Blame - doc/notebooks/tls/notebook1_x509.ipynb - platform/external/scapy

blob: c9f2eacef0a0fc53e07878403d011a2e731a7ce5 [file] [log] [blame]

mtu	e398df0	2017-08-22 11:37:07 +0200	[diff] [blame]	1	{
				2	"cells": [
				3	{
				4	"cell_type": "markdown",
				5	"metadata": {},
				6	"source": [
				7	"# Notebook 1: X.509 certificates"
				8	]
				9	},
				10	{
				11	"cell_type": "markdown",
				12	"metadata": {},
				13	"source": [
				14	"## Jupyter notebook cheat sheet"
				15	]
				16	},
				17	{
				18	"cell_type": "code",
				19	"execution_count": null,
				20	"metadata": {
				21	"collapsed": false
				22	},
				23	"outputs": [],
				24	"source": [
				25	"# Use Shift+Enter to run the current cell\n",
				26	"print 'Hello!'"
				27	]
				28	},
				29	{
				30	"cell_type": "code",
				31	"execution_count": null,
				32	"metadata": {
				33	"collapsed": false
				34	},
				35	"outputs": [],
				36	"source": [
				37	"# You may also use Alt+Enter to run the current cell, then create a new cell right below\n",
				38	"from datetime import datetime\n",
				39	"print 'This is the time right now: %s' % datetime.now()"
				40	]
				41	},
				42	{
				43	"cell_type": "code",
				44	"execution_count": null,
				45	"metadata": {
				46	"collapsed": false
				47	},
				48	"outputs": [],
				49	"source": [
				50	"# If needed, pause the cell edition with Ctrl-M.\n",
				51	"# Then you can delete the current cell with D+D. You can also undo cell deletion with Z.\n",
				52	"# Finally, should Jupyter become stuck in execution, use Kernel/Interrupt from the menu bar.\n",
				53	"print 'Got it!'"
				54	]
				55	},
				56	{
				57	"cell_type": "markdown",
				58	"metadata": {},
				59	"source": [
				60	"## Data manipulation with Scapy"
				61	]
				62	},
				63	{
				64	"cell_type": "code",
				65	"execution_count": null,
				66	"metadata": {
				67	"collapsed": true
				68	},
				69	"outputs": [],
				70	"source": [
				71	"from scapy.all import *"
				72	]
				73	},
				74	{
				75	"cell_type": "code",
				76	"execution_count": null,
				77	"metadata": {
				78	"collapsed": false
				79	},
				80	"outputs": [],
				81	"source": [
				82	"keystr = open('raw_data/pki/ca_key.der', 'r').read()\n",
				83	"print repr(keystr)\n",
				84	"# (btw, you can hide the output of a cell by double-clicking on the left of the output)"
				85	]
				86	},
				87	{
				88	"cell_type": "code",
				89	"execution_count": null,
				90	"metadata": {
				91	"collapsed": false
				92	},
				93	"outputs": [],
				94	"source": [
				95	"privkey = RSAPrivateKey(keystr)\n",
				96	"privkey.show()"
				97	]
				98	},
				99	{
				100	"cell_type": "code",
				101	"execution_count": null,
				102	"metadata": {
				103	"collapsed": false
				104	},
				105	"outputs": [],
				106	"source": [
				107	"v = privkey.version\n",
				108	"print 'The \\'version\\' stripped from any ASN.1 encoding is 0x%02x.' % v.val\n",
				109	"print 'The \\'version\\' field correspond to bytes %r.' % str(v)"
				110	]
				111	},
				112	{
				113	"cell_type": "code",
				114	"execution_count": null,
				115	"metadata": {
				116	"collapsed": false
				117	},
				118	"outputs": [],
				119	"source": [
				120	"privkey.version = ASN1_INTEGER(1)\n",
				121	"privkey.modulus.val *= 2\n",
				122	"privkey.show()"
				123	]
				124	},
				125	{
				126	"cell_type": "code",
				127	"execution_count": null,
				128	"metadata": {
				129	"collapsed": false
				130	},
				131	"outputs": [],
				132	"source": [
				133	"print 'Original data: %r...' % keystr[:13]\n",
				134	"print 'New version bytes: %r' % str(privkey.version)\n",
				135	"print 'New modulus bytes: %r...' % str(privkey.modulus)[:6]\n",
				136	"print 'Rebuilt data: %r...' % str(privkey)[:13]"
				137	]
				138	},
				139	{
				140	"cell_type": "markdown",
				141	"metadata": {
				142	"collapsed": true
				143	},
				144	"source": [
				145	"## X.509 certificate features"
				146	]
				147	},
				148	{
				149	"cell_type": "code",
				150	"execution_count": null,
				151	"metadata": {
				152	"collapsed": false
				153	},
				154	"outputs": [],
				155	"source": [
				156	"# Let's reload the original key, then let's load a certificate associated with it\n",
				157	"privkey = RSAPrivateKey(keystr)\n",
				158	"cert = X509_Cert(open('raw_data/pki/ca_cert.der', 'r').read())\n",
				159	"cert.show()"
				160	]
				161	},
				162	{
				163	"cell_type": "code",
				164	"execution_count": null,
				165	"metadata": {
				166	"collapsed": false
				167	},
				168	"outputs": [],
				169	"source": [
				170	"cert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.show()\n",
				171	"cert.tbsCertificate.subject[-1].rdn[0].show()"
				172	]
				173	},
				174	{
				175	"cell_type": "code",
				176	"execution_count": null,
				177	"metadata": {
				178	"collapsed": false,
				179	"scrolled": true
				180	},
				181	"outputs": [],
				182	"source": [
				183	"cert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus == privkey.modulus"
				184	]
				185	},
				186	{
				187	"cell_type": "code",
				188	"execution_count": null,
				189	"metadata": {
				190	"collapsed": false
				191	},
				192	"outputs": [],
				193	"source": [
				194	"cert.tbsCertificate.extensions[2].show()"
				195	]
				196	},
				197	{
				198	"cell_type": "code",
				199	"execution_count": null,
				200	"metadata": {
				201	"collapsed": false
				202	},
				203	"outputs": [],
				204	"source": [
				205	"cert.signatureAlgorithm.algorithm"
				206	]
				207	},
				208	{
				209	"cell_type": "markdown",
				210	"metadata": {},
				211	"source": [
				212	"## Scapy crypto tools"
				213	]
				214	},
				215	{
				216	"cell_type": "code",
				217	"execution_count": null,
				218	"metadata": {
				219	"collapsed": true
				220	},
				221	"outputs": [],
				222	"source": [
				223	"# Let's reload the key with Scapy's crypto-enhanced wrapper\n",
				224	"privkey = PrivKey('raw_data/pki/ca_key.der')"
				225	]
				226	},
				227	{
				228	"cell_type": "code",
				229	"execution_count": null,
				230	"metadata": {
				231	"collapsed": false
				232	},
				233	"outputs": [],
				234	"source": [
				235	"privkey.der == keystr"
				236	]
				237	},
				238	{
				239	"cell_type": "code",
				240	"execution_count": null,
				241	"metadata": {
				242	"collapsed": false
				243	},
				244	"outputs": [],
				245	"source": [
				246	"print privkey.key\n",
				247	"print privkey.pubkey"
				248	]
				249	},
				250	{
				251	"cell_type": "code",
				252	"execution_count": null,
				253	"metadata": {
				254	"collapsed": false
				255	},
				256	"outputs": [],
				257	"source": [
				258	"# We can compute the RSA signature over the part of the certificate which is to be signed\n",
				259	"privkey.sign(str(cert.tbsCertificate))"
				260	]
				261	},
				262	{
				263	"cell_type": "code",
				264	"execution_count": null,
				265	"metadata": {
				266	"collapsed": false
				267	},
				268	"outputs": [],
				269	"source": [
				270	"cert.signatureValue"
				271	]
				272	},
				273	{
				274	"cell_type": "code",
				275	"execution_count": null,
				276	"metadata": {
				277	"collapsed": false
				278	},
				279	"outputs": [],
				280	"source": [
				281	"# We can quickly modify a certificate field and update the signature accordingly\n",
				282	"cert.tbsCertificate.serialNumber.val = 0xdeadcafe\n",
				283	"cert.tbsCertificate.subject[-1].rdn[0].value.val = 'my new deadcafe CA' \n",
				284	"cert2 = privkey.resignCert(cert)\n",
				285	"cert2.show()"
				286	]
				287	}
				288	],
				289	"metadata": {
				290	"kernelspec": {
				291	"display_name": "Python 2",
				292	"language": "python",
				293	"name": "python2"
				294	},
				295	"language_info": {
				296	"codemirror_mode": {
				297	"name": "ipython",
				298	"version": 2
				299	},
				300	"file_extension": ".py",
				301	"mimetype": "text/x-python",
				302	"name": "python",
				303	"nbconvert_exporter": "python",
				304	"pygments_lexer": "ipython2",
				305	"version": "2.7.13"
				306	}
				307	},
				308	"nbformat": 4,
				309	"nbformat_minor": 2
				310	}