def verify(self, plaintext: bytes, signature, otherkey: rsa.RSAPublicKey):
otherkey.verify(
signature, plaintext,
apadding.PSS(mgf=apadding.MGF1(hashes.SHA256()),
salt_length=apadding.PSS.MAX_LENGTH), hashes.SHA256())
def test_rsa_padding_supported_pss(self):
assert backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(hashes.SHA1()),
salt_length=0)) is True
def __init__(self):
padfn = padding.PSS(padding.MGF1(hashes.SHA384()),
hashes.SHA384.digest_size)
super(_PS384, self).__init__(padfn, hashes.SHA384())
def main(argv=None):
argv = parser.parse_args(argv)
nonce = os.urandom(13)
nonce_b64 = base64.b64encode(nonce).decode("ascii")
privkey_key = os.urandom(32)
action_key = os.urandom(32)
action_key_b64 = base64.b64encode(action_key).decode("ascii")
config_shared_key = os.urandom(32)
if argv.algo == "rsa":
priv_key = rsa.generate_private_key(public_exponent=65537,
key_size=argv.bits)
elif argv.algo == "dsa":
priv_key = dsa.generate_private_key(public_exponent=65537,
key_size=argv.bits)
pub_key = priv_key.public_key()
pub_key_bytes = pub_key.public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
priv_key_bytes = priv_key.private_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
session = requests.Session()
body, files = transform_payload(serverConfigQuery_query, {})
result = session.post(argv.url, data=body, files=files)
if not result.ok and not argv.url.endswith("/graphql"):
argv.url = "%s/graphql" % argv.url.rstrip("/")
result = session.post(argv.url, data=body, files=files)
if not result.ok:
raise
serverConfig = result.json()["data"]["secretgraphConfig"]
hash_algos = serverConfig["hashAlgorithms"]
hash_algo = hashlib.new(hash_algos[0])
chosen_hash = getattr(hashes, hash_algo.name.upper())()
prepared_cluster = {
"publicKey": pub_key_bytes,
"publicTags": [],
"state": "public",
"actions": [{
"value": '{"action": "manage"}',
"key": action_key_b64
}],
}
if True:
prepared_cluster["privateKey"] = AESGCM(privkey_key).encrypt(
nonce, priv_key_bytes, None)
encSharedKey = pub_key.encrypt(
config_shared_key,
padding.OAEP(
mgf=padding.MGF1(algorithm=chosen_hash),
algorithm=chosen_hash,
label=None,
),
)
prepared_cluster["nonce"] = nonce_b64
prepared_cluster["privateTags"] = [
"key={}".format(base64.b64encode(encSharedKey)),
]
body, files = transform_payload(clusterCreateMutation_mutation,
prepared_cluster)
result = session.post(argv.url, data=body, files=files)
result.raise_for_status()
jsob = result.json()["data"]
certhash = hash_algo.copy()
certhash.update(pub_key_bytes)
certhash = certhash.digest()
certhash_b64 = base64.b64encode(certhash).decode("ascii")
action_key_hash = hash_algo.copy()
action_key_hash.update(action_key)
action_key_hash = action_key_hash.digest()
action_key_hash = base64.b64encode(action_key_hash).decode("ascii")
# config format by standard client
config = {
"certificates": {
certhash_b64: base64.b64encode(priv_key_bytes).decode("ascii")
},
"tokens": {
action_key_hash: action_key_b64
},
"hosts": {
argv.url: {
"hashAlgorithms": hash_algos,
"clusters": {
jsob["updateOrCreateCluster"]["cluster"]["id"]: {
"hashes": {
action_key_hash: ["manage", "view", "update"]
}
}
},
}
},
"baseUrl": argv.url,
"configHashes": [certhash_b64, action_key_hash],
"configCluster": jsob["updateOrCreateCluster"]["cluster"]["id"],
}
nonce = os.urandom(13)
nonce_b64 = base64.b64encode(nonce).decode("ascii")
encrypted_content = AESGCM(config_shared_key).encrypt(
nonce,
json.dumps(config).encode("utf8"), None)
encrypted_content_hash_raw = hash_algo.copy()
encrypted_content_hash_raw.update(encrypted_content)
encrypted_content_hash_raw = encrypted_content_hash_raw.digest()
signature = priv_key.sign(
encrypted_content_hash_raw,
padding.PSS(mgf=padding.MGF1(chosen_hash),
salt_length=padding.PSS.MAX_LENGTH),
utils.Prehashed(chosen_hash),
)
config_key = pub_key.encrypt(
config_shared_key,
padding.OAEP(
mgf=padding.MGF1(algorithm=chosen_hash),
algorithm=chosen_hash,
label=None,
),
)
config_hash = hash_algo.copy()
config_hash.update(b"type=Config")
config_hash = config_hash.digest()
config_hash = base64.b64encode(config_hash).decode("ascii")
tags = [
"key_hash={}".format(action_key_hash),
"key_hash={}".format(certhash_b64),
]
prepared_content = {
"cluster":
config["configCluster"],
"type":
"Config",
"state":
"internal",
"tags":
tags,
"references": [
{
"group": "key",
"target": certhash_b64,
"extra": base64.b64encode(config_key).decode("ascii"),
},
{
"group": "signature",
"target": certhash_b64,
"extra": base64.b64encode(signature).decode("ascii"),
},
],
"value":
encrypted_content,
"nonce":
nonce_b64,
"contentHash":
config_hash,
"authorization": [":".join([config["configCluster"], action_key_b64])],
}
body, files = transform_payload(configCreateMutation_mutation,
prepared_content)
result = session.post(argv.url, data=body, files=files)
result.raise_for_status()
print(config)
def sign_secure_boot_v2(args):
""" Sign a firmware app image with an RSA private key using RSA-PSS, write output file with a
Secure Boot V2 header appended.
"""
SECTOR_SIZE = 4096
SIG_BLOCK_SIZE = 1216
SIG_BLOCK_MAX_COUNT = 3
signature_sector = b""
key_count = len(args.keyfile)
contents = args.datafile.read()
if key_count > SIG_BLOCK_MAX_COUNT:
print(
"WARNING: Upto %d signing keys are supported for ESP32-S2. For ESP32-ECO3 only 1 signing key is supported",
SIG_BLOCK_MAX_COUNT)
if len(contents) % SECTOR_SIZE != 0:
pad_by = SECTOR_SIZE - (len(contents) % SECTOR_SIZE)
print(
"Padding data contents by %d bytes so signature sector aligns at sector boundary"
% pad_by)
contents += b'\xff' * pad_by
elif args.append_signatures:
sig_block_num = 0
while sig_block_num < SIG_BLOCK_MAX_COUNT:
sig_block = validate_signature_block(contents, sig_block_num)
if sig_block is None:
break
signature_sector += sig_block # Signature sector is populated with already valid blocks
sig_block_num += 1
assert len(signature_sector) % SIG_BLOCK_SIZE == 0
if sig_block_num == 0:
print(
"No valid signature blocks found. Discarding --append-signature and proceeding to sign the image afresh."
)
else:
print(
"%d valid signature block(s) already present in the signature sector."
% sig_block_num)
empty_signature_blocks = SIG_BLOCK_MAX_COUNT - sig_block_num
if key_count > empty_signature_blocks:
raise esptool.FatalError(
"Number of keys(%d) more than the empty signature blocks.(%d)"
% (key_count, empty_signature_blocks))
contents = contents[:len(
contents
) - SECTOR_SIZE] # Signature stripped off the content (the legitimate blocks are included in signature_sector)
print("%d signing key(s) found." % key_count)
# Calculate digest of data file
digest = hashlib.sha256()
digest.update(contents)
digest = digest.digest()
for keyfile in args.keyfile:
private_key = _load_sbv2_rsa_signing_key(keyfile.read())
# Sign
signature = private_key.sign(
digest,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=32,
), utils.Prehashed(hashes.SHA256()))
rsa_primitives = _get_sbv2_rsa_primitives(private_key.public_key())
# Encode in signature block format
#
# Note: the [::-1] is to byte swap all of the bignum
# values (signatures, coefficients) to little endian
# for use with the RSA peripheral, rather than big endian
# which is conventionally used for RSA.
signature_block = struct.pack(
"<BBxx32s384sI384sI384s",
0xe7, # magic byte
0x02, # version
digest,
int_to_bytes(rsa_primitives.n)[::-1],
rsa_primitives.e,
int_to_bytes(rsa_primitives.rinv)[::-1],
rsa_primitives.m & 0xFFFFFFFF,
signature[::-1])
signature_block += struct.pack(
"<I",
zlib.crc32(signature_block) & 0xffffffff)
signature_block += b'\x00' * 16 # padding
assert len(signature_block) == SIG_BLOCK_SIZE
signature_sector += signature_block
assert len(signature_sector) > 0 and len(
signature_sector
) <= SIG_BLOCK_SIZE * 3 and len(signature_sector) % SIG_BLOCK_SIZE == 0
total_sig_blocks = len(signature_sector) // SIG_BLOCK_SIZE
# Pad signature_sector to sector
signature_sector = signature_sector + \
(b'\xff' * (SECTOR_SIZE - len(signature_sector)))
assert len(signature_sector) == SECTOR_SIZE
# Write to output file, or append to existing file
if args.output is None:
args.datafile.close()
args.output = args.datafile.name
with open(args.output, "wb") as f:
f.write(contents + signature_sector)
print(
"Signed %d bytes of data from %s. Signature sector now has %d signature blocks."
% (len(contents), args.datafile.name, total_sig_blocks))
def sign(self, payload):
return self.key.sign(
payload,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
# ENCRYPTION
def encrypt(msg, PK):
cipher_text = PK.encrypt(
msg,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None))
return cipher_text
# SIGNING
signature = alice_private_key.sign(
message_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
#data = (cipher_text, signature)
# Receiving PK_alice
with open("PK_alice.pem", "rb") as key_file:
PK_alice = serialization.load_pem_public_key(key_file.read(),
backend=default_backend())
# Verifying
try:
PK_alice.verify(
signature, message_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
def data_received(self, buffer):
logger.debug("{} POOP recv a buffer of size {}".format(self._mode, len(buffer)))
self.deserializer.update(buffer)
for pkt in self.deserializer.nextPackets():
if pkt.DEFINITION_IDENTIFIER == "crap.handshakepacket":
if self._mode == "server":
if pkt.status == 0:
certification = x509.load_pem_x509_certificate(pkt.cert, default_backend())
self.cert_pubkA = certification.public_key()
print("222222222222222222222")
try:
self.cert_pubkA.verify(pkt.signature, pkt.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
except Exception as error:
logger.debug("Server verify cert fail!")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(tls_handshake_packet.__serialize__())
self.transport.close()
logger.debug("Server verify cert success!")
self.server_private_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
self.server_public_key = self.server_private_key.public_key()
self.server_sign_pvk = rsa.generate_private_key(public_exponent=65537, key_size=2048,
backend=default_backend())
self.server_sign_pbk = self.server_sign_pvk.public_key()
self.snonce = randrange(255)
self.serialized_snonce = str(self.snonce).encode('ASCII')
self.serialized_cnonce = str(pkt.nonce).encode('ASCII')
print("55555555555555555555555555")
data = self.server_public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
sigB = self.server_sign_pvk.sign(data,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
print("777777777777777777777777")
tls_handshake_packet = HandshakePacket(status=1)
tls_handshake_packet.pk = data
tls_handshake_packet.signature = sigB
tls_handshake_packet.nonce = self.snonce
print("666666666666666666666666666666666666")
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'team5_server'), ]))
builder = builder.issuer_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'team5_server'), ]))
builder = builder.not_valid_before(datetime.datetime.today() - datetime.timedelta(days=30))
builder = builder.not_valid_after(datetime.datetime.today() + datetime.timedelta(days=30))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(self.server_sign_pbk)
certificate = builder.sign(private_key=self.server_sign_pvk, algorithm=hashes.SHA256(),
backend=default_backend())
server_cert = certificate.public_bytes(Encoding.PEM)
tls_handshake_packet.cert = server_cert
cnonceSignature = self.server_sign_pvk.sign(self.serialized_cnonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
print("1231313131313131")
tls_handshake_packet.nonceSignature = cnonceSignature
self.transport.write(tls_handshake_packet.__serialize__())
logger.debug("Client send TLS handshake!")
elif pkt.status == 1:
try:
self.cert_pubkA.verify(packet.nonceSignature, self.serialized_snonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Server verify failed because wrong signature")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(tls_handshake_packet.__serialize__())
self.transport.close()
print("TLS Handshake complete")
elif self._mode == "client" and pkt.status == 1:
certification = x509.load_pem_x509_certificate(pkt.cert, default_backend())
self.cert_pubkB = certification.public_key()
try:
self.cert_pubkB.verify(pkt.signature, pkt.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
self.cert_pubkB.verify(pkt.nonceSignature, self.serialized_cnonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("client verify failed because wrong signature")
tls_handshake_packet = HandshakePacket(status=2)
self.transport.write(tls_handshake_packet.__serialize__())
self.transport.close()
# Generate shared key
# pubkA_recv = load_pem_public_key(packet.pk, backend=default_backend())
# client_shared_key = privkB.exchange(ec.ECDH, pubkA_recv)
# Reveive nonceB
self.serialized_snonce = str(pkt.nonce).encode('ASCII')
snonceSignature = self.client_sign_pvk.sign(self.serialized_snonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tls_handshake_packet = HandshakePacket(status=1, nonceSignature=snonceSignature)
self.transport.write(tls_handshake_packet.__serialize__())
def sign(datau,
key,
cert,
othercerts,
hashalgo,
attrs=True,
signed_value=None,
hsm=None,
pss=False,
timestampurl=None,
timestampcredentials=None,
timestamp_req_options=None):
if signed_value is None:
signed_value = getattr(hashlib, hashalgo)(datau).digest()
signed_time = datetime.now(tz=util.timezone.utc)
if hsm is not None:
keyid, cert = hsm.certificate()
cert = cert2asn(cert, False)
else:
cert = cert2asn(cert)
certificates = []
certificates.append(cert)
for i in range(len(othercerts)):
certificates.append(cert2asn(othercerts[i]))
hashalgo = unicode(hashalgo) if sys.version[0] < '3' else hashalgo
signer = {
'version':
'v1',
'sid':
cms.SignerIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer': cert.issuer,
'serial_number': cert.serial_number,
}),
}),
'digest_algorithm':
algos.DigestAlgorithm({'algorithm': hashalgo}),
'signature':
signed_value,
}
if not pss:
signer['signature_algorithm'] = algos.SignedDigestAlgorithm(
{'algorithm': 'rsassa_pkcs1v15'})
else:
if isinstance(key, keys.PrivateKeyInfo):
salt_length = key.byte_size - hashes.SHA512.digest_size - 2
salt_length = hashes.SHA512.digest_size
else:
salt_length = padding.calculate_max_pss_salt_length(
key, hashes.SHA512)
signer['signature_algorithm'] = algos.SignedDigestAlgorithm({
'algorithm':
'rsassa_pss',
'parameters':
algos.RSASSAPSSParams({
'hash_algorithm':
algos.DigestAlgorithm({'algorithm': 'sha512'}),
'mask_gen_algorithm':
algos.MaskGenAlgorithm({
'algorithm':
algos.MaskGenAlgorithmId('mgf1'),
'parameters': {
'algorithm': algos.DigestAlgorithmId('sha512'),
}
}),
'salt_length':
algos.Integer(salt_length),
'trailer_field':
algos.TrailerField(1)
})
})
if attrs:
if attrs is True:
signer['signed_attrs'] = [
cms.CMSAttribute({
'type': cms.CMSAttributeType('content_type'),
'values': ('data', ),
}),
cms.CMSAttribute({
'type': cms.CMSAttributeType('message_digest'),
'values': (signed_value, ),
}),
cms.CMSAttribute({
'type':
cms.CMSAttributeType('signing_time'),
'values':
(cms.Time({'utc_time': core.UTCTime(signed_time)}), )
}),
]
else:
signer['signed_attrs'] = attrs
config = {
'version':
'v1',
'digest_algorithms':
cms.DigestAlgorithms((algos.DigestAlgorithm({'algorithm':
hashalgo}), )),
'encap_content_info': {
'content_type': 'data',
},
'certificates':
certificates,
# 'crls': [],
'signer_infos': [
signer,
],
}
datas = cms.ContentInfo({
'content_type': cms.ContentType('signed_data'),
'content': cms.SignedData(config),
})
if attrs:
tosign = datas['content']['signer_infos'][0]['signed_attrs'].dump()
tosign = b'\x31' + tosign[1:]
else:
tosign = datau
if hsm is not None:
signed_value_signature = hsm.sign(keyid, tosign, hashalgo)
elif isinstance(key, keys.PrivateKeyInfo):
key = asymmetric.load_private_key(key)
if pss:
signed_value_signature = asymmetric.rsa_pss_sign(
key, tosign, 'sha512')
else:
signed_value_signature = asymmetric.rsa_pkcs1v15_sign(
key, tosign, hashalgo.lower())
else:
if pss:
hasher = hashes.Hash(hashes.SHA512(),
backend=backends.default_backend())
hasher.update(tosign)
digest = hasher.finalize()
signed_value_signature = key.sign(
digest,
padding.PSS(mgf=padding.MGF1(hashes.SHA512()),
salt_length=salt_length),
utils.Prehashed(hashes.SHA512()))
else:
signed_value_signature = key.sign(
tosign, padding.PKCS1v15(),
getattr(hashes, hashalgo.upper())())
if timestampurl is not None:
datas['content']['signer_infos'][0]['unsigned_attrs'] = timestamp(
signed_value_signature,
hashalgo,
timestampurl,
timestampcredentials,
timestamp_req_options,
)
# signed_value_signature = core.OctetString(signed_value_signature)
datas['content']['signer_infos'][0]['signature'] = signed_value_signature
#open('signed-content-info', 'wb').write(datas.dump())
return datas.dump()
def sign(message, private):
sig = private.sign(
message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return sig
def data_received(self, data):
logger.debug("CRAP: {} side received a data of size {} from {}".format(self.mode, len(data), self.transport.get_extra_info("peername")))
self.deserializer.update(data)
if self.handshakeComplete:
for packet in self.deserializer.nextPackets():
if isinstance(packet, DataPacket):
logger.debug('CRAP: {} side received data packet. Info:\n'
'data: {}\n'.format(self.mode, packet.data))
logger.debug('CRAP: {} side decrypting data.\n'.format(self.mode))
aes_gcm = AESGCM(self.higher_transport.dec_key)
decrypted_data = aes_gcm.decrypt(self.higher_transport.other_side_IV, packet.data, None)
logger.debug('CRAP: {} side decrypted data is: {}\n'.format(self.mode, decrypted_data))
logger.debug(
'CRAP: {} side incrementing other_side_IV by one from {} to {}'.format(self.mode, self.higher_transport.other_side_IV,
increment_large_binary(
self.higher_transport.other_side_IV)))
self.higher_transport.other_side_IV = increment_large_binary(self.higher_transport.other_side_IV)
logger.debug('CRAP: {} sending decrypted data to higher protocol, data: {}\n'.format(self.mode, decrypted_data))
self.higherProtocol().data_received(decrypted_data)
elif isinstance(packet, ErrorPacket):
logger.debug('CRAP: {} side received error packet. Info:\n'
'data: {}\n'.format(self.mode, packet.message))
else:
logger.debug('CRAP: {} side expected data/error got something else: ignore'.format(self.mode))
else:
# handshake
for packet in self.deserializer.nextPackets():
if isinstance(packet, HandshakePacket):
logger.debug('CRAP: {} side received handshake packet. Info:\n'
'status: {}\n'
'pk: {}\n'
'signature: {}\n'
'cert: {}\n'
'nonce: {}\n'
'nonce_signature: {}\n'
'cert chain: {}\n'.format(self.mode, packet.status, packet.pk, packet.signature, packet.cert, packet.nonce, packet.nonceSignature, packet.certChain))
if packet.status == HandshakePacket.NOT_STARTED:
try:
cert = deserialize_cert(packet.cert)
logger.debug('CRAP: {} side verifying certificate common_name!\n'.format(self.mode))
self.verify_common_name(cert)
logger.debug('CRAP: {} side certificate common name verified!\n'.format(self.mode))
logger.debug('CRAP: {} side verifying certificate chain of trust!\n'.format(self.mode))
self.verify_chain_of_trust(cert, packet.certChain)
logger.debug('CRAP: {} side chain of trust verified!\n'.format(self.mode))
logger.debug('CRAP: {} side verifying signature received from other side!\n'.format(self.mode))
verification_key = cert.public_key()
self.verification_key = verification_key
verification_key.verify(packet.signature, packet.pk, padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
logger.debug('CRAP: {} side signature verified!\n'.format(self.mode))
logger.debug('CRAP: {} side creating shared key\n'.format(self.mode))
self.shared_key = self.private_key.exchange(ec.ECDH(), deserialize_public(packet.pk))
logger.debug('CRAP: {} side signing the sent nonce with signature key\n'.format(self.mode))
nonce_bytes = str(packet.nonce).encode()
nonce_signature = self.signing_key.sign(nonce_bytes, padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
logger.debug('CRAP: {} side creating signature\n'.format(self.mode))
signature = self.signing_key.sign(self.public_key_bytes, padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
with open('team1csr_signed.cert', 'rb') as f:
signer_cert_bytes = f.read()
cert_chain = [signer_cert_bytes]
packet = HandshakePacket(status=HandshakePacket.SUCCESS, pk=self.public_key_bytes, signature=signature, cert=self.cert_bytes, nonce=self.nonce, nonceSignature=nonce_signature, certChain=cert_chain)
packet_bytes = packet.__serialize__()
logger.debug('CRAP: {} side sending handshake packet. Info:\n'
'status: {}\n'
'pk: {}\n'
'signature: {}\n'
'cert: {}\n'
'nonce: {}\n'
'nonce_signature: {}\n'
'cert chain: {}'.format(self.mode, packet.status, packet.pk, packet.signature, packet.cert, packet.nonce, packet.nonceSignature, packet.certChain))
self.transport.write(packet_bytes)
except:
error = 'Verification failed!'
logger.debug('CRAP: {} side encountered error: {}\n'.format(self.mode, error))
self.handle_handshake_error()
packet = HandshakePacket(status=HandshakePacket.ERROR)
packet_bytes = packet.__serialize__()
logger.debug('CRAP: {} side sending handshake packet. Info:\n'
'status: {}\n'
'pk: {}\n'
'signature: {}\n'
'cert: {}\n'
'nonce: {}\n'
'nonce_signature: {}\n'
'cert chain: {}\n'.format(self.mode, packet.status, packet.pk, packet.signature,
packet.cert, packet.nonce, packet.nonceSignature, packet.certChain))
self.transport.write(packet_bytes)
self.connection_lost()
elif packet.status == HandshakePacket.SUCCESS:
if not_set(packet.pk, packet.nonce, packet.signature) and is_set(packet.nonceSignature):
try:
if is_set(packet.cert):
cert = deserialize_cert(packet.cert)
verification_key = cert.public_key()
else:
verification_key = self.verification_key
logger.debug('CRAP: {} side verifying nonce signature received from other side!\n'.format(self.mode))
verification_key.verify(packet.nonceSignature, self.nonce_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
logger.debug('CRAP: {} side nonce signature verified!\n'.format(self.mode))
self.handshakeComplete = True
logger.debug(
'CRAP: {} set handshakeComplete to True'.format(self.mode))
higher_transport = CrapTransport(self.transport, mode=self.mode, protocol=self)
higher_transport.assign_gcm_values()
self.higher_transport = higher_transport
logger.debug('Crap: {} side calling self.higherProtocol().connection_made()'.format(self.mode))
self.higherProtocol().connection_made(higher_transport)
except:
logger.debug(
'CRAP: {} verifying nonce failed'.format(self.mode))
self.connection_lost()
elif is_set(packet.pk, packet.cert, packet.signature, packet.nonce, packet.nonceSignature):
try:
cert = deserialize_cert(packet.cert)
logger.debug('CRAP: {} side verifying certificate common_name!\n'.format(self.mode))
self.verify_common_name(cert)
logger.debug('CRAP: {} side certificate common name verified!\n'.format(self.mode))
logger.debug('CRAP: {} side verifying certificate chain of trust!\n'.format(self.mode))
self.verify_chain_of_trust(cert, packet.certChain)
logger.debug('CRAP: {} side chain of trust verified!\n'.format(self.mode))
logger.debug('CRAP: {} side verifying signature received from other side!\n'.format(self.mode))
verification_key = cert.public_key()
verification_key.verify(packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
logger.debug('CRAP: {} side signature verified!\n'.format(self.mode))
logger.debug('CRAP: {} side verifying nonce signature received from other side!\n'.format(self.mode))
verification_key.verify(packet.nonceSignature, self.nonce_bytes,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
logger.debug('CRAP: {} side nonce signature verified!\n'.format(self.mode))
logger.debug('CRAP: {} side creating shared key\n'.format(self.mode))
self.shared_key = self.private_key.exchange(ec.ECDH(), deserialize_public(packet.pk))
logger.debug(
'CRAP: {} side signing the sent nonce with signature key\n'.format(self.mode))
nonce_bytes = str(packet.nonce).encode()
nonce_signature = self.signing_key.sign(nonce_bytes, padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
self.handshakeComplete = True
logger.debug(
'CRAP: {} set handshakeComplete to True'.format(self.mode))
packet = HandshakePacket(status=HandshakePacket.SUCCESS, nonceSignature=nonce_signature,
cert=self.cert_bytes)
packet_bytes = packet.__serialize__()
logger.debug('CRAP: {} side sending handshake packet. Info:\n'
'status: {}\n'
'pk: {}\n'
'signature: {}\n'
'cert: {}\n'
'nonce: {}\n'
'nonce_signature: {}\n'
'cert chain: {}'.format(self.mode, packet.status, packet.pk,
packet.signature, packet.cert, packet.nonce,
packet.nonceSignature, packet.certChain))
self.transport.write(packet_bytes)
higher_transport = CrapTransport(self.transport, mode=self.mode, protocol=self)
higher_transport.assign_gcm_values()
self.higher_transport = higher_transport
logger.debug(
'Crap: {} side calling self.higherProtocol().connection_made()'.format(self.mode))
self.higherProtocol().connection_made(higher_transport)
except:
error = 'Verification failed!'
logger.debug('CRAP: {} side encountered error: {}\n'.format(self.mode, error))
self.handle_handshake_error()
packet = HandshakePacket(status=HandshakePacket.ERROR)
packet_bytes = packet.__serialize__()
logger.debug('CRAP: {} side sending handshake packet. Info:\n'
'status: {}\n'
'pk: {}\n'
'signature: {}\n'
'cert: {}\n'
'nonce: {}\n'
'nonce_signature: {}\n'
'cert chain: {}'.format(self.mode, packet.status, packet.pk, packet.signature, packet.cert, packet.nonce, packet.nonceSignature, packet.certChain))
self.transport.write(packet_bytes)
self.connection_lost()
else:
error = 'handshake fields does not match!'
logger.debug('CRAP: {} side encountered error: {}\n'.format(self.mode, error))
self.handle_handshake_error()
self.connection_lost()
elif packet.status == HandshakePacket.ERROR:
# Error detected on the other side
error = 'an error reported from the other side'
logger.debug('CRAP: {} side encountered error: {}\n'.format(self.mode, error))
self.handle_handshake_error()
self.connection_lost()
else:
self.handle_handshake_error()
self.connection_lost()
elif isinstance(packet, ErrorPacket):
logger.debug('CRAP: {} side received error packet. Info:\n'
'data: {}\n'.format(self.mode, packet.message))
else:
error = 'Expected handshake/error packet and got s.th else!'
logger.debug('CRAP: {} side encountered error: {}\n'.format(self.mode, error))
self.handle_handshake_error()
def __init__(self, params: Dict[int, Any]):
super().__init__(params)
self._key: Any = None
self._hash: Any = None
self._padding: Any = None
salt_len: Any = padding.PSS.MAX_LENGTH
# Validate kty.
if params[1] != 3:
raise ValueError("kty(1) should be RSA(3).")
# Validate alg.
if 3 not in params:
raise ValueError("alg(3) not found.")
if params[3] not in COSE_ALGORITHMS_RSA.values():
raise ValueError(
f"Unsupported or unknown alg(3) for RSA: {params[3]}.")
if params[3] == -259 or params[3] == -39:
self._hash = hashes.SHA512
salt_len = 64
elif params[3] == -258 or params[3] == -38:
self._hash = hashes.SHA384
salt_len = 48
elif params[3] == -257 or params[3] == -37:
self._hash = hashes.SHA256
salt_len = 32
else:
raise ValueError(
f"Unsupported or unknown alg(3) for RSA: {params[3]}.")
if params[3] in [-37, -38, -39]:
self._padding = padding.PSS(mgf=padding.MGF1(self._hash()),
salt_length=salt_len)
else:
self._padding = padding.PKCS1v15()
# Validate key_ops.
if -3 not in params: # the RSA private exponent d.
if not self._key_ops:
self._key_ops = RSAKey._ACCEPTABLE_PUBLIC_KEY_OPS
else:
prohibited = [
ops for ops in self._key_ops
if ops not in RSAKey._ACCEPTABLE_PUBLIC_KEY_OPS
]
if prohibited:
raise ValueError(
f"Unknown or not permissible key_ops(4) for RSAKey: {prohibited[0]}."
)
else:
if not self._key_ops:
self._key_ops = RSAKey._ACCEPTABLE_PRIVATE_KEY_OPS
else:
prohibited = [
ops for ops in self._key_ops
if ops not in RSAKey._ACCEPTABLE_PRIVATE_KEY_OPS
]
if prohibited:
raise ValueError(
f"Unknown or not permissible key_ops(4) for RSAKey: {prohibited[0]}."
)
# Validate RSA specific parameters.
if -1 not in params or not isinstance(params[-1], bytes):
raise ValueError("n(-1) should be set as bytes.")
if -2 not in params or not isinstance(params[-2], bytes):
raise ValueError("e(-2) should be set as bytes.")
public_numbers = RSAPublicNumbers(
n=int.from_bytes(params[-1], "big"),
e=int.from_bytes(params[-2], "big"),
)
self._dict = params
if -3 not in params: # the RSA private exponent d.
private_props = [
p for p in params.keys() if p in [-4, -5, -6, -7, -8]
]
if private_props:
raise ValueError(
f"RSA public key should not have private parameter: {private_props[0]}."
)
self._key = public_numbers.public_key()
return
if -3 not in params or not isinstance(params[-3], bytes):
raise ValueError("d(-3) should be set as bytes.")
if -4 not in params or not isinstance(params[-4], bytes):
raise ValueError("p(-4) should be set as bytes.")
if -5 not in params or not isinstance(params[-5], bytes):
raise ValueError("q(-5) should be set as bytes.")
if -6 not in params or not isinstance(params[-6], bytes):
raise ValueError("dP(-6) should be set as bytes.")
if -7 not in params or not isinstance(params[-7], bytes):
raise ValueError("dQ(-7) should be set as bytes.")
if -8 not in params or not isinstance(params[-8], bytes):
raise ValueError("qInv(-8) should be set as bytes.")
private_numbers = RSAPrivateNumbers(
d=int.from_bytes(params[-3], "big"),
p=int.from_bytes(params[-4], "big"),
q=int.from_bytes(params[-5], "big"),
dmp1=int.from_bytes(params[-6], "big"),
dmq1=int.from_bytes(params[-7], "big"),
iqmp=int.from_bytes(params[-8], "big"),
public_numbers=public_numbers,
)
self._key = private_numbers.private_key()
return
def encrypt():
destination_public_key_filename_opener = open(sys.argv[2])
destination_public_key_filename = destination_public_key_filename_opener.read(
)
destination_public_key_filename_opener.close()
sender_private_key_filename_opener = open(sys.argv[3])
sender_private_key_filename = sender_private_key_filename_opener.read()
sender_private_key_filename_opener.close()
input_plaintext_file_opener = open(sys.argv[4])
input_plaintext = input_plaintext_file_opener.read()
print input_plaintext
input_plaintext_file_opener.close()
# open ciphertext_file, write and close later here later
ciphertext_file = open(sys.argv[5], 'wb')
# generating a random 128 bit key for symmetric encryption(AES)
key = os.urandom(16) # in bytes, 128 bits
iv = os.urandom(16)
print "key : ", base64.b64encode(key)
print "iv : ", base64.b64encode(iv)
# RSA/Asymmetric encryption of AES key here:
# I am just writing this step for knowledge, we are going to use openssl
# for generation of keys
# Generate a 2048 bit private key
# private_key = rsa.generate_private_key(
# public_exponent=65537,
# key_size=2048,
# backend=default_backend())
# # to get the public key
# public_key = private_key.public_key()
# getting public_key form destination_public_key_filename
public_key = serialization.load_der_public_key(
destination_public_key_filename, backend=default_backend())
# some problem here, changed hashes.SHA1 to hashes.SHA256
# ask professor
# encoding key and iv both to send over via RSA
message = key + iv
print "len of message : ", len(message)
print base64.b64encode(message)
ciphertext_key = public_key.encrypt(
message,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
print len(ciphertext_key)
print base64.b64encode(ciphertext_key)
ciphertext_file.write(ciphertext_key)
# signing using sender_private_key_filename
# # get private key
with open(sys.argv[3], "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(), password=None, backend=default_backend())
public_key = private_key.public_key()
signer = private_key.signer(
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
signer.update(ciphertext_key)
signature = signer.finalize()
print "signature : "
print len(signature)
print base64.b64encode(signature)
ciphertext_file.write(signature)
# AES encryption of data here :
# trying CTR mode since it does not require padding, less complications
# CTR Mode, we don't need padding in CTR mode. In transforms a block cipher into a stream cipher
# we only need to introduce the nonce
cipher = Cipher(algorithms.AES(key),
modes.CTR(iv),
backend=default_backend())
encryptor = cipher.encryptor()
# len("Network Security CS 6740") = 25, but no padding is needed
# cipher_text = encryptor.update("Network Security CS(6740)") + encryptor.finalize()
cipher_text = encryptor.update(input_plaintext) + encryptor.finalize()
ciphertext_file.write(cipher_text)
ciphertext_file.close()
print cipher_text
print len(cipher_text)
print base64.b64encode(cipher_text)
print "finished AES encryption"
def decrypt():
destination_private_key_opener = open(sys.argv[2])
destination_private_key_filename = destination_private_key_opener.read()
destination_private_key_opener.close()
sender_public_key_opener = open(sys.argv[3])
sender_public_key_filename = sender_public_key_opener.read()
sender_public_key_opener.close()
ciphertext_file_opener = open(sys.argv[4])
ciphertext_file = ciphertext_file_opener.read()
ciphertext_file_opener.close()
output_file_opener = open(sys.argv[5], 'w')
# print "content : "
# print len(ciphertext_file)
# print base64.b64encode(ciphertext_file)
# # verify signature here :
message = ciphertext_file[:256]
print "key: "
print base64.b64encode(message)
print "signature : "
signature = ciphertext_file[256:512]
print base64.b64encode(signature)
# getting public_key form sender_public_key_filename
# used to verify signatures
public_key = serialization.load_der_public_key(sender_public_key_filename,
backend=default_backend())
verifier = public_key.verifier(
signature,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
verifier.update(message)
# raises an exception if signature is invalid, none otherwise,
# have to confirm the none part
verifier.verify()
# decrypt the AES key using private key of the destination
# get private key
with open(sys.argv[2], "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(), password=None, backend=default_backend())
public_key = private_key.public_key()
# decrypt AES key here :
ciphertext = message
key_iv = private_key.decrypt(
ciphertext,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
print len(key_iv)
print base64.b64encode(key_iv)
aes_key = key_iv[:16]
iv = key_iv[16:]
cipher = Cipher(algorithms.AES(aes_key),
modes.CTR(iv),
backend=default_backend())
cipher_text2 = ciphertext_file[512:]
decryptor = cipher.decryptor()
plain_text = decryptor.update(cipher_text2) + decryptor.finalize()
print plain_text
output_file_opener.write(plain_text)
output_file_opener.close()
def sign_message(message, private_key):
print("Signing message")
return private_key.sign(
message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256)
def crap_handshake_recv(self, packet):
print("shoudaole!!!!!!!!!!!!")
if self.mode == "server":
if packet.status == 0:
try:
packet.cert.verify(
packet.signature, self.dataA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
privkB = ec.generate_private_key(ec.SECP384R1(),
default_backend())
pubkB = privkB.public_key()
publickeyB = load_pem_private_key(packet.pk,
password=None,
backend=default_backend())
server_shared_key = privkB.exchange(ec.ECDH, publickeyB)
signkB = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
pubk_sigB = signkB.public_key()
tmp_pubk_sigB = pubk_sigB.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
certB = tmp_pubk_sigB
tmpB = pubkB.public_bytes(Encoding.PEM,
PublicFormat.SubjectPublicKeyInfo)
self.dataB = tmpB
sigB = signkB.sign(
self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
nonceSignatureB = signkB.sign(
packet.nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
tmp_nonceB = 4
nonceB = bytes(tmp_nonceB)
new_secure_packet = HandshakePacket(
status=1,
pk=self.dataB,
signature=sigB,
nonce=tmp_nonceB,
nonceSignature=nonceSignatureB,
cert=certB)
self.transport.write(new_secure_packet.__serialize__())
elif packet.status == 1:
try:
self.pubk_sigA.verify(
packet.nonceSignature, self.nonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
print("Handshake complete")
if self.mode == "client" and packet.status == 1:
try:
packet.cert.verify(
packet.signature, self.dataB,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
packet.cert.verify(
packet.nonceSignature, self.nonceA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("Sever verify failed because wrong signature")
new_secure_packet = HandshakePacket(status=2)
self.transport.write(new_secure_packet.__serialize__())
self.transport.close()
publickeyA = load_pem_private_key(packet.pk,
password=None,
backend=default_backend())
client_shared_key = self.privkA.exchange(ec.ECDH, publickeyA)
nonceSignatureA = self.signkA.sign(
packet.nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
new_secure_packet = HandshakePacket(status=1,
nonceSignature=nonceSignatureA)
self.transport.write(new_secure_packet.__serialize__())
def verify_message(message, signature, public_key):
print("Verifying message")
public_key.verify(
signature, message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256)
def connection_made(self, transport):
logger.debug("{} Crap: connection made".format(self.mode))
self.transport = transport
logger.debug("sadasdasdassssssss________________________---")
if self.mode == "client":
# Create long term key
self.privkA = ec.generate_private_key(ec.SECP384R1(),
default_backend())
pubkA = self.privkA.public_key()
# Create pk in packet (serialization)
tmp_pubkA = pubkA.public_bytes(Encoding.PEM,
PublicFormat.SubjectPublicKeyInfo)
self.dataA = tmp_pubkA
# Create ephemeral key for signing
self.signkA = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
self.pubk_sigA = self.signkA.public_key()
# Create signature
sigA = self.signkA.sign(
self.dataA,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Create nonceA
tmp_nonceA = 1
self.nonceA = tmp_nonceA
# Create certificate with the help of ephemeral private key
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME,
u"Baltimore"),
# x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"JHU"),
x509.NameAttribute(NameOID.COMMON_NAME,
u"20194networksecurity.com"),
])
builder = x509.CertificateBuilder()
builder = builder.subject_name(subject)
builder = builder.issuer_name(issuer)
builder = builder.public_key(self.pubk_sigA)
builder = builder.serial_number(x509.random_serial_number())
builder = builder.not_valid_before(datetime.datetime.utcnow())
builder = builder.not_valid_after(datetime.datetime.utcnow() +
datetime.timedelta(days=30))
certificate = builder.sign(private_key=self.signkA,
algorithm=hashes.SHA256(),
backend=default_backend())
# Create CertA to transmit (serialization)
certA = certificate.public_bytes(Encoding.PEM)
print(certA)
new_secure_packet = HandshakePacket(status=0,
pk=self.dataA,
signature=sigA,
nonce=self.nonceA,
cert=certA)
self.transport.write(new_secure_packet.__serialize__())
def sign(self):
self.signature = self.sk.sign(
self.msg,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return self.signature
def verify(signature, message, public_key):
return public_key.verify(
base64.b64decode(signature), message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
def signature_verify(self, message, signature):
self.signature_client_public_key.verify(
signature, message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
def handshake(self, packet):
if self.flag:
logger.debug("recvive a handshake packet when connect ESTABLISHED")
return
if self.mode == "server":
if packet.status == 0:
# load file
self.loadCertFile()
print("load success")
certification = x509.load_pem_x509_certificate(
packet.cert, default_backend())
self.client_decode_pubKey = certification.public_key()
try:
print("server mode begin verify")
self.client_decode_pubKey.verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Verify the signature in cryptography module (tbs)
cur_cert = certification
for data in packet.certChain:
cert = x509.load_pem_x509_certificate(
data, default_backend())
cert_pubk = cert.public_key()
cert_pubk.verify(cur_cert.signature,
cur_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
cur_cert = cert
# Verify the root
root_pubk = self.root_cert.public_key()
root_pubk.verify(cur_cert.signature,
cur_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
except Exception as error:
logger.debug("wrong signature, server 0 failed")
self.transport.write(
HandshakePacket(status=2).__serialize__())
self.transport.close()
print("server mode verify success")
# create server key, both ephemeral and long term
self.getServerKey()
# create pk
self.server_pkData = self.server_pubKey_eph.public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
# Generate shared key
tmp_pubk = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkB.exchange(ec.ECDH(), tmp_pubk)
# create signature
serverSignature = self.server_privKey_longTerm.sign(
self.server_pkData,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# create server nonce
server_int_nonce = randint(0, 100000)
self.server_nonce = str(server_int_nonce).encode('ASCII')
client_nonce = str(packet.nonce).encode('ASCII')
# server certificate
server_certificate = self.createCertificate(
self.server_pubKey_longTerm)
# Create certificate chain
self.cert_chain = [self.team4_cert_fileread]
# creating server nonceSignature
serverNonceSignature = self.server_privKey_longTerm.sign(
client_nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
server_packet = HandshakePacket(
status=1,
pk=self.server_pkData,
signature=serverSignature,
nonce=server_int_nonce,
nonceSignature=serverNonceSignature,
cert=server_certificate,
certChain=self.cert_chain)
self.transport.write(server_packet.__serialize__())
print("server 0 success")
elif packet.status == 1:
try:
print("packet status=1 test")
self.client_decode_pubKey.verify(
packet.nonceSignature, self.server_nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as error:
logger.debug("wrong signature, server verify failed")
self.transport.write(HandshakePacket(status=2))
self.transport.close()
print("packet status =1 test success")
# Create hash 1
digest1 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
# Create hash2
digest2 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.decB = hash2[0:16]
# Create hash3
digest3 = hashes.Hash(hashes.SHA256(),
backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.encB = hash3[0:16]
self.flag = True
self.higherProtocol().connection_made(self.higher_transport)
if self.mode == "client" and packet.status == 1:
print(" client && packet status=1 test")
self.server_decode_pubKey = x509.load_pem_x509_certificate(
packet.cert, default_backend()).public_key()
try:
print(packet.pk)
self.server_decode_pubKey.verify(
packet.signature, packet.pk,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
self.server_decode_pubKey.verify(
packet.nonceSignature, self.client_nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
# Verify the signature in cryptography module (tbs)
cur_cert = certification
for data in packet.certChain:
cert = x509.load_pem_x509_certificate(
data, default_backend())
cert_pubk = cert.public_key()
cert_pubk.verify(cur_cert.signature,
cur_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
cur_cert = cert
# Verify the root
root_pubk = self.root_cert.public_key()
root_pubk.verify(cur_cert.signature,
cur_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
except Exception as error:
logger.debug("client verify failed")
self.transport.write(HandshakePacket(status=2).__serialize__())
self.transport.close()
print(" client && packet status=1 test success")
# Generate shared key
tmp_pubk = load_pem_public_key(packet.pk,
backend=default_backend())
self.shared_key = self.privkA.exchange(ec.ECDH(), tmp_pubk)
# server nonce
server_nonce = str(packet.nonce).encode('ASCII')
client_nonce = self.client_privKey_longTerm.sign(
server_nonce,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
self.transport.write(
HandshakePacket(status=1,
nonceSignature=client_nonce).__serialize__())
print("client packet status =1 test success")
# Create hash 1
digest1 = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest1.update(self.shared_key)
hash1 = digest1.finalize()
self.ivA = hash1[0:12]
self.ivB = hash1[12:24]
# Create hash2
digest2 = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest2.update(hash1)
hash2 = digest2.finalize()
self.decB = hash2[0:16]
# Create hash3
digest3 = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest3.update(hash2)
hash3 = digest3.finalize()
self.encB = hash3[0:16]
self.flag = True
self.higherProtocol().connection_made(self.higher_transport)
def sign(self, msg, key):
return key.sign(
msg,
padding.PSS(mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size),
self.hash_alg())
def data():
mensaje= b"89392679556575597635196565386081702718512260749406173579320076828061414488077821523722981888265393212848183094"
#X25519 bench
start_time= time()
private_key = X25519PrivateKey.generate()
peer_public_key = X25519PrivateKey.generate().public_key()
k255=time()-start_time
#print("Generación llave X25519 en: " + str(k255) + " sec con tamaño: "+ str(sys.getsizeof(private_key))+" bytes")
private_key=0
#25519 sign
start_time= time()
private_key = Ed25519PrivateKey.generate()
signature = private_key.sign(mensaje)
s255=time()-start_time
#print("Generación firma X25519 en: " + str(s255) + " sec")
start_time= time()
public_key = private_key.public_key()
public_key.verify(signature, mensaje)
ver255=time()-start_time
#print("Verificación firma X25519 en: " + str(ver255) + " sec")
private_key=0
#448 Key Exchange
start_time=time()
private_key = X448PrivateKey.generate()
peer_public_key = X448PrivateKey.generate().public_key()
k448=time()-start_time
#print("Generación 448 llave en: " + str(k448) + " sec con tamaño: "+ str(sys.getsizeof(private_key))+" bytes")
private_key=0
#448 sign
private_key = Ed448PrivateKey.generate()
start_time= time()
signature = private_key.sign(mensaje)
s448=time()-start_time
#print("Generación 448 firma en: " + str(s448) + " sec")
start_time=time()
public_key = private_key.public_key()
public_key.verify(signature, mensaje)
ver448=time()-start_time
#print("Verificación 448 firma en: " + str(ver448) + " sec")
private_key=0
#RSA GENERATION
start_time=time()
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
krsa=time()-start_time
#print("Generación RSA llave en: " + str(krsa) + " sec con tamaño: "+ str(sys.getsizeof(private_key))+" bytes")
#RSA SINGING
start_time=time()
signature = private_key.sign(
mensaje,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
srsa=time()-start_time
#print("Generación RSA firma en: " + str(srsa) + " sec")
private_key=0
#DSA SINGING
start_time=time()
private_key = dsa.generate_private_key(
key_size=1024,
)
kdsa=time()-start_time
#print("Generación DSA llave en: " + str(kdsa) + " sec con tamaño: "+ str(sys.getsizeof(private_key))+" bytes")
start_time =time()
signature = private_key.sign(
mensaje,
hashes.SHA256()
)
sdsa=time()-start_time
#print("Generación DSA firma en: " + str(sdsa) + " sec")
return [k255,s255,ver255,k448,s448,ver448,krsa,srsa,kdsa,sdsa]
def test_rsa_padding_unsupported_pss_mgf1_hash(self):
assert backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(DummyHashAlgorithm()),
salt_length=0)) is False
def RSA_sign(data, priv_key):
return data + priv_key.sign(
data,
padding.PSS(mgf=padding.MGF1(hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA1())
def __init__(self):
padfn = padding.PSS(padding.MGF1(hashes.SHA256()),
hashes.SHA256.digest_size)
super(_PS256, self).__init__(padfn, hashes.SHA256())
from __future__ import absolute_import, division, unicode_literals
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from mo_dots import Data, wrap
from mo_json import value2json, json2value
from mo_math import bytes2base64, base642bytes, int2base64, base642int
SHA256 = hashes.SHA256()
PSS = padding.PSS(
mgf=padding.MGF1(SHA256), salt_length=padding.PSS.MAX_LENGTH
)
PADDING = {
"PSS": PSS
}
ALGORITHM = {
"SHA256": SHA256
}
BACKEND = default_backend()
def generate_key(bits=512):
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=bits,
def __init__(self):
padfn = padding.PSS(padding.MGF1(hashes.SHA512()),
hashes.SHA512.digest_size)
super(_PS512, self).__init__(padfn, hashes.SHA512())
def signRSA(priv_key, message):
signature = priv_key.sign(
message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return signature