def serve_cb(watcher, revents):
global connection_map, conn_sock
data, addr = c_recvfrom(conn_sock, 4096)
if addr not in connection_map:
print("data0 is %d" % data[0])
if int(data[0]) != 0: # DH Key Exchange Packet
print("Ignoring garbage data from %s" % addr[0])
return # Ignore this connection
name_end = data.find(b'\0', 1)
name = data[1:name_end]
kexpkt = data[name_end+1:]
if not peer_exists(name, pfile=WHITELIST_FILE):
print("Ignoring unknown peer \"%s\" from %s" % (name, addr[0]))
return # Ignore this connection
peer_public_key = get_peer_public_key(name, pfile=WHITELIST_FILE)
try:
result = nacl.crypto_sign_open(kexpkt, peer_public_key)
except Exception:
print("Invalid signature from peer \"%s\" from %s" % \
(name, addr[0]))
return # Ignore this connection
print("Accepted connection from peer \"%s\" from %s" % (name, addr[0]))
connection_map[addr] = ServeConnection(conn_sock, addr, name,
peer_public_key, result)
else:
print("packet from %s" % addr[0])
connection_map[addr].raw_recv(data)
def key_get_exchange(self):
nonce = '\0' * self.nonce_bytes
authpkt = nacl.crypto_stream_xor(data, nonce, self.key)
try:
peer_dhpk = nacl.crypto_sign_open(authpkt, self.peer_public_key)
except Exception:
print("Invalid signature from peer \"%s\" from %s" % \
(name, addr[0]))
sys.exit(0)
if self.kex_init:
self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23-self.nonce_bytes]
self.dhsk = None
self.kex_init = False
return
dhpk, dhsk = nacl.crypto_box_keypair()
authpkt = nacl.crypto_sign(dhpk, self.secret_key)
crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
'\x01' + self.nonce_prefix + nonce, self.key)
mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
c_sendto(self.sock, mac + crypted_data, self.addr)
self.key = nacl.crypto_scalarmult(dhsk, peer_dhpk)
print("New key is %s"%repr(self.key))
def __init__(self, sock, addr):
self.sock = sock
self.addr = addr
self.name, self.public_key, self.secret_key = load_identity()
dhpk, self.dhsk = nacl.crypto_box_keypair()
self.mac_bytes = config.getint("netshrink","mac_bytes")
if self.mac_bytes > 32:
self.mac_bytes = 32
self.nonce_bytes = config.getint("netshrink","nonce_bytes")
if self.nonce_bytes > 8:
self.nonce_bytes = 8
self.nonce = 0
self.peer_nonce = 0
self.kex_init = False
authpkt = b'\0' + self.name.encode("utf8") + b'\0'
authpkt += nacl.crypto_sign(dhpk, self.secret_key)
c_sendto(self.sock, authpkt, self.addr)
while True:
data, inaddr = c_recvfrom(self.sock, 4096)
if int(data[0]) != 0:
print("Ignoring garbage data from %s" % inaddr[0])
continue
name_end = data.find(b'\0', 1)
self.peer_name = data[1:name_end].encode("utf8")
kexpkt = data[name_end+1:]
if not peer_exists(self.name):
print("Peer \"%s\" is unknown, but you are whitelisted." % \
self.peer_name)
print("Please run addpeer/getpeer to authenticate.")
sys.exit(0)
self.peer_public_key = get_peer_public_key(self.peer_name)
try:
peer_dhpk = nacl.crypto_sign_open(kexpkt, self.peer_public_key)
except Exception:
print("Invalid signature from peer \"%s\" from %s" % \
(self.peer_name, inaddr[0]))
sys.exit(0)
break
print("Accepted connection from peer \"%s\" from %s" % \
(self.peer_name, addr[0]))
self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
self.dhsk = None
if self.nonce_bytes:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23-self.nonce_bytes]
else:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23]
print("len of nonce_prefix is %d"%len(self.nonce_prefix))
for i in xrange(260):
self.send("Hello there")
def verify(self, item): msg, auth = item[:4], item[4] if not self.pubkey: return True hashed, should = "1", "2" try: data = self.p.pack(msg) should = nacl.crypto_sign_open(auth, self.pubkey) hashed = nacl.crypto_hash_sha256(data) except: #pass import traceback traceback.print_exc() if hashed == should or DEBUG: return True return False
def test_signature(self):
sm = nacl.crypto_sign(self.msg, self.sk)
r = nacl.crypto_sign_open(sm, self.pk)
self.assertEqual(r, self.msg)
def test_signature(self):
sm = nacl.crypto_sign(self.msg, self.sk)
r = nacl.crypto_sign_open(sm, self.pk)
self.assertEqual(r, self.msg)
