Made Certificate checks more secure

-Added optional hostname checking to certificate validation, can be disabled for use on local network or use fallback.
Scratchcat1 · Oct 25, 2017 · b46b68b · b46b68b · Scratchcat1 · Oct 25, 2017
1 parent dd43eca
commit b46b68b
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 76 deletions.
diff --git a/AATC_Config.py b/AATC_Config.py
@@ -18,6 +18,8 @@
 # ENCRYPTION_USE_PRESHARED_KEYS switch controls use of certificate authentication. FALLBACK controls if the MiTM vunrable key transfer should be used if certificate fails-Not Recommended!
 ENCRYPTION_USE_PRESHARED_KEYS = True
 AUTO_GENERATE_FALLBACK = False
+ALLOW_FAILED_DOMAIN_LOOKUP = True
+MAX_CERTIFICATE_CHAIN_LENGTH = 20
 
 
 # A list of certificates which the client will trust and accept as a issuer. This can just be the server certificate if desired.
@@ -34,3 +36,5 @@
 
 #Control at which setting the server will raise an error if the cost for entering that node sector exceeds value. To prevent selecting a blocked node as a target node to bypass search algorithm.
 NOFLYZONE_THRESHOLD_COST = 50
+
+
diff --git a/AATC_Create_Graph.py b/AATC_Create_Graph.py
@@ -1,47 +1,52 @@
 #Create graph module
-import decimal,AATC_AStar
-from AATC_Coordinate import *
+import decimal,AATC_AStar,AATC_Coordinate 
 
 def drange(start,end,step):
-  step = decimal.Decimal(step)
-  r = decimal.Decimal(start)
-  while r < end:
-    yield float(r)
-    r += decimal.Decimal(step)
-print("2 million nodes ~ 357MB")
-xStart =float(input("Enter start x Coord"))
-yStart = float(input("Enter start y Coord"))
-zStart = float(input("Enter start z Coord"))
-
-xEnd = float(input("Enter End x Coord"))
-yEnd = float(input("Enter End y Coord"))
-zEnd = float(input("Enter End z Coord"))
-
-xInterval = float(input("Enter x interval"))
-yInterval = float(input("Enter y interval"))
-zInterval = float(input("Enter z interval"))
-
-print("creating graph")
-graph = AATC_AStar.DynoGraph()
-graph.Size(xInterval,yInterval,zInterval)
-nodeID = 1
-for x in drange(xStart,xEnd,xInterval):
-    for y in drange(yStart,yEnd,yInterval):
-        for z in drange(zStart,zEnd,zInterval):
-            Coord = Coordinate(x,y,z)
-            node = AATC_AStar.Node(nodeID,1,Coord)
-            graph.add_node(node)
-            nodeID +=1
-
-xRange = xEnd - xStart
-yRange = yEnd - yStart
-zRange = zEnd - zStart
-graph.Add_Edges(xRange,yRange,zRange)
-##graph.clean_edges()  #No longer nessesary
-graph.Build_Node_Cache()
-##for node in graph.Nodes.values():
-##    del node.Coords
-graph.SaveGraph()
+    step = decimal.Decimal(step)
+    r = decimal.Decimal(start)
+    while r < end:
+        yield float(r)
+        r += decimal.Decimal(step)
+
+
+
+def CreationDialogue():
+    print("2 million nodes ~ 357MB")
+    xStart =float(input("Enter start x Coord"))
+    yStart = float(input("Enter start y Coord"))
+    zStart = float(input("Enter start z Coord"))
+
+    xEnd = float(input("Enter End x Coord"))
+    yEnd = float(input("Enter End y Coord"))
+    zEnd = float(input("Enter End z Coord"))
+
+    xInterval = float(input("Enter x interval"))
+    yInterval = float(input("Enter y interval"))
+    zInterval = float(input("Enter z interval"))
+
+    print("creating graph")
+    graph = AATC_AStar.DynoGraph()
+    graph.Size(xInterval,yInterval,zInterval)
+    nodeID = 1
+    for x in drange(xStart,xEnd,xInterval):
+        for y in drange(yStart,yEnd,yInterval):
+            for z in drange(zStart,zEnd,zInterval):
+                Coord = AATC_Coordinate.Coordinate(x,y,z)
+                node = AATC_AStar.Node(nodeID,1,Coord)
+                graph.add_node(node)
+                nodeID +=1
+
+    xRange = xEnd - xStart
+    yRange = yEnd - yStart
+    zRange = zEnd - zStart
+    graph.Add_Edges(xRange,yRange,zRange)
+    graph.Build_Node_Cache()
+    graph.SaveGraph()
+
+
+
+if __name__ == "__main__":
+    CreationDialogue()    
 
 
 

diff --git a/AATC_Crypto.py b/AATC_Crypto.py
@@ -1,5 +1,5 @@
 #AATC crypto module
-import codecs,recvall,ast,binascii,os,AATC_Config,time,AATC_CryptoBeta
+import codecs,recvall,ast,binascii,os,AATC_Config,time,AATC_CryptoBeta,socket
 from Crypto.Cipher import AES,PKCS1_OAEP
 from Crypto.PublicKey import RSA
 
@@ -66,10 +66,8 @@ def ClientPreSharedKeys(self,RSA_KeySize,AES_KeySize):
         if not Sucess:
             raise Exception("Server did not respond to command")
 
-
-
         AESKey,IV = GenerateKeys(AES_KeySize)
-        PublicKey = AATC_CryptoBeta.VerifyCertificates(CertificateChain,AATC_Config.ROOT_CERTIFICATES)
+        PublicKey = AATC_CryptoBeta.VerifyCertificates(CertificateChain,AATC_Config.ROOT_CERTIFICATES,self.con)
 
         if PublicKey:
 

diff --git a/AATC_CryptoBeta.py b/AATC_CryptoBeta.py
@@ -1,8 +1,7 @@
-import time,codecs
+import time,codecs,socket,hashlib,AATC_Config
 from Crypto.PublicKey import RSA
 from Crypto.Hash import SHA256
 from Crypto.Signature import PKCS1_PSS
-import hashlib
 
 def GenerateCertificate(Name,Issuer,NotBefore,NotAfter,PublicKey,IssuerPrivateKey):
     Certificate = {}
@@ -20,7 +19,9 @@ def GenerateCertificate(Name,Issuer,NotBefore,NotAfter,PublicKey,IssuerPrivateKe
     Certificate["Signature"] = Signature
     return Certificate
 
-def VerifyCertificates(CertificateChain,RootCertificates, Reverse = False):
+def VerifyCertificates(CertificateChain,RootCertificates,con = False, Reverse = False):
+    if len(CertificateChain) > AATC_Config.MAX_CERTIFICATE_CHAIN_LENGTH:
+        return False
     if Reverse:
         CertificateChain = CertificateChain[::-1]
     BaseCertificate = CertificateChain.pop(0)
@@ -31,6 +32,10 @@ def VerifyCertificates(CertificateChain,RootCertificates, Reverse = False):
             if ValidateCertificate(RootCert,RootCert["PublicKey"]):  #Checks that root certificate is in time bounds and that is ok.
                 Valid = True
                 break
+
+    if Valid and con:
+        Valid = VerifyBaseAddress(BaseCertificate,con)
+
 
     if Valid and ValidateCertificate(BaseCertificate,RootCert["PublicKey"]):
         CurrentPublicKey = BaseCertificate["PublicKey"]
@@ -93,5 +98,23 @@ def CreateTestChain(length,RSA_KeySize,PRIVATE_KEY):
         print(cert,"\n\n Private Key :",pk,"\n"*2)
         chain.append(cert)
     return chain,pk
-
+
+
+def VerifyBaseAddress(BaseCertificate,con):
+    address = con.getpeername()[0]
+    try:
+        domain = socket.gethostbyaddr(address)[0]
+    except:
+        domain = None
+
+    if BaseCertificate["Name"] not in [address,domain]:
+        print("[WARNING] The certificate name of the server could not be matched with the looked up domain name or address of the server")
+        if AATC_Config.ALLOW_FAILED_DOMAIN_LOOKUP:
+            print("Continuing anyway. Set ALLOW_FAILED_DOMAIN_LOOKUP to False to disable this behaviour")
+            return True
+        else:
+            return False
+    else:
+        return True
+
 
diff --git a/AATC_Monitor_Viewer.py b/AATC_Monitor_Viewer.py
@@ -91,26 +91,20 @@ def Draw(self):
             if ((Object.Coords.x < CameraEndX) and ((Object.Coords.x+Object.Coords.xSize) > self.CameraCoord.x)) and \
                ((Object.Coords.y < CameraEndY) and ((Object.Coords.y+Object.Coords.ySize) > self.CameraCoord.y )) :  #If DrawObject intersects with Camera , Render, otherwise ignore
 
-                PosX = ((Object.Coords.x- self.CameraCoord.x)/self.CameraCoord.xSize)* self.xpixel
-                PosY = ((Object.Coords.y- self.CameraCoord.y)/self.CameraCoord.ySize)* self.ypixel
-##                width,height = Object.Coords.xSize*self.CameraZoom ,Object.Coords.ySize*self.CameraZoom
+
                 width,height = int(Object.Coords.xSize/self.CameraCoord.xSize*self.xpixel) ,int(Object.Coords.ySize/self.CameraCoord.ySize*self.ypixel)
                 if width > 0 and height > 0:
+                    PosX = ((Object.Coords.x- self.CameraCoord.x)/self.CameraCoord.xSize)* self.xpixel
+                    PosY = ((Object.Coords.y- self.CameraCoord.y)/self.CameraCoord.ySize)* self.ypixel
                     width = MaxLimit(width,self.xpixel)
                     height = MaxLimit(height,self.ypixel)
                     font_size = int(100*width/self.xpixel)
-                    Object.Make_Image(width,height) # Object has coordinates and size in these coordinates
-                    self.gameDisplay.blit(Object.image,(PosX,PosY))
+                    image = Object.Make_Image(width,height) # Object has coordinates and size in these coordinates
+                    self.gameDisplay.blit(image,(PosX,PosY))
                     if font_size > 5:
-                        font = (None, font_size) #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS
-                        Object.Make_CoordsText(font)     #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS
-                        Object.Make_Text(font)          #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS
-                        Object.Make_Type(font)         #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS
+                        font = (None, font_size)                  
+                        self.gameDisplay.blit(Object.Make_Text(font) ,(PosX+width,PosY))
 
-                        text_height = Object.CoordsText.get_height()
-                        self.gameDisplay.blit(Object.CoordsText,(PosX+width,PosY))
-                        self.gameDisplay.blit(Object.DrawnType,(PosX+width,PosY+text_height))
-                        self.gameDisplay.blit(Object.DrawnText,(PosX+width,PosY+text_height*2))
 
 
 
@@ -126,20 +120,26 @@ def __init__(self,CoordObject,Type = "",Text = "",Colour = (255,255,255)):
     def Make_Image(self,width,height):
         if self.image.get_size() != (width,height):  #If new image does not match with previous
             self.image = GetImage(width,height,self.Colour)
+
+        return self.image
 ##            self.image = pygame.Surface((width,height)).convert()
 ##            self.image.fill(self.Colour)
-
-    def Make_CoordsText(self,font):
-        self.CoordsText = GetText(str((self.Coords.x,self.Coords.y,self.Coords.z)),font,False,self.Colour)
-        #self.CoordsText = font.render(str((self.Coords.x,self.Coords.y,self.Coords.z)),False,self.Colour)
 
     def Make_Text(self,font):
-        self.DrawnText = GetText(self.Text,font,False,self.Colour)
-        #self.DrawnText = font.render(self.Text,False,self.Colour)
-
-    def Make_Type(self,font):
-        self.DrawnType = GetText(self.Type,font,False,self.Colour)
-        #self.DrawnType = font.render(self.Type,False,self.Colour)
+        text = str((self.Coords.x,self.Coords.y,self.Coords.z)) +" " +self.Text + " "+ self.Type
+        return GetText(text,font,False,self.Colour)
+##        
+##    def Make_CoordsText(self,font):
+##        self.CoordsText = GetText(str((self.Coords.x,self.Coords.y,self.Coords.z)),font,False,self.Colour)
+##        #self.CoordsText = font.render(str((self.Coords.x,self.Coords.y,self.Coords.z)),False,self.Colour)
+##
+##    def Make_Text(self,font):
+##        self.DrawnText = GetText(self.Text,font,False,self.Colour)
+##        #self.DrawnText = font.render(self.Text,False,self.Colour)
+##
+##    def Make_Type(self,font):
+##        self.DrawnType = GetText(self.Type,font,False,self.Colour)
+##        #self.DrawnType = font.render(self.Type,False,self.Colour)
 
 
 def MakeDroneSprites(Message,RawDroneList):
@@ -273,14 +273,10 @@ def MakeSprites(M):
             Sprites = MakeSprites(M)
             #font = (None, 30) 
             for sprite in Sprites:
-                #sprite.Make_CoordsText(font)
-                #sprite.Make_Text(font)
-                #sprite.Make_Type(font)
                 MonCamera.AddDrawObject(sprite,False)
 
             Last_Refresh_Time = time.time()
             refresh = False
-            #MonCamera.SetZoom(1000000)
             while not refresh:
                 MonCamera.CameraWipe()
                 if time.time() >= (Last_Refresh_Time + Refresh_Delay):
@@ -316,6 +312,11 @@ def MakeSprites(M):
                     MonCamera.SetZoom(0.99*MonCamera.GetZoom())
                 if pressed()[pygame.K_e]:#Zoom in
                     MonCamera.SetZoom(1.01*MonCamera.GetZoom())
+
+                if pressed()[pygame.K_SPACE]:#Zoom in
+                    refresh = True
+
+
                 MonCamera.UpdateCameraSize()
                 MonCamera.Draw()
                 pygame.display.flip()