def _build_keystore(self):
self.keys = {
ip: generate_and_save_key("setup/keystore", str(ip))
for ip in ips.values()
}
# Clarify the root server's private key
shutil.copy(f"setup/keystore/{self.ip_name(root_ip)}-private.pem",
"setup/keystore/private.pem")
def _write_oscore_context_pref(self):
# Need to write a file that allows wireshark to decrypt OSCORE messages
# File is comma separated with # as a comment, e.g.,
"""
# This file is automatically generated, DO NOT MODIFY.
"1","1","1","1","","AES-CCM-16-64-128 (CCM*)"
"1","1","1","1","","AES-CCM-16-64-128 (CCM*)"
"""
# Parameters are:
# Sender ID, Recipient ID, Master Secret, Master Salt, ID Context, Algorithm
# See: https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-oscore.c#L871
# See: https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-oscore.c#L74
aiocoap_to_tshark_algorithm = {
"AES-CCM-16-64-128": "AES-CCM-16-64-128 (CCM*)"
}
with open(os.path.abspath(f'setup/keystore/oscore.contexts.uat'),
"w") as tshark_oscore_conf:
for sender, recipient in itertools.permutations(ips.values(), 2):
if sender == recipient:
continue
sender_id = self.certificate_oscore_id(self.certs[sender])
recipient_id = self.certificate_oscore_id(
self.certs[recipient])
shared_secret = self.keys[sender].exchange(
ec.ECDH(), self.keys[recipient].public_key())
line = [
sender_id.hex(),
recipient_id.hex(),
shared_secret.hex(), self.oscore_master_salt
if self.oscore_master_salt is not None else "",
self.oscore_id_context
if self.oscore_id_context is not None else "",
aiocoap_to_tshark_algorithm[self.oscore_algorithm]
]
print(','.join(f'"{v}"' for v in line),
file=tshark_oscore_conf)