def test_when_point_is_scalar_multiplied_then_point_is_in_subgroup(self): p1 = ec.Point(self.curve, 3, 6) self.assertEqual(ec.Point(self.curve, 3, 6), p1 * 1) self.assertEqual(ec.Point(self.curve, 80, 10), 2 * p1 * 1) self.assertEqual(ec.Point(self.curve, 3, 91), 2 * p1 * 2) self.assertEqual(ec.Point(self.curve, 80, 10), p1 * -3) self.assertEqual(ec.Inf(self.curve), p1 * 10)
def decompressPoint(point, curve_name='secp192r1'): """ Takes a compressed point of the form (x, even/odd) :param point: Compressed point in the form (x, even/odd) :param curve_name: Name of the elliptic curve employed. :return: EC Point """ curve = reg.get_curve(curve_name) p = curve.field.p y = sqrtmod(pow(point.x, 3, p) + curve.a * point.x + curve.b, p) if point.y: return ec.Point(curve, point.x, y) else: return ec.Point(curve, point.x, p - y)
def test_when_point_is_not_on_curve_then_warning_is_raised(self): import warnings p1 = ec.Point(self.curve, 22, 5) with warnings.catch_warnings(): warnings.filterwarnings("error") with self.assertRaises(UserWarning): ec.Point(self.curve, 94, 31) with warnings.catch_warnings(): warnings.filterwarnings("ignore") p2 = ec.Point(self.curve, 94, 31) with warnings.catch_warnings(): warnings.filterwarnings("error") with self.assertRaises(UserWarning): p1 + p2
def chiffrement(self, msg, name): k = random.randint(1, self.courbe.field.n) point = [] liste = self.mappingChaine(msg) r = random.randint(30, 55) for i in range(len(liste)): for j in range(1, r): pi = Pair() pi.x = (liste[i] * r + j) % self.p pi.y = ((pi.x**3 + self.a * pi.x + self.b)**2) % self.p if ec.Point(self.courbe, pi.x, pi.y).on_curve == True: break point.append(pi) #print(point) p1 = self.doublePoint(k, self.g, self.p) p2 = self.doublePoint(k, name.publick, self.p) crypt = [] for i in range(len(point)): crypt.append(self.add(point[i], p2, self.p)) path = os.getcwd() + "/" + str(name.name) filecrypt = open(path + "/msgcrypte.txt", "w") filecrypt.write("#p1.x= #" + str(p1.x)) filecrypt.write("#p1.y= #" + str(p1.y)) filecrypt.write("#msgcrypte= #" + str(crypt)) filecrypt.write("#r= #" + str(r)) filecrypt.close()
def readPublicKey(init_file): FileCredibility.fullStop(init_file) with open(init_file, 'r') as out: content = out.readline().replace('[', '').replace(']', '').split(',') return ec.Point(registry.get_curve(content[0]), int(content[1]), int(content[2]))
def test_scrypt(): A_curve = getCurve(5) A_pri = getPri(A_curve) A_pub = getPub(A_pri, A_curve) B_curve = getCurve(5) B_pri = getPri(B_curve) B_pub = getPub(B_pri, B_curve) A_sym = getShairKey(A_pri, B_pub) B_sym = getShairKey(B_pri, A_pub) A_Parts = ( A_pub.curve.name, A_pub.x, A_pub.y ) print(A_Parts) p1 = ec.Point( registry.get_curve(A_Parts[0]), A_Parts[1], A_Parts[2] ) P_sym = getShairKey(B_pri, p1) #print(f'P is {p1}') #print(f'A_sym:', compress(A_sym)) #print(f'B_sym:', compress(B_sym)) #print(f'P_sym:', compress(P_sym)) print("Are eq:", A_sym == B_sym) print(f'p1 is a sutable replacement:{A_sym == P_sym}')
def str_to_ec_point(ansi_str, ec_curve): if not ansi_str.startswith("\x04"): raise ValueError("ANSI octet string missing point prefix (0x04)") ansi_str = ansi_str[1:] if len(ansi_str) % 2 != 0: raise ValueError("Can't parse curve point. Odd ANSI string length") str_to_int = lambda x: int(binascii.hexlify(x), 16) x, y = str_to_int(ansi_str[:len(ansi_str) // 2]), str_to_int(ansi_str[len(ansi_str) // 2:]) return ec.Point(ec_curve, x, y)
def compute_shared_secret(private_key_point, remote_public_key_x, remote_public_key_y): """ Calc Diffiehellman key and compute secret """ remote_public_key_point = ec2.Point(curve, remote_public_key_x, remote_public_key_y) shared_point = private_key_point * remote_public_key_point shared_secret = shared_point.x.to_bytes(PUBLIC_KEY_X_SIZE, byteorder="little") return shared_secret
def getSharedKey(self, remotePublicKey): keyX = int('0x' + binascii.hexlify(remotePublicKey[8:8 + 66]).decode(), 16) keyY = int( '0x' + binascii.hexlify(remotePublicKey[8 + 66:8 + 66 + 66]).decode(), 16) point = ec.Point(self.curve, keyX, keyY) shared = self.private_key * point key = hex(shared.x)[2:] key = (binascii.unhexlify('0' + key) if len(key) % 2 else binascii.unhexlify(key)).rjust(66, b'\x00') return hashlib.sha256(key).digest()
def test_when_point_are_on_curve_then_add_result_is_on_curve(self): p1 = ec.Point(self.curve, 22, 5) p2 = ec.Point(self.curve, 95, 31) self.assertEqual(ec.Point(self.curve, 29, 43), p1 + p2) p1 = ec.Point(self.curve, 24, 2) p2 = ec.Point(self.curve, 96, 0) self.assertEqual(ec.Point(self.curve, 38, 90), p1 + p2)
def processTLSpacket(self,pkt): mtls=TLS(pkt) if scapy_ssl_tls.ssl_tls.TLSServerHello in mtls: self.serverrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSServerHello])[2:34] print 'Server Random Found' if scapy_ssl_tls.ssl_tls.TLSClientHello in mtls: self.clientrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[2:34] #mtls[scapy_ssl_tls.ssl_tls.TLSClientHello].show2() #print [ord(i) for i in str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[:40]] print [ord(i) for i in self.clientrandom] print 'Client Random Found' if scapy_ssl_tls.ssl_tls.TLSServerKeyExchange in mtls: server_kex = mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange] a = server_kex[scapy_ssl_tls.ssl_tls.TLSServerECDHParams] point = scapy_ssl_tls.ssl_tls_keystore.ansi_str_to_point(a.p) self.serverpub=a.p curve = ec_reg.get_curve('secp256r1') scapy_ssl_tls.ssl_tls_keystore.ECDHKeyStore(curve, ec.Point(curve, *point)) # PREMASTER KEY ec_curve = ec_reg.get_curve('secp256r1') server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve)) client_keypair=pickle.load(open('/home/gabriel/waterfall/decoy/scapy_ssl_tls/clientpriv')) secret_point = ec.ECDH(client_keypair).get_secret(server_keypair) mk = int_to_str(secret_point.x) # masalan premaster key sec_params = scapy_ssl_tls.ssl_tls_crypto.TLSSecurityParameters.from_pre_master_secret(self.prf, scapy_ssl_tls.ssl_tls.TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256, mk, self.clientrandom, self.serverrandom) sym_keystore = sec_params.server_keystore # print("SYYYYYN JEEEEEET", sym_keystore.key) self.server_write_key = sym_keystore.key self.server_write_iv = sym_keystore.iv self.candecrypt = True # ecdh=scapy_ssl_tls.ssl_tls.TLSServerECDHParams(str(mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange])) # self.serverpub=ecdh.p # print 'server public Found' # self.driveKeys() if self.candecrypt: # print 'decrypting ' # mtls.show2() if scapy_ssl_tls.ssl_tls.TLSCiphertext in mtls: # print 'decryptable' plain=self.decrypt(mtls[scapy_ssl_tls.ssl_tls.TLSCiphertext].data) if mtls.records[0].content_type==23: self.startreplace=True #print plain[:60] self.addHTTPpacket(plain)
def ECDHE_Key_Point(self, rfc5480_pubkey, curve_type_byte): curve_type_str = analyze_dict( curve_type_byte, Define().define_named_curve) curve_type = registry.get_curve(curve_type_str) x_byte = rfc5480_pubkey[1:33] x = int.from_bytes(x_byte, 'big') y_byte = rfc5480_pubkey[33:65] y = int.from_bytes(y_byte, 'big') pubkey = ec.Point(curve_type, x, y) return pubkey
def decrypt(self, cipher_bytes: bytes) -> bytes: key_file = open("ecc_key.json", 'r') keyDetails = json.load(key_file) key_file.close() nonce = bytes.fromhex(keyDetails['nonce']) authTag = bytes.fromhex(keyDetails['authTag']) ciphertextPubKey = ec.Point(self.curve, keyDetails['x'], keyDetails['y']) privateKey = int(keyDetails['privateKey']) decryptedMsg = self.decrypt_helper(cipher_bytes, nonce, authTag, ciphertextPubKey, privateKey) return decryptedMsg
def test_client_ecdh_parameters_generation_matches_fixed_data(self): tls_ctx = tlsc.TLSSessionCtx() secp256r1 = reg.get_curve("secp256r1") public = ec.Point(secp256r1, 71312736565121892539464098105317518227531978702333415386264829982789952731614, 108064706642599821618918248475955325719985341096102200103424860263181813987462) tls_ctx.server_ctx.kex_keystore = tlsk.ECDHKeyStore(secp256r1, public) client_privkey = 15320484772785058360598040144348894600917526501829289880527760633524785596585 client_keys = ec.Keypair(secp256r1, client_privkey) client_pubkey = tls_ctx.get_client_ecdh_pubkey(client_privkey) self.assertTrue(client_pubkey.startswith("\x04")) self.assertEqual("\x04%s%s" % (tlsc.int_to_str(client_keys.pub.x), tlsc.int_to_str(client_keys.pub.y)), client_pubkey) self.assertEqual(client_keys.pub, tls_ctx.client_ctx.kex_keystore.public) self.assertEqual("'(\x17\x94l\xd7AO\x03\xd4Fi\x05}mP\x1aX5C7\xf0_\xa9\xb0\xac\xba{r\x1f\x12\x8f", tls_ctx.premaster_secret)
def generateSharedSecret(client_publickey): global shared_key try: print("generateSharedSecret --> Init") coordinate_x = client_publickey['x_coordinate'] coortinate_y = client_publickey['y_coordinate'] client_curve_point = ec.Point(curve, int(coordinate_x), int(coortinate_y)) print("generateSharedSecret --> Client public curve point: ", client_curve_point, "type: ", type(client_curve_point)) shared_key = server_private_key * client_curve_point print("generateSharedSecret --> Shared Key generated successful:", compress_point2(shared_key)) return True except Exception as ex: print("ERROR --> generate_shared_secret --> ", ex) return False
def tls_group_to_keystore(named_group_id, point_str): import scapy_ssl_tls.ssl_tls as tls try: point = ansi_str_to_point(point_str) named_group_name = tls.TLS_SUPPORTED_GROUPS[named_group_id] # Unknown curve case. Just record raw values, but do nothing with them except KeyError: keystore = ECDHKeyStore(None, point) warnings.warn("Unknown TLS defined group id: %d" % named_group_id) # We are on a known group else: try: group = ec_reg.get_curve(named_group_name) keystore = ECDHKeyStore(group, ec.Point(group, *point)) except ValueError: keystore = ECDHKeyStore(None, point) warnings.warn("Unsupported TinyEC group: %s" % named_group_name) return keystore
def _osp2ec(self, bytes): compressed = self._from_bytes(bytes) y = compressed >> self._bits x = compressed & (1 << self._bits) - 1 if x == 0: y = self._curve.b else: result = self.sqrtp(x**3 + self._curve.a * x + self._curve.b, self._curve.field.p) if len(result) == 1: y = result[0] elif len(result) == 2: y1, y2 = result y = y1 if (y1 & 1 == y) else y2 else: return None return ec.Point(self._curve, x, y)
def on_receive_message_1(client, userdata, msg): """ Handles the registration request coming from a device. Check the algorithms specified by this device and proceed as indicated to negotiate a shared key (HAND-SHAKE). It builds the message 2 to be sent to the device with the ephemeral public key of the platform for the DH or ECDH process. """ global encriptor, shared_key global asymmetricAlgorithm, symmetricAlgorithm # Received message 1 for the registration process auth = msg.get("auth", "") if auth != "": asymmetricAlgorithm = auth.get("asymmetric", "") if asymmetricAlgorithm == "dh": g = auth.get("g", "") p = auth.get("p", "") device_pub_key = auth.get("public_key", "") if g == "" and p == "" and device_pub_key == "": # Cannot be empty. return False # Generate private key and public key for platform # in the registration process pn = dh.DHParameterNumbers(p, g) parameters = pn.parameters(default_backend()) private_key, public_key = utils.dhGenKeys(parameters) # Generate shared key device_pub_key = utils.load_key(device_pub_key) shared_key = utils.dhGenSharedKey(private_key, device_pub_key) # Building message two. answer_registration_request = { "auth": { "public_key": public_key.public_bytes( Encoding.PEM,\ PublicFormat.SubjectPublicKeyInfo ).decode( "utf-8" ) } } elif asymmetricAlgorithm == "ecdh": x = auth.get("x", "") y = auth.get("y", "") if x == "" and y == "": # Cannot be empty. return False private_key, public_key = utils.ecdhGenKeys(utils.curve) device_pub_key = ec.Point(utils.curve, x, y) shared_key = utils.ecdhGenSharedKey(private_key, device_pub_key) # Building message two. answer_registration_request = { "auth": { "x": public_key.x, "y": public_key.y } } if shared_key == "": # Cannot be empty. return False symmetricAlgorithm = auth.get("symmetric", "") if symmetricAlgorithm == "fernet": encriptor = Fernet(base64.urlsafe_b64encode(shared_key)) elif symmetricAlgorithm == "chacha": encriptor = ChaCha20Poly1305(shared_key) message = add_header_message( answer_registration_request, userdata,\ REGISTRATION_TOPIC, 2 ) utils.send(client, None, message) return True return False
def test_when_point_is_added_to_infinity_then_point_is_returned(self): p1 = ec.Point(self.curve, 22, 5) p2 = ec.Inf(self.curve) self.assertEqual(p1, p1 + p2) self.assertEqual(p1, p2 + p1)
print() print("The public keys are: ") print(P_a) print(P_b) # Secret key by user A(sender): K_a = n_a * P_b # Secret key by user B(receiver): K_b = n_b * P_a print("Secret key on User A: ", K_a) print("Secret key on User B: ", K_b) # On sender's side K_a = ec.Point(curve, K_a.x, K_a.y) Message = input("Enter the x and y coordinates by space seperated: ") Message = list(map(int, Message.split(" "))) message_point = ec.Point(curve, Message[0], Message[1]) # k is a random number k = int(input("Enter a random number: ")) Cipher_point_x = k * curve.g print("Cipher text 1st component(point on My_curve): ", Cipher_point_x) Cipher_point_y = message_point + k * P_b print("Cipher text 2nd component(point on My_curve): ", Cipher_point_y) # On receiver's side Plain_point = Cipher_point_x * n_b Plain_point = (message_point + k * P_b) - Plain_point
def convertToPoint(value): s = ec.Point(curve, int(value[0], 16), int(value[1], 16)) return s
def test_when_same_points_are_added_then_result_is_on_curve(self): p1 = ec.Point(self.curve, 24, 2) self.assertEqual(ec.Point(self.curve, 65, 65), p1 + p1)
def test_when_points_have_opposite_ordinates_then_result_is_infinite(self): p1 = ec.Point(self.curve, 12, 3) p2 = ec.Point(self.curve, 12, 94) self.assertEqual(ec.Inf(self.curve), p1 + p2)
def send_eap_tls_client_key(self): """ Generate Client_Certificate, Client_KeyExchange, Client_CertificateVerify, Client_ChangeCipherSpec & FINISHED Message and send it to the server """ if self.state != "TLS HANDSHAKE 1": print("Wrong Connection State for Client_Key Message: {0} - should be 'TLS HANDSHAKE 1'".format(self.state)) return 1 #May have to move this to the _init_ field packet_head = Dot11(addr1=self.bssid ,addr2=self.sta_mac ,addr3=self.bssid ,type=2 ,subtype=8 , FCfield="to-DS" )/ Dot11QoS('\x00\x00')/LLC(dsap=0xaa,ssap=0xaa,ctrl=3)/ SNAP(OUI=0x0, code=0x888e) / EAPOL(version=1,type=0) #---------------------------------------------------------------------------# x509_1 = X509() x509_1.parse(self.public_cert_file) x509_2 = X509() x509_2.parse(self.ca_certs_file) cert1 = x509_1.writeBytes() cert2 = x509_2.writeBytes() #Add 3 Bytes for every Certificate as Length-Field has to be included chainLength = len(cert1)+3+len(cert2)+3 cert1_len_hex = "{:06x}".format(len(cert1)) cert2_len_hex = "{:06x}".format(len(cert2)) cert1_len = binascii.unhexlify(cert1_len_hex) cert2_len = binascii.unhexlify(cert2_len_hex) client_certs = cert1_len + cert1 + cert2_len + cert2 #We use str() because client_certs is a byte-array client_cert_load = TLSCertificate(certslen=chainLength, certs=str(client_certs)) print("#########################################################") print("Generating CLIENT CERTIFICATE PAYLOAD") print("#########################################################") client_cert_load.show2() client_cert = TLS(type="handshake", version="TLS 1.0", iv="", msg=client_cert_load) print("#########################################################") print("Generating CLIENTCERTIFICATE") print("#########################################################") client_cert.show2() self.handshake_log = self.handshake_log / client_cert[TLSCertificate] print("#################################################################################################") #---------------------------------------------------------------------------# #Generating ClientKey curve = reg.get_curve("secp256r1") self.client_secret = random.getrandbits(256) client_pubKey = curve.g * self.client_secret #04 Prefix for "uncompressed" and "41" for length of pubKey as scapy cant parse it right pubKey_head = binascii.unhexlify("4104") #This one is for sending raw_full_client_pubKey = pubKey_head + long_to_bytes(client_pubKey.x) + long_to_bytes(client_pubKey.y) print("#########################################################") print("Generated following Coordinates:") print("X:") print(client_pubKey.x) print("Y:") print(client_pubKey.y) print("#########################################################") #Parsing ServerKey raw_full_server_pubKey = self.handshake_log[TLSServerKeyExchange].params.point #Remove "uncompressed" indicator full_server_pubKey = raw_full_server_pubKey[1:] #splitting the x and y coordinates server_key_x_raw = full_server_pubKey[0:32] server_key_y_raw = full_server_pubKey[32:64] server_key_x = bytes_to_long(server_key_x_raw) server_key_y = bytes_to_long(server_key_y_raw) server_parse = ec.Point(curve, server_key_x, server_key_y) print("#########################################################") print("Parsed following Server Coordinates:") print("X:") print(server_parse.x) print("Y:") print(server_parse.y) print("#########################################################") #Calculating the pre-master-secret (Returned as a long) long_premaster = (server_parse * self.client_secret).x self.premaster = long_to_bytes(long_premaster) #Generating ClientKeyExchange Layer print("#########################################################") print("Generating CLIENTKEYEXCHANGE Payload:") print("#########################################################") client_key_load = TLSClientKeyExchange(exchkeys=Raw(load=raw_full_client_pubKey)) client_key_load.show2() client_key = TLS(type="handshake", version="TLS 1.0", iv="", msg=client_key_load) print("#########################################################") print("Generating CLIENTKEYEXCHANGE") print("#########################################################") client_key.show2() self.handshake_log = self.handshake_log / client_key_load print("#################################################################################################") #---------------------------------------------------------------------------# #Generating CertificateVerify Layer #Hash-Value Calculation temp = hashlib.md5() temp.update(str(self.handshake_log)) m_string = temp.digest() temp = hashlib.sha1() temp.update(str(self.handshake_log)) s_string = temp.digest() concat_string = m_string + s_string concat_string_hex = binascii.hexlify(concat_string) #Padding Calculation head = "0001" bottom = "00" body = "" for i in range(0,434): body = body + "F" #Combining Hash & Padding concat_string_build = head + body + bottom + concat_string_hex concat_string_raw = binascii.unhexlify(concat_string_build) #Signing Message with M2Crypto using no_padding mode m2_key = RSA.load_key(self.private_key_file) signature_m2 = m2_key.private_encrypt(concat_string_raw, m2.no_padding) #Parsing the Certificate Verify Layer from Wireshark as Scapy has problems generating it certificate_verify_head = binascii.unhexlify("0f0001020100") #Works, as the signature has same length every time certificate_verify_load = TLSCertificateVerify(certificate_verify_head + signature_m2) certificate_verify = TLS(type="handshake", version="TLS 1.0", iv="", msg=certificate_verify_load) print("#########################################################") print("Generated CERTIFICATEVERIFY") print("#########################################################") certificate_verify.show2() #Used for FINISHED Message later self.handshake_log = self.handshake_log / certificate_verify[TLSCertificateVerify] print("#################################################################################################") #---------------------------------------------------------------------------# #Generate ChangeCipherSpec Message #IS NOT RELEVANT FOR FINISHED MESSAGE -> Therefore not saved to log cipher_spec_load = TLSChangeCipherSpec() cipher_spec = TLS(type="change_cipher_spec", version="TLS 1.0", iv="", msg=cipher_spec_load) print("#########################################################") print("Generated CHANGECIPHERSPEC") print("#########################################################") cipher_spec.show2() print("#################################################################################################") #---------------------------------------------------------------------------# #Via Scapy: gmt_unix_time + random_bytes = FULL Random_bytes parsed_time_client = "{0:02x}".format(self.handshake_log[TLSClientHello].gmt_unix_time).zfill(8) parsed_time_server = "{0:02x}".format(self.handshake_log[TLSServerHello].gmt_unix_time).zfill(8) client_random = binascii.unhexlify(parsed_time_client) + self.handshake_log[TLSClientHello].random_bytes server_random = binascii.unhexlify(parsed_time_server) + self.handshake_log[TLSServerHello].random_bytes print("#########################################################") print("Parsed following random_bytes:") print("Client Random:") print(binascii.hexlify(client_random)) print("Server Random:") print(binascii.hexlify(server_random)) #master bitaray with length 48 Bytes self.master = tlslite.mathtls.calcMasterSecret((3,1), None, self.premaster, client_random, server_random) print("#########################################################") print("Calculated Master-Secret:") print(binascii.hexlify(str(self.master))) print("#########################################################") #---------------------------------------------------------------------------# #Calculate FINISHED Message via tlslite #handshakeHash = MD5(handshake_messages) + SHA-1(handshake_messages) #No Padding like RSA Signatur PKCS! #Method expects handshakeHash as byteArray -> makes no difference here print("#################################################################################################") #Hash-Value Calculation exactly as in ClientVerify but now with ClientVerify appended to the log temp = hashlib.md5() temp.update(str(self.handshake_log)) m_string = temp.digest() temp = hashlib.sha1() temp.update(str(self.handshake_log)) s_string = temp.digest() handshakeHash = m_string + s_string #content of FINISHED-Message: verifyData = tlslite.mathtls.PRF(self.master, "client finished", handshakeHash, 12) #Creating Header for Handshake-Layer (NOT Record!): #14 -> ContentType 20 = FINISHED #00000C -> Length of Content = 12 Bytes = VerifyData.length header_hex = "1400000C" header = binascii.unhexlify(header_hex) finished_payload = header + verifyData #Generating Key-Material to calculate required Keys for Sending: #Required: client_write_MAC, client_write_key , client_write_IV #client_write_MAC with SHA-1 -> 20 Bytes #client_write_key with AES-256 -> 256 Bit -> 32 Bytes #client/server IV still uses 128 bit blocks, so 128-bit IV -> 16 Bytes #key_block = PRF(master_secret, "key expansion", server_random + client_random) #KEYLENGTH = 20 (MAC) + 20(Server MAC) + 32 (AES256) + 32 (AES256 Server) + 16 (IV) + 16 (Server IV) = 136 bytes #Order of Keys : client_write_MAC , server_write_MAC, client_write_key, server_write_key, client_write_IV, server_write_IV keys = tlslite.mathtls.PRF(self.master, "key expansion", server_random + client_random, 136) #20 Bytes per Key (SHA-1) client_mac_key = keys[0:20] server_mac_key = keys[20:40] #32 Bytes per Key (AES-256) client_write_key = keys[40:72] server_write_key = keys[72:104] #16 Bytes per Key (AES-CBC) client_write_iv = keys[104:120] server_write_iv = keys[120:136] print("#########################################################") print("Client_Mac_Key:") print(binascii.hexlify(str(client_mac_key))) print("Server_Mac_Key:") print(binascii.hexlify(str(server_mac_key))) print("Client_Write_Key:") print(binascii.hexlify(str(client_write_key))) print("Server_Write_Key:") print(binascii.hexlify(str(server_write_key))) print("Client_Write_IV:") print(binascii.hexlify(str(client_write_iv))) print("Server_Write_IV:") print(binascii.hexlify(str(server_write_iv))) print("#########################################################") #HMAC_SHA1(client_write_mac_key, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment) #client_write_mac_key = get from master_secret #seq_num = 0 as 8 Bytes -> 0x0000000000000000 #TLSCompressed.type = 0x16 = 22 from Record-Layer #TLSCompressed.version = 0x0301 #TLSCompressed.length = length(header+verifyData) -> 0x0010 because we have 16 bytes #TLSCompressed.fragment = header+verifyData #label = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length label = binascii.unhexlify("0000000000000000") + binascii.unhexlify("16") + binascii.unhexlify("0301") + binascii.unhexlify("0010") fin_mac = hmac.new(client_mac_key, label+finished_payload, hashlib.sha1).digest() #Padding: (We need 12 Bytes Padding, so 11-Bytes with Value '11' and one Padding-Length-Byte with Value '11') padding_hex = "" for i in range(0,11): padding_hex = padding_hex + "0B" #Adding the Padding-Length padding_hex = padding_hex + "0B" padding = binascii.unhexlify(padding_hex) #Encrypt the Layer: #USING IN THIS ORDER : finished_payload + fin_mac + padding encryptor = EVP.Cipher(alg="aes_256_cbc", key=client_write_key, iv=client_write_iv, op=1, padding=0) encrypted_payload = encryptor.update(finished_payload + fin_mac + padding) encrypted_payload += encryptor.final() #Generate TLS Record Layer: finished_head = binascii.unhexlify("1603010030") finished = finished_head + encrypted_payload print("#########################################################") print("Generated FINISHED") print("#########################################################") #---------------------------------------------------------------------------# #Construct the whole packet: packet_tls = str(client_cert) + str(client_key) + str(certificate_verify) + str(cipher_spec) + str(finished) #Fragment the packet: (In this Case - Fragments of the size of about 1266 Bytes) fragment1_payload = packet_tls[0:1266] fragment2_payload = packet_tls[1266:2532] fragment3_payload = packet_tls[2532:] #EAP Packet Head -> Remember ID regarding Fragmentation and "More Fragments"-Flag packet1 = packet_head / EAP_TLS(code="Response", id=(self.current_id - 1), type="EAP-TLS", L=1, M=1, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment1_payload) packet1[Dot11].SC = 0x0090 packet2 = packet_head / EAP_TLS(code="Response", id=self.current_id , type="EAP-TLS", L=1, M=1, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment2_payload) packet2[Dot11].SC = 0x00A0 self.current_id += 1 packet3 = packet_head / EAP_TLS(code="Response", id=self.current_id , type="EAP-TLS", L=1, M=0, S=0, reserved=0, tls_message_len=len(packet_tls) ,tls_data=fragment3_payload) packet3[Dot11].SC = 0x00B0 print("#########################################################") print("Generated 3 Fragments:") print("#########################################################") print("Fragment 1 :") packet1.show2() print("#########################################################") print("Fragment 2 :") packet2.show2() print("#########################################################") print("Fragment 3 :") packet3.show2() print("#########################################################") fragments = list() #First packet will be sent directly! fragments.append(packet2) fragments.append(packet3) #Send it away! result_queue = multiprocessing.Queue() send_process = multiprocessing.Process( target=self.mon_ifc.send_packet, args=(packet1,None, )) send_and_receive_process = multiprocessing.Process( target=self.mon_ifc.search_eap_tls_server_response, args=(result_queue, fragments,)) send_and_receive_process.start() time.sleep(.250) send_process.start() send_process.join() send_and_receive_process.join() if result_queue.get(): self.state = "TLS SUCCESS"
def test_when_point_is_substracted_from_infinity_then_point_is_returned(self): p1 = ec.Point(self.curve, 22, 5) p2 = ec.Inf(self.curve) self.assertEqual(p1, p1 - p2) self.assertEqual(p1, p2 - p1)
def test_when_point_are_on_curve_then_substracted_result_is_on_curve(self): p1 = ec.Point(self.curve, 22, 5) p2 = ec.Point(self.curve, 95, 66) # -31 % 97 == 66 p3 = ec.Point(self.curve, 95, 31) self.assertEqual(p1 + p2, p1 - p3)
def test_when_point_is_not_multiplied_by_an_int_then_error_is_raised(self): p1 = ec.Point(self.curve, 3, 6) with self.assertRaises(TypeError): p1 * p1