Giters

eprparadocs / cutehip

This is the replacement for the Java-based Host Identity Protocol implementation.

Home Page:https://dmitriykuptsov.github.io/cutehip/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

About

This is the replacement for the Java-based implementation of Host Indentity Protocol (HIP) version 2.

The solution was tested on Ubuntu 18.04, but in general, all Ubuntu like platforms should work fine. We have also tested the implmentation on Raspberry PI.

Introduction

Host Identity Protocol, or HIP, is layer 3.5 solution, which was initially designed to split the dual role of the IP address: locator and identifier. Using HIP protocol one can solve not only mobility problems, but also establish authenticated secure channel. This repository contains the implementation of HIP and IPSec protocols using Python.

At the moment the development is ongoing. Linux was selected as a target system and all the development currently done for this operating system.

Cryptographic library was missing Diffie-Hellman and Elliptic Curve Diffie-Hellman so we have implemented these protocols in Python. We have also made some measurements just to understand how well Python copes with these computation intensive tasks.

Usage

Currently RSA and ECDSA (HI) algorithms for Host Identity are supported. To test the implementation one needs to first install the needed libraries.

$ sudo pip3 install pycryptodome
$ sudo pip3 install netifaces

Make sure also net-tools are installed (needed for ifconfig):

$ sudo apt-get install net-tools

$ git clone https://github.com/dmitriykuptsov/cutehip.git
$ cd cutehip

Then generate the keys on both initiator and responder as follows (only small keys are supported at the moment, because fragmentation does not work)

$ bash tools/genkey.sh gen RSA 1024

or (to create ECDSA key pair)

$ bash tools/genkey.sh gen ECDSA secp384r1

ECDSALow is not supported due to used cryptographic library limitations.

The next step is to change the configuration. If RSA is used, set sig_alg to 0x5, and hash algorithm (hash_alg) to 0x1. If ECDSA is used for signatures, set sig_alg 0x7, and hash algorithm (hash_alg) to 0x2. Also make sure you set the correct order of the cipher algorithm and Diffie-Hellman algorithm (the first one in the list will be used during the BEX). Also the first cipher will be used for encrypting/decrypting ESP payload.

Once the keys are generated and configuration file is modified, run the responder:

$ sudo python3 cutehipd

Check the HIT of the responder (first you need to SSH on the responder and only then execute the below command):

$ ifconfig hip0

Then repeat the operation on intiator.

Update the hosts file (on initiator)

$ echo "<RHIT> <IP>" >> config/hosts

Remember to pad HIT with zeros if needed (ifconfig tool strips off unneeded zeros).

Run the initiator

$ sudo python3 cutehipd

Test the connection

$ ssh pi@<RHIT>

You should get security association installed once HIP BEX completes.

About

This is the replacement for the Java-based Host Identity Protocol implementation.

https://dmitriykuptsov.github.io/cutehip/

Languages

Language:Python 53.3%Language:TeX 45.7%Language:R 0.5%Language:Shell 0.4%Language:Makefile 0.1%