def blind_index_slow(plaintext: bytes,
key: bytes,
bit_length: int = 256,
**options):
ops_limit = max(
options.get('opslimit', CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE),
CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE)
mem_limit = max(
options.get('memlimit', CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE),
CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)
pw_hash_length = bit_length >> 3
if pw_hash_length < 16:
pw_hash_length = 16
if pw_hash_length > 4294967295:
raise Exception('Output length is far too big')
hashed = pysodium.crypto_pwhash(
outlen=pw_hash_length,
passwd=plaintext,
salt=pysodium.crypto_generichash(key, outlen=16),
opslimit=ops_limit,
memlimit=mem_limit,
alg=pysodium.crypto_pwhash_ALG_ARGON2ID13,
)
result = and_mask(hashed, bit_length)
return result
def derive_keypair(salt, opslimit, memlimit, flag):
flag = flag.encode('utf-8')
assert isinstance(salt, bytes)
assert isinstance(flag, bytes)
assert len(salt) == pysodium.crypto_pwhash_SALTBYTES
chall_seed = pysodium.crypto_pwhash(pysodium.crypto_sign_SEEDBYTES, flag,
salt, opslimit, memlimit,
pysodium.crypto_pwhash_ALG_ARGON2ID13)
return pysodium.crypto_sign_seed_keypair(chall_seed)
def test_crypto_pwhash(self):
if not pysodium.sodium_version_check(1, 0, 9): return
pw = "Correct Horse Battery Staple"
salt = binascii.unhexlify(b'0f58b94c7a369fd8a9a7083e4cd75266')
out = pysodium.crypto_pwhash(
pysodium.crypto_auth_KEYBYTES, pw, salt,
pysodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_MEMLIMIT_INTERACTIVE)
self.assertEqual(
binascii.hexlify(out),
b'79db3095517c7358449d84ee3b2f81f0e9907fbd4e0bae4e0bcc6c79821427dc'
)
def preprocess_config(interface, conn, config: dict) -> dict:
if config['crypto']['crypt_password'] is None or config['crypto'][
'crypt_password'] == '':
return config
#raise ValueError('Password has not been set')
config['crypto']['crypt_password'] = config['crypto'][
'crypt_password'].encode('utf8') #must be a byte array
# attempt to get salt from remote, if does not exist
# randomly generate a salt and store it on the remote
try:
res = interface.get_object(
conn, config['crypto']['remote_password_salt_file'])
salt = binascii.unhexlify(res['body'].read())
except ValueError:
salt = pysodium.randombytes(pysodium.crypto_pwhash_SALTBYTES)
interface.put_object(conn,
config['crypto']['remote_password_salt_file'],
binascii.hexlify(salt))
# Everything in here is included as a header, never put anything in this dict that must be private
config['crypto']['encrypt_opts'] = {
'A': 'ARGON2I13',
'O': pysodium.crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
'M': pysodium.crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
'S': base64.b64encode(salt).decode('utf-8')
}
key = pysodium.crypto_pwhash(
pysodium.crypto_secretstream_xchacha20poly1305_KEYBYTES,
config['crypto']['crypt_password'], salt,
config['crypto']['encrypt_opts']['O'],
config['crypto']['encrypt_opts']['M'],
pysodium.crypto_pwhash_ALG_ARGON2I13)
config['crypto']['stream_crypt_key'] = key
return config
def test_pysodium():
"""
Test all the functions needed from pysodium libarary (libsodium)
"""
# crypto_sign signatures with Ed25519 keys
# create keypair without seed
verkey, sigkey = pysodium.crypto_sign_keypair()
assert len(verkey) == 32 == pysodium.crypto_sign_PUBLICKEYBYTES
assert len(sigkey) == 64 == pysodium.crypto_sign_SECRETKEYBYTES
assert 32 == pysodium.crypto_sign_SEEDBYTES
sigseed = pysodium.randombytes(pysodium.crypto_sign_SEEDBYTES)
assert len(sigseed) == 32
# seed = (b'J\xeb\x06\xf2BA\xd6/T\xe1\xe2\xe2\x838\x8a\x99L\xd9\xb5(\\I\xccRb\xc8\xd5\xc7Y\x1b\xb6\xf0')
# Ann's seed
sigseed = (
b'PTi\x15\xd5\xd3`\xf1u\x15}^r\x9bfH\x02l\xc6\x1b\x1d\x1c\x0b9\xd7{\xc0_\xf2K\x93`'
)
assert len(sigseed) == 32
# try key stretching from 16 bytes using pysodium.crypto_pwhash()
assert 16 == pysodium.crypto_pwhash_SALTBYTES
salt = pysodium.randombytes(pysodium.crypto_pwhash_SALTBYTES)
assert len(salt) == 16
# salt = b'\x19?\xfa\xc7\x8f\x8b\x7f\x8b\xdbS"$\xd7[\x85\x87'
# algorithm default is argon2id
sigseed = pysodium.crypto_pwhash(
outlen=32,
passwd="",
salt=salt,
opslimit=pysodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
memlimit=pysodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
alg=pysodium.crypto_pwhash_ALG_DEFAULT)
assert len(sigseed) == 32
# seed = (b'\xa9p\x89\x7f+\x0e\xc4\x9c\xf2\x01r\xafTI\xc0\xfa\xac\xd5\x99\xf8O\x8f=\x843\xa2\xb6e\x9fO\xff\xd0')
# creates signing/verification key pair from seed
verkey, sigkey = pysodium.crypto_sign_seed_keypair(sigseed)
assert len(verkey) == 32
assert len(sigkey) == 64
# sigkey is seed and verkey concatenated. Libsodium does this as an optimization
# because the signing scheme needs both the private key (seed) and the public key so
# instead of recomputing the public key each time from the secret key it requires
# the public key as an input of and instead of two separate inputs, one for the
# secret key and one for the public key, it uses a concatenated form.
# Essentially crypto_sign_seed_keypair and crypto_sign_keypair return redundant
# information in the duple (verkey, sigkey) because sigkey includes verkey
# so one could just store sigkey and extract verkey or sigseed when needed
# or one could just store verkey and sigseed and reconstruct sigkey when needed.
# crypto_sign_detached requires sigkey (sigseed + verkey)
# crypto_sign_verify_detached reqires verkey only
# https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64-bytes-for-signing-but-32-bytes-for-box
assert sigseed == sigkey[:32]
assert verkey == sigkey[32:]
assert sigkey == sigseed + verkey
# vk = (b'B\xdd\xbb}8V\xa0\xd6lk\xcf\x15\xad9\x1e\xa7\xa1\xfe\xe0p<\xb6\xbex\xb0s\x8d\xd6\xf5\xa5\xe8Q')
# utility function to extract seed from secret sigkey (really just extracting from front half)
assert sigseed == pysodium.crypto_sign_sk_to_seed(sigkey)
assert 64 == pysodium.crypto_sign_BYTES
msg = "The lazy dog jumped over the river"
msgb = msg.encode(
"utf-8") # must convert unicode string to bytes in order to sign it
assert msgb == b'The lazy dog jumped over the river'
sig = pysodium.crypto_sign_detached(msgb, sigseed +
verkey) # sigkey = seed + verkey
assert len(sig) == 64
"""
sig = (b"\x99\xd2<9$$0\x9fk\xfb\x18\xa0\x8c@r\x122.k\xb2\xc7\x1fp\x0e'm\x8f@"
b'\xaa\xa5\x8c\xc8n\x85\xc8!\xf6q\x91p\xa9\xec\xcf\x92\xaf)\xde\xca'
b'\xfc\x7f~\xd7o|\x17\x82\x1d\xd4<o"\x81&\t')
"""
#siga = pysodium.crypto_sign(msg.encode("utf-8"), sk)[:pysodium.crypto_sign_BYTES]
#assert len(siga) == 64
#assert sig == siga
try: # verify returns None if valid else raises ValueError
result = pysodium.crypto_sign_verify_detached(sig, msgb, verkey)
except Exception as ex:
assert False
assert not result
assert result is None
sigbad = sig[:-1]
sigbad += b'A'
try: # verify returns None if valid else raises ValueError
result = pysodium.crypto_sign_verify_detached(sigbad, msgb, verkey)
except Exception as ex:
assert True
assert isinstance(ex, ValueError)
# crypto_box authentication encryption with X25519 keys
apubkey, aprikey = pysodium.crypto_box_keypair()
assert len(apubkey) == 32 == pysodium.crypto_box_SECRETKEYBYTES
assert len(aprikey) == 32 == pysodium.crypto_box_PUBLICKEYBYTES
repubkey = pysodium.crypto_scalarmult_curve25519_base(aprikey)
assert repubkey == apubkey
assert 32 == pysodium.crypto_box_SEEDBYTES
boxseed = pysodium.randombytes(pysodium.crypto_box_SEEDBYTES)
assert len(boxseed) == 32
bpubkey, bprikey = pysodium.crypto_box_seed_keypair(boxseed)
assert len(bpubkey) == 32
assert len(bprikey) == 32
repubkey = pysodium.crypto_scalarmult_curve25519_base(bprikey)
assert repubkey == bpubkey
assert 24 == pysodium.crypto_box_NONCEBYTES
nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
assert len(nonce) == 24
# nonce = b'\x11\xfbi<\xf2\xb6k\xa05\x0c\xf9\x86t\x07\x8e\xab\x8a\x97nG\xe8\x87,\x94'
atob_tx = "Hi Bob I'm Alice"
atob_txb = atob_tx.encode("utf-8")
# Detached recomputes shared key every time.
# A encrypt to B
acrypt, amac = pysodium.crypto_box_detached(atob_txb, nonce, bpubkey,
aprikey)
amacl = pysodium.crypto_box_MACBYTES
assert amacl == 16
# amac = b'\xa1]\xc6ML\xe2\xa9:\xc0\xdc\xab\xa5\xc4\xc7\xf4\xdb'
# acrypt = (b'D\n\x17\xb6z\xd8+t)\xcc`y\x1d\x10\x0cTC\x02\xb5@\xe2\xf2\xc9-(\xec*O\xb8~\xe2\x1a\xebO')
# when transmitting prepend amac to crypt
acipher = pysodium.crypto_box(atob_txb, nonce, bpubkey, aprikey)
assert acipher == amac + acrypt
atob_rxb = pysodium.crypto_box_open_detached(acrypt, amac, nonce, apubkey,
bprikey)
atob_rx = atob_rxb.decode("utf-8")
assert atob_rx == atob_tx
assert atob_rxb == atob_txb
atob_rxb = pysodium.crypto_box_open(acipher, nonce, apubkey, bprikey)
atob_rx = atob_rxb.decode("utf-8")
assert atob_rx == atob_tx
assert atob_rxb == atob_txb
btoa_tx = "Hello Alice I am Bob"
btoa_txb = btoa_tx.encode("utf-8")
# B encrypt to A
bcrypt, bmac = pysodium.crypto_box_detached(btoa_txb, nonce, apubkey,
bprikey)
# bmac = b'\x90\xe07=\xd22\x8fh2\xff\xdd\x84tC\x053'
# bcrypt = (b'8\xb5\xba\xe7\xcc\xae B\xefx\xe6{U\xf7\xefA\x00\xc7|\xdbu\xcfc\x01$\xa9\xa2P\xa7\x84\xa5\xae\x180')
# when transmitting prepend amac to crypt
bcipher = pysodium.crypto_box(btoa_txb, nonce, apubkey, bprikey)
assert bcipher == bmac + bcrypt
btoa_rxb = pysodium.crypto_box_open_detached(bcrypt, bmac, nonce, bpubkey,
aprikey)
btoa_rx = btoa_rxb.decode("utf-8")
assert btoa_rx == btoa_tx
assert btoa_rxb == btoa_txb
btoa_rxb = pysodium.crypto_box_open(bcipher, nonce, bpubkey, aprikey)
btoa_rx = btoa_rxb.decode("utf-8")
assert btoa_rx == btoa_tx
assert btoa_rxb == btoa_txb
# compute shared key
asymkey = pysodium.crypto_box_beforenm(bpubkey, aprikey)
bsymkey = pysodium.crypto_box_beforenm(apubkey, bprikey)
assert asymkey == bsymkey
acipher = pysodium.crypto_box_afternm(atob_txb, nonce, asymkey)
atob_rxb = pysodium.crypto_box_open_afternm(acipher, nonce, bsymkey)
assert atob_rxb == atob_txb
bcipher = pysodium.crypto_box_afternm(btoa_txb, nonce, bsymkey)
btoa_rxb = pysodium.crypto_box_open_afternm(bcipher, nonce, asymkey)
assert btoa_rxb == btoa_txb
# crypto_box_seal public key encryption with X25519 keys
# uses same X25519 type of keys as crypto_box authenticated encryption
# so when converting sign key Ed25519 to X25519 can use for both types of encryption
pubkey, prikey = pysodium.crypto_box_keypair()
assert len(pubkey) == 32 == pysodium.crypto_box_PUBLICKEYBYTES
assert len(prikey) == 32 == pysodium.crypto_box_SECRETKEYBYTES
assert 48 == pysodium.crypto_box_SEALBYTES
msg_txb = "Catch me if you can.".encode("utf-8")
assert msg_txb == b'Catch me if you can.'
cipher = pysodium.crypto_box_seal(msg_txb, pubkey)
assert len(cipher) == 48 + len(msg_txb)
msg_rxb = pysodium.crypto_box_seal_open(cipher, pubkey, prikey)
assert msg_rxb == msg_txb
# convert Ed25519 key pair to X25519 key pair
# https://blog.filippo.io/using-ed25519-keys-for-encryption/
# https://libsodium.gitbook.io/doc/advanced/ed25519-curve25519
# crypto_sign_ed25519_pk_to_curve25519
# crypto_sign_ed25519_sk_to_curve25519
pubkey = pysodium.crypto_sign_pk_to_box_pk(verkey)
assert len(pubkey) == pysodium.crypto_box_PUBLICKEYBYTES
prikey = pysodium.crypto_sign_sk_to_box_sk(sigkey)
assert len(prikey) == pysodium.crypto_box_SECRETKEYBYTES
repubkey = pysodium.crypto_scalarmult_curve25519_base(prikey)
assert repubkey == pubkey
msg_txb = "Encoded using X25519 key converted from Ed25519 key".encode(
"utf-8")
cipher = pysodium.crypto_box_seal(msg_txb, pubkey)
assert len(cipher) == 48 + len(msg_txb)
msg_rxb = pysodium.crypto_box_seal_open(cipher, pubkey, prikey)
assert msg_rxb == msg_txb
"""
def test_crypto_pwhash(self):
if not pysodium.sodium_version_check(1, 0, 9): return
pw = "Correct Horse Battery Staple"
salt = binascii.unhexlify(b'0f58b94c7a369fd8a9a7083e4cd75266')
out = pysodium.crypto_pwhash(pysodium.crypto_auth_KEYBYTES, pw, salt, pysodium.crypto_pwhash_OPSLIMIT_INTERACTIVE, pysodium.crypto_pwhash_MEMLIMIT_INTERACTIVE)
self.assertEqual(binascii.hexlify(out), b'79db3095517c7358449d84ee3b2f81f0e9907fbd4e0bae4e0bcc6c79821427dc')
def udp_message(self, data):
pw = self.password[:5]
if ":" + self.user[:-4] + ":" not in data:
packet = list()
for i in data:
packet.append(hex(ord(i)))
IDENT = self.hex_convert(packet[0:3], "i")
# 14593470 is the first 3 bytes (0xDE 0xAD 0xBE) which identifies this type of packet
if IDENT == 14593470:
OPSLIMIT = self.hex_convert(packet[4:8], "i")
MEMLIMIT = self.hex_convert(packet[8:12], "i")
SALT = self.hex_convert(packet[12:28], "s")
NONCE = self.hex_convert(packet[28:36], "s")
CIPHERTEXT = self.hex_convert(packet[36:70], "s")
key = pysodium.crypto_pwhash(
pysodium.crypto_auth_KEYBYTES, pw, SALT, OPSLIMIT,
MEMLIMIT, pysodium.crypto_pwhash_ALG_ARGON2I13)
try:
output = pysodium.crypto_aead_chacha20poly1305_decrypt(
CIPHERTEXT, None, NONCE, key)
outputHex = list()
for i in output:
outputHex.append(hex(ord(i)))
INTERCOM_ID = self.hex_convert(outputHex[0:6], "s")
EVENT = self.hex_convert(outputHex[6:14], "s")
TIMESTAMP = self.hex_convert(outputHex[14:18], "i")
self.logger.debug("------------------------------")
self.logger.debug(indigo.devices[self.indigoID].name +
": Decrypted UDP packet details")
self.logger.debug(" Intercom_ID: " + str(INTERCOM_ID))
self.logger.debug(" Event: " + str(EVENT))
self.logger.debug(" Timestamp: " + str(TIMESTAMP))
self.logger.debug("------------------------------")
if TIMESTAMP != self.lastEvent: #Multiple duplicate UDP packets sent by Doorbird. This removes the duplicates
if str(EVENT).rstrip() == "motion":
self.motion_event()
elif str(EVENT).rstrip() == "1":
self.doorbell_event()
else:
self.logger.debug(
indigo.devices[self.indigoID].name +
": Unknown event (" + EVENT + ")")
self.lastEvent = TIMESTAMP
except:
pass # Just keep going as multiple packets are sent with different passwords. Some will always fail here as wrong password
#11189196 is the first 3 bytes (0xAA 0xBB 0xCC) which occurs when an IP Chime is connected to the Doorbird
elif IDENT == 11189196:
pass # For now do nothing. Maybe useful later when we work out what to do with this type of packet?
else:
self.logger.debug(indigo.devices[self.indigoID].name +
": Unknown packet identifier (" +
str(IDENT) + ")")
else:
self.keepAlive = time.time()
import json
import binascii
from PIL import Image
from pyzbar.pyzbar import decode
import pysodium
backup_password = '******'
data = decode(Image.open('backup_qr.png'))
res = json.loads(data[0].data)
salt = binascii.unhexlify(res['salt'])
nonce_and_ciphertext = binascii.unhexlify(res['seed'])
nonce = nonce_and_ciphertext[0:pysodium.crypto_secretbox_NONCEBYTES]
ciphertext = nonce_and_ciphertext[pysodium.crypto_secretbox_NONCEBYTES:]
pwhash = pysodium.crypto_pwhash(
pysodium.crypto_auth_KEYBYTES, str.encode(backup_password), salt,
pysodium.crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE)
print(pysodium.crypto_secretbox_open(ciphertext, nonce, pwhash))
def hash_password(password, salt):
return pysodium.crypto_pwhash(pysodium.crypto_secretbox_KEYBYTES, password, salt,
pysodium.crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_ALG_ARGON2I13)
def hash_password(password: str, salt: bytes) -> bytes:
return pysodium.crypto_pwhash(
pysodium.crypto_secretbox_KEYBYTES, password, salt,
pysodium.crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
pysodium.crypto_pwhash_ALG_ARGON2I13)