From dffdf4d8bd872446e058081e0e8d1654b2fa0f33 Mon Sep 17 00:00:00 2001 From: sahilnarwal2111 <500097751@stu.upes.ac.in> Date: Thu, 15 Jun 2023 22:08:23 +0530 Subject: [PATCH] first commit --- .../bastion_connect.sh | 20 ++++++ .../bash_networking_security/tlsHandshake.sh | 61 +++++++++++++++++++ projects/bash_networking_security/vpc.sh | 8 +-- 3 files changed, 85 insertions(+), 4 deletions(-) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index a9bf588..b57dfd7 100644 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -1 +1,21 @@ #!/bin/bash +if [[ -z "$KEY_PATH" ]]; then + echo "Error: KEY_PATH environment variable is not set." + exit 5 +fi + +if [[ $# -lt 1 ]]; then + echo "KEY_PATH env var is expected" + echo "Please provide bastion IP address" + exit 5 +fi + +bastion_ip=$1 +private_ip=$2 +command_to_run="${@:3}" + +if [[ -n "$private_ip" ]]; then + ssh -t -i "$KEY_PATH" ubuntu@"$bastion_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command_to_run" +else + ssh -i "$KEY_PATH" ubuntu@"$bastion_ip" "$command_to_run" +fi \ No newline at end of file diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh index a9bf588..a5e4282 100644 --- a/projects/bash_networking_security/tlsHandshake.sh +++ b/projects/bash_networking_security/tlsHandshake.sh @@ -1 +1,62 @@ #!/bin/bash +#!/bin/bash -x + +# Step 1 - Client Hello (Client -> Server) +RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{ + "version": "1.3", + "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"], + "message": "Client Hello" +}' http://13.57.194.31:8080/clienthello) + + +# Step 2 - Server Hello (Server -> Client) +SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID') + +echo "$RESPONSE" | jq -r '.serverCert' > cert.pem + + +# Step 3 - Server Certificate Verification +wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem + +VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem) + +if [ "$VERIFICATION" != "cert.pem: OK" ]; +then + echo "Server Certificate is invalid." + exit 5 + else + echo "cert.pem: OK" +fi + + +# Step 4 - Client-Server master-key exchange +#echo "Hi server, please encrypt me and send to client!" > masterKey.txt +openssl rand -out masterKey.txt -base64 32 + + + +MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n') + + + +# Step 5 - Server verification message +RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{ + "sessionID": "'"$SESSION_ID"'", + "masterKey": "'"$MASTER_KEY"'", + "sampleMessage": "Hi server, please encrypt me and send to client!" +}' http://13.57.194.31:8080/keyexchange) + + +# Step 6 - Client verification message + +echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt +cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt + +decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt) + +if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then + echo "Server symmetric encryption using the exchanged master-key has failed." + exit 6 +else + echo "Client-Server TLS handshake has been completed successfully" +fi \ No newline at end of file diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 951abba..5d7d42b 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ -REGION="" -VPC_ID="" -PUBLIC_INSTANCE_ID="" -PRIVATE_INSTANCE_ID="" \ No newline at end of file +REGION="us-west-1" +VPC_ID="vpc-03624dc856ec4996a" +PUBLIC_INSTANCE_ID="i-07344e344dd6224c8" +PRIVATE_INSTANCE_ID="i-099e1b102026ac3f0" \ No newline at end of file