def test_sign_verify(self):
lg.set_debug_level(30)
key_id = '[email protected]_8084'
my_keys.erase_key(key_id, keys_folder='/tmp/')
my_keys.register_key(key_id, _sample_private_key, keys_folder='/tmp/')
is_valid = my_keys.validate_key(my_keys.key_obj(key_id))
if not is_valid:
print(key_id)
print(my_keys.get_private_key_raw(key_id))
else:
my_keys.erase_key(key_id, keys_folder='/tmp/')
self.assertTrue(is_valid)
def test_regression(self):
lg.set_debug_level(30)
for i in range(3):
key_id = 'test_key_%[email protected]_8084' % i
my_keys.erase_key(key_id, keys_folder='/tmp/')
my_keys.generate_key(key_id, key_size=1024, keys_folder='/tmp/')
is_valid = my_keys.validate_key(my_keys.key_obj(key_id))
if not is_valid:
print(key_id)
print(my_keys.get_private_key_raw(key_id))
else:
my_keys.erase_key(key_id, keys_folder='/tmp/')
self.assertTrue(is_valid)
def test_sign_verify(self):
from logs import lg
from crypt import my_keys
lg.set_debug_level(30)
key_id = 'some_key_abc'
my_keys.erase_key(key_id, keys_folder='/tmp/')
my_keys.register_key(key_id, _some_private_key, keys_folder='/tmp/')
is_valid = my_keys.validate_key(my_keys.key_obj(key_id))
if not is_valid:
print(key_id)
print(my_keys.get_private_key_raw(key_id))
else:
my_keys.erase_key(key_id, keys_folder='/tmp/')
self.assertTrue(is_valid)
def test_regression(self):
from logs import lg
from crypt import my_keys
lg.set_debug_level(30)
for i in range(3):
key_id = 'test_key_%d' % i
my_keys.erase_key(key_id, keys_folder='/tmp/')
my_keys.generate_key(key_id, key_size=1024, keys_folder='/tmp/')
is_valid = my_keys.validate_key(my_keys.key_obj(key_id))
if not is_valid:
print(key_id)
print(my_keys.get_private_key_raw(key_id))
else:
my_keys.erase_key(key_id, keys_folder='/tmp/')
self.assertTrue(is_valid)
def on_key_received(newpacket, info, status, error_message):
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.out(
2, 'key_ring.on_key_received ERROR reading data from %s' %
newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = json.loads(key_data)
key_id = key_json['key_id']
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
raise Exception('private key already registered')
if my_keys.get_public_key_raw(
key_id, 'openssh') != key_object.toString('openssh'):
# and we should not overwrite existing public key as well
raise Exception(
'another key already registered with that ID')
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info(
'received and stored locally a new key %s, include_private=%s'
% (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(
key_id, 'openssh') != key_object.toString('openssh'):
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID
if my_keys.get_public_key_raw(
key_id,
'openssh') != key_object.public().toString('openssh'):
# and we should not overwrite existing public key as well
raise Exception('another key already registered with that ID')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, str(exc))
return False
def on_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when I receive a new key from one remote user.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.err('failed reading key info from %s' % newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True)
key_id = key_json['key_id']
key_label = key_json.get('label', '')
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isSigned():
if not my_keys.verify_key_info_signature(key_json):
raise Exception('key signature verification failed')
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
raise Exception('private key already registered')
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# and we should not overwrite existing public key as well
raise Exception('another public key already registered with that ID and it is not matching')
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString():
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered and it is not matching')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID already
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# and we should not overwrite existing public key as well
raise Exception('another public key already registered with that ID and it is not matching with private key')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, strng.to_text(exc))
return False
def on_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when I receive a new key from one remote user.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.err('failed reading key info from %s' % newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True)
# key_id = strng.to_text(key_json['key_id'])
key_label = strng.to_text(key_json.get('label', ''))
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isSigned():
if not my_keys.verify_key_info_signature(key_json):
raise Exception('received key signature verification failed: %r' % key_json)
# TODO: must also compare "signature_pubkey" with pub key of the creator of the key!
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
# TODO: check other scenarios
raise Exception('private key already registered with %r' % key_id)
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('replaced existing key %s, is_public=%s' % (key_id, key_object.isPublic()))
# normally should not overwrite existing public key
# TODO: look more if need to add some extra checks
# for example need to be able to overwrite or erase remotely some keys to cleanup
# raise Exception('another public key already registered with %r and new key is not matching' % key_id)
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString():
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered and it is not matching with received copy')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received again an exact copy of already existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID already
# if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# # and we should not overwrite existing public key as well
# raise Exception('another public key already registered with that ID and it is not matching with private key')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, strng.to_text(exc))
return False
