Skip to content

Commit

Permalink
crypto abstractions
Browse files Browse the repository at this point in the history
  • Loading branch information
@rep
rep committed Oct 11, 2012
1 parent 3d6d49d commit 317cfbb
Show file tree
Hide file tree
Showing 3 changed files with 89 additions and 43 deletions.
48 changes: 48 additions & 0 deletions py/pwrcall/crypto.py
View file
Original file line number Original file line Diff line number Diff line change
@@ -0,0 +1,48 @@

import os

def encrypt_openssl(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")
def decrypt_openssl(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")
def encrypt_nacl(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")
def decrypt_nacl(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")
def encrypt(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")
def decrypt(*args, **kwargs): raise Exception("Function not available, install needed dependencies!")


try:
import Crypto.Cipher.AES
import OpenSSL.crypto
except:
pass
else:
def encrypt_openssl(data, secret):
a = Crypto.Cipher.AES.new(secret, Crypto.Cipher.AES.MODE_CFB, IV=secret)
return a.encrypt(data)

def decrypt_openssl(data, secret):
a = Crypto.Cipher.AES.new(secret, Crypto.Cipher.AES.MODE_CFB, IV=secret)
return a.decrypt(data)

encrypt = encrypt_openssl
decrypt = decrypt_openssl


try:
import nacl
except:
pass
else:
def secretboxnonce():
return os.urandom(nacl.crypto_secretbox_NONCEBYTES)

def encrypt_nacl(data, secret):
n = secretboxnonce()
return secretboxnonce + nacl.crypto_secretbox(data, n, secret)

def decrypt_nacl(data, secret):
n, data = data[:nacl.crypto_secretbox_NONCEBYTES], data[nacl.crypto_secretbox_NONCEBYTES:]
return nacl.crypto_secretbox_open(data, n, secret)

encrypt = encrypt_nacl
encrypt = encrypt_nacl

30 changes: 15 additions & 15 deletions py/pwrcall/gev.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -46,24 +46,21 @@ def __init__(self, sock):
def read(self): def read(self):
try: try:
return self.sock.recv(BUFSIZE) return self.sock.recv(BUFSIZE)
except pwrtls.pwrtls_closed: except Exception as e:
return '' self._close('recv exception: {0}'.format(e))
except socket.error:
self.close()
return '' return ''
def write(self, data): def write(self, data):
try: return self.sock.send(data) try: return self.sock.send(data)
except pwrtls.pwrtls_closed: except Exception as e:
self._close('send exception: {0}'.format(e))
return '' return ''
except socket.error:
self.close()
return 0
def _close(self, e): def _close(self, e):
if self.sock: self.sock.close() if not self._closed:
self._closed = True if self.sock: self.sock.close()
self._event('close', e) self._closed = True
self._event('close', e)
def close(self): def close(self):
if not self._closed: self._close(EVException('Connection closed.')) self._close(EVException('Connection closed.'))




class Node(rpcnode.Node): class Node(rpcnode.Node):
Expand Down Expand Up @@ -105,8 +102,9 @@ def listenPTLS(self, host='', port=0, backlog_limit=5, statepath=None):
if not statepath: raise NodeException('listenPTLS needs statepath!') if not statepath: raise NodeException('listenPTLS needs statepath!')
def handle(socket, addr): def handle(socket, addr):
socket = pwrtls.wrap_socket(socket, server_side=True, **pwrtls.state_file(statepath)) socket = pwrtls.wrap_socket(socket, server_side=True, **pwrtls.state_file(statepath))
socket.do_handshake() try: socket.do_handshake()
self._new_conn(socket, addr) except Exception as e: logging.warn('PTLS Client handshake failure. Closing')
else: self._new_conn(socket, addr)


l = StreamServer((host, port), handle) l = StreamServer((host, port), handle)
self.listeners.add(l) self.listeners.add(l)
Expand Down Expand Up @@ -211,7 +209,9 @@ def wait_for_banner(self):
tmp = '' tmp = ''
while not '\n' in tmp: while not '\n' in tmp:
if len(tmp) > 100: return self.logclose('Invalid info string received. Dropping connection.') if len(tmp) > 100: return self.logclose('Invalid info string received. Dropping connection.')
tmp += self.conn.read() tmp2 = self.conn.read()
if not tmp2: return self.logclose('Closed before banner.')
tmp += tmp2


self.remote_info, tmp = tmp.split('\n', 1) self.remote_info, tmp = tmp.split('\n', 1)
self.ready() self.ready()
Expand Down
54 changes: 26 additions & 28 deletions py/pwrcall/util.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
import urlparse import urlparse
import hashlib import hashlib


from Crypto.Cipher import AES import info
from OpenSSL import crypto import crypto
import msgpack


class NodeException(Exception): class NodeException(Exception):
"""Base for Node Exceptions""" """Base for Node Exceptions"""
Expand Down Expand Up @@ -60,13 +60,11 @@ def rand32():
return struct.unpack('I', os.urandom(4))[0] return struct.unpack('I', os.urandom(4))[0]


def gen_forwarder(secret, obj, nonce, options={}): def gen_forwarder(secret, obj, nonce, options={}):
a = AES.new(secret, AES.MODE_CFB, IV=secret) return crypto.encrypt( msgpack.packb((nonce, id(obj), options)), secret )
return a.encrypt( msgpack.packb((nonce, id(obj), options)) )


# returns (fp, obj, nonce) # returns (fp, obj, nonce)
def cap_from_forwarder(secret, fwd): def cap_from_forwarder(secret, fwd):
a = AES.new(secret, AES.MODE_CFB, IV=secret) return msgpack.unpackb( crypto.decrypt(fwd, secret) )
return msgpack.unpackb( a.decrypt(fwd) )


def parse_url(url): def parse_url(url):
up = urlparse.urlparse(url) up = urlparse.urlparse(url)
Expand All @@ -80,7 +78,7 @@ def load_cert(cert):
if not cert: if not cert:
return None,'' return None,''
if os.path.exists(cert): if os.path.exists(cert):
x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert, 'r').read()) x509 = crypto.OpenSSL.crypto.load_certificate(crypto.OpenSSL.crypto.FILETYPE_PEM, open(cert, 'r').read())
fp = x509.digest('sha1').replace(':','').lower() fp = x509.digest('sha1').replace(':','').lower()
return x509, fp return x509, fp
return None, '' return None, ''
Expand Down Expand Up @@ -116,26 +114,26 @@ def WeakMethod(f):




def gen_selfsigned_cert(c='DE', st='NRW', l='Aachen', o='ITsec', ou='pwrcall', cn=os.urandom(10).encode('hex')): def gen_selfsigned_cert(c='DE', st='NRW', l='Aachen', o='ITsec', ou='pwrcall', cn=os.urandom(10).encode('hex')):
k = crypto.PKey() k = crypto.OpenSSL.crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024) k.generate_key(crypto.OpenSSL.crypto.TYPE_RSA, 1024)


# create a self-signed cert # create a self-signed cert
cert = crypto.X509() cert = crypto.OpenSSL.crypto.X509()
cert.get_subject().C = c cert.get_subject().C = c
cert.get_subject().ST = st cert.get_subject().ST = st
cert.get_subject().L = l cert.get_subject().L = l
cert.get_subject().O = o cert.get_subject().O = o
cert.get_subject().OU = ou cert.get_subject().OU = ou
cert.get_subject().CN = cn cert.get_subject().CN = cn
cert.set_serial_number(1000) cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60) cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject()) cert.set_issuer(cert.get_subject())
cert.set_pubkey(k) cert.set_pubkey(k)
cert.sign(k, 'sha1') cert.sign(k, 'sha1')


crtpem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) crtpem = crypto.OpenSSL.crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
keypem = crypto.dump_privatekey(crypto.FILETYPE_PEM, k) keypem = crypto.OpenSSL.crypto.dump_privatekey(crypto.FILETYPE_PEM, k)


return '\n'.join([keypem, crtpem]) return '\n'.join([keypem, crtpem])


Expand Down

0 comments on commit 317cfbb

Please sign in to comment.