From b46b68b486a6764cf66d0bb2f5198de3fbacef92 Mon Sep 17 00:00:00 2001 From: Scratchcat1 Date: Wed, 25 Oct 2017 16:15:14 +0100 Subject: [PATCH] Made Certificate checks more secure -Added optional hostname checking to certificate validation, can be disabled for use on local network or use fallback. --- AATC_Config.py | 4 ++ AATC_Create_Graph.py | 87 ++++++++++++++++++++++-------------------- AATC_Crypto.py | 6 +-- AATC_CryptoBeta.py | 31 +++++++++++++-- AATC_Monitor_Viewer.py | 55 +++++++++++++------------- 5 files changed, 107 insertions(+), 76 deletions(-) diff --git a/AATC_Config.py b/AATC_Config.py index fd1ad63..9a71c28 100644 --- a/AATC_Config.py +++ b/AATC_Config.py @@ -18,6 +18,8 @@ # ENCRYPTION_USE_PRESHARED_KEYS switch controls use of certificate authentication. FALLBACK controls if the MiTM vunrable key transfer should be used if certificate fails-Not Recommended! ENCRYPTION_USE_PRESHARED_KEYS = True AUTO_GENERATE_FALLBACK = False +ALLOW_FAILED_DOMAIN_LOOKUP = True +MAX_CERTIFICATE_CHAIN_LENGTH = 20 # A list of certificates which the client will trust and accept as a issuer. This can just be the server certificate if desired. @@ -34,3 +36,5 @@ #Control at which setting the server will raise an error if the cost for entering that node sector exceeds value. To prevent selecting a blocked node as a target node to bypass search algorithm. NOFLYZONE_THRESHOLD_COST = 50 + + diff --git a/AATC_Create_Graph.py b/AATC_Create_Graph.py index 9216535..a9e677f 100644 --- a/AATC_Create_Graph.py +++ b/AATC_Create_Graph.py @@ -1,47 +1,52 @@ #Create graph module -import decimal,AATC_AStar -from AATC_Coordinate import * +import decimal,AATC_AStar,AATC_Coordinate def drange(start,end,step): - step = decimal.Decimal(step) - r = decimal.Decimal(start) - while r < end: - yield float(r) - r += decimal.Decimal(step) -print("2 million nodes ~ 357MB") -xStart =float(input("Enter start x Coord")) -yStart = float(input("Enter start y Coord")) -zStart = float(input("Enter start z Coord")) - -xEnd = float(input("Enter End x Coord")) -yEnd = float(input("Enter End y Coord")) -zEnd = float(input("Enter End z Coord")) - -xInterval = float(input("Enter x interval")) -yInterval = float(input("Enter y interval")) -zInterval = float(input("Enter z interval")) - -print("creating graph") -graph = AATC_AStar.DynoGraph() -graph.Size(xInterval,yInterval,zInterval) -nodeID = 1 -for x in drange(xStart,xEnd,xInterval): - for y in drange(yStart,yEnd,yInterval): - for z in drange(zStart,zEnd,zInterval): - Coord = Coordinate(x,y,z) - node = AATC_AStar.Node(nodeID,1,Coord) - graph.add_node(node) - nodeID +=1 - -xRange = xEnd - xStart -yRange = yEnd - yStart -zRange = zEnd - zStart -graph.Add_Edges(xRange,yRange,zRange) -##graph.clean_edges() #No longer nessesary -graph.Build_Node_Cache() -##for node in graph.Nodes.values(): -## del node.Coords -graph.SaveGraph() + step = decimal.Decimal(step) + r = decimal.Decimal(start) + while r < end: + yield float(r) + r += decimal.Decimal(step) + + + +def CreationDialogue(): + print("2 million nodes ~ 357MB") + xStart =float(input("Enter start x Coord")) + yStart = float(input("Enter start y Coord")) + zStart = float(input("Enter start z Coord")) + + xEnd = float(input("Enter End x Coord")) + yEnd = float(input("Enter End y Coord")) + zEnd = float(input("Enter End z Coord")) + + xInterval = float(input("Enter x interval")) + yInterval = float(input("Enter y interval")) + zInterval = float(input("Enter z interval")) + + print("creating graph") + graph = AATC_AStar.DynoGraph() + graph.Size(xInterval,yInterval,zInterval) + nodeID = 1 + for x in drange(xStart,xEnd,xInterval): + for y in drange(yStart,yEnd,yInterval): + for z in drange(zStart,zEnd,zInterval): + Coord = AATC_Coordinate.Coordinate(x,y,z) + node = AATC_AStar.Node(nodeID,1,Coord) + graph.add_node(node) + nodeID +=1 + + xRange = xEnd - xStart + yRange = yEnd - yStart + zRange = zEnd - zStart + graph.Add_Edges(xRange,yRange,zRange) + graph.Build_Node_Cache() + graph.SaveGraph() + + + +if __name__ == "__main__": + CreationDialogue() diff --git a/AATC_Crypto.py b/AATC_Crypto.py index 5933aa4..700c193 100644 --- a/AATC_Crypto.py +++ b/AATC_Crypto.py @@ -1,5 +1,5 @@ #AATC crypto module -import codecs,recvall,ast,binascii,os,AATC_Config,time,AATC_CryptoBeta +import codecs,recvall,ast,binascii,os,AATC_Config,time,AATC_CryptoBeta,socket from Crypto.Cipher import AES,PKCS1_OAEP from Crypto.PublicKey import RSA @@ -66,10 +66,8 @@ def ClientPreSharedKeys(self,RSA_KeySize,AES_KeySize): if not Sucess: raise Exception("Server did not respond to command") - - AESKey,IV = GenerateKeys(AES_KeySize) - PublicKey = AATC_CryptoBeta.VerifyCertificates(CertificateChain,AATC_Config.ROOT_CERTIFICATES) + PublicKey = AATC_CryptoBeta.VerifyCertificates(CertificateChain,AATC_Config.ROOT_CERTIFICATES,self.con) if PublicKey: diff --git a/AATC_CryptoBeta.py b/AATC_CryptoBeta.py index 8b0ff93..66035f5 100644 --- a/AATC_CryptoBeta.py +++ b/AATC_CryptoBeta.py @@ -1,8 +1,7 @@ -import time,codecs +import time,codecs,socket,hashlib,AATC_Config from Crypto.PublicKey import RSA from Crypto.Hash import SHA256 from Crypto.Signature import PKCS1_PSS -import hashlib def GenerateCertificate(Name,Issuer,NotBefore,NotAfter,PublicKey,IssuerPrivateKey): Certificate = {} @@ -20,7 +19,9 @@ def GenerateCertificate(Name,Issuer,NotBefore,NotAfter,PublicKey,IssuerPrivateKe Certificate["Signature"] = Signature return Certificate -def VerifyCertificates(CertificateChain,RootCertificates, Reverse = False): +def VerifyCertificates(CertificateChain,RootCertificates,con = False, Reverse = False): + if len(CertificateChain) > AATC_Config.MAX_CERTIFICATE_CHAIN_LENGTH: + return False if Reverse: CertificateChain = CertificateChain[::-1] BaseCertificate = CertificateChain.pop(0) @@ -31,6 +32,10 @@ def VerifyCertificates(CertificateChain,RootCertificates, Reverse = False): if ValidateCertificate(RootCert,RootCert["PublicKey"]): #Checks that root certificate is in time bounds and that is ok. Valid = True break + + if Valid and con: + Valid = VerifyBaseAddress(BaseCertificate,con) + if Valid and ValidateCertificate(BaseCertificate,RootCert["PublicKey"]): CurrentPublicKey = BaseCertificate["PublicKey"] @@ -93,5 +98,23 @@ def CreateTestChain(length,RSA_KeySize,PRIVATE_KEY): print(cert,"\n\n Private Key :",pk,"\n"*2) chain.append(cert) return chain,pk - + + +def VerifyBaseAddress(BaseCertificate,con): + address = con.getpeername()[0] + try: + domain = socket.gethostbyaddr(address)[0] + except: + domain = None + + if BaseCertificate["Name"] not in [address,domain]: + print("[WARNING] The certificate name of the server could not be matched with the looked up domain name or address of the server") + if AATC_Config.ALLOW_FAILED_DOMAIN_LOOKUP: + print("Continuing anyway. Set ALLOW_FAILED_DOMAIN_LOOKUP to False to disable this behaviour") + return True + else: + return False + else: + return True + diff --git a/AATC_Monitor_Viewer.py b/AATC_Monitor_Viewer.py index 032b799..8df7a75 100644 --- a/AATC_Monitor_Viewer.py +++ b/AATC_Monitor_Viewer.py @@ -91,26 +91,20 @@ def Draw(self): if ((Object.Coords.x < CameraEndX) and ((Object.Coords.x+Object.Coords.xSize) > self.CameraCoord.x)) and \ ((Object.Coords.y < CameraEndY) and ((Object.Coords.y+Object.Coords.ySize) > self.CameraCoord.y )) : #If DrawObject intersects with Camera , Render, otherwise ignore - PosX = ((Object.Coords.x- self.CameraCoord.x)/self.CameraCoord.xSize)* self.xpixel - PosY = ((Object.Coords.y- self.CameraCoord.y)/self.CameraCoord.ySize)* self.ypixel -## width,height = Object.Coords.xSize*self.CameraZoom ,Object.Coords.ySize*self.CameraZoom + width,height = int(Object.Coords.xSize/self.CameraCoord.xSize*self.xpixel) ,int(Object.Coords.ySize/self.CameraCoord.ySize*self.ypixel) if width > 0 and height > 0: + PosX = ((Object.Coords.x- self.CameraCoord.x)/self.CameraCoord.xSize)* self.xpixel + PosY = ((Object.Coords.y- self.CameraCoord.y)/self.CameraCoord.ySize)* self.ypixel width = MaxLimit(width,self.xpixel) height = MaxLimit(height,self.ypixel) font_size = int(100*width/self.xpixel) - Object.Make_Image(width,height) # Object has coordinates and size in these coordinates - self.gameDisplay.blit(Object.image,(PosX,PosY)) + image = Object.Make_Image(width,height) # Object has coordinates and size in these coordinates + self.gameDisplay.blit(image,(PosX,PosY)) if font_size > 5: - font = (None, font_size) #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS - Object.Make_CoordsText(font) #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS - Object.Make_Text(font) #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS - Object.Make_Type(font) #TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS#TEST THIS + font = (None, font_size) + self.gameDisplay.blit(Object.Make_Text(font) ,(PosX+width,PosY)) - text_height = Object.CoordsText.get_height() - self.gameDisplay.blit(Object.CoordsText,(PosX+width,PosY)) - self.gameDisplay.blit(Object.DrawnType,(PosX+width,PosY+text_height)) - self.gameDisplay.blit(Object.DrawnText,(PosX+width,PosY+text_height*2)) @@ -126,20 +120,26 @@ def __init__(self,CoordObject,Type = "",Text = "",Colour = (255,255,255)): def Make_Image(self,width,height): if self.image.get_size() != (width,height): #If new image does not match with previous self.image = GetImage(width,height,self.Colour) + + return self.image ## self.image = pygame.Surface((width,height)).convert() ## self.image.fill(self.Colour) - - def Make_CoordsText(self,font): - self.CoordsText = GetText(str((self.Coords.x,self.Coords.y,self.Coords.z)),font,False,self.Colour) - #self.CoordsText = font.render(str((self.Coords.x,self.Coords.y,self.Coords.z)),False,self.Colour) def Make_Text(self,font): - self.DrawnText = GetText(self.Text,font,False,self.Colour) - #self.DrawnText = font.render(self.Text,False,self.Colour) - - def Make_Type(self,font): - self.DrawnType = GetText(self.Type,font,False,self.Colour) - #self.DrawnType = font.render(self.Type,False,self.Colour) + text = str((self.Coords.x,self.Coords.y,self.Coords.z)) +" " +self.Text + " "+ self.Type + return GetText(text,font,False,self.Colour) +## +## def Make_CoordsText(self,font): +## self.CoordsText = GetText(str((self.Coords.x,self.Coords.y,self.Coords.z)),font,False,self.Colour) +## #self.CoordsText = font.render(str((self.Coords.x,self.Coords.y,self.Coords.z)),False,self.Colour) +## +## def Make_Text(self,font): +## self.DrawnText = GetText(self.Text,font,False,self.Colour) +## #self.DrawnText = font.render(self.Text,False,self.Colour) +## +## def Make_Type(self,font): +## self.DrawnType = GetText(self.Type,font,False,self.Colour) +## #self.DrawnType = font.render(self.Type,False,self.Colour) def MakeDroneSprites(Message,RawDroneList): @@ -273,14 +273,10 @@ def MakeSprites(M): Sprites = MakeSprites(M) #font = (None, 30) for sprite in Sprites: - #sprite.Make_CoordsText(font) - #sprite.Make_Text(font) - #sprite.Make_Type(font) MonCamera.AddDrawObject(sprite,False) Last_Refresh_Time = time.time() refresh = False - #MonCamera.SetZoom(1000000) while not refresh: MonCamera.CameraWipe() if time.time() >= (Last_Refresh_Time + Refresh_Delay): @@ -316,6 +312,11 @@ def MakeSprites(M): MonCamera.SetZoom(0.99*MonCamera.GetZoom()) if pressed()[pygame.K_e]:#Zoom in MonCamera.SetZoom(1.01*MonCamera.GetZoom()) + + if pressed()[pygame.K_SPACE]:#Zoom in + refresh = True + + MonCamera.UpdateCameraSize() MonCamera.Draw() pygame.display.flip()