Ejemplo n.º 1
0
    def add_new_channel(self, nA, nB):
        a_signkey = SigningKey.generate()
        a_chankey = PrivateKey.generate()
        a_CIDkey = os.urandom(32)
        a_transports = nA.agent.individualize_transports(nA.agent.get_transports())

        b_signkey = SigningKey.generate()
        b_chankey = PrivateKey.generate()
        b_CIDkey = os.urandom(32)
        b_transports = nB.agent.individualize_transports(nB.agent.get_transports())

        a_rec = { "channel_pubkey": a_chankey.public_key.encode().encode("hex"),
                  "CID_key": a_CIDkey.encode("hex"),
                  "transports": a_transports.values(),
                  }

        b_rec = { "channel_pubkey": b_chankey.public_key.encode().encode("hex"),
                  "CID_key": b_CIDkey.encode("hex"),
                  "transports": b_transports.values(),
                  }

        q = ("INSERT INTO addressbook"
             " (petname, acked, next_outbound_seqnum,"
             "  my_signkey,"
             "  their_channel_record_json,"
             "  my_CID_key, next_CID_token,"
             "  highest_inbound_seqnum,"
             "  my_old_channel_privkey, my_new_channel_privkey,"
             "  they_used_new_channel_key, their_verfkey)"
             " VALUES(?,?,?,?,?,?,?,?,?,?,?,?)")

        vA=("petname-from-A", 1, 1,
            a_signkey.encode().encode("hex"),
            json.dumps(b_rec),
            a_CIDkey.encode("hex"), None,
            0,
            a_chankey.encode().encode("hex"),
            a_chankey.encode().encode("hex"),
            0, b_signkey.verify_key.encode().encode("hex"),
            )

        vB=("petname-from-A", 1, 1,
            b_signkey.encode().encode("hex"),
            json.dumps(a_rec),
            b_CIDkey.encode("hex"), None,
            0,
            b_chankey.encode().encode("hex"),
            b_chankey.encode().encode("hex"),
            0, a_signkey.verify_key.encode().encode("hex"),
            )

        nA.db.execute(q, vA)
        nA.db.commit()
        nB.db.execute(q, vB)
        nA.db.commit()

        entA = nA.db.execute("SELECT * FROM addressbook").fetchone()
        entB = nB.db.execute("SELECT * FROM addressbook").fetchone()
        return entA, entB
Ejemplo n.º 2
0
def test_nacl_encrypt_decrypt():
    skbob = PrivateKey.generate()
    pkbob = skbob.public_key
    skalice = PrivateKey.generate()
    pkalice = skalice.public_key
    message_bytes = nacl.utils.random(SALT_SIZE)
    encrypted = nacl_encrypt(message_bytes, skbob, pkalice)
    decrypted = nacl_decrypt(encrypted, skalice, pkbob)
    assert decrypted == message_bytes
Ejemplo n.º 3
0
    def purchase(self, node_to_ask, contract):
        """
        Send an order message to the vendor.

        Args:
            node_to_ask: a `dht.node.Node` object
            contract: a complete `Contract` object containing the buyer's order
        """

        def parse_response(response):
            try:
                address = contract.contract["buyer_order"]["order"]["payment"]["address"]
                verify_key = nacl.signing.VerifyKey(node_to_ask.signed_pubkey[64:])
                verify_key.verify(str(address), response[1][0])
                return response[1][0]
            except Exception:
                return False

        public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
        d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
        return d.addCallback(parse_response)
Ejemplo n.º 4
0
def create_node(so, stdout=sys.stdout, stderr=sys.stderr):
    basedir = so["basedir"]
    if os.path.exists(basedir):
        print >>stderr, "basedir '%s' already exists, refusing to touch it" % basedir
        return 1
    os.mkdir(basedir)
    dbfile = os.path.join(basedir, "petmail.db")
    db = database.get_db(dbfile, stderr)
    db.execute("INSERT INTO node (webhost, webport) VALUES (?,?)",
               (so["webhost"], so["webport"]))
    db.execute("INSERT INTO services (name) VALUES (?)", ("client",))
    db.execute("INSERT INTO `client_profile`"
               " (`name`, `icon_data`) VALUES (?,?)",
               ("",""))
    privkey = PrivateKey.generate()
    TID_tokenid, TID_privkey, TID_token0 = rrid.create()
    server_desc = { "transport_privkey": privkey.encode().encode("hex"),
                    "TID_private_key": TID_privkey.encode("hex"),
                    "local_TID0": TID_token0.encode("hex"),
                    "local_TID_tokenid": TID_tokenid.encode("hex"),
                    }
    db.execute("INSERT INTO mailbox_server_config"
               " (private_descriptor_json, enable_retrieval)"
               " VALUES (?,?)",
               (json.dumps(server_desc), 0))
    db.commit()
    print >>stdout, "node created in %s" % basedir
    return 0
Ejemplo n.º 5
0
def storeAccount(phrase, uid, auth, alias):
    """
    Store new account information

    @param phrase: new passphrase as bytes
    @param uid: user id
    @param auth: authentication token
    @param alias: user set alias for profile
    @return: Profile ID of newly created profile and safe
    """
    con = getCursor()

    # random phrase buffer
    buffer = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
    # create safe (db encryption)
    safe = SecretBox(b''.join((phrase, buffer[len(phrase) - 32:])))
    # create new signing_key and verify_key (message signing)
    skey = nacl.signing.SigningKey.generate()
    # create new private and public key (message encryption)
    mkey = PrivateKey.generate()

    con.execute("INSERT INTO profiles (uid, auth, signing_key, verify_key, private_key, public_key, buffer, alias) "
                "VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
                list(encrypt(safe, uid, auth, skey._seed, skey.verify_key.encode(encoder=nacl.encoding.HexEncoder),
                             mkey._private_key, mkey.public_key._public_key)) + [buffer, alias])

    profileId = con.lastrowid

    return profileId, safe
Ejemplo n.º 6
0
    def authenticate(self, permissions=[]): #TODO check is needs to = None
        keys = PrivateKey.generate()
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        payload = {
            'app': {
                'name': self.name,
                'version': self.version,
                'vendor': self.vendor,
                'id': self.id
            },
            'publicKey': base64.b64encode(keys.public_key.__bytes__()),
            'nonce': base64.b64encode(nonce),
            'permissions': permissions
        }
        headers = {
            'Content-Type': 'application/json'
        }
        r = self._post('auth', headers, payload)
        if r.status_code == 200:
            responseJson = r.json()
            cipherText = base64.b64decode(responseJson['encryptedKey'])
            self.token = responseJson['token']
            self.permissions = responseJson['permissions']
            self.publicKey = base64.b64decode(responseJson['publicKey'])

            box = Box(keys, PublicKey(self.publicKey))
            data = box.decrypt(cipherText, nonce=nonce)

            self.symmetricKey = data[0:PrivateKey.SIZE]
            self.symmetricNonce = data[PrivateKey.SIZE:]
            return True
        else:
            return False
Ejemplo n.º 7
0
        def get_node(node_to_ask):
            def parse_response(response):
                if response[0] and response[1][0] == "True":
                    return True
                elif not response[0]:
                    contract_dict = json.loads(json.dumps(contract.contract, indent=4),
                                               object_pairs_hook=OrderedDict)
                    del contract_dict["vendor_order_confirmation"]
                    order_id = digest(json.dumps(contract_dict, indent=4)).encode("hex")
                    self.send_message(Node(unhexlify(guid)),
                                      nacl.signing.VerifyKey(
                                          contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["guid"],
                                          encoder=nacl.encoding.HexEncoder).to_curve25519_public_key().encode(),
                                      objects.PlaintextMessage.Type.Value("ORDER_CONFIRMATION"),
                                      json.dumps(contract.contract["vendor_order_confirmation"]),
                                      order_id,
                                      store_only=True)
                    return True
                else:
                    return False

            if node_to_ask:
                public_key = nacl.signing.VerifyKey(
                    contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["guid"],
                    encoder=nacl.encoding.HexEncoder).to_curve25519_public_key()
                skephem = PrivateKey.generate()
                pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                box = Box(skephem, public_key)
                nonce = nacl.utils.random(Box.NONCE_SIZE)
                ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
                d = self.protocol.callOrderConfirmation(node_to_ask, pkephem, ciphertext)
                return d.addCallback(parse_response)
            else:
                return parse_response([False])
Ejemplo n.º 8
0
    def send_message(self, receiving_node, public_key, message_type, message, subject=None):
        """
        Sends a message to another node. If the node isn't online it
        will be placed in the dht for the node to pick up later.
        """
        pro = Profile().get()
        if len(message) > 1500:
            return
        p = objects.Plaintext_Message()
        p.sender_guid = self.kserver.node.id
        p.signed_pubkey = self.kserver.node.signed_pubkey
        p.encryption_pubkey = PrivateKey(self.signing_key.encode()).public_key.encode()
        p.type = message_type
        p.message = message
        if subject is not None:
            p.subject = subject
        if pro.handle:
            p.handle = pro.handle
        if pro.avatar_hash:
            p.avatar_hash = pro.avatar_hash
        p.timestamp = int(time.time())
        signature = self.signing_key.sign(p.SerializeToString())[:64]
        p.signature = signature

        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(p.SerializeToString(), nonce)

        def get_response(response):
            if not response[0]:
                self.kserver.set(digest(receiving_node.id), pkephem, ciphertext)
        self.protocol.callMessage(receiving_node, pkephem, ciphertext).addCallback(get_response)
Ejemplo n.º 9
0
    def purchase(self, node_to_ask, contract):
        """
        Send an order message to the vendor.

        Args:
            node_to_ask: a `dht.node.Node` object
            contract: a complete `Contract` object containing the buyer's order
        """
        def parse_response(response):
            try:
                address = contract.contract["buyer_order"]["order"]["payment"]["address"]
                chaincode = contract.contract["buyer_order"]["order"]["payment"]["chaincode"]
                masterkey_b = contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"]
                buyer_key = derive_childkey(masterkey_b, chaincode)
                amount = contract.contract["buyer_order"]["order"]["payment"]["amount"]
                listing_hash = contract.contract["buyer_order"]["order"]["ref_hash"]
                verify_key = nacl.signing.VerifyKey(node_to_ask.signed_pubkey[64:])
                verify_key.verify(
                    str(address) + str(amount) + str(listing_hash) + str(buyer_key), response[1][0])
                return response[1][0]
            except Exception:
                return False

        public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
        d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
        self.log.info("purchasing contract %s from %s" % (contract.get_contract_id().encode("hex"), node_to_ask))
        return d.addCallback(parse_response)
Ejemplo n.º 10
0
        def get_node(node_to_ask):
            def parse_response(response):
                if response[0] and response[1][0] == "True":
                    return True
                elif not response[0]:
                    contract_dict = json.loads(json.dumps(contract.contract, indent=4),
                                               object_pairs_hook=OrderedDict)
                    del contract_dict["vendor_order_confirmation"]
                    del contract_dict["buyer_receipt"]
                    order_id = digest(json.dumps(contract_dict, indent=4)).encode("hex")
                    self.send_message(Node(unhexlify(guid)),
                                      contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"],
                                      objects.Plaintext_Message.Type.Value("RECEIPT"),
                                      json.dumps(contract.contract["buyer_receipt"]),
                                      order_id,
                                      store_only=True)
                    return True
                else:
                    return False

            if node_to_ask:
                public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
                skephem = PrivateKey.generate()
                pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
                nonce = nacl.utils.random(Box.NONCE_SIZE)
                ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
                d = self.protocol.callCompleteOrder(node_to_ask, pkephem, ciphertext)
                return d.addCallback(parse_response)
            else:
                return parse_response([False])
Ejemplo n.º 11
0
	def key_gen(self):
		"""Generate a private key"""
		import base64, zlib
		from nacl.public import PrivateKey
		privObj = PrivateKey.generate()
		privKey = base64.b64encode(zlib.compress(str(privObj), 9))
		return privObj, privKey
Ejemplo n.º 12
0
def test_wrong_types():
    priv = PrivateKey.generate()

    check_type_error(("PrivateKey must be created from a 32 bytes long "
                      "raw secret key"),
                     PrivateKey, 12)
    check_type_error(("PrivateKey must be created from a 32 bytes long "
                      "raw secret key"),
                     PrivateKey, priv)
    check_type_error(("PrivateKey must be created from a 32 bytes long "
                      "raw secret key"),
                     PrivateKey, priv.public_key)

    check_type_error("PublicKey must be created from 32 bytes",
                     PublicKey, 13)
    check_type_error("PublicKey must be created from 32 bytes",
                     PublicKey, priv)
    check_type_error("PublicKey must be created from 32 bytes",
                     PublicKey, priv.public_key)

    check_type_error("Box must be created from a PrivateKey and a PublicKey",
                     Box, priv, "not a public key")
    check_type_error("Box must be created from a PrivateKey and a PublicKey",
                     Box, priv.encode(), priv.public_key.encode())
    check_type_error("Box must be created from a PrivateKey and a PublicKey",
                     Box, priv, priv.public_key.encode())
    check_type_error("Box must be created from a PrivateKey and a PublicKey",
                     Box, priv.encode(), priv.public_key)

    check_type_error("seed must be a 32 bytes long",
                     PrivateKey.from_seed, b"1")
Ejemplo n.º 13
0
 def send_rekey(self):
     self.pkey = PrivateKey.generate()
     msg = six.int2byte(Message.rekey) + encode_varint(self.my_seq) + self.pkey.public_key._public_key
     mac = self.get_mac(msg)
     self.my_seq += 1
     self._send(msg + mac)
     self.state = ClientState.rekey
Ejemplo n.º 14
0
 def test_list_request(self):
     serverkey = PrivateKey.generate()
     RT = "01234567" # 8 bytes
     req, tmppub = retrieval.encrypt_list_request(serverkey.public_key.encode(), RT)
     got_tmppub, boxed0 = server.decrypt_list_request_1(req)
     ts, got_RT = server.decrypt_list_request_2(got_tmppub, boxed0, serverkey)
     self.failUnlessEqual(RT, got_RT)
Ejemplo n.º 15
0
    def respond_to_rekey(self, message):
        # Verify length
        if not len(message) == 34 + self._mac_length:
            _logger.info('Invalid length of rekey')
            # TODO: Multi-byte asequence numbers should also be allowed
            return

        # Verify MAC
        msg, sig = message[:-self._mac_length], message[-self._mac_length:]
        if not self.verify_mac(message):
            _logger.info('Invalid MAC on rekey')
            return

        # Verify sequence number
        if not self.validate_and_update_others_seqnum(msg):
            _logger.info('Invalid sequence number on rekey')
            return

        client_pubkey = msg[2:]
        self.pkey = PrivateKey.generate()
        self.new_master_key = self.derive_shared_key(client_pubkey)
        msg = six.int2byte(Message.rekey_response) + encode_varint(self.my_seq) + self.pkey.public_key._public_key
        self.state = ServerState.rekey
        full_msg = msg + self.get_mac(msg)
        self._send(full_msg)
        self.my_seq += 1
Ejemplo n.º 16
0
        def get_node(node_to_ask, recipient_guid, public_key):
            def parse_response(response):
                if not response[0]:
                    self.send_message(
                        Node(unhexlify(recipient_guid)),
                        nacl.signing.VerifyKey(public_key, encoder=nacl.encoding.HexEncoder)
                        .to_curve25519_public_key()
                        .encode(),
                        objects.PlaintextMessage.Type.Value("DISPUTE_OPEN"),
                        json.dumps(contract),
                        order_id,
                        store_only=True,
                    )

            if node_to_ask:
                enc_key = nacl.signing.VerifyKey(
                    public_key, encoder=nacl.encoding.HexEncoder
                ).to_curve25519_public_key()
                skephem = PrivateKey.generate()
                pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                box = Box(skephem, enc_key)
                nonce = nacl.utils.random(Box.NONCE_SIZE)
                ciphertext = box.encrypt(json.dumps(contract, indent=4), nonce)
                d = self.protocol.callDisputeOpen(node_to_ask, pkephem, ciphertext)
                return d.addCallback(parse_response)
            else:
                return parse_response([False])
Ejemplo n.º 17
0
 def __new__(cls, microdescriptor):
     relay_identity = decodeMicrodescriptorIdentifier(microdescriptor)
     relay_ntor_onion_key = base64.b64decode(microdescriptor.ntor_onion_key)
     secret_key = PrivateKey.generate()
     public_key = secret_key.public_key
     return super(NTorState, cls).__new__(
         cls, relay_identity, relay_ntor_onion_key, secret_key, public_key)
Ejemplo n.º 18
0
def getauth(secret=''):
	if secret != '':
		try:
			return nacl.public.PrivateKey(secret,encoder=nacl.encoding.HexEncoder)
		except:
			raise err.api('invalid secret')
	else:
		return PrivateKey.generate()
Ejemplo n.º 19
0
 def generate_key_hex(self):
     """
     Generate a new private key and return a pair with the hex encodings
     of (priv_key, pub_key).
     """
     key = PrivateKey.generate()
     priv_key = key.encode(encoder=HexEncoder)
     pub_key = key.public_key.encode(encoder=HexEncoder)
     return priv_key.decode('ascii'), pub_key.decode('ascii')
Ejemplo n.º 20
0
 def test_list_entry(self):
     symkey = os.urandom(32)
     tmppriv = PrivateKey.generate()
     tmppub = tmppriv.public_key.encode()
     entry, fetch_token, delete_token = server.create_list_entry(symkey, tmppub, 1234)
     got_fetch_token, got_delete_token, length = retrieval.decrypt_list_entry(entry, symkey, tmppub)
     self.failUnlessEqual(fetch_token, got_fetch_token)
     self.failUnlessEqual(delete_token, got_delete_token)
     self.failUnlessEqual(length, 1234)
Ejemplo n.º 21
0
def test_sealed_box_too_short_msg():
    empty_plaintext = b''
    k = PrivateKey.generate()
    enc_box = SealedBox(k.public_key)
    dec_box = SealedBox(k)

    msg = enc_box.encrypt(empty_plaintext)
    with pytest.raises(CryptoError):
        dec_box.decrypt(msg[:-1])
Ejemplo n.º 22
0
 def generate_key(self):
     """
     Generate a new private key and return a pair with the base64 encodings
     of (priv_key, pub_key).
     """
     key = PrivateKey.generate()
     priv_key = key.encode(encoder=Base64Encoder)
     pub_key = key.public_key.encode(encoder=Base64Encoder)
     return (u'{}'.format(priv_key), u'{}'.format(pub_key))
Ejemplo n.º 23
0
    def startInvitation(self, petname, code, transports):
        #print "invite", petname, code.encode("hex")
        stretched = stretch(code)
        inviteKey = SigningKey(stretched)
        inviteID = inviteKey.verify_key.encode(Hex)
        mySigningKey = SigningKey.generate()
        myCIDkey = os.urandom(32)
        myTempPrivkey = PrivateKey.generate()

        # create my channel record
        tids = ",".join([str(tid) for tid in sorted(transports.keys())])
        channel_key = PrivateKey.generate()
        pub_crec = { "channel_pubkey": channel_key.public_key.encode(Hex),
                     "CID_key": myCIDkey.encode("hex"),
                     "transports": transports.values(),
                     }
        priv_data = { "my_signkey": mySigningKey.encode(Hex),
                      "my_CID_key": myCIDkey.encode("hex"),
                      "my_old_channel_privkey": channel_key.encode(Hex),
                      "my_new_channel_privkey": channel_key.encode(Hex),
                      "transport_ids": tids,
                      }

        db = self.db
        c = db.execute("SELECT inviteID FROM invitations")
        if inviteID in [str(row[0]) for row in c.fetchall()]:
            raise CommandError("invitation code already in use")
        iid = db.insert("INSERT INTO `invitations`"
                        " (code, petname, inviteKey,"
                        "  inviteID,"
                        "  myTempPrivkey, mySigningKey,"
                        "  my_channel_record, my_private_channel_data,"
                        "  myMessages, theirMessages, nextExpectedMessage)"
                        " VALUES (?,?,?, ?, ?,?, ?,?, ?,?,?)",
                        (code.encode("hex"), petname, stretched.encode("hex"),
                         inviteID,
                         myTempPrivkey.encode(Hex), mySigningKey.encode(Hex),
                         json.dumps(pub_crec), json.dumps(priv_data),
                         "", "", 1),
                        "invitations")
        self.subscribe(inviteID)
        i = Invitation(iid, self.db, self)
        i.sendFirstMessage()
        self.db.commit()
Ejemplo n.º 24
0
 def __init__(self, relay):
     '''
     :param stem.descriptor.server_descriptor.RelayDescriptor relay:
         the relay that we're doing an ntor handshake with
     '''
     self._signing_key = tools.signingKeyToSHA1(relay.signing_key)
     self._ntor_onion_key = base64.b64decode(relay.ntor_onion_key)
     self._secret_key = PrivateKey.generate()
     self._public_key = self._secret_key.public_key
     self.is_bad = False
Ejemplo n.º 25
0
def asymmetricEncryption(toEncrypt):
	#generiranje privatnog kljuca posiljatelja koji mora ostati tajan
	skSender = PrivateKey.generate()
	#generiranje javnog kljuca posiljatelja
	pkSender = skSender.public_key
	#generiranje privatnog kljuca primatelja koji mora ostati tajan
	skReceiver = PrivateKey.generate()
	#generiranje javnog kljuca primatelja
	pkReceiver = skReceiver.public_key
	#"kutija" s posiljateljevim privatnim kljucem i primateljevim javnim kljucem
	#sluzi za enkriptiranje poruke
	senderBox = Box(skSender, pkReceiver)
	#broj koji se koristi samo jednom, ne smatra se tajnim i moze ga se slati uz enkriptiranu poruku
	#dobar izvor za nonce su nasumicna 24 byta
	nonce = nacl.utils.random(Box.NONCE_SIZE)
	#enkriptiranje poruke koja ce potom biti dulja za tocno 40 byta od originalne poruke
	#razlog tome je informacija o autentifikaciji i nonce koji se pohranjuju uz nju
	encrypted = senderBox.encrypt(toEncrypt, nonce, encoder = nacl.encoding.Base64Encoder)
	return pkSender, skReceiver, encrypted
Ejemplo n.º 26
0
def test_sealed_box_zero_length_plaintext():
    empty_plaintext = b''
    k = PrivateKey.generate()
    enc_box = SealedBox(k.public_key)
    dec_box = SealedBox(k)

    msg = enc_box.encrypt(empty_plaintext)
    decoded = dec_box.decrypt(msg)

    assert decoded == empty_plaintext
Ejemplo n.º 27
0
 def setUp(self):
     super(RekeyCompleteTest, self).setUp()
     self.session.send_rekey()
     rekey_msg = self.channel.sent_messages.pop(0).msg
     self.client_pubkey = rekey_msg[2:-self.mac_len]
     pkey = PrivateKey.generate()
     msg = b'\x83\x00' + pkey.public_key._public_key
     mac = self.get_mac(msg)
     response = self.get_response(msg + mac).msg
     self.new_shared_key = crypto_scalarmult(pkey._private_key, self.client_pubkey)
Ejemplo n.º 28
0
def test_wrong_types():
    priv = PrivateKey.generate()

    check_type_error(("SealedBox must be created from a PublicKey"
                      " or a PrivateKey"),
                     SealedBox, priv.encode())
    check_type_error(("SealedBox must be created from a PublicKey"
                      " or a PrivateKey"),
                     SealedBox, priv.public_key.encode())
    with pytest.raises(TypeError):
        SealedBox(priv, priv.public_key)
Ejemplo n.º 29
0
def generate_keypair(kB, client_id):
    """Given a kbR and a client_id returned from the FxA auth server
    returns a key pair (public+encrypted private key)
    """
    kBr = get_kBr(kB, client_id)
    priv = PrivateKey.generate()
    pub = priv.public_key
    pub = binascii.hexlify(pub.encode())
    priv = binascii.hexlify(priv.encode())
    encrypted_priv = encrypt_data(priv, kBr)
    return pub, priv, encrypted_priv
Ejemplo n.º 30
0
 def test_responds_to_valid_rekey_response(self):
     pkey = PrivateKey.generate()
     msg = b'\x83\x02' + pkey.public_key._public_key
     mac = self.get_mac(msg)
     response = self.get_response(msg + mac).msg
     self.assert_message_type(response, 0x04)
     self.assertEqual(len(response), 1 + self.mac_len)
     shared_key = crypto_scalarmult(pkey._private_key, self.client_pubkey)
     mac_func = getattr(hashlib, self.mac)
     expected_mac = mac_func(shared_key + response[:-self.mac_len]).digest()[:self.mac_len]
     self.assertEqual(response[-self.mac_len:], expected_mac)
     self.assertEqual(self.session.state, ClientState.wait_for_rekey_complete)
Ejemplo n.º 31
0
    def __init__(
        self,
        nursery: trio.Nursery,
        key: PrivateKey = None,
        whitelist: Optional[PublicKey] = None
            ):

        self.nursery = nursery

        self.contexts: Dict[IPv4Address, UDPContext] = {}
        self.conn_cb: Optional[Callable[[UDPContext], None]] = None
        self.sock = trio.socket.socket(
            socket.AF_INET,
            socket.SOCK_DGRAM
            )

        self.key = PrivateKey.generate() if key is None else key
        self.whitelist = whitelist
Ejemplo n.º 32
0
def generate_keys():
    logging.info("generating public-private key pair")

    # create public/private pair
    private_key = PrivateKey.generate()
    public_key = private_key.public_key
    key_length = private_key.SIZE * 8

    # get key strings
    public_key = public_key.encode(encoder=nacl.encoding.HexEncoder).decode()
    private_key = private_key.encode(encoder=nacl.encoding.HexEncoder).decode() 

    # return key pair as dictionary
    return({
        "key_length_bits": key_length,
        "public_key": public_key,
        "private_key": private_key 
    })
Ejemplo n.º 33
0
def keyMake(node, path):
  ## create a public, private, and signature key set
  # generate the encryption keypair
  key = PrivateKey.generate()
  # generate the signature key
  sig = nacl.signing.SigningKey.generate()
  verify = sig.verify_key
  sig_hex = verify.encode(encoder=nacl.encoding.HexEncoder)
  
  # write all of the keys to file
  with open(path + '/' + node + '.sig', 'w+') as signing_key:
    pickle.dump(sig, signing_key) 
  with open(path + '/' + node + '.sighex', 'w+') as verify_hex:
    pickle.dump(sig_hex, verify_hex)
  with open(path + '/' + node + '.private', 'w+') as private:
    pickle.dump(key, private)
  with open(path + '/' + node + '.public', 'w+') as public:
    pickle.dump(key.public_key, public)
Ejemplo n.º 34
0
    def __init__(self, application_namespace):
        # Save the application namespace
        self.application_namespace = application_namespace

        # Generate a private key
        self.private_key = PrivateKey.generate()

        # Generate a signing key
        self.signing_key = SigningKey.generate()

        # Create subject for incoming payloads
        self.incoming_payload = rx.subject.Subject()

        # Create a set of reachable instances
        self.reachable_peers: Set[InstanceReference] = set()

        # Create subject for newly reachable instances
        self.incoming_greeting = rx.subject.Subject()
Ejemplo n.º 35
0
    def __init__(self,
                 nursery: trio.Nursery,
                 addr: IPv4Address = ("0.0.0.0", 12000),
                 key: PrivateKey = None,
                 max_rounds: int = 2):

        self.nursery = nursery
        self.addr = addr
        self.max_rounds = max_rounds

        if key is None:
            self.key = PrivateKey.generate()
        else:
            self.key = PrivateKey(bytes.fromhex(key))

        self.nodes: Dict[PublicKey, BoxerRemoteNode] = {}
        self.fights: Dict[str, BoxerFight] = {}
        self.fightidmngr = SessionIDManager()
Ejemplo n.º 36
0
    def test_rekey(self):
        pkey = PrivateKey.generate()
        msg = b'\x03\x00' + pkey.public_key._public_key
        response = self.send_with_mac(msg).msg
        self.assertEqual(len(response), 34 + self.mac_len)
        self.assert_correct_mac(response)
        self.assertEqual(six.byte2int(response[1:]), 0x00)
        self.assert_message_type(response, 0x83)
        server_pubkey = response[2:-self.mac_len]
        new_shared_secret = crypto_scalarmult(pkey._private_key, server_pubkey)

        # Send confirm
        self.session_key = new_shared_secret
        msg = b'\x04'
        response = self.send_with_mac(msg).msg
        self.assert_correct_mac(response)
        self.assert_message_type(response, 0x84)
        self.assertEqual(self.session_key, self.channel.shared_key)
Ejemplo n.º 37
0
    def __init__(self, server, reader, writer):

        self.proxy_writer = None
        self.proxy_reader = None
        self.__reader = reader
        self.client_writer = writer

        self.key = PrivateKey.generate()
        self.client_key = None
        self.proxy_pub_key = self.key.public_key
        self.proxy_pub_key_b64 = self.key.public_key.encode(
            encoder=nacl.encoding.Base64Encoder)
        self.aes_key = None
        self.encrypt = False
        self.AES = None

        self.server = server
        self.logger = server.logger
Ejemplo n.º 38
0
def get_cybersource_test_settings(private_key=None):
    """
    Generates a valid set of settings for CyberSource
    """
    if private_key is None:
        private_key = PrivateKey.generate()

    return {
        "CYBERSOURCE_WSDL_URL":
        (f"http://localhost/service/CyberSourceTransaction_{SERVICE_VERSION}.wsdl"
         ),
        "CYBERSOURCE_MERCHANT_ID":
        "merchant_id",
        "CYBERSOURCE_TRANSACTION_KEY":
        "transaction_key",
        "CYBERSOURCE_INQUIRY_LOG_NACL_ENCRYPTION_KEY":
        Base64Encoder.encode(bytes(private_key.public_key)),
    }
Ejemplo n.º 39
0
def read_config_file(commandlineoptions=None):
    global config_file

    if os.path.exists(config_file):
        with open(config_file, 'r') as f:
            return yaml.load(f)
    else:
        # generate the config file for the client including the secret key
        # which must be kept secret
        config = dict()
        config['own_sk'] = PrivateKey.generate()
        config['registration_successful'] = False
        config['server_pk'] = PublicKey(
            commandlineoptions.server_pk_str.decode('hex'))
        config['contact_list'] = list()
        config['username'] = "******"
        config['status_msg'] = "Testing OnionPIR..."
        save_config_file(config)
        return config
Ejemplo n.º 40
0
def apply(document, config):
    """
    Generates a deploy key, injects config/master keys and performs the extra deployment time encryption of secrets.
    """
    url = util.rget(document, 'secretary', 'url')
    if not url:
        return config

    # Check for encrypted secrets
    found = False
    for key, value in config.get('env', {}).iteritems():
        envelopes = extractEnvelopes(value)
        found = found or envelopes

        # e.g. dots aren't valid in a shell identifier, so `secretary decrypt -e` wouldn't work with them
        if envelopes and not _SHELL_IDENTIFIER_RE.match(key):
            raise RuntimeError((
                "The env var '%s' has an encrypted value but its name is not a valid shell script identifier and not supported by Secretary. "
                +
                "Only alphanumeric characters and underscores are supported, starting with an alphabetic or underscore character."
                +
                "Please check https://github.com/meltwater/lighter#secrets-management ."
            ) % key)

    # Avoid adding public keys if no secrets present
    if not found:
        return config

    result = deepcopy(config)
    masterKey = decodePublicKey(
        util.rget(document, 'secretary', 'master', 'publickey'))

    result['env'] = result.get('env', {})
    result['env']['SECRETARY_URL'] = url
    result['env']['MASTER_PUBLIC_KEY'] = encodeKey(masterKey)

    # Autogenerate a deploy key
    deployKey = PrivateKey.generate()
    result['env']['DEPLOY_PRIVATE_KEY'] = KeyValue(encodeKey(deployKey))
    result['env']['DEPLOY_PUBLIC_KEY'] = KeyValue(
        encodeKey(deployKey.public_key))

    return result
Ejemplo n.º 41
0
def generate_keys():
    # Generate applications public and private key
    # In practice, these would be set externally and stored outside the repository
    sk = PrivateKey.generate()
    pk = sk.public_key

    # write to filesfor access if they don't exist
    sk_path = os.path.join(os.path.dirname(__file__), "..", "private_key")
    if not os.path.exists(sk_path):
        # write as binary
        with open(sk_path, 'wb') as f:
            sk_bytes = bytes(sk)
            f.write(sk_bytes)

    pk_path = os.path.join(os.path.dirname(__file__), "..", "public_key")
    if not os.path.exists(pk_path):
        with open(pk_path, 'wb') as f:
            pk_bytes = bytes(pk)
            f.write(pk_bytes)
Ejemplo n.º 42
0
def operator_key_pair_create():
    try:
        privKey = PrivateKey.generate()
        pubKey = privKey.public_key
        key_pair_res = {
            "DID": ''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase + string.digits, k=22)),
            "public_key": binascii.b2a_base64(bytes(pubKey)).decode("utf-8").strip(),
            "private_key": binascii.b2a_base64(bytes(privKey)).decode("utf-8").strip(),
            "timestamp": str(int(time.time()))
        }
        client_key_res = copy.deepcopy(key_pair_res)
        mongo_setup_provider.key_pair_col.insert_one(key_pair_res)
        return jwt.encode(client_key_res, os.environ["VPNAAS_KEY"], algorithm="HS256")

    except Exception as error:
        logger.error(error)        
        sys.exit()

#tl.start(block=False)
Ejemplo n.º 43
0
def NACL_sealedBox_encrypt(text):
    # Generate Bob's private key, as we've done in the Box example
    skbob = PrivateKey.generate()
    pkbob = skbob.public_key
    # Alice wishes to send a encrypted message to Bob,
    # but prefers the message to be untraceable
    sealed_box = SealedBox(pkbob)
    # This is Alice's message
    message = bytes(text,'utf-8')
    # Encrypt the message, it will carry the ephemeral key public part
    # to let Bob decrypt it
    encrypted = sealed_box.encrypt(message)
    #Now, Bob wants to read the secret message he just received; therefore he must create a SealedBox using his own
    #private key:
    unseal_box = SealedBox(skbob)
    # decrypt the received message
    plaintext = unseal_box.decrypt(encrypted)
    print(plaintext.decode('utf-8'))
    return True 
Ejemplo n.º 44
0
    def __init__(self, user, keyring, filename=None):
        """
        we want to keep all the cryptographic functions as side-effect
        free as possible, so when we instantiate a keyring we'll do as
        much of the setup and I/O as possible.
        """
        self.keyring = keyring
        if not filename:
            filename = keyring.lstrip('/key').replace('/', '.')
            filename = os.path.join(DIR, '{}.{}'.format(user, filename))

        try:
            self._load_from_private_keyfile(filename)
        except FileNotFoundError:
            self.enc_key = PrivateKey.generate()
            self.signing_key = nacl.signing.SigningKey.generate()
            self.enc_key_id = uuid.uuid4().hex
            self.signing_key_id = uuid.uuid4().hex
            self._to_private_keyfile(filename)
Ejemplo n.º 45
0
    def purchase(self, node_to_ask, contract):
        """
        Send an order message to the vendor.

        Args:
            node_to_ask: a `dht.node.Node` object
            contract: a complete `Contract` object containing the buyer's order
        """
        def parse_response(response):
            try:
                address = contract.contract["buyer_order"]["order"]["payment"][
                    "address"]
                chaincode = contract.contract["buyer_order"]["order"][
                    "payment"]["chaincode"]
                masterkey_b = contract.contract["buyer_order"]["order"]["id"][
                    "pubkeys"]["bitcoin"]
                buyer_key = derive_childkey(masterkey_b, chaincode)
                amount = contract.contract["buyer_order"]["order"]["payment"][
                    "amount"]
                listing_hash = contract.contract["buyer_order"]["order"][
                    "ref_hash"]
                verify_key = nacl.signing.VerifyKey(
                    node_to_ask.signed_pubkey[64:])
                verify_key.verify(
                    str(address) + str(amount) + str(listing_hash) +
                    str(buyer_key), response[1][0])
                return response[1][0]
            except Exception:
                return False

        public_key = contract.contract["vendor_offer"]["listing"]["id"][
            "pubkeys"]["encryption"]
        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(json.dumps(contract.contract, indent=4),
                                 nonce)
        d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
        self.log.info("purchasing contract %s from %s" %
                      (contract.get_contract_id().encode("hex"), node_to_ask))
        return d.addCallback(parse_response)
Ejemplo n.º 46
0
    def test_login_failure_no_public_key(self):
        """
        Test to login without public_key
        """

        # our public / private key box
        box = PrivateKey.generate()

        # our hex encoded public / private keys
        user_session_private_key_hex = box.encode(
            encoder=nacl.encoding.HexEncoder).decode()
        user_session_public_key_hex = box.public_key.encode(
            encoder=nacl.encoding.HexEncoder).decode()

        server_crypto_box = Box(
            PrivateKey(user_session_private_key_hex,
                       encoder=nacl.encoding.HexEncoder),
            PublicKey(settings.PUBLIC_KEY, encoder=nacl.encoding.HexEncoder))

        login_info_nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
        encrypted = server_crypto_box.encrypt(
            json.dumps({
                'username': self.test_username,
                'authkey': self.test_authkey,
            }).encode("utf-8"), login_info_nonce)
        login_info_encrypted = encrypted[len(login_info_nonce):]

        data = {
            'login_info':
            nacl.encoding.HexEncoder.encode(login_info_encrypted).decode(),
            'login_info_nonce':
            nacl.encoding.HexEncoder.encode(login_info_nonce).decode(),
            # 'public_key': user_session_public_key_hex,
        }

        url = reverse('authentication_login')

        models.Token.objects.all().delete()

        response = self.client.post(url, data)

        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
Ejemplo n.º 47
0
def show_cluster_config(cluster_id: str) -> dict:

    box = PrivateKey.generate()
    private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder)
    public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder)

    if not cluster_id or cluster_id == 'None':
        return {
            'error': 'CLUSTER_ID required'
        }

    try:
        cluster = Fileserver_Cluster.objects.filter(pk=cluster_id).get()
    except Fileserver_Cluster.DoesNotExist:
        return {
            'error': 'A cluster with this id was not found. You can use "fsclusterlist" to display all'
        }

    if cluster.links.count() == 0:
        return {
            'error': '    Shard: Not found for this cluster. You can create one with "fsshardcreate TITLE \'Some description\'" and then link it to this cluster with "fsshardlink ' + str(
                cluster.id) + ' SHARD_ID"'
        }

    uni = string.ascii_letters + string.digits + string.punctuation

    print('SECRET_KEY: ' + repr((''.join([random.SystemRandom().choice(uni) for i in range(50)])).replace('\'', '"')))
    print('PRIVATE_KEY: ' + repr(str(private_key_hex.decode())))
    print('PUBLIC_KEY: ' + repr(str(public_key_hex.decode())))
    print('SERVER_URL: ' + repr(settings.HOST_URL))
    print('SERVER_PUBLIC_KEY: ' + repr(settings.PUBLIC_KEY))
    print("CLUSTER_ID: '"+ str(cluster.id) +"'")
    print("CLUSTER_PRIVATE_KEY: '"+ str(decrypt_with_db_secret(cluster.auth_private_key)) +"'")


    shards = []
    for links in cluster.links.all():
        shards.append('{shard_id: ' + str(links.shard_id) + ', read: ' + str(links.read) + ', write: ' + str(links.write) + ', delete: ' + str(links.delete_capability) + ', allow_link_shares: ' + str(links.allow_link_shares) + ', engine: {class: \'local\', kwargs: {location: \'/opt/psono-shard/'+ str(links.shard_id) +'\'}}}')

    print("SHARDS: ["+','.join(shards)+"]")

    return {}
Ejemplo n.º 48
0
                    def get_node(node_to_ask, recipient_guid, public_key):
                        def parse_response(response):
                            if not response[0]:
                                self.send_message(Node(unhexlify(recipient_guid)),
                                                  public_key,
                                                  objects.PlaintextMessage.Type.Value("DISPUTE_CLOSE"),
                                                  dispute_json,
                                                  order_id,
                                                  store_only=True)

                        if node_to_ask:
                            skephem = PrivateKey.generate()
                            pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                            box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
                            nonce = nacl.utils.random(Box.NONCE_SIZE)
                            ciphertext = box.encrypt(json.dumps(dispute_json, indent=4), nonce)
                            d = self.protocol.callDisputeClose(node_to_ask, pkephem, ciphertext)
                            return d.addCallback(parse_response)
                        else:
                            return parse_response([False])
Ejemplo n.º 49
0
def fake_transport():
    privkey = PrivateKey.generate()
    pubkey_hex = privkey.public_key.encode().encode("hex")
    TID_tokenid, TID_privkey, TID_token0 = rrid.create()
    private = {
        "privkey": privkey,
        "TID": (TID_tokenid, TID_privkey, TID_token0)
    }
    # this is what lives in our database. All channels that share the same
    # transport will use the same thing.
    db_record = {
        "for_sender": {
            "type": "test-return",
            "transport_pubkey": pubkey_hex,
        },
        "for_recipient": {
            "TID": TID_token0.encode("hex")
        },
    }
    return private, db_record
Ejemplo n.º 50
0
def rotate_user_key(args):
    """Rotates the user main key.

    Required when a device was removed to keep future content safe.

    Maximum rotation rate once per second, but please don't: it will just make
    the user identity block bloated, eventually blocking the user by upload limit.
    """
    username = get_username(args)
    user_storage = LocalStorage(username)
    old_signing = _get_user_signingkey(username)
    old_private = _get_user_privatekey(username)
    timestamp = get_timestamp_seconds()
    with user_storage as us:
        us["signingkey"] = SigningKey.generate().encode()
        us["privatekey"] = PrivateKey.generate().encode()
        us["previous_keys"][timestamp] = {
            "signingkey": us["signingkey"],
            "privatekey": us["privatekey"],
        }
Ejemplo n.º 51
0
    def setUp(self):
        box = PrivateKey.generate()
        private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder)
        public_key_hex = box.public_key.encode(
            encoder=nacl.encoding.HexEncoder)

        private_key_hex = encrypt_with_db_secret(private_key_hex.decode())
        public_key_hex = encrypt_with_db_secret(public_key_hex.decode())

        self.cluster = models.Fileserver_Cluster.objects.create(
            title='Some Title',
            auth_public_key=public_key_hex,
            auth_private_key=private_key_hex,
            file_size_limit=0,
        )

        self.shard = models.Fileserver_Shard.objects.create(
            title='Some Title',
            description='Some description',
        )
Ejemplo n.º 52
0
def new_shop(req: ShopCreateRequest):
    try:
        b64decode(req.shop_pub_key)
    except binascii.Error:
        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST,
                            detail='公鑰錯誤')
    shop = Shop(name=req.name, shop_pub_key=req.shop_pub_key)
    private_key = PrivateKey.generate()
    box = SecretBox(SERVER_MASTER_SECRET)
    try:
        Secret(shop=shop,
               server_secret_key=b64encode(
                   box.encrypt(private_key._private_key)).decode('ascii'))
        commit()
    except TransactionIntegrityError:
        rollback()
        raise HTTPException(status_code=status.HTTP_409_CONFLICT,
                            detail='公鑰已被使用')

    return b64encode(private_key.public_key._public_key).decode('ascii')
Ejemplo n.º 53
0
 def __init__(self,
              reactor,
              host,
              port,
              serverKey,
              serverExtension,
              clientKey=None,
              clientExtension='\x00' * 16):
     self.reactor = reactor
     self.host = host
     self.port = port
     self.serverKey = serverKey
     self.serverExtension = serverExtension
     if clientKey is None:
         clientKey = PrivateKey.generate()
     self.clientKey = clientKey
     self.clientExtension = clientExtension
     self._funcs = []
     self.setupClient()
     self.delayedCall = None
Ejemplo n.º 54
0
    def get_wg_keys(self, ifname):
        private_key_path = f"/etc/syntropy-agent/privatekey-{ifname}"
        public_key_path = f"/etc/syntropy-agent/publickey-{ifname}"
        private_key = Path(private_key_path)
        public_key = Path(public_key_path)
        if not private_key.is_file() or not public_key.is_file():
            privKey = PrivateKey.generate()
            pubKey = base64.b64encode(bytes(privKey.public_key))
            privKey = base64.b64encode(bytes(privKey))
            base64_privKey = privKey.decode('ascii')
            base64_pubKey = pubKey.decode('ascii')
            private_key.write_text(base64_privKey)
            public_key.write_text(base64_pubKey)
            private_key.chmod(0o600)
            public_key.chmod(0o600)

        if self.wg_kernel:
            return public_key.read_text().strip(), private_key.read_text(
            ).strip()
        else:
            return public_key.read_text().strip(), private_key_path
Ejemplo n.º 55
0
def start():
    if not os.path.exists("keys.txt"):
        secretkey = PrivateKey.generate()
        publickey = secretkey.public_key

        publickey64 = publickey.encode(Base64Encoder).decode("utf8")
        secretkey64 = secretkey.encode(Base64Encoder).decode("utf8")

        with open("keys.txt", "w") as myfile:
            myfile.write(publickey64)
            myfile.write("\n")
            myfile.write(secretkey64)
    else:
        with open("keys.txt", "r") as myfile:
            publickey64 = myfile.readline()
            secretkey64 = myfile.readline()

        #publickey = nacl.public.PublicKey(publickey64, nacl.encoding.Base64Encoder)
        secretkey = nacl.public.PrivateKey(secretkey64, nacl.encoding.Base64Encoder)
        print(secretkey)
    return secretkey
Ejemplo n.º 56
0
    def handle(self, *args, **options):

        uni = string.ascii_letters + string.digits + string.punctuation
        box = PrivateKey.generate()
        private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder)
        public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder)

        print('')
        print('# Copy paste this content into your settings.yml and replace existing occurrences')
        print('# ')
        print('# WARNING: Do this only for a fresh installation!')
        print('# Changing those variables afterwards will break the program e.g.:')
        print('# Activation links will not work, Server will not be able to read user emails, ...')
        print('')
        print('SECRET_KEY: ' + repr((''.join([random.SystemRandom().choice(uni) for i in range(50)])).replace('\'', '"')))
        print('ACTIVATION_LINK_SECRET: ' + repr((''.join([random.SystemRandom().choice(uni) for i in range(50)])).replace('\'', '"')))
        print('DB_SECRET: ' + repr((''.join([random.SystemRandom().choice(uni) for i in range(50)])).replace('\'', '"')))
        print('EMAIL_SECRET_SALT: ' + repr(str(bcrypt.gensalt().decode())))
        print('PRIVATE_KEY: ' + repr(str(private_key_hex.decode())))
        print('PUBLIC_KEY: ' + repr(str(public_key_hex.decode())))
        print('')
Ejemplo n.º 57
0
    def decrypt(self, packetID, payload):
        if packetID == 20100:
            self.sessionKey = payload[4:]
            self.sk         = PrivateKey.generate()
            self.pk         = self.sk.public_key

            return payload

        elif packetID == 20103 and not self.sessionKey:
            return payload

        elif packetID == 22280 or (packetID == 20103 and self.sessionKey):
            nonce                = Nonce(self.encryptNonce, self.pk, self.serverKey)
            decrypted            = self.decryptPacket(payload, nonce)
            self.sharedKey       = Box.decode(decrypted[24:56])  # Overwrite the previous sharedKey
            self.decryptNonce    = Nonce(decrypted[:24])

            return decrypted[56:]

        else:
            return self.decryptPacket(payload)
Ejemplo n.º 58
0
        def get_node(node_to_ask):
            def parse_response(response):
                if response[0] and response[1][0] == "True":
                    return True
                elif not response[0]:
                    contract_dict = json.loads(json.dumps(contract.contract,
                                                          indent=4),
                                               object_pairs_hook=OrderedDict)
                    del contract_dict["vendor_order_confirmation"]
                    order_id = digest(json.dumps(contract_dict,
                                                 indent=4)).encode("hex")
                    self.send_message(
                        Node(unhexlify(guid)),
                        contract.contract["buyer_order"]["order"]["id"]
                        ["pubkeys"]["encryption"],
                        objects.Plaintext_Message.Type.Value(
                            "ORDER_CONFIRMATION"),
                        json.dumps(
                            contract.contract["vendor_order_confirmation"]),
                        order_id,
                        store_only=True)
                    return True
                else:
                    return False

            if node_to_ask:
                public_key = contract.contract["buyer_order"]["order"]["id"][
                    "pubkeys"]["encryption"]
                skephem = PrivateKey.generate()
                pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                box = Box(skephem,
                          PublicKey(public_key, nacl.encoding.HexEncoder))
                nonce = nacl.utils.random(Box.NONCE_SIZE)
                ciphertext = box.encrypt(
                    json.dumps(contract.contract, indent=4), nonce)
                d = self.protocol.callOrderConfirmation(
                    node_to_ask, pkephem, ciphertext)
                return d.addCallback(parse_response)
            else:
                return parse_response([False])
Ejemplo n.º 59
0
    def setUp(self):
        box = PrivateKey.generate()
        self.cluster_private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder).decode()
        self.cluster_public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder).decode()

        private_key = encrypt_with_db_secret(self.cluster_private_key_hex)
        public_key = encrypt_with_db_secret(self.cluster_public_key_hex)

        self.cluster1 = Fileserver_Cluster.objects.create(
            title='Some Fileserver Cluster Title',
            auth_public_key=public_key,
            auth_private_key=private_key,
            file_size_limit=0,
        )

        self.shard1 = Fileserver_Shard.objects.create(
            title='Some Shard Title',
            description='Some Shard Description',
        )

        self.link1 = Fileserver_Cluster_Shard_Link.objects.create(
            cluster=self.cluster1,
            shard=self.shard1,
            read=True,
            write=True,
        )

        token_hash = TokenAuthentication.user_token_to_token_hash('abc')
        self.fileserver1 = Fileserver_Cluster_Members.objects.create(
            create_ip='127.0.0.1',
            fileserver_cluster=self.cluster1,
            key=token_hash,
            public_key=binascii.hexlify(os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(),
            secret_key=binascii.hexlify(os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(),
            url='https://fs01.example.com/fileserver',
            read=True,
            write=True,
            delete_capability=True,
            valid_till=timezone.now() + datetime.timedelta(seconds=30),
        )
Ejemplo n.º 60
0
 def _replyWithCookie(self, data, host_port):
     if len(data) != _helloStruct.size:
         return
     serverExtension, clientExtension, clientShortPubkey, nonce, encrypted = _helloStruct.unpack(
         data)
     serverLongClientShort = Box(self.serverKey.key,
                                 PublicKey(clientShortPubkey))
     try:
         serverLongClientShort.decrypt(encrypted,
                                       'CurveCP-client-H' + nonce)
     except CryptoError:
         return
     serverShortKey = PrivateKey.generate()
     unencryptedCookie = clientShortPubkey + str(serverShortKey)
     cookieNonce = self.serverKey.nonce(longterm=True)
     cookie = cookieNonce + self._secretBox.encrypt(
         unencryptedCookie, 'c' * 8 + cookieNonce).ciphertext
     boxData = str(serverShortKey.public_key) + cookie
     cookiePacket = ('RL3aNMXK' + clientExtension + serverExtension +
                     cookieNonce + serverLongClientShort.encrypt(
                         boxData, 'CurveCPK' + cookieNonce).ciphertext)
     self.transport.write(cookiePacket, host_port)