In [None]:
from Crypto.Util.number import long_to_bytes

# Signature handler (different hash of handshake hash)
from Crypto.Signature import pss
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto import Random

from Crypto.Cipher import AES
from cryptography import x509
from babyTLSUtil import *
from key_exchange import *
from packets import *
from os import urandom
import socketserver
import signal
import json

# Certificate loading: https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate

class Handler(socketserver.BaseRequestHandler):

    def handle(self):
        signal.alarm(0)
        main(self.request)


class ReusableTCPServer(socketserver.ForkingMixIn, socketserver.TCPServer):
    pass


def sendMessage(s, msg):
    s.send(msg.encode())


def receiveMessage(s, msg):
    sendMessage(s, msg)
    return s.recv(4096).decode().strip()


def main(s):
    sendMessage(s, "Welcome to the H3xTEL babyTLS server!\n")
    # TODO: cipher suite negotiation
    client_hello = receiveMessage(s, "Send your client hello: ")
    client_hello, client_public_key = extract_node_hello(client_hello)

    # Server public key generation
    server_hello, KEP = node_hello("ECDHKE", "secp384r1") # TODO: cipher suite negotiation
    sendMessage(s, f"Server hello: {server_hello}\n")
    shared_secret = KEP.generate_shared_secret(client_public_key)
    
    # hello verification
    HASH_ALG = hashlib.sha384 # TODO: cipher suite negotiation
    HASH_LEN = HASH_ALG().digest_size
    handshake_keys = hello_verify([client_hello, server_hello], shared_secret, HASH_ALG, HASH_LEN)
    
    # Encrypt the rest of the handshake
    # Server Certificate
    header = "1703030343" # Handshake header (certificate) - CHANGE THIS: depends on the data follows
    cert = open("certs/h3xtel-ctf_com.crt", "r").read() # read certificate
    server_certificate_encrypted = TLS_packet(cert.encode(), header, handshake_keys["server_handshake_key"], 
                                              handshake_keys["server_handshake_iv"])
    sendMessage(s, f"Server certificate: {server_certificate_encrypted}\n") # The client decrypts and gets the public key of the certificate
    
    # Server Certificate Verify
    signature = handshake_signature([client_hello, server_hello, cert], HASH_ALG)
    header = "1703030119" # Handshake header (certificate verify) - CHANGE THIS: depends on the data follows
    server_certificate_verify = TLS_packet(signature, header, handshake_keys["server_handshake_key"], 
                                                       handshake_keys["server_handshake_iv"])
    sendMessage(s, f"Server certificate verify: {server_certificate_verify}\n")
    
    # Server Handshake Finished
    header = "14000030" # Handshake header (finished) - CHANGE THIS: depends on the data follows
    # finished_key = HKDF-Expand-Label(key: server_secret, label: "finished", ctx: "", len: 32)
    finished_key = HKDF_expand_label(bytes.fromhex(handshake_keys["server_secret"]), b"finished", b"", 32, HASH_ALG)
    # finished_hash = SHA384(Client Hello ... Server Cert Verify)
    finished_hash = HASH_ALG(client_hello.encode() + server_hello.encode() + cert.encode() + signature).digest()
    # verify_data = HMAC-SHA384(key: finished_key, msg: finished_hash)
    verify_data = tls_HMAC(finished_key, finished_hash, HASH_ALG)
    finished_encrypted, auth_tag = encrypt_and_digest(verify_data, header, handshake_keys["server_handshake_key"], 
                                                      handshake_keys["server_handshake_iv"])
    finished = {
        "Record_Header": header,
        "Encrypted_Data": finished_encrypted.hex(),
        "Auth_Tag": auth_tag.hex()
    }
    sendMessage(s, f"Server handshake finished: {json.dumps(finished)}\n")
    
    # Master key calculation (encrypts application traffic)
    handshake_hash = HASH_ALG(client_hello.encode() + server_hello.encode() + cert.encode() + signature + verify_data).digest()
    last_result = handshake_verify(handshake_hash, bytes.fromhex(handshake_keys["handshake_secret"]), HASH_ALG, HASH_LEN)
    
    client_finished = receiveMessage(s, "Send your client handshake finished: ")
    # decrypt and verify "client_finished"
    key = handshake_keys["client_handshake_key"]
    iv = handshake_keys["client_handshake_iv"]
    client_finished = json.loads(client_finished)
    client_verify_data =  decrypt_and_verify(client_finished["Encrypted_Data"], client_finished["Record_Header"], key, iv, client_finished["Auth_Tag"])
    server_finished_key = HKDF_expand_label(bytes.fromhex(handshake_keys["client_secret"]), b"finished", b"", 32, HASH_ALG)
    server_finished_hash = HASH_ALG(client_hello.encode() + server_hello.encode() + cert.encode() + signature + verify_data).digest()
    server_verify_data = tls_HMAC(server_finished_key, server_finished_hash, HASH_ALG)
    assert server_verify_data == client_verify_data
    
if __name__ == '__main__':
    socketserver.TCPServer.allow_reuse_address = True
    server = ReusableTCPServer(("0.0.0.0", 1337), Handler)
    server.serve_forever()