104 lines
4.2 KiB
Python
104 lines
4.2 KiB
Python
import os
|
|
import codecs
|
|
from Crypto.PublicKey import RSA
|
|
from Crypto.Cipher import PKCS1_OAEP, AES
|
|
from Crypto.Hash import SHA256
|
|
from Crypto.Signature import PKCS1_v1_5
|
|
from Crypto import Random
|
|
from base64 import b64decode, b64encode
|
|
|
|
|
|
BS = 16
|
|
|
|
|
|
pub_key_contentserver = '-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYI/jGk6f0LAT2Z6AAQUR7izbi\na5O4Zzaz4WtK00jr3AqbZMVeVZAs+As5RS35PY2BlCuEEza/J5XX1tlbUhGk/Nzu\nyYqlID6ILEk9kUqh1A6EAuNVrcCL174BRLy620pU5m+E61za0tIr1lU+Jhy4ikVK\niGQ+na5a5g0kuzZTHwIDAQAB\n-----END PUBLIC KEY-----'
|
|
private_key_contentserver = '-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDYI/jGk6f0LAT2Z6AAQUR7izbia5O4Zzaz4WtK00jr3AqbZMVe\nVZAs+As5RS35PY2BlCuEEza/J5XX1tlbUhGk/NzuyYqlID6ILEk9kUqh1A6EAuNV\nrcCL174BRLy620pU5m+E61za0tIr1lU+Jhy4ikVKiGQ+na5a5g0kuzZTHwIDAQAB\nAoGAFuf9CgKFBrYRkpGZ3d0M5nDzEJzpC1546ChoKAZrUH/B6gUMe7pirLle6yNf\nQ25YDFcJI5arsyd9VGITJ//zGZC1CC9MBL1v4Ey5Vm3OAwcn7aoiPYoZhtNUDGhE\nCKzIrKWlq5wQDfYCjL2zQnCIAq+nZWACI/X+k/bPd37FZpUCQQDdQNQ3Azaq0owx\nd2crResCW4OryvhTPipLNz8AaW2IMuDfxLUKEaTTkU3NOFRRhIddRRA9/vfcHbrw\nlgZ3Vo5NAkEA+hWX0tItz4lL4pSJTc38Tzjb9WyGQPuAINlntnDwOhtvvRYPfTLi\nLb/22btAfgQWSBICxFdO5Ze0A5Dx140VGwJARwVhWYtZh/nv8I0Ae/6EkowntwR/\nM9FXqC9CtPIiq76ROqMc7e999j/FNqPnRQeCoCjkLtJiY7DTahjuWG5bXQJBAIAD\nS5scAV0pz5FlLT+JgGzhEx729WYQF085WjB2cVGdN75Xq4gP4t0+VVKw2ltnJiyw\nI4BznKxD0l689D69Nh8CQQDLkom4Fhkl8CZQLB1cIX9PjNw+KCBkTV92dJmzdmR5\nGE+p7jO849HPS83W21AV6/eyL8VMqDyE6CBzHNr2ITJT\n-----END RSA PRIVATE KEY-----'
|
|
|
|
pub_key_licenseserver= "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG54kIgf8wi+WLrmg0OLXTsMF7BsYjJ8+mmx1/Ml1Hts2oVoisf8iKbfcC0jWBc1aEibi7EIZK9AWEmgpIHPZpf2Ezt36KX7pjA7CDgZBye/bw+G1CaDGxrN8a18db8c16hNxHMTMiqPm7WAgoyekOzlCT6/rqF+3w2oYuGx1tmQIDAQAB-----END PUBLIC KEY-----"
|
|
|
|
|
|
def make_key_pair_rsa(username):
|
|
random_generator = Random.new().read
|
|
priv_key = RSA.generate(1024, random_generator)
|
|
pub_key = priv_key.publickey()
|
|
print("new key pair")
|
|
print(priv_key.exportKey())
|
|
print(pub_key.exportKey())
|
|
user_smartcard_path = "/tmp/smartcards/" + str(username) + ".txt"
|
|
file_object = open(user_smartcard_path, "w+")
|
|
file_object.write(priv_key.exportKey().decode('utf-8'))
|
|
file_object.write("\n")
|
|
file_object.write(pub_key.exportKey().decode('utf-8'))
|
|
file_object.close()
|
|
return pub_key.exportKey().decode('utf-8')
|
|
|
|
|
|
def make_rand_key_aes():
|
|
return os.urandom(32)
|
|
|
|
|
|
def pad(s):
|
|
return s + (BS - len(s) % BS) * chr(BS - len(s) % BS).encode()
|
|
|
|
|
|
def unpad(s):
|
|
return s[:-ord(s[len(s)-1:])]
|
|
|
|
|
|
def encrypt_aes(message, key):
|
|
message = message.encode()
|
|
raw = pad(message)
|
|
cipher = AES.new(key, AES.MODE_ECB)
|
|
enc = cipher.encrypt(raw)
|
|
return b64encode(enc).decode('utf-8')
|
|
|
|
|
|
def decrypt_aes(enc, key):
|
|
enc = b64decode(enc)
|
|
cipher = AES.new(key, AES.MODE_ECB)
|
|
dec = cipher.decrypt(enc)
|
|
return dec.decode('utf-8')
|
|
|
|
|
|
def make_encrypted_key_content_server():
|
|
random_key = make_rand_key_aes()
|
|
key = RSA.importKey(pub_key_contentserver)
|
|
pub_key = key.publickey()
|
|
encrypted_key = encrypt(random_key, pub_key)
|
|
return encrypted_key.hex()
|
|
|
|
|
|
def decrypt(ciphertext):
|
|
key = RSA.importKey(private_key_contentserver)
|
|
cipher = PKCS1_OAEP.new(key)
|
|
ciphertext = codecs.decode(ciphertext, 'hex')
|
|
return cipher.decrypt(ciphertext)
|
|
|
|
|
|
def encrypt(message):
|
|
cipher = PKCS1_OAEP.new(pub_key_contentserver)
|
|
return cipher.encrypt(message)
|
|
|
|
|
|
def sign(message, priv_key):
|
|
priv_key = RSA.importKey(priv_key)
|
|
signer = PKCS1_v1_5.new(priv_key)
|
|
hash_gen = SHA256.new()
|
|
hash_gen.update(message.encode())
|
|
return b64encode(signer.sign(hash_gen)).decode('utf-8')
|
|
|
|
|
|
def verify(message, signature, pub_key):
|
|
pub_key = pub_key.replace("-----BEGIN PUBLIC KEY-----", "")
|
|
pub_key = pub_key.replace("-----END PUBLIC KEY-----", "")
|
|
pub_key = pub_key.replace(" ", "")
|
|
pub_key = ('\n'.join(pub_key[i:i + 64] for i in range(0, len(pub_key), 64)))
|
|
pub_key = "-----BEGIN PUBLIC KEY-----\n" + pub_key + "\n-----END PUBLIC KEY-----"
|
|
signature = b64decode(signature)
|
|
pub_key = RSA.importKey(pub_key)
|
|
verifier = PKCS1_v1_5.new(pub_key)
|
|
hash_gen = SHA256.new(message.encode())
|
|
return verifier.verify(hash_gen, signature)
|
|
|
|
|