EzPyKeynote

Ez Py Keynote

ezPyKeynote

A researcher's extension minded implementation of the Keynote Trust Management Evaluator

Description

This is a full python evaluator of a subset of the keynote language based on the c-evaluator developed by Angelos Keromytis. The purpose of this evaluator is not for production or usage but rather for easier modification and to facilitate research in trust management languages using a straight forward development package. The safety, either cryptographic or algorithmic, is in no way guaranteed. This code is grad-ware and is not designed to be used in full fledged implementations.

Deviation from RFC 2704

  • There is no handling of opaque keys
  • There is no k-of() in licensing field
  • Ordering of tags in assertions is important and all tags must be present with or without resulting values 
   The order by assertions is as follows:
      Keynote-Version:
      Authorizer:
      Local-Constants:
      Conditions:
      Comment:
      Signature:
  • "POLICY" is now written without quotes, as POLICY
  • There is no regular expression matching in Conditions
  • There is no need to express conditional arguments with an '@' if they are intended to hold an integer
  • There are no floats allowed in conditionals

Download

Change Log for 0.02

  • NEW recursive module, rec_mod performs double stack recursion.This makes extraction of a TDG much easier
  • NEW evaluator, rec_evalutor in tdg_extractor.py, uses rec_mod to perform evaluation. Also keeps a trace of evaluation that is used as the TDG.
  • OBSOLETE session.do_query() has been replaced by rec_evaluator
  • NEW TDG extractor, once evaluation is complete, rec_evaluator.last_graph contains the last TDG extracted
  • NEW TDG representation, outputs as a XML, the data structures are found in tdg.py

Dependencies

pycrypto

a python binding for many useful cryptographic algorithms. It is highly portable and runs on many systems. http://www.amk.ca/python/code/crypto.html

ezPyCrypto

a wrapper to pycrypto, an even more useful interface for pycrypto that is highly object oriented http://www.freenet.org.nz/ezPyCrypto/

PLY

a python lex/yacc implementation used to parse assertions http://www.dabeaz.com/ply/

Command Line Documentation

ezPyKeynote comes with a command line interface that is useful forcreating keys, signing assertion, verifying signatures, and also for evaluating queries. 

  key types ALG_NAME's are as follows, ':' required
    "dsa-hex:", "dsa-base64:", "rsa-hex:", "rsa-base64:"

  sig type ALG_NAME's are as follows, ':' required
    "sig-dsa-sha1-hex:", "sig-dsa-sha1-base64:", "sig-rsa-sha1-hex:" 
    "sig-rsa-sha1-base64:","sig-rsa-md5-hex:", "sig-rsa-md5-base64:"


Usage: keynote.py --keygen AlgorithmName KeySize PublickKeyFile PrivateKeyFile
	 keynote.py --sign ALG_NAME ASRT_FILE PRIV_FILE \ 
            [--print-offset=PRINT-OFFSET] [print-length=PRINT-LENGTH]
	 keynote.py --sigver ASSERTIONFILE
	 keynote.py --verify [--extract] -e ENV_FILE  \
            -l LOC_ASSRT -r TV_SET -k KEY_FILE -x EXT_ASSRT


Options:
  -h, --help            show this help message and exit

  Keygen Options:
    options for key generation

    --keygen=ALG_NAME KEY_SIZE PUB_FILE PRIV_FILE
                        AlgName={dsa,rsa}

  Sign Options:
    options for signing

    --sign=ALG_NAME ASRT_FILE PRIV_FILE
                        sign an asertion using a private key ALG_NAME = the
                        name of the algorithm, either 'dsa' or 'rsa' ASRT_FILE
                        = the file containing the asertion PRIV_FILE = the
                        file containing the private key
    --print-offset=PRINT_OFFSET
    --print-length=PRINT_LENGTH

  Sigver Options:
    options for signature verification

    --sigver=ASRT_FILE  The assertion file to be verified

  Verify Options:
    options for signing

    --verify            Verify a query
    --extract=EXTRACT_TO
                        Extract TDG to specified file,
                        if '-' then print to stdout
    -e ENVIROMENT       Enviroment File, pairing of enviroment variables and
                        values.                                       i.e.
                        app_domain=example
                        Spaces Matter, trailing and leading spaces count
    -l LOCAL_ASRT       Set a local assertion
    -x EXTERNAL_ASRT    Set a external assertion
    -k REQ_KEY          Set a authorizer
    -r VALUE_SET        Set the Trust Value Set, comma seperated list

Disclaimer

############################################################
# ezPyKeynote
#
#
# python library dependencies: pycrypto, ezPyCrypto, PLY
#
# By: Adam Aviv (aviv@cis.upenn.edu)
# Based on keynote-2.3 By: Angelos Keromytis
#
# Copyright (C) 2008 by Adam Aviv
#
# Permission to use, copy, and modify this software without fee
# is hereby granted, provided that this entire notice is included in
# all copies of any software which is or includes a copy or
# modification of this software. 
#
# THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
# IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
# REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
# MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
# PURPOSE.
#
############################################################