def verify_data(public_key,plain_text,signature):
""" Verify the message and signature
Parameters
----------
public_key :
public key
plain_text :
message
signature :
signed message
Returns
-------
result of verification
"""
try:
public_key.verify(
signature=signature,
data=plain_text.encode('utf-8'),
padding=padding.PSS(
mgf=padding.MGF1(hashes.MD5()),
salt_length=padding.PSS.MAX_LENGTH
),
algorithm=hashes.MD5()
)
is_signature_correct = True
except InvalidSignature:
is_signature_correct = False
return is_signature_correct
def test_rsa(self):
backend = MultiBackend([DummyRSABackend()])
backend.generate_rsa_private_key(key_size=1024, public_exponent=65537)
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(), hashes.MD5())
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(),
hashes.MD5())
def send_to_server(host, port, size, question):
s = None
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
# except socket.error, (value,message):
except socket.error as message:
if s: # see if s is None or not
s.close()
print("Unable to open the socket: " + str(message))
return
# question = b'Who was the first president of the United States?'
print("[INFO] Encrypting Question")
# TODO: encrypt the question here
key = Fernet.generate_key()
f = Fernet(key)
token = f.encrypt(question)
md5Hash = hashes.Hash(hashes.MD5(), backend=default_backend())
md5Hash.update(token)
md5_hash_result = md5Hash.finalize()
print("[Key] " + str(key))
print("[Token] " + str(token))
print("[MD5 Hash] " + str(md5_hash_result))
# TODO: serialize the question with pickle
message = pickle.dumps((key, token, md5_hash_result))
print("[Message] " + str(message))
# TODO: Send the question to the server
s.send(message)
# TODO: Decode the echoed message from the server
response = s.recv(size)
(encrypted_response, md5Hash_response) = pickle.loads(response)
# TODO: Create a checksum on the response
md5ResponseHash = hashes.Hash(hashes.MD5(), backend=default_backend())
md5ResponseHash.update(encrypted_response)
md5_response_hash = md5Hash.finalize()
result = False
# TODO: if the hashes match, print the message and use Watson API
if md5_response_hash == md5Hash_response:
decrypted_response = f.decrypt(encrypted_response)
print('[RESPONSE] ' + str(decrypted_response))
# TODO: Convert the response to a speech file and play the file
watson_speech(decrypted_response)
result = True
else:
print('[ERROR] Message from server corrupted.')
# Close the server connection and return
s.close()
return result
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with pytest.raises(UnsupportedAlgorithm):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def sign_data(private_key, plain_text):
# SIGN DATA/STRING
signature = private_key.sign(data=plain_text.encode('utf-8'),
padding=padding.PSS(
mgf=padding.MGF1(hashes.MD5()),
salt_length=padding.PSS.MAX_LENGTH),
algorithm=hashes.MD5())
return signature
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self):
private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.decrypt(
b"0" * 64,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.MD5()),
algorithm=hashes.MD5(),
label=None))
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(hashes.SHA1(), backend=backend)
def verify_data(public_key, plain_text, signature):
try:
public_key.verify(signature=signature,
data=plain_text.encode('utf-8'),
padding=padding.PSS(
mgf=padding.MGF1(hashes.MD5()),
salt_length=padding.PSS.MAX_LENGTH),
algorithm=hashes.MD5())
is_signature_correct = True
except InvalidSignature:
is_signature_correct = False
return is_signature_correct
def md5_str(original):
if not original and not isinstance(original, str):
return None
digest = hashes.Hash(hashes.MD5(), backend=default_backend())
digest.update(original.encode())
md5_str = digest.finalize()
return md5_str.hex().upper()
def verify(self, packet):
""" Pass a message to verify with this key, or a key (OpenPGP, _RSAobj, or _DSAobj)
to check this message with
Second optional parameter to specify which signature to verify (if there is more than one)
"""
m = None
packet = self._parse_packet(packet)
if not self._message:
m = packet
verifier = self.verifier
else:
m = self._message
verifier = self.__class__(packet).verifier
byhash = {
'MD5': lambda m, s: verifier(hashes.MD5(), m, s),
'RIPEMD160': lambda m, s: verifier(hashes.RIPEMD(), m, s),
'SHA1': lambda m, s: verifier(hashes.SHA1(), m, s),
'SHA224': lambda m, s: verifier(hashes.SHA224(), m, s),
'SHA256': lambda m, s: verifier(hashes.SHA256(), m, s),
'SHA384': lambda m, s: verifier(hashes.SHA384(), m, s),
'SHA512': lambda m, s: verifier(hashes.SHA512(), m, s)
}
return m.verified_signatures({'RSA': byhash, 'DSA': byhash})
def _GetLSAKey(self, registry, boot_key):
"""Retrieves the LSA key.
Args:
registry (dfwinreg.WinRegistry): Windows Registry.
boot_key (bytes): boot key.
Returns:
bytes: LSA key or None if not found.
"""
policy_encryption_key = registry.GetKeyByPath(
self._POLICY_ENCRYPTION_KEY_PATH)
if not policy_encryption_key:
return None
policy_encryption_value = policy_encryption_key.GetValueByName('')
if not policy_encryption_value:
return None
value_data = policy_encryption_value.data
algorithm = hashes.MD5()
backend = backends.default_backend()
digest_context = hashes.Hash(algorithm, backend=backend)
digest_context.update(boot_key)
iteration = 0
while iteration < 1000:
digest_context.update(value_data[60:76])
iteration += 1
rc4_key = digest_context.finalize()
decrypted_data = self._DecryptARC4(rc4_key, value_data[12:60])
return decrypted_data[16:32]
def challenge(ioin, ioout):
ioout.write(b"hello\n")
key = secrets.token_bytes(nbytes=None)
salt = secrets.token_bytes(nbytes=16)
aesgcm = AESGCM(key)
attempted_nonces = list()
for attempt in range(len(PLAINTEXTS)):
nonce = ioin.readline().strip()
if (len(nonce) < 10 or len(nonce) > 100 or nonce in attempted_nonces
or not all([c in string.printable.encode() for c in nonce])):
ioout.write(b"no\n")
return
attempted_nonces.append(nonce)
ioout.write(
aesgcm.encrypt(
PBKDF2HMAC(
algorithm=hashes.MD5(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend(),
).derive(nonce),
secrets.choice(PLAINTEXTS),
None,
).hex().encode() + b"\n")
def AES_decrypt(key, enc_data):
# key: aes_key || hmac_key
aes_key = key[:24]
hmac_key = key[24:]
# enc_data: iv || cipher || mac
iv, cipher, mac = enc_data[:16], enc_data[16:-16], enc_data[-16:]
aes = Cipher(algorithms.AES(aes_key), modes.CBC(iv))
decryptor = aes.decryptor()
data = decryptor.update(cipher) + decryptor.finalize()
# check padding
data = unpad(data)
if not data:
return None, "padding error"
# check hmac
cal_mac = iv + cipher
for _ in range(7777): # enhanced secure
h = hmac.HMAC(hmac_key, hashes.MD5())
h.update(cal_mac)
cal_mac = h.finalize()
if cal_mac != mac:
return None, "hmac error"
return data, None
def cal_password_hash(password):
hash = password.encode() + SALT
for _ in range(7777): # enhanced secure
digest = hashes.Hash(hashes.MD5())
digest.update(hash)
hash = digest.finalize()
return hash
def scan_authorities():
"""
Search proper directory for certificates, load them and store metadata.
:return: list of CertificateAuthority objects
:rtype: list
"""
logger.debug("Crts", "Scanning for certificate authorities")
storage.certificate_authorities.clear()
ca_cert_dir = config.get("certificates", "ca_cert_dir")
ca_key_dir = config.get("certificates", "ca_key_dir")
if not os.path.exists(ca_cert_dir):
os.makedirs(ca_cert_dir)
if not os.path.exists(ca_key_dir):
os.makedirs(ca_key_dir)
for x in glob.glob(os.path.join(ca_cert_dir, "*.pem")):
id = os.path.splitext(os.path.split(x)[1])[0]
with open(x, "rb") as f:
cert = x509.load_pem_x509_certificate(f.read(), default_backend())
key_path = os.path.join(ca_key_dir, "{0}.key".format(id))
with open(key_path, "rb") as f:
with open(key_path, "rb") as f:
key = serialization.load_pem_private_key(
f.read(),
password=None,
backend=default_backend()
)
sha1 = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
md5 = binascii.hexlify(cert.fingerprint(hashes.MD5())).decode()
kt = "RSA" if isinstance(key.public_key(), rsa.RSAPublicKey) else "DSA"
ca = CertificateAuthority(id, x, key_path, cert.not_valid_after,
kt, key.key_size, sha1, md5)
storage.certificate_authorities[id] = ca
return storage.certificate_authorities
def make_cert(netid,
pubkey,
ca_key=ECE422_CA_KEY,
serial=x509.random_serial_number()):
builder = x509.CertificateBuilder()
builder = builder.not_valid_before(datetime.datetime(2017, 9, 6))
builder = builder.not_valid_after(datetime.datetime(2017, 9, 20))
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, unicode(netid)),
x509.NameAttribute(
NameOID.PSEUDONYM,
u'abcdefghijabcdefghijabcdefghijabcdefghijabcdefghijabcdefghijabcd'
),
x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Illinois'),
]))
builder = builder.issuer_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'ece422'),
]))
builder = builder.serial_number(serial)
builder = builder.public_key(pubkey)
cert = builder.sign(private_key=ECE422_CA_KEY,
algorithm=hashes.MD5(),
backend=default_backend())
return cert
def encrypt(self, password, data):
"""Encrypt given data using md5 + salt + aes-128-cbc."""
# IrssiNotifier requires null at the end
databytes = data.encode() + bytes(1)
padder = padding.PKCS7(128).padder()
padded_data = padder.update(databytes) + padder.finalize()
salt = os.urandom(8)
key = None
iv = None
for n in range(2):
# this following logic is similar to EVP_BytesToKey() from openssl
md5hash = hashes.Hash(hashes.MD5())
if key is not None:
md5hash.update(key)
md5hash.update(password.encode())
md5hash.update(salt)
md5 = md5hash.finalize()
if key is None:
key = md5
continue
if iv is None:
iv = md5
aes256cbc = ciphers.Cipher(ciphers.algorithms.AES(key),
ciphers.modes.CBC(iv))
encryptor = aes256cbc.encryptor()
edata = encryptor.update(padded_data) + encryptor.finalize()
edata = 'Salted__'.encode() + salt + edata
edata = base64.b64encode(edata, b'-_')
edata = edata.replace(b'=', b'')
return edata
def digestMD5(data, arg_list=None):
digest = hashes.Hash(hashes.MD5(), backend=default_backend())
digest.update(data)
if (arg_list):
for arg in arg_list:
digest.update(arg)
return digest.finalize()
def set_certificate_attrs(entry_attrs):
"""
Set individual attributes from some values from a certificate.
entry_attrs is a dict of an entry
returns nothing
"""
if not 'usercertificate' in entry_attrs:
return
if type(entry_attrs['usercertificate']) in (list, tuple):
cert = entry_attrs['usercertificate'][0]
else:
cert = entry_attrs['usercertificate']
cert = x509.normalize_certificate(cert)
cert = x509.load_certificate(cert, datatype=x509.DER)
entry_attrs['subject'] = unicode(DN(cert.subject))
entry_attrs['serial_number'] = unicode(cert.serial_number)
entry_attrs['serial_number_hex'] = u'0x%X' % cert.serial_number
entry_attrs['issuer'] = unicode(DN(cert.issuer))
entry_attrs['valid_not_before'] = x509.format_datetime(
cert.not_valid_before)
entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after)
entry_attrs['md5_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.MD5()))
entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons(
cert.fingerprint(hashes.SHA1()))
class TestMD5(object):
test_md5 = generate_hash_test(
load_hash_vectors,
os.path.join("hashes", "MD5"),
["rfc-1321.txt"],
hashes.MD5(),
)
def __init__(self, app, pipeline, id=None, config=None):
super().__init__(app, pipeline, id, config)
self.Backend = default_backend()
algorithm = self.Config['algorithm'].upper()
if algorithm == "SHA224":
self.Algorithm = hashes.SHA224()
elif algorithm == "SHA256":
self.Algorithm = hashes.SHA256()
elif algorithm == "SHA384":
self.Algorithm = hashes.SHA384()
elif algorithm == "SHA512":
self.Algorithm = hashes.SHA512()
elif algorithm == "SHA1":
self.Algorithm = hashes.SHA1()
elif algorithm == "MD5":
self.Algorithm = hashes.MD5()
elif algorithm == "BLAKE2B":
digest_size = int(self.Config['digest_size'])
self.Algorithm = hashes.BLAKE2b(digest_size)
elif algorithm == "BLAKE2S":
digest_size = int(self.Config['digest_size'])
self.Algorithm = hashes.BLAKE2s(digest_size)
else:
L.error("Unknown hashing algorithm '{}'".format(
self.Config['algorithm']))
raise RuntimeError("Unknown hashing algorithm '{}'".format(
self.Config['algorithm']))
def make_cert(netid,
pubkey,
ca_key=ECE422_CA_KEY,
serial=x509.random_serial_number()):
serial = 619896898465676799222673698197894680027116984392
builder = x509.CertificateBuilder()
builder = builder.not_valid_before(datetime.datetime(2017, 3, 1))
builder = builder.not_valid_after(datetime.datetime(2017, 3, 27))
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, str(netid)),
x509.NameAttribute(
NameOID.PSEUDONYM,
u'unused012345678901234567890123456789012345678901234567890123456'
),
x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Illinois'),
]))
builder = builder.issuer_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'ece422'),
]))
print("Serial : ", serial)
builder = builder.serial_number(serial)
builder = builder.public_key(pubkey)
cert = builder.sign(private_key=ECE422_CA_KEY,
algorithm=hashes.MD5(),
backend=default_backend())
return cert
def decript(self, ct, mac):
backend = default_backend()
cipher = None
block_size = 0
# Algoritmo
if self.algoritmo == 'AES':
alg = algorithms.AES(self.key)
block_size = alg.block_size
elif self.algoritmo == 'CAST5':
alg = algorithms.CAST5(self.key)
block_size = alg.block_size
# Modo de encriptografar
if self.modo == 'ECB':
mod = modes.ECB()
elif self.modo == 'CBC':
mod = modes.CBC(self.iv)
cipher = Cipher(alg, mod, backend=default_backend())
# Sintese
if self.sintese == 'SHA-256':
sints = hashes.SHA256()
elif self.sintese == 'MD5':
sints = hashes.MD5()
# Decryptor
decryptor = cipher.decryptor()
# Padder
unpadder = padding.PKCS7(block_size).unpadder()
# Hmac
h = hmac.HMAC(self.key, sints, backend=default_backend())
# VERIFICAR SE O HMAC CONTINUA O MESMO
h.update(ct)
h.verify(mac)
padded_data = decryptor.update(ct) + decryptor.finalize()
data = unpadder.update(padded_data) + unpadder.finalize()
clean_data = base64.b64decode(data)
return clean_data
def symmetric_key_gen(self):
if (self.digest == "SHA256"):
alg = hashes.SHA256()
elif (self.digest == "SHA384"):
alg = hashes.SHA384()
elif (self.digest == "MD5"):
alg = hashes.MD5()
elif (self.digest == "SHA512"):
alg = hashes.SHA512()
elif (self.digest == "BLAKE2"):
alg = hashes.BLAKE2b(64)
kdf = HKDF(algorithm=alg,
length=32,
salt=None,
info=b'handshake data',
backend=default_backend())
key = kdf.derive(self.shared_key)
if self.symmetric_cipher == 'AES':
self.symmetric_key = key[:16]
elif self.symmetric_cipher == '3DES':
self.symmetric_key = key[:8]
elif self.symmetric_cipher == 'ChaCha20':
self.symmetric_key = key[:32]
def compute_message_authenticator(
radius_packet,
packed_req_authenticator,
shared_secret
):
"""
Computes the "Message-Authenticator" of a given RADIUS packet.
"""
if not conf.crypto_valid:
g_log_loading.info(_crypto_loading_failure_message)
return None
packed_hdr = struct.pack("!B", radius_packet.code)
packed_hdr += struct.pack("!B", radius_packet.id)
packed_hdr += struct.pack("!H", radius_packet.len)
packed_attrs = ''
for index in range(0, len(radius_packet.attributes)):
packed_attrs = packed_attrs + str(radius_packet.attributes[index])
hmac_ = hmac.HMAC(
shared_secret,
hashes.MD5(),
backend=default_backend()
)
packed_data = packed_hdr + packed_req_authenticator + packed_attrs
hmac_.update(packed_data)
return hmac_.finalize()
def encript(self, txt):
backend = default_backend()
cipher = None
block_size = 0
# Algoritmo
if self.algoritmo == 'AES':
alg = algorithms.AES(self.key)
block_size = alg.block_size
elif self.algoritmo == 'CAST5':
alg = algorithms.CAST5(self.key)
block_size = alg.block_size
# Modo de encriptografar
if self.modo == 'ECB':
mod = modes.ECB()
elif self.modo == 'CBC':
mod = modes.CBC(self.iv)
cipher = Cipher(alg, mod, backend=default_backend())
# Sintese
if self.sintese == 'SHA-256':
sints = hashes.SHA256()
elif self.sintese == 'MD5':
sints = hashes.MD5()
encryptor = cipher.encryptor()
# Text
msg = base64.b64encode(txt)
padder = padding.PKCS7(block_size).padder()
padded_data = padder.update(msg) + padder.finalize()
# Encrypted text
ct = encryptor.update(padded_data) + encryptor.finalize()
# HMAC
h = hmac.HMAC(self.key, sints, backend=default_backend())
h.update(ct)
mac = h.finalize()
return ct, mac
