[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: the infamous JAP crash
- To: tor-assistants@xxxxxxxxxxxxx, or-talk@xxxxxxxxxxxxx
- Subject: Re: the infamous JAP crash
- From: Adam Langley <alangley@xxxxxxxxx>
- Date: Tue, 31 May 2005 09:58:43 +0100
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 31 May 2005 04:57:16 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references; b=jlMM0QtZb5Baeq53KtuKCUJeCcNGyH7l1F0Fb09OYqxt5AySEtfG6mQi5d6CXflMaKjrBPWNwuW0Iolq+NajLCdvVlztaBSreLptfDJyQvbfHRPcTsK0HACx9FAWU+Zjp9NWCG8b6zsZ0gbbKGjW8CLuTB+0WpoEMvpvjgk6FUg=
- In-reply-to: <20050531084045.GB18367@opium.palfrader.org>
- References: <20050531084045.GB18367@opium.palfrader.org>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 5/31/05, Peter Palfrader <peter@xxxxxxxxxxxxx> wrote:
> as requested by arma, here's the #tor log:
If it's of any help to the JAP people, here's the Python code to
connect to a Tor node with the correct certificates etc. You'll need
pyGnuTLS[1] to run it. I used it to flood Tor with random crap to see
if I could trigger a crash.
[1] http://www.imperialviolet.org/pygnutls.html
AGL
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
import gnutls
import socket
def main(host, port):
session = gnutls.Session(gnutls.CLIENT)
session.certificate_type_set_priority([gnutls.CRT_X509])
certdata = file('cert.pem', 'r').read()
certs = gnutls.x509_crt_list_import(2, certdata)
assert len(certs) == 2
privkey = gnutls.X509Privkey()
privkey.import_data(file('key.pem', 'r').read())
def cert_callback(session, req_ca_rdn, algos):
return (certs, privkey)
cred = gnutls.CertificateCred()
cred.set_x509_key(certs, privkey)
session.set_certificate_client_retrieve_function(cred, cert_callback)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect( (host, port) )
session.credentials_set(cred)
session.transport_set_ptr(sock)
session.handshake()
peercerts = []
der_blobs = session.certificate_get_peers()
for peercert_der_data in der_blobs:
peercert = gnutls.X509Cert()
peercert.import_data(peercert_der_data, gnutls.X509_FMT_DER)
peercerts.append(peercert)
print peercert.get_dn()
print peercert.get_fingerprint().encode('hex')
print 'one issues two', peercerts[0].check_issuer(peercerts[1])
print 'two issues one', peercerts[1].check_issuer(peercerts[0])
print 'one issues one', peercerts[0].check_issuer(peercerts[0])
print 'two issues two', peercerts[1].check_issuer(peercerts[1])
(m, e) = peercerts[1].get_pk_rsa_raw()
print m.encode('hex')
if __name__ == '__main__':
import sys
if len(sys.argv) != 3:
print 'Usage: %s <hostname> <port>' % sys.argv[0]
else:
main(sys.argv[1], int(sys.argv[2]))
import gnutls
import time
def main(nodename):
identkey = gnutls.X509Privkey()
tempkey = gnutls.X509Privkey()
identkey.generate(gnutls.PK_RSA, 512)
tempkey.generate(gnutls.PK_RSA, 512)
file('identkey.pem', 'w+').write(identkey.export())
file('key.pem', 'w+').write(tempkey.export())
identcert = gnutls.X509Cert()
tempcert = gnutls.X509Cert()
def setup_cert(cert, key, name):
cert.set_key(key)
cert.set_dn_by_oid(gnutls.OID_X520_COMMON_NAME, name)
cert.set_serial('\x00\x00\x00\x01')
cert.set_activation_time(int(time.time()))
cert.set_expriation_time(int(time.time()) + 60 * 60 * 25 * 99)
setup_cert(identcert, identkey, '%s <identity>' % nodename)
setup_cert(tempcert, tempkey, nodename)
identcert.sign(identcert, identkey)
tempcert.sign(identcert, identkey)
buf = tempcert.export()
buf += identcert.export()
file('cert.pem', 'w+').write(buf)
if __name__ == '__main__':
import sys
if len(sys.argv) != 2:
print 'Usage: %s <nodename>' % sys.argv[0]
else:
main(sys.argv[1])