diff --git a/demo/demo_secondary.py b/demo/demo_secondary.py index e3f50b2..35cb938 100644 --- a/demo/demo_secondary.py +++ b/demo/demo_secondary.py @@ -28,6 +28,7 @@ import uptane # Import before TUF modules; may change tuf.conf values. import uptane.common # for canonical key construction and signing import uptane.clients.secondary as secondary +import uptane.encoding.asn1_codec as asn1_codec from uptane import GREEN, RED, YELLOW, ENDCOLORS from demo.uptane_banners import * import tuf.keys @@ -542,27 +543,39 @@ def generate_signed_ecu_manifest(): def ATTACK_send_corrupt_manifest_to_primary(): """ - Attack: MITM w/o key modifies ECU manifest. + Attack: MITM w/o key modifies secondary ECU manifest. Modify the ECU manifest without updating the signature. """ # Copy the most recent signed ecu manifest. import copy corrupt_signed_manifest = copy.copy(most_recent_signed_ecu_manifest) - corrupt_signed_manifest['signed']['attacks_detected'] += 'Everything is great, I PROMISE!' + # Convert signature to json and modify it + if tuf.conf.METADATA_FORMAT == 'der': + corrupt_signed_manifest = asn1_codec.convert_signed_der_to_dersigned_json( + corrupt_signed_manifest, asn1_codec.DATATYPE_ECU_MANIFEST) + corrupt_signed_manifest['signed']['attacks_detected'] += 'Everything is great, I PROMISE!' + else: + corrupt_signed_manifest['signed']['attacks_detected'] += 'Everything is great, I PROMISE!' + + # Convert the signature back to the DER format + corrupt_signed_manifest_der = asn1_codec.convert_signed_metadata_to_der( + corrupt_signed_manifest, asn1_codec.DATATYPE_ECU_MANIFEST) print(YELLOW + 'ATTACK: Corrupted Manifest (bad signature):' + ENDCOLORS) print(' Modified the signed manifest as a MITM, simply changing a value:') print(' The attacks_detected field now reads "' + RED + repr(corrupt_signed_manifest['signed']['attacks_detected']) + ENDCOLORS) + # Submit the corrupt signature to the primary ecu try: - submit_ecu_manifest_to_primary(corrupt_signed_manifest) + submit_ecu_manifest_to_primary(corrupt_signed_manifest_der) except xmlrpc_client.Fault: print(GREEN + 'Primary REJECTED the fraudulent ECU manifest.' + ENDCOLORS) else: print(RED + 'Primary ACCEPTED the fraudulent ECU manifest!' + ENDCOLORS) - # (Next, on the Primary, one would generate the vehicle manifest and submit + + # (Next, the Primary would generate the vehicle manifest and submit # that to the Director. The Director, in its window, should then indicate that # it has received this manifest and rejected it because the signature isn't # a valid signature over the changed ECU manifest.) @@ -571,6 +584,7 @@ def ATTACK_send_corrupt_manifest_to_primary(): + def register_self_with_director(): """ Send the Director a message to register our ECU serial number and Public Key.