diff --git a/AATC_Config.py b/AATC_Config.py index 65decf9..3bd1ed0 100644 --- a/AATC_Config.py +++ b/AATC_Config.py @@ -27,7 +27,8 @@ } - +ROOT_CERTIFICATES = [{'Signature': b'qV\x98n\xa8\x0c\xe1\xde\xc6\xf8\xbdK\xd4>\xf3\xdf\xb1\xc2\x02\x06z\xbf\x83#\xa2\xd5)>&\xdf\xf1\xbcm5$\x15wB\x84/L&\x1aA\xa2=\xae\xe2\x92\xab\xed\x1bP\x02c)5IT\xc1\xcft\xf1gb\x11\xd0\xa1p\xd3\xcei\xbe\xb8\xb3t\x06\xbf/\xd6$i\xc2\xfbO\xb2\x94]\x02\xa1\xf9\xfe\xec9\xd12!\x91\xea\xcb\x13\x0b\x7f\xd7\xfc\xac\xb8F\xe5\xd3\x7f\xee$\xc7?#\x07\x01\x8f\xf9\xb1\xaex\x87\x07Z#\x9e', 'NotBefore': 1, 'Name': 'IssuerA', 'PublicKey': b'0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\xcddI\xe9\xcbV\xc2\x931\n+\xc5\xef\xcc\xeft\xf8\x01\xe8s\x12\xe2\r)\xf8\x81\xb9\x1e\xcc\x06!n\xff\xd0=\xf1\x92\xa6\xd0\xff\x91~s\xf9pY\xde\xc2\xe4\x8e`\xd2\x02\xe8\xf2r\xa7=\xdbFK\x9a\x02b\x1a\xcdP\x07\x92>GU\x1a?\x89\x96\x89\x99\xf3b\xe5<\xfdJY\xd2\xc4]W\xe9j\x87\xb4\x82\xe0\xa8c\xa7\x87\xe2(\xb0\xa6\xc2M>\xab\xb5r\xd8\xdf\x10\x1a\x07\xd6\xc0\t\xb0\xa3Ng\x1aD%\xab\xb52\xad\x02\x03\x01\x00\x01', 'NotAfter': 10000000000000, 'Issuer': 'IssuerA'}, + ] diff --git a/AATC_CryptoBeta.py b/AATC_CryptoBeta.py new file mode 100644 index 0000000..1e4771f --- /dev/null +++ b/AATC_CryptoBeta.py @@ -0,0 +1,100 @@ +import codecs,recvall,ast,binascii,os,AATC_Config,time +from Crypto.Cipher import AES,PKCS1_OAEP +from Crypto.PublicKey import RSA +from Crypto.Hash import SHA256 +from Crypto.Signature import PKCS1_PSS +import hashlib + +def GenerateCertificate(Name,Issuer,NotBefore,NotAfter,PublicKey,IssuerPrivateKey): + Certificate = {} + Certificate["Name"] = Name + Certificate["Issuer"] = Issuer + Certificate["NotBefore"] = NotBefore + Certificate["NotAfter"] = NotAfter + Certificate["PublicKey"] = PublicKey + + SignatureSource = GetSignatureSource(Certificate) + h = SHA256.new(SignatureSource) + key = RSA.import_key(IssuerPrivateKey) + Signature = PKCS1_PSS.new(key).sign(h) + + Certificate["Signature"] = Signature + return Certificate + +def GetSignatureSource(Certificate): + SignatureSource = codecs.encode(str(Certificate["Name"]) + str(Certificate["Issuer"]) + str(Certificate["NotBefore"]) + str(Certificate["NotAfter"]) + str(hashlib.sha256(Certificate["PublicKey"]).hexdigest())) + return SignatureSource + + + +def VerifyCertificates(CertificateChain,RootCertificates, Reverse = False): + if Reverse: + CertificateChain = CertificateChain[::-1] + BaseCertificate = CertificateChain.pop(0) + + Valid = False + for RootCert in RootCertificates: + if BaseCertificate["Issuer"] == RootCert["Name"]: + Valid = True + break + + if Valid and ValidateCertificate(BaseCertificate,RootCert["PublicKey"]): + CurrentPublicKey = BaseCertificate["PublicKey"] + for Certificate in CertificateChain: + if not ValidateCertificate(Certificate,CurrentPublicKey): + return False + CurrentPublicKey = Certificate["PublicKey"] + + else: + return False + + return CurrentPublicKey + + + + +def ValidateCertificate(Certificate,IssuerPublicKey): + if not( Certificate["NotBefore"] <= time.time() and Certificate["NotAfter"] >= time.time()): + return False + key = RSA.import_key(IssuerPublicKey) + SignatureSource = GetSignatureSource(Certificate) + h = SHA256.new(SignatureSource) + Valid_Signature = PKCS1_PSS.new(key).verify(h,Certificate["Signature"]) + + return Valid_Signature + + + + + + + +RootCertificates = [{'Signature': b'qV\x98n\xa8\x0c\xe1\xde\xc6\xf8\xbdK\xd4>\xf3\xdf\xb1\xc2\x02\x06z\xbf\x83#\xa2\xd5)>&\xdf\xf1\xbcm5$\x15wB\x84/L&\x1aA\xa2=\xae\xe2\x92\xab\xed\x1bP\x02c)5IT\xc1\xcft\xf1gb\x11\xd0\xa1p\xd3\xcei\xbe\xb8\xb3t\x06\xbf/\xd6$i\xc2\xfbO\xb2\x94]\x02\xa1\xf9\xfe\xec9\xd12!\x91\xea\xcb\x13\x0b\x7f\xd7\xfc\xac\xb8F\xe5\xd3\x7f\xee$\xc7?#\x07\x01\x8f\xf9\xb1\xaex\x87\x07Z#\x9e', 'NotBefore': 1, 'Name': 'IssuerA', 'PublicKey': b'0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\xcddI\xe9\xcbV\xc2\x931\n+\xc5\xef\xcc\xeft\xf8\x01\xe8s\x12\xe2\r)\xf8\x81\xb9\x1e\xcc\x06!n\xff\xd0=\xf1\x92\xa6\xd0\xff\x91~s\xf9pY\xde\xc2\xe4\x8e`\xd2\x02\xe8\xf2r\xa7=\xdbFK\x9a\x02b\x1a\xcdP\x07\x92>GU\x1a?\x89\x96\x89\x99\xf3b\xe5<\xfdJY\xd2\xc4]W\xe9j\x87\xb4\x82\xe0\xa8c\xa7\x87\xe2(\xb0\xa6\xc2M>\xab\xb5r\xd8\xdf\x10\x1a\x07\xd6\xc0\t\xb0\xa3Ng\x1aD%\xab\xb52\xad\x02\x03\x01\x00\x01', 'NotAfter': 10000000000000, 'Issuer': 'IssuerA'}, + ] + + +PRIVATE_KEY = b'0\x82\x02]\x02\x01\x00\x02\x81\x81\x00\xcddI\xe9\xcbV\xc2\x931\n+\xc5\xef\xcc\xeft\xf8\x01\xe8s\x12\xe2\r)\xf8\x81\xb9\x1e\xcc\x06!n\xff\xd0=\xf1\x92\xa6\xd0\xff\x91~s\xf9pY\xde\xc2\xe4\x8e`\xd2\x02\xe8\xf2r\xa7=\xdbFK\x9a\x02b\x1a\xcdP\x07\x92>GU\x1a?\x89\x96\x89\x99\xf3b\xe5<\xfdJY\xd2\xc4]W\xe9j\x87\xb4\x82\xe0\xa8c\xa7\x87\xe2(\xb0\xa6\xc2M>\xab\xb5r\xd8\xdf\x10\x1a\x07\xd6\xc0\t\xb0\xa3Ng\x1aD%\xab\xb52\xad\x02\x03\x01\x00\x01\x02\x81\x80\x0e\x07\x17uS\xf3R`\x94\x7f\x9b8\x8d4\x02\x8b<\x14y\xfb\x1c\xd0#\x02A\x00\x84\xd3\xa6\xc5\xd8\xa4-\x8d^\x023\x07\xa3\x97\xf8\x86;\xfb\xfc\xa0\xca\x11\x85\xf5\x87\xe6\x1b\xd3W\xb9\xca\xd9\x83\xaa\xd0o!\xeb\x993\xdb8\x10\xd8\xfb\xb8\x8b\xfaO\x80\xfc\xb7\xaf\xdd\x99\x92u\x95\xd9G\xc8\x1b\x14\xcf\x02A\x00\xeb4g\x82p\x97u\xb4\x9fO \r\xa2\xb7\xac2\xae6\x07\xc5\xd5\xd1\x82\xfa`\x19A\xfd\x89\xacq\xf4\x11\xda\xf6\xae\xa8\xfd\x1a`|\xf5\xcb\xb9\xa5"\xb3\xa5P\xdf\xf1\x92\xe7\x92\x9c\xa0=R+\x1b\x14\xa0mA\x02@\x16\xcd\xbb\xc9\xfe\x93m\xc8\x85V\x8a\x1d\'I=\x1b5\xf1\'\xbe\x9biI\x03\xa4\x98@\x1f-\x84\x16\xa54\xc8\xc03C6\xc6\xc0\xf0yp\x97H\xd0\x94\xc0\x85\xe2\x94\xdd\xe7\x9f\xc3n|F\xfa\xd6\'Z\xe47' + + +##iRSAKey = RSA.generate(1024) +##ipk = iRSAKey.exportKey("DER") +##ipuk = iRSAKey.publickey().exportKey("DER") + +# CERTIFICATE CHAIN MUST RUN FROM ROOT CERTIFIATE TO SERVER + +def CreateTestChain(length,RSA_KeySize,PRIVATE_KEY): + chain = [] + Issuer = "IssuerA" + for x in range(length): + x = str(x) + RSAKey = RSA.generate(RSA_KeySize) + pk = RSAKey.exportKey("DER") + puk = RSAKey.publickey().exportKey("DER") + + cert = GenerateCertificate(x,Issuer,1,10000000000,puk,PRIVATE_KEY) + Issuer = x + PRIVATE_KEY = pk + chain.append(cert) + return chain + +