In [None]:
from Crypto.Util.number import long_to_bytes

# Signature handler (different hash of handshake hash)
from Crypto.Signature import pss
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto import Random

from Crypto.Cipher import AES
from cryptography import x509
from babyTLSUtil import *
from key_exchange import *
from os import urandom
import socketserver
import signal
import json

class Handler(socketserver.BaseRequestHandler):

    def handle(self):
        signal.alarm(0)
        main(self.request)


class ReusableTCPServer(socketserver.ForkingMixIn, socketserver.TCPServer):
    pass


def sendMessage(s, msg):
    s.send(msg.encode())


def receiveMessage(s, msg):
    sendMessage(s, msg)
    return s.recv(4096).decode().strip()

def encrypt_and_digest(pt, header, key, iv):
    cipher = AES.new(bytes.fromhex(key), AES.MODE_GCM, nonce = bytes.fromhex(iv))
    cipher.update(bytes.fromhex(header))
    ct, tag = cipher.encrypt_and_digest(pt)
    return ct, tag

def main(s):
    sendMessage(s, "Welcome to the H3xTEL babyTLS server!\n")
    # TODO: cipher suite negotiation
    client_hello = receiveMessage(s, "Send your client hello: ")
    client_hello = json.loads(client_hello)
    
    client_public_key = client_hello["Key_Share"]
    # Server public key generation
    KEP = KEY_EXCHANGE("ECDHKE", "secp384r1") # TODO: cipher suite negotiation
    server_public_key = KEP.generate_public_key()
    server_hello = {
        "Random": urandom(16).hex(),
        "Key_Share": server_public_key
    }
    sendMessage(s, f"Server hello: {json.dumps(server_hello)}\n")
    shared_secret = KEP.generate_shared_secret(client_public_key)
    # print(shared_secret)
    
    # hello verification
    HASH_ALG = hashlib.sha384 # TODO: cipher suite negotiation
    HASH_LEN = HASH_ALG().digest_size
    client_hello = json.dumps(client_hello).encode()
    server_hello = json.dumps(server_hello).encode()
    hello_hash = HASH_ALG(client_hello + server_hello).digest()
    result = hello_verify(hello_hash, shared_secret, HASH_ALG, HASH_LEN)
    print(result)
    
    # Encrypt the rest of the handshake
    # Server Certificate
    header = "1703030343" # Handshake header (certificate) - CHANGE THIS: depends on the data follows
    key = result["server_handshake_key"]
    iv = result["server_handshake_iv"]
    cert = open("certs/h3xtel-ctf_com.crt", "rb").read() # read certificate
    # cert = x509.load_pem_x509_certificate(cert)
    cert_encrypted, auth_tag = encrypt_and_digest(cert, header, key, iv)
    server_certificate = {
        "Record_Header": header,
        "Encrypted_Data": cert_encrypted.hex(),
        "Auth_Tag": auth_tag.hex()
    }
    sendMessage(s, f"Server certificate: {json.dumps(server_certificate)}\n") # The client decrypts and gets the public key of the certificate
    print(server_certificate)
    
    # Server Certificate Verify
    handshake_hash = HASH_ALG(client_hello + server_hello + cert).digest()
    priv = open("certs/priv.key", "rb").read()
    private_key = RSA.import_key(priv)
    h = SHA256.new(handshake_hash)
    signature = pss.new(private_key).sign(h)
    header = "1703030119" # Handshake header (certificate verify) - CHANGE THIS: depends on the data follows
    signature_encrypted, auth_tag = encrypt_and_digest(signature, header, key, iv)
    server_certificate_verify = {
        "Record_Header": header,
        "Encrypted_Data": signature_encrypted.hex(),
        "Auth_Tag": auth_tag.hex()
    }
    sendMessage(s, f"Server certificate verify: {json.dumps(server_certificate_verify)}\n")
    print(server_certificate_verify)
    
    # Server Handshake Finished
    header = "14000030" # Handshake header (finished) - CHANGE THIS: depends on the data follows
    # finished_key = HKDF-Expand-Label(key: server_secret, label: "finished", ctx: "", len: 32)
    finished_key = HKDF_expand_label(bytes.fromhex(result["server_secret"]), b"finished", b"", 32, HASH_ALG)
    # finished_hash = SHA384(Client Hello ... Server Cert Verify)
    finished_hash = HASH_ALG(client_hello + server_hello + cert + signature).digest()
    # verify_data = HMAC-SHA384(key: finished_key, msg: finished_hash)
    verify_data = tls_HMAC(finished_key, finished_hash, HASH_ALG)
    finished_encrypted, auth_tag = encrypt_and_digest(verify_data, header, key, iv)
    finished = {
        "Record_Header": header,
        "Encrypted_Data": finished_encrypted.hex(),
        "Auth_Tag": auth_tag.hex()
    }
    sendMessage(s, f"Server handshake finished: {json.dumps(finished)}\n")
    print(finished)
    
    # Master key calculation (encrypts application traffic)
    handshake_hash = HASH_ALG(client_hello + server_hello + cert + signature + verify_data).digest()
    last_result = handshake_verify(handshake_hash, bytes.fromhex(result["handshake_secret"]), HASH_ALG, HASH_LEN)
    print(last_result)
    
    client_finished = receiveMessage(s, "Send your client handshake finished: ")
    
if __name__ == '__main__':
    socketserver.TCPServer.allow_reuse_address = True
    server = ReusableTCPServer(("0.0.0.0", 1337), Handler)
    server.serve_forever()