def __init__(self, cache): """Initialize a LoadBalancer object, which manages workflow execution. Args: cache (Cache): The Cache object """ server_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") _, client_secret = auth.load_certificate(client_secret_file) self.comm_socket = zmq.Context.instance().socket(zmq.PUB) self.comm_socket.curve_secretkey = server_secret self.comm_socket.curve_publickey = server_public self.comm_socket.curve_server = True self.comm_socket.bind(walkoff.config.Config.ZMQ_COMMUNICATION_ADDRESS) self.cache = cache key = PrivateKey( server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]) worker_key = PrivateKey( client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key self.box = Box(key, worker_key)
def __init__(self, cache, config): """Initializes a multiprocessed executor, which will handle the execution of workflows. """ self.threading_is_initialized = False self.id = "controller" self.pids = None self.workflows_executed = 0 self.ctx = None # TODO: Test if you can always use the singleton self.auth = None self.zmq_workflow_comm = None self.receiver = None self.receiver_thread = None self.cache = cache self.config = config self.execution_db = ExecutionDatabase.instance self.results_sender = None key = PrivateKey( walkoff.config.Config. SERVER_PRIVATE_KEY[:nacl.bindings.crypto_box_SECRETKEYBYTES]) worker_key = PrivateKey( walkoff.config.Config.CLIENT_PRIVATE_KEY[:nacl.bindings. crypto_box_SECRETKEYBYTES] ).public_key self.__box = Box(key, worker_key)
def saludo(self): """ genera un mensaje tipo saludo al servidor :return: Diccionario con tipo = reto si existe el usuario """ # genera el saludo saludo = {'tipo': "saludo", 'nombre': self.nombre} paquete = crea_paquete(saludo) # envía el mensaje self.socket_connection.send(paquete) # Recibe la respuesta del servidor self.socket_connection.recv(2) paquete_recibido = json.loads(self.socket_connection.recv(1024)) if paquete_recibido["ok"]: # Existe el usuario, cargamos las llaves dicc = json.load(open("keys_" + self.nombre, "r")) self.sk = PrivateKey(base64.b64decode(dicc["sk"])) self.pk = PublicKey(base64.b64decode(dicc["pk"])) self.sig = nacl.signing.SigningKey(base64.b64decode(dicc["sig"])) self.vk = nacl.signing.VerifyKey(base64.b64decode(dicc["vk"])) self.medk_pub = PublicKey(base64.b64decode(dicc["medk_pub"])) self.medk_priv = PrivateKey(base64.b64decode(dicc["medk_priv"])) self.medk = base64.b64decode(dicc["medk"]) # Se asigna el reto self.reto = paquete_recibido["reto"] else: print "Error. El usuario " + self.nombre + " no existe." return paquete_recibido
def _then((entA, entB)): self.failUnlessEqual(entA["their_verfkey"], entB["my_verfkey"]) self.failUnlessEqual(entB["their_verfkey"], entA["my_verfkey"]) st = fetchone(nB.db, "mailbox_server_transports") sj = fetchone(nB.db, "mailbox_server_config") s = json.loads(sj["mailbox_config_json"]) r_privkey = PrivateKey(s["retrieval_privkey"].decode("hex")) r_pubkey = r_privkey.public_key.encode().encode("hex") t_privkey = PrivateKey(s["transport_privkey"].decode("hex")) t_pubkey = t_privkey.public_key.encode().encode("hex") transports = nA.agent.get_transports() self.failUnlessEqual(len(transports), 1) self.failUnless(1 in transports) t1 = transports[1]["transport"] self.failUnlessEqual(t1["generic"]["type"], "http") self.failUnlessEqual(t1["generic"]["url"], nB.baseurl + "mailbox") self.failUnlessEqual(t1["generic"]["transport_pubkey"], t_pubkey) self.failUnlessIn("TT0", t1["sender"]) # TODO: when RRID crypto is done, check TT0 better r = transports[1]["retrieval"] self.failUnlessEqual(r["type"], "http") self.failUnlessEqual(r["baseurl"], nB.baseurl + "retrieval/") self.failUnlessEqual(r["RT"], st["RT"]) self.failUnlessEqual(r["retrieval_pubkey"], r_pubkey) self.failUnlessEqual(r["retrieval_symkey"], st["symkey"]) retrievers = nA.agent.mailbox_retrievers self.failUnlessEqual(len(retrievers), 1) self.failUnless(isinstance(list(retrievers)[0], HTTPRetriever)) return nA.disownServiceParent()
def __init__(self, db, web, baseurl, desc): BaseServer.__init__(self) self.db = db assert baseurl.endswith("/") self.baseurl = baseurl self.transport_privkey = PrivateKey( desc["transport_privkey"].decode("hex")) self.TT_privkey = desc["TT_private_key"].decode("hex") self.TT_pubkey = desc["TT_public_key"].decode("hex") self.retrieval_privkey = PrivateKey( desc["retrieval_privkey"].decode("hex")) # this is how we get messages from senders web.get_root().putChild("mailbox", ServerResource(self.handle_msgA)) # add a second resource for agents to retrieve messages r = resource.Resource() # TODO: retrieval should use a different key than delivery self.listres = RetrievalListResource(self.db, self.retrieval_privkey) r.putChild("list", self.listres) ts = internet.TimerService(self.listres.CLOCK_WINDOW * 3, self.prune_old_requests) ts.setServiceParent(self) r.putChild("fetch", RetrievalFetchResource(self.db)) r.putChild("delete", RetrievalDeleteResource(self.db)) web.get_root().putChild("retrieval", r)
def reset(self, public_key=None, secret_key=None): """ Remove any existing state and reset as a new node. """ if not public_key: public_key, secret_key = zmq.curve_keypair() public_key = z85.decode(public_key) secret_key = z85.decode(secret_key) else: secret_key = z85.decode(secret_key) public_key = z85.decode(public_key) if public_key and HAS_NACL: computed_key = str(PrivateKey(secret_key).public_key) assert (computed_key == public_key) self.node = Node(self.addr, self.port, public_key, secret_key) self.hashtabe = {} if HAS_NACL: self.secret_key = PrivateKey(self.node.secret_key) self.nodetree = RoutingZone(self.node.node_id) # ensure we exist in own tree self.nodetree.add(self.node) self.txmap = transaction.TxMap() self.defrag = transport.DefragMap() self._dump_state()
def setUpClass(cls): initialize_test_config() server_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate(server_secret_file) client_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") client_public, client_secret = auth.load_certificate(client_secret_file) cls.key = PrivateKey(client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]) cls.server_key = PrivateKey(server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key cls.box = Box(cls.key, cls.server_key)
def _gen_equivalent_raw_keys_couple(self): rwk1 = bytearray(random(crypto_box_SECRETKEYBYTES)) rwk2 = bytearray(rwk1) # mask rwk1 bits rwk1[0] &= 248 rwk1[31] &= 127 rwk1[31] |= 64 # set rwk2 bits rwk2[0] |= 7 rwk2[31] |= 128 rwk2[31] &= 191 sk1 = PrivateKey(bytes(rwk1)) sk2 = PrivateKey(bytes(rwk2)) return sk1, sk2
def __init__(self): """ Initialize crypto stuff """ try: with open("SecretKey", "rb") as SecKeyFile: key = SecKeyFile.read() except Exception: logging.info("No secret key yet -> Generate new one") key = None if key: self.secKey = PrivateKey(key, nacl.encoding.HexEncoder) self.pubKey = self.secKey.public_key else: self.secKey = PrivateKey.generate() self.pubKey = self.secKey.public_key self.secKey_string = self.secKey.encode(nacl.encoding.HexEncoder).upper() self.pubKey_string = self.pubKey.encode(nacl.encoding.HexEncoder).upper() try: with open("SecretKey", "wb") as SecKeyFile, open("PublicKey", "wb") as PubKeyFile: SecKeyFile.write(self.secKey_string) PubKeyFile.write(self.pubKey_string) except Exception: logging.exception("Could not save secret key!") sys.exit(1)
def encrypt_text(text, secret_key, rcpt_public_key): """Encrypts a text """ secret_key = PrivateKey(secret_key.decode('hex')) rcpt_public_key = PublicKey(rcpt_public_key.decode('hex')) box = Box(secret_key, rcpt_public_key) return box.encrypt(text, nacl.utils.random(Box.NONCE_SIZE))
def key_select(self): """Environment Setup""" import base64, nacl.utils, zlib from lib.keys import PyNaCl_keys from nacl.public import PrivateKey, PublicKey, Box pynacl = PyNaCl_keys() kChoice = raw_input( '[G]enerate a Private Key or [I]mport a Private Key?\n') if (kChoice == 'g' or kChoice == 'G'): privObj, privKey = pynacl.key_gen() kSave = raw_input('\nSave the key? [y/N]\n') if (kSave == 'y' or kSave == 'Y'): print '' pynacl.key_save(privKey) print '\nYour Public Key is:\n%s' % pynacl.key_exp(privObj) elif (kChoice == 'i' or kChoice == 'I'): print '' from lib.crypto_env import GPG_env cType = GPG_env() plainKey = pynacl.key_imp() plainObj = zlib.decompress(base64.b64decode(plainKey)) privObj = PrivateKey(plainObj) print '\nYour Public Key is:\n%s' % pynacl.key_exp(privObj) ## Import partner public key partner_plain = raw_input( '\nEnter Plaintext Public Key of Chat Partner:\n') print '' ## Can probably enclose this within PublicKey() partner_obj = zlib.decompress(base64.b64decode(partner_plain)) partner_enc = PublicKey(partner_obj) ## Create a box for chat return Box(privObj, partner_enc), privObj, partner_enc
def test_put_password_with_invalid_json(self): """ Tests PUT method on password with invalid json """ url = reverse('password') update_data_nonce = nacl.utils.random(Box.NONCE_SIZE) update_data_nonce_hex = nacl.encoding.HexEncoder.encode(update_data_nonce) crypto_box = Box(PrivateKey(self.user_private_key, encoder=nacl.encoding.HexEncoder), PublicKey(self.verifier_public_key, encoder=nacl.encoding.HexEncoder)) update_data_dec = crypto_box.encrypt('narf'.encode("utf-8"), update_data_nonce) update_data = update_data_dec[len(update_data_nonce):] update_data_hex = nacl.encoding.HexEncoder.encode(update_data) data = { 'username': self.test_username, 'recovery_authkey': self.test_recovery_authkey, 'update_data': update_data_hex.decode(), 'update_data_nonce': update_data_nonce_hex.decode(), } self.client.force_authenticate(user=self.test_user_obj) response = self.client.put(url, data) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def decode_server_secret_key(keyfile): keyfile = keyfile or SERVER_SECRET_KEY_FILE sk = None with open(keyfile) as fh: hex = fh.read() sk = PrivateKey(from_hex(hex.strip())) return sk
def rpc_complete_order(self, sender, pubkey, encrypted): try: box = Box( PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey)) order = box.decrypt(encrypted) c = Contract(self.db, contract=json.loads(order, object_pairs_hook=OrderedDict), testnet=self.multiplexer.testnet) def handle_result(contract_id): if contract_id: self.router.addContact(sender) self.log.info("Received receipt for order %s" % contract_id) return ["True"] else: self.log.error("Received invalid receipt from %s" % sender) return ["False"] d = c.accept_receipt(self.multiplexer.ws, self.multiplexer.blockchain) d.addCallback(handle_result) except Exception: self.log.error("Unable to decrypt order receipt from %s" % sender) return ["False"]
def decrypt_text(text, secret_key, sender_public_key): """Decrypts a text """ secret_key = PrivateKey(secret_key.decode('hex')) sender_public_key = PublicKey(sender_public_key.decode('hex')) box = Box(secret_key, sender_public_key) return box.decrypt(text)
def privkey(self): if self._privkey == "": self._privkey = self.file_read_hex(self.path_privatekey) key = self.decryptSymmetric(self._privkey) privkey = PrivateKey(key) self._pubkey = privkey.public_key return privkey
def decrypt(self, file): # read encrypted data from file with open(file) as f: content = f.read() f.close() # read 1st public key and 2nd private key from config.json with open('config.json') as json_file: data = json.load(json_file) pub_key1 = data['public_key1'] priv_key2 = data['private_key2'] json_file.close() # Convert public key, private key, and encrypted data to byte strings priv_keyb2 = self.str_to_bytestring(priv_key2) pub_keyb1 = self.str_to_bytestring(pub_key1) content2 = self.str_to_bytestring(content) # decrypt encrypted data and write back to file private_key2 = PrivateKey(priv_keyb2) public_key1 = PublicKey(pub_keyb1) user_box2 = Box(private_key2, public_key1) decrypted = user_box2.decrypt(content2).decode("utf-8") with open(file, "w") as text_file: text_file.write(decrypted) text_file.close()
def send_message(self, receiving_node, public_key, message_type, message, subject=None): """ Sends a message to another node. If the node isn't online it will be placed in the dht for the node to pick up later. """ pro = Profile().get() if len(message) > 1500: return p = objects.Plaintext_Message() p.sender_guid = self.kserver.node.id p.signed_pubkey = self.kserver.node.signed_pubkey p.encryption_pubkey = PrivateKey(self.signing_key.encode()).public_key.encode() p.type = message_type p.message = message if subject is not None: p.subject = subject if pro.handle: p.handle = pro.handle if pro.avatar_hash: p.avatar_hash = pro.avatar_hash p.timestamp = int(time.time()) signature = self.signing_key.sign(p.SerializeToString())[:64] p.signature = signature skephem = PrivateKey.generate() pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder) box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder)) nonce = nacl.utils.random(Box.NONCE_SIZE) ciphertext = box.encrypt(p.SerializeToString(), nonce) def get_response(response): if not response[0]: self.kserver.set(receiving_node.id, pkephem, ciphertext) self.protocol.callMessage(receiving_node, pkephem, ciphertext).addCallback(get_response)
def generate_fileserver_info(): cluster_crypto_box = Box( PrivateKey(CLUSTER_PRIVATE_KEY, encoder=nacl.encoding.HexEncoder), PublicKey(SERVER_PUBLIC_KEY, encoder=nacl.encoding.HexEncoder)) nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE) encrypted = cluster_crypto_box.encrypt( json.dumps({ 'VERSION': VERSION, 'HOSTNAME': HOSTNAME, 'CLUSTER_ID': CLUSTER_ID, 'FILESERVER_ID': FILESERVER_ID, 'FILESERVER_PUBLIC_KEY': PUBLIC_KEY, 'FILESERVER_SESSION_KEY': FILESERVER_SESSION_KEY, 'SHARDS_PUBLIC': SHARDS_PUBLIC, 'READ': READ, 'WRITE': WRITE, 'DELETE': DELETE, 'ALLOW_LINK_SHARES': ALLOW_LINK_SHARES, 'IP_READ_WHITELIST': IP_READ_WHITELIST, 'IP_WRITE_WHITELIST': IP_WRITE_WHITELIST, 'IP_READ_BLACKLIST': IP_READ_BLACKLIST, 'IP_WRITE_BLACKLIST': IP_WRITE_BLACKLIST, 'HOST_URL': HOST_URL, }).encode("utf-8"), nonce) return nacl.encoding.HexEncoder.encode(encrypted).decode()
def rpc_order(self, sender, pubkey, encrypted): try: box = Box(PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey)) order = box.decrypt(encrypted) c = Contract(self.db, contract=json.loads(order, object_pairs_hook=OrderedDict), testnet=self.multiplexer.testnet) if c.verify(sender.signed_pubkey[64:]): self.router.addContact(sender) self.log.info("received an order from %s, waiting for payment..." % sender) payment_address = c.contract["buyer_order"]["order"]["payment"]["address"] chaincode = c.contract["buyer_order"]["order"]["payment"]["chaincode"] masterkey_b = c.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"] buyer_key = derive_childkey(masterkey_b, chaincode) amount = c.contract["buyer_order"]["order"]["payment"]["amount"] listing_hash = c.contract["buyer_order"]["order"]["ref_hash"] signature = self.signing_key.sign( str(payment_address) + str(amount) + str(listing_hash) + str(buyer_key))[:64] c.await_funding(self.multiplexer.ws, self.multiplexer.blockchain, signature, False) return [signature] else: self.log.warning("received invalid order from %s" % sender) return ["False"] except Exception: self.log.error("unable to decrypt order from %s" % sender) return ["False"]
def parse_messages(messages): if messages is not None: for message in messages: try: value = objects.Value() value.ParseFromString(message) try: box = Box(PrivateKey(self.signing_key.encode()), PublicKey(value.valueKey)) ciphertext = value.serializedData plaintext = box.decrypt(ciphertext) p = objects.Plaintext_Message() p.ParseFromString(plaintext) signature = p.signature p.ClearField("signature") verify_key = nacl.signing.VerifyKey(p.signed_pubkey[64:]) verify_key.verify(p.SerializeToString(), signature) h = nacl.hash.sha512(p.signed_pubkey) pow_hash = h[64:128] if int(pow_hash[:6], 16) >= 50 or hexlify(p.sender_guid) != h[:40]: raise Exception('Invalid guid') listener.notify(p.sender_guid, p.encryption_pubkey, p.subject, objects.Plaintext_Message.Type.Name(p.type), p.message) except Exception: pass signature = self.signing_key.sign(value.valueKey)[:64] self.kserver.delete(self.kserver.node.id, value.valueKey, signature) except Exception: pass
def main(): if argv[1] == 'public' and argv[2] == 'sample': aliceKp = generate_keypair() alicePrivateKey = aliceKp['privateKey'] alicePublicKey = aliceKp['publicKey'] bobKp = generate_keypair() bobPrivateKey = bobKp['privateKey'] bobPublicKey = bobKp['publicKey'] message = 'Hello World!' cipher, nonce = encrypt(message, alicePrivateKey, bobPublicKey) data = {} data['aliceKp'] = export_keypair(aliceKp) data['bobKp'] = export_keypair(bobKp) data['encrypted'] = cipher data['decrypted'] = decrypt(cipher, bobPrivateKey, alicePublicKey) data['message'] = message data['nonce'] = base64url_encode(nonce) print(json.dumps(data, indent=2)) if argv[1] == 'public' and argv[2] == 'decrypt': encoder = URLSafeBase64Encoder alicePublicKey = PublicKey(fix_base64url_decode(argv[5]), encoder) bobPrivateKey = PrivateKey(fix_base64url_decode(argv[4]), encoder) cipher = argv[3] data = {} data['decrypted'] = decrypt(cipher, bobPrivateKey, alicePublicKey) print(json.dumps(data, indent=2))
def _checkInitiate(self, clientID, data, host_port): cookieNonce, encryptedCookie, nonce = _initiateStruct.unpack_from(data) try: decryptedCookie = self._secretBox.decrypt(encryptedCookie, 'c' * 8 + cookieNonce) except CryptoError: return clientShortPubkey = PublicKey(decryptedCookie[:32]) serverShortKey = PrivateKey(decryptedCookie[32:]) serverShortClientShort = Box(serverShortKey, clientShortPubkey) try: decrypted = serverShortClientShort.decrypt( data[176:], 'CurveCP-client-I' + nonce) except CryptoError: return clientPubkeyString, vouchNonce, encryptedVouch, serverDomain = _initiateInnerStruct.unpack_from( decrypted) clientPubkey = PublicKey(clientPubkeyString) serverLongClientLong = Box(self.serverKey.key, clientPubkey) try: vouchKey = serverLongClientLong.decrypt(encryptedVouch, 'CurveCPV' + vouchNonce) except CryptoError: return if vouchKey != str(clientShortPubkey): return transport = CurveCPServerTransport(self.reactor, self.serverKey, self.factory, clientID, clientPubkey, host_port, serverShortClientShort, dnsToName(serverDomain)) return transport, decrypted[352:]
def generate_recovery_key(prv_key): rec_key = _GCE.generate_key() pub_key = PrivateKey(prv_key, Base64Encoder).public_key.encode(Base64Encoder) bkp_key = _GCE.symmetric_encrypt(rec_key, prv_key) rec_key = _GCE.asymmetric_encrypt(pub_key, rec_key) return Base64Encoder.encode(bkp_key), Base64Encoder.encode(rec_key)
def asymmetric_decrypt(prv_key, data): """ Perform asymmetric decryption using libsodium sealedbox (Curve25519, XSalsa20-Poly1305) """ prv_key = PrivateKey(prv_key, RawEncoder) data = _convert_to_bytes(data) return SealedBox(prv_key).decrypt(data)
def read_config(section=None, config_path='/tmp/secrets.conf', private_key=''): """ reads credentials section or app with data in specific configuration path using a private key data keys prefixed with __ are considered private and will be encrypted. @param section str: application or section name. e.g: myapp, githubuser, gitlaborg @param config_path str: secretconf path defaults to /tmp/secrets.conf @param private_key: key of 32 bytes (you should use sha256 or hash32 function on the bytes of your private key) """ data = {} if not os.path.exists(config_path): os.makedirs(os.path.dirname(config_path), exist_ok=True) os.mknod(config_path) conf = ConfigParser() conf.read_file(open(config_path)) sk = PrivateKey(private_key, nacl.encoding.Base64Encoder()) pk = sk.public_key box = Box(sk, pk) for s in conf.sections(): secdict = {} for k, v in conf[s].items(): if k.startswith("__"): v = decrypt(v, box) secdict[k] = v data[s] = secdict return data
def encrypt(self, file): with open('config.json') as json_file: data = json.load(json_file) pub_key2 = data['public_key2'] priv_key1 = data['private_key1'] json_file.close() # Convert public key and private key to byte strings, then actual PublicKey and PrivateKey objects priv_keyb1 = self.str_to_bytestring(priv_key1) pub_keyb2 = self.str_to_bytestring(pub_key2) private_key1 = PrivateKey(priv_keyb1) public_key2 = PublicKey(pub_keyb2) # Read in contents of file, encrypt them, then write back with open(file) as f: content = f.read() f.close() bytesData = content.encode() user_box1 = Box(private_key1, public_key2) nonce = nacl.utils.random(Box.NONCE_SIZE) encrypted = user_box1.encrypt(bytesData, nonce) with open(file, "w") as text_file: text_file.write(str(encrypted)) text_file.close()
def make_config(section=None, data=None, config_path='/tmp/secrets.conf', private_key=''): """ stores credentials section or app with data in specific configuration path using a private key data keys prefixed with __ are considered private and will be encrypted. @param section str: application or section name. e.g: myapp, githubuser, gitlaborg @param data dict: dict of fields and their values [fields prefixed with __ are private] e.g: {'name': 'xmonader', '__password': '******'} @param config_path str: secretconf path defaults to /tmp/secrets.conf @param private_key: key of 32 bytes (you should use sha256 or hash32 function on the bytes of your private key) """ data = data or {} if not os.path.exists(config_path): os.makedirs(os.path.dirname(config_path), exist_ok=True) os.mknod(config_path) conf = ConfigParser() conf.read_file(open(config_path)) conf[section] = {} sk = PrivateKey(private_key, nacl.encoding.Base64Encoder()) pk = sk.public_key box = Box(sk, pk) for k, v in data.items(): if k.startswith("__"): v = encrypt(v, box) conf[section][k] = v with open(config_path, "w") as cf: conf.write(cf)
def decrypt_X25519_Chacha20_Poly1305(encrypted_part, privkey, sender_pubkey=None): #LOG.debug('----------- Encrypted data: %s', encrypted_part.hex()) LOG.debug(' my secret key: %s', privkey.hex()) LOG.debug('Sender public key: %s', sender_pubkey.hex() if sender_pubkey else None) peer_pubkey = encrypted_part[:32] if sender_pubkey and sender_pubkey != peer_pubkey: raise ValueError("Invalid Peer's Public Key") nonce = encrypted_part[32:44] packet_data = encrypted_part[44:] LOG.debug(' peer pubkey: %s', peer_pubkey.hex()) LOG.debug(' nonce: %s', nonce.hex()) LOG.debug('encrypted data: %s', packet_data.hex()) # X25519 shared key pubkey = bytes( PrivateKey(privkey).public_key) # slightly inefficient, but working shared_key, _ = crypto_kx_client_session_keys(pubkey, privkey, peer_pubkey) LOG.debug('shared key: %s', shared_key.hex()) # Chacha20_Poly1305 return crypto_aead_chacha20poly1305_ietf_decrypt(packet_data, None, nonce, shared_key) # no add
def rpc_message(self, sender, pubkey, encrypted): try: box = Box( PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey)) plaintext = box.decrypt(encrypted) p = Plaintext_Message() p.ParseFromString(plaintext) signature = p.signature p.ClearField("signature") verify_key = nacl.signing.VerifyKey(p.signed_pubkey[64:]) verify_key.verify(p.SerializeToString(), signature) h = nacl.hash.sha512(p.signed_pubkey) pow_hash = h[64:128] if int(pow_hash[:6], 16) >= 50 or hexlify( p.sender_guid) != h[:40] or p.sender_guid != sender.id: raise Exception('Invalid guid') self.log.info("Received a message from %s" % sender) self.router.addContact(sender) for listener in self.listeners: try: verifyObject(MessageListener, listener) listener.notify(p, signature) except DoesNotImplement: pass return ["True"] except Exception: self.log.error("Received invalid message from %s" % sender) return ["False"]