在Python中为Tor隐藏服务生成私钥和主机名

3 投票
2 回答
1736 浏览
提问于 2025-04-18 18:38
#!/usr/bin/env python
import OpenSSL.crypto as crypto
import sha
import base64

KEY_BIT_LENGTH = 1024
ONION_LENGTH = 16
keys = crypto.PKey()
keys.generate_key(crypto.TYPE_RSA, KEY_BIT_LENGTH)

privkey_as_bytes = crypto.dump_privatekey(crypto.FILETYPE_ASN1, keys)
privkey_hash = sha.sha(privkey_as_bytes).digest()
onion = base64.b32encode(privkey_hash)[:ONION_LENGTH].lower() + '.onion'

print onion
print
print crypto.dump_privatekey(crypto.FILETYPE_PEM, keys)

我这样做是不是有什么不对的地方?我觉得我的错误可能出在用于base32编码的字母表上。Shallot使用的是“abcdefghijklmnopqrstuvwxyz234567”,但是我完全不确定Python用的是什么,哈哈。

2 个回答

2

我最后是通过艰难的方式搞明白了这个问题... 这是代码的链接:

import os
import re
import sys
import gmpy2
import multiprocessing
from hashlib import sha1
from base64 import b64encode, b32encode
from pyasn1.codec.der import encoder
from Queue import Empty as QueueEmpty
from pyasn1.type import univ, namedtype

#### Constants stolen from the original shallot ####
EMIN = 0x10001
EMAX = 0xFFFFFFFFFF

#### Prime finding stuff for RSA ####
def random(bytez):
    '''Produces a random number thats has bytez*8 amount of bits.'''
    return gmpy2.mpz(reduce(lambda a, b: (a << 8)|ord(b), os.urandom(bytez), 0))

def good_prime(p):
    '''True if highly probably prime, else false.'''
    return gmpy2.is_prime(p, 1000) and \
           gmpy2.is_strong_bpsw_prp(p)

def find_prime(bytez=128):
    '''Checks random numbers for primality'''
    p = random(bytez)|1
    while not good_prime(p):
        p = random(bytez)|1
    return p

def good_pair(p, q):
    '''Returns p*q if p and q are a good pair, else 0.'''
    n = p*q
    k = gmpy2.ceil(gmpy2.log2(n))
    if abs(p - q) > 2**(k/2 - 100):
        return n
    return 0

##### Encoding stuffs #####
#https://tools.ietf.org/html/rfc3447#appendix-A.1
class RSAPublicKey(univ.Sequence):
    componentType = namedtype.NamedTypes(
        namedtype.NamedType('modulus', univ.Integer()),
        namedtype.NamedType('publicExponent', univ.Integer())
        )

class RSAPrivateKey(univ.Sequence):
    componentType = namedtype.NamedTypes(
        namedtype.NamedType('version', univ.Integer()),
        namedtype.NamedType('modulus', univ.Integer()),
        namedtype.NamedType('publicExponent', univ.Integer()),
        namedtype.NamedType('privateExponent', univ.Integer()),
        namedtype.NamedType('prime1', univ.Integer()),
        namedtype.NamedType('prime2', univ.Integer()),
        namedtype.NamedType('exponent1', univ.Integer()),
        namedtype.NamedType('exponent2', univ.Integer()),
        namedtype.NamedType('coefficient', univ.Integer())
        )

def public_key(n, e):
    public_key = RSAPublicKey()
    public_key.setComponentByName('modulus', n)
    public_key.setComponentByName('publicExponent', e)
    return encoder.encode(public_key)

def make_onion(n, e):
    return b32encode(sha1(public_key(n, e)).digest())[:16].lower()+'.onion'

def private_key(n, e, d, p, q):
    private_key = RSAPrivateKey()
    private_key.setComponentByName('version', 0)
    private_key.setComponentByName('modulus', n)
    private_key.setComponentByName('publicExponent', e)
    private_key.setComponentByName('privateExponent', d)
    private_key.setComponentByName('prime1', p)
    private_key.setComponentByName('prime2', q)
    private_key.setComponentByName('exponent1', d % (p - 1))
    private_key.setComponentByName('exponent2', d % (q - 1))
    private_key.setComponentByName('coefficient', gmpy2.invert(q, p))
    return encoder.encode(private_key)

def pprint_privkey(privkey):
    print '-'*5 + 'BEGIN RSA PRIVATE KEY' + '-'*5
    encoded = b64encode(privkey)
    while encoded:
        chunk, encoded = encoded[:64], encoded[64:]
        print chunk
    print '-'*5 + 'END RSA PRIVATE KEY' + '-'*5

#### Worker process generates keys, hashes, and checks for patterns ####
class Worker(multiprocessing.Process):

    def __init__(self, regex, results, trials, kill, *args, **kwds):
        multiprocessing.Process.__init__(self, *args, **kwds)
        self.regex = regex
        self.results = results
        self.trials = trials
        self.kill = kill

    def run(self):
        pattern = re.compile(self.regex)
        search = pattern.search
        i = 0
        while True:
            p = find_prime()
            q = find_prime()
            if q > p:
                p, q = q, p
            n = good_pair(p, q)
            if not n:
                continue
            tot = n - (p + q - 1)
            e = EMIN
            while e < EMAX:
                if self.kill.is_set():
                    self.trials.put(i)
                    return
                i += 1
                onion = make_onion(n, e)
                if search(onion) and gmpy2.gcd(e, tot)==1:
                    d = gmpy2.invert(e, tot)
                    priv = private_key(n, e, d, p, q)
                    self.results.put(onion+priv)
                    self.trials.put(i)
                    self.kill.set()
                    return
                e += 2

def kill_procs(processes, results, trials, kill):
    '''joins all processes, empties all queues, and returns sum of trials.'''
    if not kill.is_set():
        kill.set()
    sum_trials = 0
    while not trials.empty():
        sum_trials += trials.get()
    for proc in processes:
        proc.join()
    while not results.empty():
        results.get()
    return sum_trials

#### Main thread ####
def main(pattern):
    results = multiprocessing.Queue()
    trials = multiprocessing.Queue()
    kill = multiprocessing.Event()
    processes = []
    for i in range(multiprocessing.cpu_count()):
        processes.append(Worker(pattern, results, trials, kill))
        processes[-1].start()
    try:
        while True:
            try:
                found = results.get(True, 0.1)
            except QueueEmpty:
                pass
            else:
                break
    except KeyboardInterrupt:
        sum_trials = kill_procs(processes, results, trials, kill)
        print 'Tried', sum_trials, 'public keys before exit'
        sys.exit(1)
    sum_trials = kill_procs(processes, results, trials, kill)
    onion = found[:22]
    privkey = found[22:]
    print '-'*64
    print 'Found matching pattern after', sum_trials, 'tries:', onion
    print '-'*64
    pprint_privkey(privkey)

if __name__ == '__main__':
    try:
        main(sys.argv[1])
    except KeyboardInterrupt:
        sys.exit(1)
1

你的错误在于用私钥来计算哈希值,其实应该用公钥

使用crypto.dump_publickey(crypto.FILETYPE_ASN1, keys)得到的输出结构是这样的:

    SEQUENCE (2 elem)
        SEQUENCE (2 elem)
            OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
            NULL
        BIT STRING (1 elem)
            SEQUENCE(2 elem)
                INTEGER (1024 bit) 1669234523452435234253452...
                INTEGER 65537

但是Tor只使用最后一部分,所以你需要从22个字节开始截取:

pub_key = crypto.dump_publickey(crypto.FILETYPE_ASN1, keys)[22:]
key_hash = b32(hashlib.sha1(pub_key).digest()[:16])
print(key_hash[:16].lower() + ".onion")

撰写回答