('private_key.pem', 'rb').read()
self.team5_sign_pvk = load_pem_private_key(
team5_CA_private_key,
password=None,
backend=default_backend())
self.root_cert = x509.load_pem_x509_certificate(
root_cert, default_backend())
self.team5_CA_cert = x509.load_pem_x509_certificate(
team5_CA_cert, default_backend())
self.team5_CA_sign_pbk = self.team5_sign_pvk.public_key()
self.root_sign_pbk = self.root_cert.public_key()
if pkt.status == 0:
try:
client_certification = x509.load_pem_x509_certificate(
pkt.cert, default_backend())
received_certification = x509.load_pem_x509_certificate(
pkt.certChain[0], default_backend())
if (received_certification.issuer !=
self.root_cert.issuer):
print(
"Upper_cert is not signed by a trusted root CA!"
)
return
self.cert_pubkA = client_certification.public_key()
self.cert_pubkA.verify(
pkt.signature, pkt.pk,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
print("Wrong signature")
secure_new_packet = HandshakePacket(status=2)
self.transport.write(
secure_new_packet.__serialize__())
self.transport.close()
print("Server cert successful")
server_privak = ec.generate_private_key(
ec.SECP384R1(), default_backend())
server_pubk = server_privak.public_key()
server_sign_pvk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
server_sign_pbk = server_sign_pvk.public_key()
#generate nonce number
NonceB = randrange(2**32)
self.serialized_NonceB = str(NonceB).encode('ASCII')
self.serialized_NonceA = str(pkt.nonce).encode('ASCII')
#generate shared_key
recv_pbk = load_pem_public_key(
pkt.pk, backend=default_backend())
self.shared_key = server_privak.exchange(
ec.ECDH(), recv_pbk)
print("111111111111111111")
data = server_pubk.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
sigB = server_sign_pvk.sign(
data,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
secure_new_packet = HandshakePacket(status=1,
pk=data,
signature=sigB,
nonce=NonceB)
print("2222222222222222")
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.20.30'),
]))
builder = builder.issuer_name(
self.team5_CA_cert.subject)
builder = builder.not_valid_before(
datetime.datetime.today() -
(datetime.timedelta(days=10)))
builder = builder.not_valid_after(
datetime.datetime.today() +
(datetime.timedelta(days=10)))
builder = builder.serial_number(
x509.random_serial_number())
builder = builder.public_key(server_sign_pbk)
builder = builder.add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(
private_key=self.team5_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
server_cert = certificate.public_bytes(Encoding.PEM)
print("Server get signed cert success!!!")
secure_new_packet.cert = server_cert
secure_new_packet.certChain = [team5_CA_cert]
cnonceSignature = server_sign_pvk.sign(
self.serialized_NonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
secure_new_packet.nonceSignature = cnonceSignature
self.transport.write(secure_new_packet.__serialize__())
logger.debug("Server send secure handshake!")
elif pkt.status == 1:
try:
self.cert_pubkA.verify(
pkt.nonceSignature, self.serialized_NonceB,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
"server signature verify wrong: nonce")
secure_new_packet = HandshakePacket(status=2)
self.transport.write(
secure_new_packet.__serialize__())
self.transport.close()
print("Server secure Handshake complete")
# Create hash 1, IVA, ivB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("server iva:", self.ivA)
print("server ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.decB = hash2[0:16]
print("server dec:", self.decB)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.encB = hash3[0:16]
print("server enc:", self.encB)
self.higherProtocol().connection_made(
self.crap_transport)
elif self.mode == "client":
if pkt.status == 1:
try:
server_certification = x509.load_pem_x509_certificate(
pkt.cert, default_backend())
received_certification = x509.load_pem_x509_certificate(
pkt.certChain[0], default_backend())
# ToDo certification integrity verify and common name verify
if (received_certification.issuer !=
self.root_cert.issuer):
# received_certification.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
print(
"Upper_cert is not signed by a trusted root CA!"
)
return
self.cert_pubkB = server_certification.public_key()
self.cert_pubkB.verify(
pkt.signature, pkt.pk,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Client wrong signature")
secure_new_packet = HandshakePacket(status=2)
self.transport.write(
secure_new_packet.__serialize__())
self.transport.close()
try:
self.cert_pubkB.verify(
pkt.nonceSignature, self.serialized_NonceA,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("nonce problem")
secure_new_packet = HandshakePacket(status=2)
self.transport.write(
secure_new_packet.__serialize__())
self.transport.close()
self.serialized_NonceB = str(pkt.nonce).encode('ASCII')
snonceSignature = client_sign_pvk.sign(
self.serialized_NonceB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
secure_new_packet = HandshakePacket(
status=1, nonceSignature=snonceSignature)
self.transport.write(secure_new_packet.__serialize__())
# Generate shared key
recv_pubk = load_pem_public_key(
pkt.pk, backend=default_backend())
self.shared_key = client_privak.exchange(
ec.ECDH(), recv_pubk)
print("Client secure Handshake complete")
# Create hash 1, IVA, ivB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("client iva:", self.ivA)
print("client ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.encrptA = hash2[0:16]
print("client enc:", self.encrptA)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.decryptA = hash3[0:16]
print("client dec:", self.decryptA)
self.higherProtocol().connection_made(
self.crap_transport)
print("final key (IVA...) has been generated")
#!/usr/bin/env python3
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
private_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
print("Hi")
print(
private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()))
print(private_key.public_key().public_bytes(
serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo))
def generate_vectors_file(params):
"""
Generate and store a .h-file with test vectors for one test.
params -- Dictionary with parameters for test vector generation for the desired test.
"""
cases = import_testvector(
os.path.join(script_dir, params['source_dir'] + params['source_file']))
base_vectors = ""
if 'base' in params:
with open(os.path.join(script_dir, params['base'])) as base:
base_vectors = base.read()
base_vectors += "\n\n"
header = standard_params['license']
header += "\n"
header += standard_params['top_comment']
header += "\n"
header += "#ifndef " + params['section'] + "\n"
header += "#define " + params['section'] + "\n"
header += "\n"
for include in standard_params['includes']:
header += "#include " + include + "\n"
header += "\n"
if 'includes' in params:
for include in params['includes']:
header += "#include " + include + "\n"
header += "\n"
vectors_file = header + base_vectors + params['array_init']
for group in cases['testGroups']:
for test in group['tests']:
if 'key' in group:
if 'curve' in group['key'] and group['key']['curve'] not in [
'secp256r1', 'secp384r1', 'secp521r1'
]:
continue
vectors_file += params['formatter'].format_testcase(
test, group['keyDer'], getSha(group['sha']),
group['key']['keySize'])
elif 'curve' in group:
if group['curve'] == 'secp256r1':
curve = ec.SECP256R1()
elif group['curve'] == 'secp384r1':
curve = ec.SECP384R1()
elif group['curve'] == 'secp521r1':
curve = ec.SECP521R1()
elif group['curve'] == 'curve25519':
curve = "curve25519"
else:
continue
vectors_file += params['formatter'].format_testcase(
test, curve)
else:
vectors_file += params['formatter'].format_testcase(test)
vectors_file = vectors_file[:params['crop_size_end']] + '\n};\n\n'
vectors_file += "#endif // " + params['section'] + '\n'
with open(os.path.join(script_dir, params['target']), 'w') as target:
target.write(vectors_file)
def server_crap_handshake_recv(self, packet):
if packet.status == 0:
team5_cert_data, self.team5_cert, self.team5_privk = self.GenerateTeamCert(
)
certification = x509.load_pem_x509_certificate(
packet.cert, default_backend())
self.extract_pubkA = certification.public_key()
try:
self.extract_pubkA.verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
team5_addr = self.team5_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
recv_addr = certification.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print("team5 address:", team5_addr)
except Exception as error:
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
self.privkB = ec.generate_private_key(ec.SECP384R1(),
default_backend())
self.signkB = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
self.dataB = self.privkB.public_key().public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
recv_pubk = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkB.exchange(ec.ECDH(), recv_pubk)
certificate = x509.CertificateBuilder().subject_name(
self.subject).issuer_name(self.team5_cert.subject).public_key(
self.signkB.public_key()).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=30)).sign(
private_key=self.team5_privk,
algorithm=hashes.SHA256(),
backend=default_backend())
certB = certificate.public_bytes(Encoding.PEM)
self.cert_chain = [team5_cert_data]
sigB = self.signkB.sign(
self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tmp_nonceB = randrange(0, 1000)
self.nonceB = str(tmp_nonceB).encode('ASCII')
nonceA = str(packet.nonce).encode('ASCII')
nonceSignatureB = self.signkB.sign(
nonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
packet = HandshakePacket(status=1,
pk=self.dataB,
signature=sigB,
nonce=tmp_nonceB,
nonceSignature=nonceSignatureB,
cert=certB,
certChain=self.cert_chain)
self.transport.write(packet.__serialize__())
elif packet.status == 1:
try:
self.extract_pubkA.verify(
packet.nonceSignature, self.nonceB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception:
logger.debug("{} verify failed because wrong signature".format(
self.mode))
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
self.ivA, self.ivB, self.decB, self.encB = self.hash_value()
self.crap_status = "ESTABLISHED"
self.higherProtocol().connection_made(self.higher_transport)
class KexNistp384(KexNistp256):
name = "ecdh-sha2-nistp384"
hash_algo = sha384
curve = ec.SECP384R1()
def data_received(self, buffer):
self.deserializer.update(buffer)
for pkt in self.deserializer.nextPackets():
if isinstance(pkt, ErrorPacket):
print("Receive an ErrorPacket from autograder!{}".format(
pkt.message))
return
if pkt.DEFINITION_IDENTIFIER == "crap.handshakepacket":
logger.debug(
"***{} CRAP: Received a TLS handshakepacket***".format(
self._mode))
if self._mode == "server":
root_CA_cert = open(
'/home/student_20194/.playground/connectors/crap/20194_root.cert',
'rb').read()
team5_CA_cert = open(
'/home/student_20194/.playground/connectors/crap/team5_signed.cert',
'rb').read()
team5_CA_private_key = open(
'/home/student_20194/.playground/connectors/crap/private_key.pem',
'rb').read()
self.team5_CA_sign_pvk = load_pem_private_key(
team5_CA_private_key,
password=None,
backend=default_backend())
self.root_CA_cert = x509.load_pem_x509_certificate(
root_CA_cert, default_backend())
self.team5_CA_cert = x509.load_pem_x509_certificate(
team5_CA_cert, default_backend())
self.team5_CA_sign_pbk = self.team5_CA_sign_pvk.public_key(
)
self.root_CA_sign_pbk = self.root_CA_cert.public_key()
if pkt.status == 0:
client_certification = x509.load_pem_x509_certificate(
pkt.cert, default_backend())
Upper_certification = x509.load_pem_x509_certificate(
pkt.certChain[0], default_backend())
lower_certification = x509.load_pem_x509_certificate(
pkt.certChain[-1], default_backend())
if (Upper_certification.issuer !=
self.root_CA_cert.issuer):
print(
"Upper_cert is not signed by a trusted root CA!"
)
return
lower_commonname = lower_certification.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
client_commonname = client_certification.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print(lower_commonname)
print(client_commonname)
try:
self.root_CA_sign_pbk.verify(
Upper_certification.signature,
Upper_certification.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
lower_certification.public_key().verify(
client_certification.signature,
client_certification.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
except Exception as error:
logger.debug("certification chain verify failed")
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
with open(
'/home/student_20194/20194NetworkSecurity/src/bankstart/src/logfile.txt',
'a+') as f:
f.write(
str(time.asctime(time.localtime(time.time()))))
f.write(' issuer:')
f.write(str(lower_commonname))
f.write(' certification belongs to:')
f.write(str(client_commonname))
f.write(' connector:')
f.write(
str(
self.transport.get_extra_info('peername')
[0]))
f.write('\n')
if lower_commonname[0:6] != client_commonname[0:6]:
logger.debug(
"client certification is not signed by a trust lower_CA according to the rules!"
)
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
print(self.transport.get_extra_info('peername'))
if client_commonname != self.transport.get_extra_info(
'peername')[0]:
logger.debug(
"client common name check failed because this is a wrong common name"
)
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
self.cert_pubkA = client_certification.public_key()
try:
self.cert_pubkA.verify(
pkt.signature, pkt.pk,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
"Server verify fails because DH public_key signature does not match"
)
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(
tls_handshake_packet.__serialize__())
self.transport.close()
logger.debug("Server verify cert success")
self.server_private_key = ec.generate_private_key(
ec.SECP384R1(), default_backend())
self.server_public_key = self.server_private_key.public_key(
)
self.server_sign_pvk = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
self.server_sign_pbk = self.server_sign_pvk.public_key(
)
self.snonce = randrange(255)
self.serialized_snonce = str(
self.snonce).encode('ASCII')
self.serialized_cnonce = str(pkt.nonce).encode('ASCII')
#generate shared_key
recv_pbk = load_pem_public_key(
pkt.pk, backend=default_backend())
self.shared_key = self.server_private_key.exchange(
ec.ECDH(), recv_pbk)
data = self.server_public_key.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
sigB = self.server_sign_pvk.sign(
data,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tls_handshake_packet = HandshakePacket(status=1)
tls_handshake_packet.pk = data
tls_handshake_packet.signature = sigB
tls_handshake_packet.nonce = self.snonce
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'20194.5.20.30'),
]))
builder = builder.issuer_name(
self.team5_CA_cert.subject)
builder = builder.not_valid_before(
datetime.datetime.today() -
(datetime.timedelta(days=90)))
builder = builder.not_valid_after(
datetime.datetime.today() +
(datetime.timedelta(days=90)))
builder = builder.serial_number(
x509.random_serial_number())
builder = builder.public_key(self.server_sign_pbk)
builder = builder.add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.5.20.30")]),
critical=False)
certificate = builder.sign(
private_key=self.team5_CA_sign_pvk,
algorithm=hashes.SHA256(),
backend=default_backend())
server_cert = certificate.public_bytes(Encoding.PEM)
print("Server get signed cert success!!!")
tls_handshake_packet.cert = server_cert
tls_handshake_packet.certChain = [team5_CA_cert]
cnonceSignature = self.server_sign_pvk.sign(
self.serialized_cnonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tls_handshake_packet.nonceSignature = cnonceSignature
self.transport.write(
tls_handshake_packet.__serialize__())
logger.debug("Server send TLS handshake!")
elif pkt.status == 1:
try:
self.cert_pubkA.verify(
pkt.nonceSignature, self.serialized_snonce,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
"server signature verify wrong: nonce")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(
tls_handshake_packet.__serialize__())
self.transport.close()
print("Server TLS Handshake complete")
# Create hash 1, IVA, IVB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("server iva:", self.ivA)
print("server ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.decB = hash2[0:16]
print("server dec:", self.decB)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.encB = hash3[0:16]
print("server enc:", self.encB)
self.higherProtocol().connection_made(
self.crap_transport)
elif self._mode == "client" and pkt.status == 1:
server_certification = x509.load_pem_x509_certificate(
pkt.cert, default_backend())
Upper_certification = x509.load_pem_x509_certificate(
pkt.certChain[0], default_backend())
# ToDo certification integrity verify and common name verify
if (Upper_certification.issuer !=
self.root_CA_cert.issuer):
# Upper_certification.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
print("Upper_cert is not signed by a trusted root CA!")
return
self.cert_pubkB = server_certification.public_key()
try:
self.cert_pubkB.verify(
pkt.signature, pkt.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
"client signature verify wrong: ECDH public key")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(
tls_handshake_packet.__serialize__())
self.transport.close()
try:
self.cert_pubkB.verify(
pkt.nonceSignature, self.serialized_cnonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("client signature verify wrong: nonce")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(
tls_handshake_packet.__serialize__())
self.transport.close()
self.serialized_snonce = str(pkt.nonce).encode('ASCII')
snonceSignature = self.client_sign_pvk.sign(
self.serialized_snonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tls_handshake_packet = HandshakePacket(
status=1, nonceSignature=snonceSignature)
self.transport.write(tls_handshake_packet.__serialize__())
# Generate shared key
recv_pubk = load_pem_public_key(pkt.pk,
backend=default_backend())
self.shared_key = self.client_private_key.exchange(
ec.ECDH(), recv_pubk)
print("Client TLS Handshake complete")
# Create hash 1, IVA, IVB
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
print("client iva:", self.ivA)
print("client ivb:", self.ivB)
# Create hash2, encA
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.encA = hash2[0:16]
print("client enc:", self.encA)
# Create hash3, decA
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.decA = hash3[0:16]
print("client dec:", self.decA)
self.higherProtocol().connection_made(self.crap_transport)
if pkt.DEFINITION_IDENTIFIER == "crap.datapacket":
if self._mode == "server":
aesgcm = AESGCM(self.decB)
try:
decData = aesgcm.decrypt(self.ivA, pkt.data, None)
except Exception as error:
logger.debug("Server Decryption failed")
self.ivA = (int.from_bytes(self.ivA, "big") + 1).to_bytes(
12, "big")
self.higherProtocol().data_received(decData)
if self._mode == "client":
aesgcm = AESGCM(self.decA)
try:
decData = aesgcm.decrypt(self.ivB, pkt.data, None)
except Exception as error:
logger.debug("Client Decryption failed")
self.ivB = (int.from_bytes(self.ivB, "big") + 1).to_bytes(
12, "big")
self.higherProtocol().data_received(decData)
from Cryptodome.PublicKey import RSA
RSA_WEAK = 1024
RSA_OK = 2048
RSA_STRONG = 3076
BIG = 10000
class FakeWeakEllipticCurve:
name = "fake"
key_size = 160
EC_WEAK = FakeWeakEllipticCurve()
EC_OK = ec.SECP224R1()
EC_STRONG = ec.SECP384R1()
EC_BIG = ec.SECT571R1()
dsa_gen_key = dsa.generate_private_key
ec_gen_key = ec.generate_private_key
rsa_gen_key = rsa.generate_private_key
default = backends.default_backend()
#Strong and OK keys.
dsa_gen_key(key_size=RSA_OK, backend=default)
dsa_gen_key(key_size=RSA_STRONG, backend=default)
dsa_gen_key(key_size=BIG, backend=default)
ec_gen_key(key_size=EC_OK, backend=default)
ec_gen_key(key_size=EC_STRONG, backend=default)
class SSHKey: # pylint:disable=too-many-instance-attributes
"""Represents a single SSH keypair.
ssh_key = SSHKey(key_data, strict=True)
ssh_key.parse()
strict=True (default) only allows keys ssh-keygen generates. Setting strict mode to false allows
all keys OpenSSH actually accepts, including highly insecure ones. For example, OpenSSH accepts
512-bit DSA keys and 64-bit RSA keys which are highly insecure."""
DSA_MIN_LENGTH_STRICT = 1024
DSA_MAX_LENGTH_STRICT = 1024
DSA_MIN_LENGTH_LOOSE = 1
DSA_MAX_LENGTH_LOOSE = 3072
DSA_N_LENGTH = 160
ECDSA_CURVE_DATA = {
b"nistp256": (ec.SECP256R1(), hashes.SHA256()),
b"nistp192": (ec.SECP192R1(), hashes.SHA256()),
b"nistp224": (ec.SECP224R1(), hashes.SHA256()),
b"nistp384": (ec.SECP384R1(), hashes.SHA384()),
b"nistp521": (ec.SECP521R1(), hashes.SHA512())
}
RSA_MIN_LENGTH_STRICT = 1024
RSA_MAX_LENGTH_STRICT = 16384
RSA_MIN_LENGTH_LOOSE = 768
RSA_MAX_LENGTH_LOOSE = 16384
# Valid as of OpenSSH_8.3
# argument name, value is mandatory. Options are case-insensitive, but this list must be in lowercase.
OPTIONS_SPEC = [
("agent-forwarding", False),
("cert-authority", False),
("command", True),
("environment", True),
("expiry-time", True),
("from", True),
("no-agent-forwarding", False),
("no-port-forwarding", False),
("no-pty", False),
("no-user-rc", False),
("no-x11-forwarding", False),
("permitlisten", True),
("permitopen", True),
("port-forwarding", False),
("principals", True),
("pty", False),
("no-touch-required", False),
("restrict", False),
("tunnel", True),
("user-rc", False),
("x11-forwarding", False),
]
OPTION_NAME_RE = re.compile("^[A-Za-z0-9-]+$")
INT_LEN = 4
FIELDS = [
"rsa", "dsa", "ecdsa", "bits", "comment", "options", "options_raw",
"key_type"
]
def __init__(self, keydata=None, **kwargs):
self.keydata = keydata
self._decoded_key = None
self.rsa = None
self.dsa = None
self.ecdsa = None
self.bits = None
self.comment = None
self.options = None
self.options_raw = None
self.key_type = None
self.strict_mode = bool(kwargs.get("strict", True))
self.skip_option_parsing = bool(
kwargs.get("skip_option_parsing", False))
self.disallow_options = bool(kwargs.get("disallow_options", False))
if keydata:
try:
self.parse(keydata)
except (InvalidKeyError, NotImplementedError):
pass
def __str__(self):
return "Key type: %s, bits: %s, options: %s" % (
self.key_type.decode(), self.bits, self.options)
def reset(self):
"""Reset all data fields."""
for field in self.FIELDS:
setattr(self, field, None)
def hash(self):
"""Calculate md5 fingerprint.
Deprecated, use .hash_md5() instead."""
warnings.warn(
"hash() is deprecated. Use hash_md5(), hash_sha256() or hash_sha512() instead."
)
return self.hash_md5().replace(b"MD5:", b"")
def hash_md5(self):
"""Calculate md5 fingerprint.
Shamelessly copied from http://stackoverflow.com/questions/6682815/deriving-an-ssh-fingerprint-from-a-public-key-in-python
For specification, see RFC4716, section 4."""
fp_plain = hashlib.md5(self._decoded_key).hexdigest()
return "MD5:" + ':'.join(
a + b for a, b in zip(fp_plain[::2], fp_plain[1::2]))
def hash_sha256(self):
"""Calculate sha256 fingerprint."""
fp_plain = hashlib.sha256(self._decoded_key).digest()
return (b"SHA256:" +
base64.b64encode(fp_plain).replace(b"=", b"")).decode("utf-8")
def hash_sha512(self):
"""Calculates sha512 fingerprint."""
fp_plain = hashlib.sha512(self._decoded_key).digest()
return (b"SHA512:" +
base64.b64encode(fp_plain).replace(b"=", b"")).decode("utf-8")
def _unpack_by_int(self, data, current_position):
"""Returns a tuple with (location of next data field, contents of requested data field)."""
# Unpack length of data field
try:
requested_data_length = struct.unpack(
'>I',
data[current_position:current_position + self.INT_LEN])[0]
except struct.error as ex:
raise MalformedDataError(
"Unable to unpack %s bytes from the data" %
self.INT_LEN) from ex
# Move pointer to the beginning of the data field
current_position += self.INT_LEN
remaining_data_length = len(data[current_position:])
if remaining_data_length < requested_data_length:
raise MalformedDataError(
"Requested %s bytes, but only %s bytes available." %
(requested_data_length, remaining_data_length))
next_data = data[current_position:current_position +
requested_data_length]
# Move pointer to the end of the data field
current_position += requested_data_length
return current_position, next_data
@classmethod
def _parse_long(cls, data):
"""Calculate two's complement."""
if sys.version < '3':
# this does not exist in python 3 - undefined-variable disabled to make pylint happier.
ret = long(0) # pylint:disable=undefined-variable
for byte in data:
ret = (ret << 8) + ord(byte)
else:
ret = 0
for byte in data:
ret = (ret << 8) + byte
return ret
def _split_key(self, data):
options_raw = None
# Terribly inefficient way to remove options, but hey, it works.
if not data.startswith("ssh-") and not data.startswith(
"ecdsa-") and not data.startswith("sk-"):
quote_open = False
for i, character in enumerate(data):
if character == '"': # only double quotes are allowed, no need to care about single quotes
quote_open = not quote_open
if quote_open:
continue
if character == " ":
# Data begins after the first space
options_raw = data[:i]
data = data[i + 1:]
break
else:
raise MalformedDataError(
"Couldn't find beginning of the key data")
key_parts = data.strip().split(None, 2)
if len(key_parts) < 2: # Key type and content are mandatory fields.
raise InvalidKeyError(
"Unexpected key format: at least type and base64 encoded value is required"
)
if len(key_parts) == 3:
self.comment = key_parts[2]
key_parts = key_parts[0:2]
if options_raw:
# Populate and parse options field.
self.options_raw = options_raw
if not self.skip_option_parsing:
self.options = self.parse_options(self.options_raw)
else:
# Set empty defaults for fields
self.options_raw = None
self.options = {}
return key_parts
@classmethod
def decode_key(cls, pubkey_content):
"""Decode base64 coded part of the key."""
try:
decoded_key = base64.b64decode(pubkey_content.encode("ascii"))
except (TypeError, binascii.Error) as ex:
raise MalformedDataError("Unable to decode the key") from ex
return decoded_key
@classmethod
def _bits_in_number(cls, number):
return len(format(number, "b"))
def parse_options(self, options):
"""Parses ssh options string."""
quote_open = False
parsed_options = {}
def parse_add_single_option(opt):
"""Parses and validates a single option, and adds it to parsed_options field."""
if "=" in opt:
opt_name, opt_value = opt.split("=", 1)
opt_value = opt_value.replace('"', '')
else:
opt_name = opt
opt_value = True
if " " in opt_name or not self.OPTION_NAME_RE.match(opt_name):
raise InvalidOptionNameError("%s is not a valid option name." %
opt_name)
if self.strict_mode:
for valid_opt_name, value_required in self.OPTIONS_SPEC:
if opt_name.lower() == valid_opt_name:
if value_required and opt_value is True:
raise MissingMandatoryOptionValueError(
"%s is missing a mandatory value." % opt_name)
break
else:
raise UnknownOptionNameError(
"%s is an unrecognized option name." % opt_name)
if opt_name not in parsed_options:
parsed_options[opt_name] = []
parsed_options[opt_name].append(opt_value)
start_of_current_opt = 0
i = 1 # Need to be set for empty options strings
for i, character in enumerate(options):
if character == '"': # only double quotes are allowed, no need to care about single quotes
quote_open = not quote_open
if quote_open:
continue
if character == ",":
opt = options[start_of_current_opt:i]
parse_add_single_option(opt)
start_of_current_opt = i + 1
# Data begins after the first space
if start_of_current_opt + 1 != i:
opt = options[start_of_current_opt:]
parse_add_single_option(opt)
if quote_open:
raise InvalidOptionsError("Unbalanced quotes.")
return parsed_options
def _process_ssh_rsa(self, data):
"""Parses ssh-rsa public keys."""
current_position, raw_e = self._unpack_by_int(data, 0)
current_position, raw_n = self._unpack_by_int(data, current_position)
unpacked_e = self._parse_long(raw_e)
unpacked_n = self._parse_long(raw_n)
self.rsa = RSAPublicNumbers(unpacked_e,
unpacked_n).public_key(default_backend())
self.bits = self.rsa.key_size
if self.strict_mode:
min_length = self.RSA_MIN_LENGTH_STRICT
max_length = self.RSA_MAX_LENGTH_STRICT
else:
min_length = self.RSA_MIN_LENGTH_LOOSE
max_length = self.RSA_MAX_LENGTH_LOOSE
if self.bits < min_length:
raise TooShortKeyError(
"%s key data can not be shorter than %s bits (was %s)" %
(self.key_type.decode(), min_length, self.bits))
if self.bits > max_length:
raise TooLongKeyError(
"%s key data can not be longer than %s bits (was %s)" %
(self.key_type.decode(), max_length, self.bits))
return current_position
def _process_ssh_dss(self, data):
"""Parses ssh-dsa public keys."""
data_fields = {}
current_position = 0
for item in ("p", "q", "g", "y"):
current_position, value = self._unpack_by_int(
data, current_position)
data_fields[item] = self._parse_long(value)
q_bits = self._bits_in_number(data_fields["q"])
p_bits = self._bits_in_number(data_fields["p"])
if q_bits != self.DSA_N_LENGTH:
raise InvalidKeyError(
"Incorrect DSA key parameters: bits(p)=%s, q=%s" %
(self.bits, q_bits))
if self.strict_mode:
min_length = self.DSA_MIN_LENGTH_STRICT
max_length = self.DSA_MAX_LENGTH_STRICT
else:
min_length = self.DSA_MIN_LENGTH_LOOSE
max_length = self.DSA_MAX_LENGTH_LOOSE
if p_bits < min_length:
raise TooShortKeyError(
"%s key can not be shorter than %s bits (was %s)" %
(self.key_type.decode(), min_length, p_bits))
if p_bits > max_length:
raise TooLongKeyError(
"%s key data can not be longer than %s bits (was %s)" %
(self.key_type.decode(), max_length, p_bits))
dsa_parameters = DSAParameterNumbers(data_fields["p"],
data_fields["q"],
data_fields["g"])
self.dsa = DSAPublicNumbers(
data_fields["y"], dsa_parameters).public_key(default_backend())
self.bits = self.dsa.key_size
return current_position
def _process_ecdsa_sha(self, data):
"""Parses ecdsa-sha public keys."""
current_position, curve_information = self._unpack_by_int(data, 0)
if curve_information not in self.ECDSA_CURVE_DATA:
raise NotImplementedError("Invalid curve type: %s" %
curve_information)
curve, hash_algorithm = self.ECDSA_CURVE_DATA[curve_information]
current_position, key_data = self._unpack_by_int(
data, current_position)
try:
ecdsa_pubkey = ec.EllipticCurvePublicKey.from_encoded_point(
curve, key_data)
except ValueError as ex:
raise InvalidKeyError("Invalid ecdsa key") from ex
self.bits = curve.key_size
self.ecdsa = _ECVerifyingKey(ecdsa_pubkey, hash_algorithm)
return current_position
def _process_ed25516(self, data):
"""Parses ed25516 keys.
There is no (apparent) way to validate ed25519 keys. This only
checks data length (256 bits), but does not try to validate
the key in any way."""
current_position, verifying_key = self._unpack_by_int(data, 0)
verifying_key_length = len(verifying_key) * 8
verifying_key = self._parse_long(verifying_key)
if verifying_key < 0:
raise InvalidKeyError("ed25519 verifying key must be >0.")
self.bits = verifying_key_length
if self.bits != 256:
raise InvalidKeyLengthError(
"ed25519 keys must be 256 bits (was %s bits)" % self.bits)
return current_position
def _validate_application_string(self, application):
"""Validates Application string.
Has to be an URL starting with "ssh:". See ssh-keygen(1)."""
try:
parsed_url = urlparse(application)
except ValueError as err:
raise InvalidKeyError("Application string: %s" % err) from err
if parsed_url.scheme != b"ssh":
raise InvalidKeyError('Application string must begin with "ssh:"')
def _process_sk_ecdsa_sha(self, data):
"""Parses sk_ecdsa-sha public keys."""
current_position = self._process_ecdsa_sha(data)
current_position, application = self._unpack_by_int(
data, current_position)
self._validate_application_string(application)
return current_position
def _process_sk_ed25519(self, data):
"""Parses sk_ed25519 public keys."""
current_position = self._process_ed25516(data)
current_position, application = self._unpack_by_int(
data, current_position)
self._validate_application_string(application)
return current_position
def _process_key(self, data):
if self.key_type == b"ssh-rsa":
return self._process_ssh_rsa(data)
if self.key_type == b"ssh-dss":
return self._process_ssh_dss(data)
if self.key_type.strip().startswith(b"ecdsa-sha"):
return self._process_ecdsa_sha(data)
if self.key_type == b"ssh-ed25519":
return self._process_ed25516(data)
if self.key_type.strip().startswith(b"sk-ecdsa-sha"):
return self._process_sk_ecdsa_sha(data)
if self.key_type.strip().startswith(b"sk-ssh-ed25519"):
return self._process_sk_ed25519(data)
raise NotImplementedError("Invalid key type: %s" %
self.key_type.decode())
def parse(self, keydata=None):
"""Validates SSH public key.
Throws exception for invalid keys. Otherwise returns None.
Populates key_type, bits and bits fields.
For rsa keys, see field "rsa" for raw public key data.
For dsa keys, see field "dsa".
For ecdsa keys, see field "ecdsa"."""
if keydata is None:
if self.keydata is None:
raise ValueError(
"Key data must be supplied either in constructor or to parse()"
)
keydata = self.keydata
else:
self.reset()
self.keydata = keydata
if keydata.startswith("---- BEGIN SSH2 PUBLIC KEY ----"):
# SSH2 key format
key_type = None # There is no redundant key-type field - skip comparing plain-text and encoded data.
pubkey_content = "".join([
line for line in keydata.split("\n")
if ":" not in line and "----" not in line
])
else:
key_parts = self._split_key(keydata)
key_type = key_parts[0]
pubkey_content = key_parts[1]
self._decoded_key = self.decode_key(pubkey_content)
# Check key type
current_position, unpacked_key_type = self._unpack_by_int(
self._decoded_key, 0)
if key_type is not None and key_type != unpacked_key_type.decode():
raise InvalidTypeError("Keytype mismatch: %s != %s" %
(key_type, unpacked_key_type.decode()))
self.key_type = unpacked_key_type
key_data_length = self._process_key(
self._decoded_key[current_position:])
current_position = current_position + key_data_length
if current_position != len(self._decoded_key):
raise MalformedDataError(
"Leftover data: %s bytes" %
(len(self._decoded_key) - current_position))
if self.disallow_options and self.options:
raise InvalidOptionsError("Options are disallowed.")
print(x)
p = Process(target=VerifyitMulti, args=(x, ))
p.start()
jobs.append(p)
for proc in jobs:
proc.join()
if __name__ == '__main__':
if (bits == '224'):
key = ec.generate_private_key(ec.SECP224R1())
elif (bits == '256'):
key = ec.generate_private_key(ec.SECP256R1())
elif (bits == '384'):
key = ec.generate_private_key(ec.SECP384R1())
save_key(key, "mykey")
TimeToSign = timeit.timeit('MultiSign()',
'from __main__ import MultiSign',
number=1)
print("the time it took to excute MultiSign is", TimeToSign)
TimeToVerify = timeit.timeit('MultiVerify()',
'from __main__ import MultiVerify',
number=1)
print("the time it took to excute MultiVerify is", TimeToVerify)
ExperimentResults.write("the time it took to sign each segments is " +
str(TimeToSign) + "\n")
ExperimentResults.write("the time it took to vailidate each segments is " +
str(TimeToVerify) + "\n")
def generate_keypair(self):
private_key = ec.generate_private_key(ec.SECP384R1(),
default_backend())
public_key = private_key.public_key()
return public_key, private_key
def connection_made(self, transport):
logger.debug("{} Crap: connection made".format(self.mode))
self.transport = transport
self.higher_transport = CRAPTransport(transport)
self.higher_transport.connect_protocol(self)
print("start Tianshi Feng Test")
if self.mode == "client":
# Create Client ephemeral key
self.privkA = ec.generate_private_key(ec.SECP384R1(),
default_backend())
pubkA = self.privkA.public_key()
# Create pk in packet (serialization)
self.dataA = pubkA.public_bytes(Encoding.PEM,
PublicFormat.SubjectPublicKeyInfo)
# Create long term key for signing
self.signkA = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
self.pubk_sigA = self.signkA.public_key()
# Load the certificate and the private key of intermediate CA
root_cert_data = open('20194_root.cert', 'rb').read()
team4_cert_data = open('csr_team4_signed.cert', 'rb').read()
team4_privk_data = open('key_team4.pem', 'rb').read()
self.root_cert = x509.load_pem_x509_certificate(
root_cert_data, default_backend())
self.team4_cert = x509.load_pem_x509_certificate(
team4_cert_data, default_backend())
self.team4_privk = load_pem_private_key(team4_privk_data,
password=b'passphrase',
backend=default_backend())
print("load certificate success!!")
# Create self cert subject
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"MD"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Baltimore"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"JHU"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.4.4"),
])
# Build self cert
builder = x509.CertificateBuilder()
builder = builder.subject_name(subject)
builder = builder.issuer_name(
self.team4_cert.subject) # change the issuer
builder = builder.public_key(
self.pubk_sigA) # put self pubk in cert
builder = builder.serial_number(x509.random_serial_number())
builder = builder.not_valid_before(datetime.datetime.utcnow())
builder = builder.not_valid_after(datetime.datetime.utcnow() +
datetime.timedelta(days=30))
builder = builder.add_extension(x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.4.4")]),
critical=False)
# Sign the self with intermediate CA's private key
certificate = builder.sign(private_key=self.team4_privk,
algorithm=hashes.SHA256(),
backend=default_backend())
print("sign the self cert success!!!")
# Create CertA to transmit (serialization)
certA = certificate.public_bytes(Encoding.PEM)
# Create certificate chain
self.cert_chain = [team4_cert_data]
# Create signature
sigA = self.signkA.sign(
self.dataA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Create nonceA
tmp_nonceA = randrange(2**32)
self.nonceA = str(tmp_nonceA).encode('ASCII')
# Generate packet
new_secure_packet = HandshakePacket(status=0,
pk=self.dataA,
signature=sigA,
nonce=tmp_nonceA,
cert=certA,
certChain=self.cert_chain)
self.transport.write(new_secure_packet.__serialize__())
print("client hello sending finished!!!")
PrivateFormat.Raw,
NoEncryption())
raw_public_key = public_key.public_bytes(Encoding.Raw,
PublicFormat.Raw)
f_keypair = _FragList([raw_private_key, raw_public_key])
self.encode_public(public_key, f_priv)
f_priv.put_sshstr(f_keypair)
_KEY_FORMATS = {
_SSH_RSA: _SSHFormatRSA(),
_SSH_DSA: _SSHFormatDSA(),
_SSH_ED25519: _SSHFormatEd25519(),
_ECDSA_NISTP256: _SSHFormatECDSA(b"nistp256", ec.SECP256R1()),
_ECDSA_NISTP384: _SSHFormatECDSA(b"nistp384", ec.SECP384R1()),
_ECDSA_NISTP521: _SSHFormatECDSA(b"nistp521", ec.SECP521R1()),
}
def _lookup_kformat(key_type):
"""Return valid format or throw error"""
if not isinstance(key_type, bytes):
key_type = memoryview(key_type).tobytes()
if key_type in _KEY_FORMATS:
return _KEY_FORMATS[key_type]
raise UnsupportedAlgorithm("Unsupported key type: %r" % key_type)
def load_ssh_private_key(data, password, backend=None):
"""Load private key from OpenSSH custom encoding."""
def handshake_handler(self, packet):
if self.mode == "server":
if packet.status == 0:
print(">>>>> Server: Send First Packet START <<<<<")
cert_root_data = open('20194_root.cert', 'rb').read()
cert_t4_data = open('csr_team4_signed.cert', 'rb').read()
self.cert_root = cryptography.x509.load_pem_x509_certificate(
cert_root_data, default_backend())
self.cert_t4 = cryptography.x509.load_pem_x509_certificate(
cert_t4_data, default_backend())
self.certA = x509.load_pem_x509_certificate(
packet.cert, default_backend())
# verify the signature
try:
print("verify")
print(packet.pk.decode("ASCII"))
self.certA.public_key().verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
cur = self.certA
for data in packet.certChain:
cert = x509.load_pem_x509_certificate(
data, default_backend())
cert.public_key().verify(cur.signature,
cur.tbs_certificate_bytes,
padding.PKCS1v15(),
hashes.SHA256())
cur = cert
self.cert_root.public_key().verify(
cur.signature, cur.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
except Exception as error:
logger.debug(
">>>>> Crap Handshake Handler Error: {}, {} <<<<<".
format(self.mode, error))
print("verify failed !")
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
print("verify success !")
# create the secret key and public key
self.privkB = ec.generate_private_key(ec.SECP384R1(),
default_backend())
self.pubkB = self.privkB.public_key()
# compute the shared key
self.pubkA = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkB.exchange(ec.ECDH(), self.pubkA)
# create a signing key
self.signkB = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
# create a certification
cert_root_data = open('20194_root.cert', 'rb').read()
cert_t4_data = open('csr_team4_signed.cert', 'rb').read()
privk_t4_data = open('key_team4.pem', 'rb').read()
self.cert_root = cryptography.x509.load_pem_x509_certificate(
cert_root_data, default_backend())
self.cert_t4 = cryptography.x509.load_pem_x509_certificate(
cert_t4_data, default_backend())
self.privk_t4 = serialization.load_pem_private_key(
privk_t4_data,
password=b'passphrase',
backend=default_backend())
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"Maryland"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Baltimore"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Team 4"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.4.4"),
])
self.certB = x509.CertificateBuilder().subject_name(
subject).issuer_name(self.cert_t4.subject).public_key(
self.signkB.public_key()).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=10)).add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.4.4")]),
critical=False,
).sign(self.privk_t4, hashes.SHA256(),
default_backend()
) # TODO change sign key
certB_bytes = self.certB.public_bytes(Encoding.PEM)
self.certChain = [cert_t4_data]
# create a signature for the public key
pubkB_bytes = self.pubkB.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
self.sigB = self.signkB.sign(
pubkB_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# create a challenge (256 bits) and a signature for this challenge
# self.nonceB = uuid.uuid4().bytes + uuid.uuid4().bytes
self.nonceA = packet.nonce
self.nonceBSignature = self.signkB.sign(
str(self.nonceA).encode('ASCII'),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# self.nonceB = int.from_bytes(uuid.uuid4().bytes + uuid.uuid4().bytes, "little")
self.nonceB = random.randint(0, 999999)
# create a new packet
new_packet = HandshakePacket(
status=1,
nonce=self.nonceB,
nonceSignature=self.nonceBSignature,
pk=pubkB_bytes,
signature=self.sigB,
cert=certB_bytes,
certChain=self.certChain)
# transport the new packet
self.transport.write(new_packet.__serialize__())
print(">>>>> Server: Send First Packet END <<<<<")
# passed here
elif packet.status == 1:
print(">>>>> Server: Send Second Packet START <<<<<")
try:
print("verify")
self.certA.public_key().verify(
packet.nonceSignature,
str(self.nonceB).encode("ASCII"),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug(
">>>>> Crap Handshake Handler Error: {}, {} <<<<<".
format(self.mode, error))
print("verify failed !")
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
print("verify success !")
# TODO need to connect higher protocol ?
# self.higher_transport = POOPTransport(transport)
# self.higherProtocol().connection_made(self.higher_transport)
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(self.shared_key)
hash1 = digest.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(hash1)
hash2 = digest.finalize()
self.decB = hash2[0:16]
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(hash2)
hash3 = digest.finalize()
self.encB = hash3[0:16]
print("-" * 20)
print(self.ivA.hex())
print(self.ivB.hex())
print(self.shared_key.hex())
print(self.decB.hex())
print(self.encB.hex())
print("-" * 20)
self.handshake = False
self.higherProtocol().connection_made(self.higher_transport)
print(">>>>> Server: Send Second Packet END <<<<<")
else:
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
if self.mode == "client":
if packet.status == 1:
print(">>>>> Client: Send Second Packet START <<<<<")
self.certB = x509.load_pem_x509_certificate(
packet.cert, default_backend())
# verify the signature
try:
print("verify")
print(packet.pk.decode("ASCII"))
self.certB.public_key().verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print("Done first verify")
self.certB.public_key().verify(
packet.nonceSignature,
str(self.nonceA).encode("ASCII"),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
cur = self.certB
for data in packet.certChain:
cert = x509.load_pem_x509_certificate(
data, default_backend())
cert.public_key().verify(cur.signature,
cur.tbs_certificate_bytes,
padding.PKCS1v15(),
hashes.SHA256())
cur = cert
self.cert_root.public_key().verify(
cur.signature, cur.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
except Exception as error:
logger.debug(
">>>>> Crap Handshake Handler Error: {}, {} <<<<<".
format(self.mode, error))
print("verify failed !")
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
return
print("verify success !")
# load public key B
self.pubkB = load_pem_public_key(packet.pk,
backend=default_backend())
# create a shared key
self.shared_key = self.privkA.exchange(ec.ECDH(), self.pubkB)
# sign nonce B
self.nonceB = packet.nonce
nonceSignatureA = self.signkA.sign(
str(self.nonceB).encode('ASCII'),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
new_packet = HandshakePacket(status=1,
nonceSignature=nonceSignatureA)
self.transport.write(new_packet.__serialize__())
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(self.shared_key)
hash1 = digest.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(hash1)
hash2 = digest.finalize()
self.encA = hash2[0:16]
digest = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest.update(hash2)
hash3 = digest.finalize()
self.decA = hash3[0:16]
print("-" * 20)
print(self.ivA)
print(self.ivB)
print("-" * 20)
self.handshake = False
self.higherProtocol().connection_made(self.higher_transport)
print(">>>>> Client: Send Second Packet END <<<<<")
else:
error_packet = HandshakePacket(status=2)
self.transport.write(error_packet.__serialize__())
self.transport.close()
import binascii
import pytest
from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
from ..hazmat.primitives.test_ec import _skip_exchange_algorithm_unsupported
_CURVES = {
"secp224r1": ec.SECP224R1(),
"secp256r1": ec.SECP256R1(),
"secp384r1": ec.SECP384R1(),
"secp521r1": ec.SECP521R1(),
"secp256k1": ec.SECP256K1(),
"brainpoolP224r1": None,
"brainpoolP256r1": ec.BrainpoolP256R1(),
"brainpoolP320r1": None,
"brainpoolP384r1": ec.BrainpoolP384R1(),
"brainpoolP512r1": ec.BrainpoolP512R1(),
"brainpoolP224t1": None,
"brainpoolP256t1": None,
"brainpoolP320t1": None,
"brainpoolP384t1": None,
"brainpoolP512t1": None,
}
def generate_ecc_private_key():
"""
获取ECC私钥
:return: ECC私钥
"""
return ec.generate_private_key(ec.SECP384R1(), default_backend())
def connection_made(self, transport):
logger.debug("{} CRAP: connection made".format(self.mode))
#self.loop = asyncio.get_event_loop()
self.last_recv = time.time()
self.transport = transport
self.higher_transport = SecureTransport(transport)
self.higher_transport.connect_protocol(self)
#self.loop.creat_task(self.connection_timeout_check())
#There are some codes about create the cert
#There are some codes about sign the public key
if self.mode == "client":
print("connecton made")
#generate RSA signKA and public key
self.l_private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
self.l_public_key = self.l_private_key.public_key()
rootcert = x509.load_pem_x509_certificate(loadFile(RootcertPath),
default_backend())
team4cert = x509.load_pem_x509_certificate(loadFile(Team4CertPath),
default_backend())
self.t4privatek = serialization.load_pem_private_key(
loadFile(Team4PrivateKeyPath),
password=b'passphrase',
backend=default_backend())
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"California"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.0.25"),
]) #I hava already change the common name
# I think this is the place to sign the cert
# And the other problem is how to use AESGCM to authenticated encryption
certA = x509.CertificateBuilder().subject_name(
subject).issuer_name(issuer).public_key(
self.l_public_key).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=10)).add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.0.25")]),
critical=False,
).sign(self.t4privatek, hashes.SHA256(),
default_backend())
certA_bytes = certA.public_bytes(Encoding.PEM)
print("certA_bytes: fan zheng you dongxi")
publickey_bytesA = self.l_public_key.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
#self.nonceA = os.urandom(32)
self.nonceA = random.randrange(0, 10000)
self.privatekA = ec.generate_private_key(ec.SECP384R1(),
default_backend())
self.pk = self.privatekA.public_key()
self.pk_bytes = self.pk.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
self.signature = self.l_private_key.sign(
self.pk_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256()) #Get signature
#This cert is nothing
print("client's self.pk_bytes")
print("client's self.signature")
self.certChain = [loadFile(Team4CertPath)]
handshake_pkt = HandshakePacket(status=0,
nonce=self.nonceA,
pk=self.pk_bytes,
signature=self.signature,
cert=certA_bytes,
certChain=self.certChain)
print("client packet already generate a packet")
self.transport.write(handshake_pkt.__serialize__())
print("client already sent")
def test_ecc_decode_compressed_point_prime():
x, y = _ecc_decode_compressed_point(curve=ec.SECP384R1(), compressed_point=VALUES["ecc_compressed_point"])
numbers = VALUES["ecc_private_key_prime"].public_key().public_numbers()
assert x == numbers.x
assert y == numbers.y
def handshake_pkt_recv(self, pkt):
print("first recive a data")
if self.mode == "server":
if pkt.status == 2:
logger.debug("{}, CRAP: ERROR: recv an error packet ".format(
self.mode))
return
elif pkt.status == 0:
print("LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL")
# We need to transfer bytes in to object
print("get packet")
#get certificate
rootcert = x509.load_pem_x509_certificate(
loadFile(RootcertPath), default_backend())
team4cert = x509.load_pem_x509_certificate(
loadFile(Team4CertPath), default_backend())
Acert = x509.load_pem_x509_certificate(pkt.cert,
default_backend())
spublic_keyA = Acert.public_key()
print("Server get cert from client:")
print(Acert)
try:
print("begin verify client's signature")
spublic_keyA.verify(
pkt.signature, pkt.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print("verify client's signature success!!!!")
except Exception as error:
logger.debug("Wrong signature from client!!!!!!!")
handshake_pkt = HandshakePacket(status=2)
self.transport.write(handshake_pkt.__serialize__())
self.transport.close()
#-----------------------------------------verify transported cert
#for certdata in pkt.certChain:
#cert = x509.load_pem_x509_certificate(certdata, default_backend())
#print("Begin verify certificate in cert chain")
#team_address = cert.subject.get_attributes_for_aid(NameOID.COMMON_NAME)[0].value
#receive_address = Acert.subject.get_attributes_for_aid(NameOID.COMMON_NAME)[0].value
#if team_address == receive_address:
# pass
#else:
#logger.debug("Invalid certificate from server!!!!!!!")
#handshake_pkt = HandshakePacket(status=2)
#self.transport.write(handshake_pkt.__serialize__())
#self.transport.close()
self.privatekB = ec.generate_private_key(
ec.SECP384R1(), default_backend())
self.pk = self.privatekB.public_key()
recv_pubk = load_pem_public_key(pkt.pk,
backend=default_backend())
self.server_shared_key = self.privatekB.exchange(
ec.ECDH(), recv_pubk)
print("Calculate the server_shared_key success!!!")
self.l_private_keyB = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
self.l_public_keyB = self.l_private_keyB.public_key()
self.t4privatek = serialization.load_pem_private_key(
loadFile(Team4PrivateKeyPath),
password=b'passphrase',
backend=default_backend())
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"California"),
x509.NameAttribute(NameOID.LOCALITY_NAME,
u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME,
u"My Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"20194.4.4.4"),
]) #This common name has also been changed
certB = x509.CertificateBuilder().subject_name(
subject).issuer_name(team4cert.subject).public_key(
self.l_public_keyB).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=10)).add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"20194.4.4.4")]),
critical=False,
).sign(self.t4privatek, hashes.SHA256(),
default_backend())
certB_bytes = certB.public_bytes(Encoding.PEM)
self.nonceB = random.randrange(0, 2**10) #os.urandom(32)
nonceSignatureB = self.l_private_keyB.sign(
str(pkt.nonce).encode('ASCII'),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
self.certChain = [loadFile(Team4CertPath)]
self.pk_bytes = self.pk.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
self.signature = self.l_private_keyB.sign(
self.pk_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256()) #Get signature
self.cert = certB_bytes
handshake_pkt = HandshakePacket(
pk=self.pk_bytes,
status=1,
nonce=self.nonceB,
nonceSignature=nonceSignatureB,
signature=self.signature,
cert=self.cert,
certChain=self.certChain) # This is peer2 first get packet
self.transport.write(handshake_pkt.__serialize__())
print("server send packet success!!")
#publickeyA = load_pem_public_key(pkt.pk, backend=default_backend())
#self.server_shared_key = self.privatekB.exchange(ec.ECDH, publickeyA)#Alreday calcualte
#print("Calculate the server_shared_key success!!!")
elif pkt.status == 1:
print("***********************************************")
try:
print("EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE")
print(pkt.nonceSignature)
#spublic_keyA.verify(pkt.nonceSignature, str(self.nonceB).encode('ASCII'),
# padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),
# hashes.SHA256())
#print("Server verify nonceB success!!!!!")
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
handshake_pkt = HandshakePacket(status=2)
self.transport.write(handshake_pkt.__serialize__())
self.transport.close()
print(
"------------------------------Handshake complete---------------------------------"
)
#-------------------------------------------------try to generate hash and get ivA, ivB, enkB, deKB
digestB = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestB.update(self.server_shared_key)
hashB1 = digestB.finalize()
self.ivA = hashB1[0:12]
self.ivB = hashB1[12:24]
digestB2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestB2.update(hashB1)
hashB2 = digestB2.finalize()
self.dekey_B = hashB2[0:16]
digestB3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestB3.update(hashB2)
hashB3 = digestB3.finalize()
self.enkey_B = hashB3[0:16]
print("ivB:{}".format(self.ivB.hex()))
print("decryp key_B{}".format(self.dekey_B.hex()))
print("encryp key_B{}".format(self.enkey_B.hex()))
print("Hash value for server success!!")
self.higherProtocol().connection_made(self.higher_transport)
else:
#ERROR: This is peer2 and the first time the status cannot be 1 or 2
self.handshake_send_error()
return
elif self.mode == "client" and pkt.status == 1:
#peer1 or peer2 has sent his public key and try to first verify cert and second calculate the shared key
#There are some codes about verify the cert
if pkt.status == 1: #peer1 first get the public key from peer2
Bcert = x509.load_pem_x509_certificate(pkt.cert,
default_backend())
spublic_keyB = Bcert.public_key()
try:
print("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
spublic_keyB.verify(
pkt.signature, pkt.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print("verify public key success!")
spublic_keyB.verify(
pkt.nonceSignature,
str(self.nonceA).encode('ASCII'),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print("verify nonce success!")
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
handshake_pkt = HandshakePacket(status=2)
self.transport.write(handshake_pkt.__serialize__())
self.transport.close()
#for certdata in pkt.certChain:
#cert = x509.load_pem_x509_certificate(certdata, default_backend())
#print("Begin verify certificate in cert chain")
#team_address = cert.subject.get_attributes_for_aid(NameOID.COMMON_NAME)[0].value
#receive_address = Bcert.subject.get_attributes_for_aid(NameOID.COMMON_NAME)[0].value
#if team_address == receive_address:
# pass
#else:
#logger.debug("Invalid certificate from server!!!!!!!")
#handshake_pkt = HandshakePacket(status=2)
#self.transport.write(handshake_pkt.__serialize__())
#self.transport.close()
print("begin to send next packe")
nonceSignatureA = self.l_private_key.sign(
str(pkt.nonce).encode('ASCII'),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print(nonceSignatureA)
handshake_pkt = HandshakePacket(status=1,
nonceSignature=nonceSignatureA)
print(
"-------------send packet second time!!!------------------"
)
self.transport.write(handshake_pkt.__serialize__())
print(
"-------------------calculate hash------------------------"
)
#-------------------------------------------------try to generate hash and get ivA, ivB, enkA, deKA
publickeyB = load_pem_public_key(pkt.pk,
backend=default_backend())
print("publickeyB:", publickeyB)
client_shared_key = self.privatekA.exchange(
ec.ECDH(), publickeyB)
print("shard_key_client:", client_shared_key)
digestA = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestA.update(client_shared_key)
hashA1 = digestA.finalize()
self.ivA = hashA1[0:12]
self.ivB = hashA1[12:23]
digestA2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestA2.update(hashA1)
hashA2 = digestA2.finalize()
self.enkey_A = hashA2[0:16]
digestA3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digestA3.update(hashA2)
hashA3 = digestA3.finalize()
self.dekey_A = hashA3[0:16]
print("client dec:", self.dekey_A)
print("Hash value calculate success!")
self.higherProtocol().connection_made(self.higher_transport)
else:
self.handshake_send_error()
return
def test_ecc_decode_compressed_point_prime_not_characteristic_two(patch_pow):
patch_pow.return_value = 0
_, y = _ecc_decode_compressed_point(curve=ec.SECP384R1(), compressed_point=VALUES["ecc_compressed_point"])
assert y == _ECC_CURVE_PARAMETERS["secp384r1"].p
def _issue_cert_for_one_algo(encryption_algo: EncAlgoCKS,
cert_meta: Certificate,
account: Account) -> Optional[dict]:
"""
Try to issue a Letsencrypt certificate for one encryption algorithm.
Does authorization if necessary.
:param encryption_algo: encryption algo to use
:param cert_meta: description of cert
:param account: our account at Letsencrypt
:return: None or dict: dict layout as follows:
{'Cert': certificate, 'Key': certificate_key, 'Intermediate': intcert, 'Algo': encryption_algo}
"""
options = get_options()
alt_names = [
cert_meta.name,
]
if len(cert_meta.altnames) > 0:
alt_names.extend(cert_meta.altnames)
sli('Creating {} key and {} cert for {}'.format(
'rsa {} bits'.format(int(X509atts.bits)) if encryption_algo == 'rsa'
else 'ec', cert_meta.subject_type, cert_meta.name))
order = _authorize(cert_meta, account)
if not order:
return None
if encryption_algo == EncAlgoCKS('rsa'):
certificate_key = manuale_crypto.generate_rsa_key(X509atts.bits)
elif encryption_algo == EncAlgoCKS('ec'):
crypto_backend = default_backend()
certificate_key = ec.generate_private_key(ec.SECP384R1(),
crypto_backend)
else:
raise ValueError(
'Wrong encryption_algo {} in _issue_cert_for_one_algo for {}'.
format(encryption_algo, cert_meta.name))
order.key = manuale_crypto.export_private_key(certificate_key).decode(
'ascii')
csr = manuale_crypto.create_csr(certificate_key,
alt_names,
must_staple=cert_meta.ocsp_must_staple)
acme = AcmeV2(Misc.LE_SERVER, account)
try:
sli('Requesting certificate issuance from LE...')
if not order.contents['status'] == 'valid':
if order.contents['status'] == 'ready':
final_order = acme.finalize_order(order, csr)
order.contents = final_order
if order.contents['status'] == "valid":
sld('{}/{}: Order finalized. Certificate is being issued.'
.format(cert_meta.name, encryption_algo))
else:
sld("{}/{}: Checking order status.".format(
cert_meta.name, encryption_algo))
fulfillment = acme.await_for_order_fulfillment(order)
if fulfillment['status'] == "valid":
order.contents = fulfillment
else:
sle("{}: Order not ready or invalid after finalize. Status = {}. Giving up. \n Response = {}"
.format(cert_meta.name, final_order['status'],
final_order))
return None
if not order.certificate_uri:
sle("{}/{}: Order not valid after fulfillment: Missing certificate URI"
.format(cert_meta.name, encryption_algo))
return None
else:
sli("Downloading certificate for {}/{}.".format(
cert_meta.name, encryption_algo))
result = acme.download_order_certificate(order)
except manuale_errors.AcmeError as e:
if '(type urn:acme:error:unauthorized, HTTP 403)' in str(e):
sle('LetsEncrypt lost authorization for {}/{} [DOWNLOAD]. Giving up'
.format(cert_meta.name, encryption_algo))
else:
sle("Connection or service request failed for {}/{}[DOWNLOAD]. Aborting."
.format(cert_meta.name, encryption_algo))
raise manuale_errors.AutomatoesError(e)
try:
certificates = manuale_crypto.strip_certificates(result.content) # DER
certificate = manuale_crypto.load_pem_certificate(certificates[0])
except IOError as e:
sle("Failed to load new certificate for {}/{}. Aborting.".format(
cert_meta.name, encryption_algo))
raise manuale_errors.AutomatoesError(e)
intcert = manuale_crypto.load_pem_certificate(certificates[1])
return {
'Cert': certificate,
'Key': certificate_key,
'Intermediate': intcert,
'Algo': encryption_algo
}
def crap_handshake_recv(self, packet):
if self.mode == "server" and packet.status == 0:
try:
packet.cert.verify(
packet.signature, self.dataA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
privkB = ec.generate_private_key(ec.SECP384R1(), default_backend())
pubkB = privkB.public_key()
server_shared_key = privkB.exchange(ec.ECDH, packet.pk)
signkB = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
#pubk_sigB = signkB.public_key()
#certB = pubk_sigB
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"Marryland"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Johns Hopkins"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Team 5"),
x509.NameAttribute(NameOID.COMMON_NAME, u"Mao Yu"),
])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(
issuer).public_key(signkB.public_key()).serial_number(
x509.random_serial_number()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
# Our certificate will be valid for 10 days
datetime.datetime.utcnow() +
datetime.timedelta(days=10)).add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u"localhost")]),
critical=False,
# Sign our certificate with our private key
).sign(signkB, hashes.SHA256(), default_backend())
# Write our certificate out to disk.
# with open("path/to/certificate.pem", "wb") as f:
# f.write(cert.public_bytes(serialization.Encoding.PEM))
certB = cert.public_bytes(serialization.Encoding.PEM)
self.nonceB = randrange(2**32)
self.dataB = pubkB
sigB = signkB.sign(
self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
self.nonceSignatureB = signkB.sign(
self.nonceB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
new_secure_packet = HandshakePacket(
status=1,
pk=pubkB,
signature=sigB,
cert=certB,
nonce=self.nonceB,
nonceSignature=self.nonceSignatureB)
self.transport.write(new_secure_packet.__serialize__())
if self.mode == "client" and packet.status == 1:
try:
packet.cert.verify(
packet.signature, self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
client_shared_key = self.privkA.exchange(ec.ECDH, packet.pk)
new_secure_packet = HandshakePacket(status=1)
self.transport.write(new_secure_packet.__serialize__())
shared_key = self._private_key.exchange(ec.ECDH(), peer_public_key)
# derive 64 bytes of key material for 2 32-byte keys
key_material = HKDF(algorithm=hashes.SHA256(),
length=64,
salt=None,
info=None,
backend=default_backend()).derive(shared_key)
# get the encryption key
self.enc_key = key_material[:32]
# derive an MAC key
self.mac_key = key_material[32:64]
# FOR AUTO TEST
private_key_x = ec.generate_private_key(ec.SECP384R1(), default_backend())
private_key_y = ec.generate_private_key(ec.SECP384R1(), default_backend())
client_x = AuthenticatedECDHExchange(ec.SECP384R1(), private_key_x)
client_y = AuthenticatedECDHExchange(ec.SECP384R1(), private_key_y)
client_x.generate_session_key(client_y.get_signed_public_bytes(),
private_key_y.public_key())
client_y.generate_session_key(client_x.get_signed_public_bytes(),
private_key_x.public_key())
if client_x.enc_key and client_x.mac_key and client_x.enc_key == client_y.enc_key and client_x.mac_key == client_y.mac_key:
print("[PASS]")
else:
print("[FAIL]")
