def manage_certificate(self): if self.certificate is None and ( time.time() - self.last_certificate_request_time) > 5.0: self.last_certificate_request_time = time.time() self.last_certificate_request_nonce = os.urandom(32) self.last_certificate_request_public_key, self.last_certificate_request_private_key = ed25519.create_keypair( ed25519.create_seed()) message = self.last_certificate_request_nonce message += struct.pack("32p", self.username) message += self.last_certificate_request_public_key self.socket.sendto(CERT_REQUEST_INIT + message, self.ca_address)
#!/usr/bin/env python import ed25519 s1 = ed25519.create_seed() s2 = ed25519.create_seed() pub1, priv1 = ed25519.create_keypair(s1) pub2, priv2 = ed25519.create_keypair(s2) secret1 = ed25519.key_exchange(pub2, priv1) secret2 = ed25519.key_exchange(pub1, priv2) print(secret1.hex()) print(secret2.hex()) assert secret1 == secret2
context.update(arg) def final(context): return context.digest() def hash(message): h = hashlib.sha512() h.update(message) return h.digest() if True: ed25519.custom_hash_function(create_context, init, update, final, hash) message = b'1234567890123456789012345678901234567890123456789012345678901234' seed = ed25519.create_seed() pubkey, privkey = ed25519.create_keypair(seed) signature = ed25519.sign(message, pubkey, privkey) # Total number of work items over all threads N = 100000 # Number of threads t_base = None for T in [1, 2, 4, 8]: jobs = queue.Queue() for i in range(N): jobs.put((message, signature, pubkey))
def handle_packet(self, data, address): if len(data) < 1: return opcode, data = data[0], data[1:] # time if opcode == TIME_SYNC: if len(data) != 32: print("TIME_SYNC packet received with incorrect size") return nonce = data timestamp = struct.pack("!Q", int(time.time() * 1000)) message = timestamp message += ed25519.sign(nonce + timestamp, self.public_key, self.private_key) self.socket.sendto(TIME_SYNC + message, address) elif opcode == CERT_REQUEST_INIT: if len(data) != 96: print("CERT_REQUEST_INIT packet received with incorrect size") return nonce, username, proposed_pubkey = data[:32], data[32:64], data[ 64:96] username = struct.unpack("32p", username)[0] message = ed25519.sign(nonce + username + proposed_pubkey, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_INIT + message, address) self.certificate_requests[nonce] = (time.time() + 10, username, proposed_pubkey) elif opcode == CERT_REQUEST_CONFIRM: if len(data) != (32 + 20 + 64): print( "CERT_REQUEST_CONFIRM packet received with incorrect size") return nonce, auth, signature = data[:32], data[32:52], data[52:] if nonce not in self.certificate_requests: print("received CERT_REQUEST_CONFIRM with unknown nonce") return # we don't need to check the timeout - that's done elsewhere timeout, username, proposed_pubkey = self.certificate_requests[ nonce] # only allow one response del self.certificate_requests[nonce] # invalid authentication if username not in self.accounts or hashlib.sha1( nonce + self.accounts[username][1]).digest() != auth: message = nonce message += ed25519.sign(nonce, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_INVALID_AUTH + message, address) return if not ed25519.verify(signature, nonce + auth, proposed_pubkey): print("received CERT_REQUEST_CONFIRM with invalid signature") return scalar = ed25519.create_seed() pubkey = ed25519.add_scalar(scalar, proposed_pubkey) userid = struct.pack(">L", self.accounts[username][0]) expiry = struct.pack(">H", round((time.time() / (60 * 60 * 24 * 7)) + 1)) # one week message = scalar message += userid message += expiry message += ed25519.sign(pubkey + userid + expiry, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_CONFIRM + message, address)
def handle_packet(self, data, address): if len(data) < 1: return opcode, data = data[0], data[1:] # time if opcode == TIME_SYNC: if len(data) != 32: print("TIME_SYNC packet received with incorrect size") return nonce = data timestamp = struct.pack("!Q", int(time.time() * 1000)) message = timestamp message += ed25519.sign(nonce + timestamp, self.public_key, self.private_key) self.socket.sendto(TIME_SYNC + message, address) elif opcode == CERT_REQUEST_INIT: if len(data) != 96: print("CERT_REQUEST_INIT packet received with incorrect size") return nonce, username, proposed_pubkey = data[:32], data[32:64], data[64:96] username = struct.unpack("32p", username)[0] message = ed25519.sign(nonce + username + proposed_pubkey, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_INIT + message, address) self.certificate_requests[nonce] = (time.time() + 10, username, proposed_pubkey) elif opcode == CERT_REQUEST_CONFIRM: if len(data) != (32 + 20 + 64): print("CERT_REQUEST_CONFIRM packet received with incorrect size") return nonce, auth, signature = data[:32], data[32:52], data[52:] if nonce not in self.certificate_requests: print("received CERT_REQUEST_CONFIRM with unknown nonce") return # we don't need to check the timeout - that's done elsewhere timeout, username, proposed_pubkey = self.certificate_requests[nonce] # only allow one response del self.certificate_requests[nonce] # invalid authentication if username not in self.accounts or hashlib.sha1(nonce + self.accounts[username][1]).digest() != auth: message = nonce message += ed25519.sign(nonce, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_INVALID_AUTH + message, address) return if not ed25519.verify(signature, nonce + auth, proposed_pubkey): print("received CERT_REQUEST_CONFIRM with invalid signature") return scalar = ed25519.create_seed() pubkey = ed25519.add_scalar(scalar, proposed_pubkey) userid = struct.pack(">L", self.accounts[username][0]) expiry = struct.pack(">H", round((time.time() / (60 * 60 * 24 * 7)) + 1)) # one week message = scalar message += userid message += expiry message += ed25519.sign(pubkey + userid + expiry, self.public_key, self.private_key) self.socket.sendto(CERT_REQUEST_CONFIRM + message, address)
def manage_certificate(self): if self.certificate is None and (time.time() - self.last_certificate_request_time) > 5.0: self.last_certificate_request_time = time.time() self.last_certificate_request_nonce = os.urandom(32) self.last_certificate_request_public_key, self.last_certificate_request_private_key = ed25519.create_keypair(ed25519.create_seed()) message = self.last_certificate_request_nonce message += struct.pack("32p", self.username) message += self.last_certificate_request_public_key self.socket.sendto(CERT_REQUEST_INIT + message, self.ca_address)