def gen_config(threshold, log_no, monitor_no): try: os.mkdir('conf/') except FileExistsError: pass os.system("rm -f " + CONF_DIR + CONF_FILE + " %s*.priv" % CONF_DIR) # dict_ = {"threshold": threshold} dict_["logs"] = {} dict_["monitors"] = {} # First logs for i in range(1, log_no + 1): log_id = "log%d" % i isd_as = random.choice(ASes) ip = str(ipaddress.ip_address("127.0.1.0") + i) pub, priv = generate_sign_keypair() dict_["logs"][log_id] = [isd_as, ip, pub] with open(CONF_DIR + "%s.priv" % log_id, "wb") as f: f.write(priv) # Then monitors for i in range(1, monitor_no + 1): monitor_id = "monitor%d" % i isd_as = random.choice(ASes) ip = str(ipaddress.ip_address("127.0.2.0") + i) pub, priv = generate_sign_keypair() dict_["monitors"][monitor_id] = [isd_as, ip, pub] with open(CONF_DIR + "%s.priv" % monitor_id, "wb") as f: f.write(priv) # Save on disc blob = cbor.dumps(dict_) with open(CONF_DIR + CONF_FILE, "wb") as f: f.write(blob) print("config generated")
def _gen_as_keys(self, topo_id, as_conf): sig_pub, sig_priv = generate_sign_keypair() enc_pub, enc_priv = generate_enc_keypair() self.sig_priv_keys[topo_id] = sig_priv self.sig_pub_keys[topo_id] = sig_pub self.enc_pub_keys[topo_id] = enc_pub self.enc_priv_keys[topo_id] = enc_priv sig_path = get_sig_key_file_path("") enc_path = get_enc_key_file_path("") self.cert_files[topo_id][sig_path] = base64.b64encode(sig_priv).decode() self.cert_files[topo_id][enc_path] = base64.b64encode(enc_priv).decode() if self.is_core(as_conf): # generate_sign_key_pair uses Ed25519 on_root_pub, on_root_priv = generate_sign_keypair() off_root_pub, off_root_priv = generate_sign_keypair() core_sig_pub, core_sig_priv = generate_sign_keypair() self.pub_online_root_keys[topo_id] = on_root_pub self.priv_online_root_keys[topo_id] = on_root_priv self.pub_offline_root_keys[topo_id] = off_root_pub self.priv_offline_root_keys[topo_id] = off_root_priv self.pub_core_sig_keys[topo_id] = core_sig_pub self.priv_core_sig_keys[topo_id] = core_sig_priv online_key_path = get_online_key_file_path("") offline_key_path = get_offline_key_file_path("") core_sig_path = get_core_sig_key_file_path("") self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode() self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode() self.cert_files[topo_id][core_sig_path] = base64.b64encode(core_sig_priv).decode()
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file, core_cert_file, trc_file): """ """ core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file)) # AS cert is always expired one second before the expiration of the Core AS cert validity = core_ia_chain.core_as_cert.expiration_time - int(time.time()) - 1 comment = "AS Certificate" core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file)) public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() cert = Certificate.from_values( str(joining_ia), str(core_ia), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, False, validity, public_key_encr, public_key_sign, core_ia_sig_priv_key) sig_priv_key = base64.b64encode(private_key_sign).decode() enc_priv_key = base64.b64encode(private_key_encr).decode() sig_priv_key_raw = base64.b64encode(SigningKey(private_key_sign)._signing_key).decode() joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert]).to_json() trc = open(trc_file).read() master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8') key_dict = { 'enc_key': enc_priv_key, 'sig_key': sig_priv_key, 'sig_key_raw': sig_priv_key_raw, 'master_as_key': master_as_key, } as_obj = ASCredential(joining_ia_chain, trc, key_dict) return as_obj
def request_new_as_id(request): current_page = request.META.get('HTTP_REFERER') # check the validity of parameters if not request.POST["inputISDtojoin"].isdigit(): messages.error(request, 'ISD to join has to be a number!') return redirect(current_page) isd_to_join = int(request.POST["inputISDtojoin"]) # get the key and secret necessary to query SCION-coord coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id) # generate the sign and encryption keys private_key_sign, public_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() join_request_dict = { "isd_to_join": isd_to_join, "sigkey": to_b64(public_key_sign), "enckey": to_b64(public_key_encr) } request_url = urljoin( COORD_SERVICE_URI, posixpath.join(UPLOAD_JOIN_REQUEST_SVC, coord.key, coord.secret)) headers = {'content-type': 'application/json'} logger.info("Request = %s\nJoin Request Dict = %s", request_url, join_request_dict) try: r = requests.post(request_url, json=join_request_dict, headers=headers) except requests.RequestException: messages.error(request, 'Failed to submit ISD join request at scion-coord!') return redirect(current_page) if r.status_code != 200: messages.error( request, 'Submitting join request ' 'failed with code %s!' % r.status_code) return redirect(current_page) resp = r.json() request_id = resp['id'] logger.info("request_id = %s", request_id) JoinRequest.objects.update_or_create(request_id=request_id, created_by=request.user, isd_to_join=isd_to_join, status=REQ_SENT, sig_pub_key=to_b64(public_key_sign), sig_priv_key=to_b64(private_key_sign), enc_pub_key=to_b64(public_key_encr), enc_priv_key=to_b64(private_key_encr)) messages.success( request, 'Join Request Submitted Successfully.' ' Request ID = %s' % request_id) return redirect(current_page)
def _gen_as_keys(self, topo_id, as_conf): sig_pub, sig_priv = generate_sign_keypair() enc_pub, enc_priv = generate_enc_keypair() self.sig_priv_keys[topo_id] = sig_priv self.sig_pub_keys[topo_id] = sig_pub self.enc_pub_keys[topo_id] = enc_pub self.enc_priv_keys[topo_id] = enc_priv sig_path = get_sig_key_file_path("") enc_path = get_enc_key_file_path("") self.cert_files[topo_id][sig_path] = base64.b64encode( sig_priv).decode() self.cert_files[topo_id][enc_path] = base64.b64encode( enc_priv).decode()
def request_join_isd(request): """ Sends the join request to SCION Coordination Service. :param HttpRequest request: Django HTTP request passed on through urls.py. :returns: Django HTTP Response object. :rtype: HttpResponse. """ current_page = request.META.get('HTTP_REFERER') # check the validity of parameters if not request.POST["inputISDToJoin"].isdigit(): messages.error(request, 'ISD to join has to be a number!') return redirect(current_page) isd_to_join = int(request.POST["inputISDToJoin"]) join_as_a_core = request.POST["inputJoinAsACore"] # get the account_id and secret necessary to query SCION-coord. coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id) # generate the sign and encryption keys public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() join_req = JoinRequest.objects.create( created_by=request.user, isd_to_join=isd_to_join, join_as_a_core=join_as_a_core.lower() == "true", sig_pub_key=to_b64(public_key_sign), sig_priv_key=to_b64(private_key_sign), enc_pub_key=to_b64(public_key_encr), enc_priv_key=to_b64(private_key_encr)) join_req_dict = { "RequestId": join_req.id, "IsdToJoin": isd_to_join, "JoinAsACoreAS": join_req.join_as_a_core, "SigPubKey": to_b64(public_key_sign), "EncPubKey": to_b64(public_key_encr) } request_url = urljoin( COORD_SERVICE_URI, posixpath.join(UPLOAD_JOIN_REQUEST_SVC, coord.account_id, coord.secret)) _, error = post_req_to_scion_coord(request_url, join_req_dict, "join request %s" % join_req.id) if error: return error logger.info("Request = %s, Join Request Dict = %s", request_url, join_req_dict) join_req.status = REQ_SENT join_req.save() messages.success( request, 'Join Request Submitted Successfully.' ' Request ID = %s' % join_req.id) return redirect(current_page)
def request_join_isd(request): """ Sends the join request to SCION Coordination Service. :param HttpRequest request: Django HTTP request passed on through urls.py. :returns: Django HTTP Response object. :rtype: HttpResponse. """ current_page = request.META.get('HTTP_REFERER') # check the validity of parameters if not request.POST["inputISDToJoin"].isdigit(): messages.error(request, 'ISD to join has to be a number!') return redirect(current_page) isd_to_join = int(request.POST["inputISDToJoin"]) join_as_a_core = request.POST["inputJoinAsACore"] # get the account_id and secret necessary to query SCION-coord. coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id) # generate the sign and encryption keys public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() join_req = JoinRequest.objects.create( created_by=request.user, isd_to_join=isd_to_join, join_as_a_core=join_as_a_core.lower() == "true", sig_pub_key=to_b64(public_key_sign), sig_priv_key=to_b64(private_key_sign), enc_pub_key=to_b64(public_key_encr), enc_priv_key=to_b64(private_key_encr) ) join_req_dict = { "RequestId": join_req.id, "IsdToJoin": isd_to_join, "JoinAsACoreAS": join_req.join_as_a_core, "SigPubKey": to_b64(public_key_sign), "EncPubKey": to_b64(public_key_encr) } request_url = urljoin(COORD_SERVICE_URI, posixpath.join( UPLOAD_JOIN_REQUEST_SVC, coord.account_id, coord.secret)) _, error = post_req_to_scion_coord(request_url, join_req_dict, "join request %s" % join_req.id) if error: return error logger.info("Request = %s, Join Request Dict = %s", request_url, join_req_dict) join_req.status = REQ_SENT join_req.save() messages.success(request, 'Join Request Submitted Successfully.' ' Request ID = %s' % join_req.id) return redirect(current_page)
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file, core_cert_file, trc_file): """ """ validity = Certificate.AS_VALIDITY_PERIOD comment = "AS Certificate" core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file)) public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() cert = Certificate.from_values(str(joining_ia), str(core_ia), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, False, validity, public_key_encr, public_key_sign, core_ia_sig_priv_key) core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file)) sig_priv_key = base64.b64encode(private_key_sign).decode() enc_priv_key = base64.b64encode(private_key_encr).decode() joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert ]).to_json() trc = open(trc_file).read() master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8') as_obj = ASCredential(sig_priv_key, enc_priv_key, joining_ia_chain, trc, master_as_key) return as_obj
def _self_sign_keys(self): topo_id = TopoID.from_values(0, 0) self.sig_pub_keys[topo_id], self.sig_priv_keys[topo_id] = generate_sign_keypair() self.enc_pub_keys[topo_id], self.enc_priv_keys[topo_id] = generate_enc_keypair()