def test_crypto_kx(self): if not pysodium.sodium_version_check(1, 0, 12): return client_pk, client_sk = pysodium.crypto_kx_keypair() server_pk, server_sk = pysodium.crypto_kx_keypair() crx, ctx = pysodium.crypto_kx_client_session_keys(client_pk, client_sk, server_pk) srx, stx = pysodium.crypto_kx_server_session_keys(server_pk, server_sk, client_pk) self.assertEqual(crx, stx) self.assertEqual(ctx, srx)
def test_crypto_kx(self): if not pysodium.sodium_version_check(1, 0, 12): return client_pk, client_sk = pysodium.crypto_kx_keypair() server_pk, server_sk = pysodium.crypto_kx_keypair() crx, ctx = pysodium.crypto_kx_client_session_keys(client_pk, client_sk, server_pk) srx, stx = pysodium.crypto_kx_server_session_keys(server_pk, server_sk, client_pk) self.assertEqual(crx, stx) self.assertEqual(ctx, srx)
def as_bytes(self): # magic signature datagram = bytearray("GARLICKYCLIENT", "ascii") # protocol version number datagram.extend(struct.pack(">H", 0)) # generate ephemeral key self.eph_pk, self.eph_sk = pysodium.crypto_kx_keypair() assert len(self.eph_pk) == 32 datagram.extend(self.eph_pk) # generate keypair for signature self.sign_pk, self.sign_sk = pysodium.crypto_sign_keypair() assert len(self.sign_pk) == 32 datagram.extend(self.sign_pk) # sign the ephemeral key cus untrusted apparently :/ # print(pysodium.sodium.crypto_sign_ed25519_detached) sig = ctypes.create_string_buffer(pysodium.crypto_sign_BYTES) check(pysodium.sodium.crypto_sign_ed25519_detached( sig, ctypes.c_void_p(0), self.eph_pk, ctypes.c_ulonglong(len(self.eph_pk)), self.sign_sk, )) assert len(sig) == 64 # pysodium.crypto_sign_detached(eph_pk, sign_sk) datagram.extend(sig) assert len(datagram) == 144 return datagram
def send(self, addr, cSuite, nodeData): try: addrStr = sts_utility.addrToString(addr) if addrStr in STS.STSConnectionStates.keys(): if STS.STSConnectionStates[addrStr]['phase'] == 2: print('send data with the existing session') ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData) self.sock.sendto(ECDH_DATA_EX, addr) # self.receive() else: self.terminate(addr) else: print('send data with the new session') # myCert, myCertStatus = sts_utility.decodeMyCertificate(self.sock, self.endpoint_address) # myEncrypKey, mySignKey = sts_utility.decodeSecretKey() if cSuite in [1, 2, 6]: # print('sending ECDH') myECDHPK, myECDHSK = pysodium.crypto_kx_keypair() propose = self.generateProposeECDH(cSuite, myECDHPK, self.mySignKey, self.myCert, self.myCertStatus) STS.STSConnectionStates[addrStr] = { 'session_key': None, 'phase': 0, 'init': True, 'data': nodeData, 'keys': (myECDHPK, myECDHSK), 'cSuite': cSuite, 'time': int(time.time()) } print('sending PROPOSE') sts_utility.decodeSTSMessage(propose) self.sock.sendto(propose, addr) elif cSuite in [3, 4, 5]: propose = self.generateProposeECDH(cSuite, (0).to_bytes( 32, byteorder='big'), self.mySignKey, self.myCert, self.myCertStatus) STS.STSConnectionStates[addrStr] = { 'session_key': None, 'phase': 0, 'init': True, 'data': nodeData, 'keys': None, 'cSuite': cSuite, 'time': int(time.time()) } print('sending PROPOSE') sts_utility.decodeSTSMessage(propose) self.sock.sendto(propose, addr) # while not STS.STSConnectionStates[addrStr]['phase'] == 2: # self.receive() # ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData) # self.sock.sendto(ECDH_DATA_EX, addr) # self.receive() except: return None
def generate(cls) -> (bytes, bytes, bytes): """Generate new keypair and ID key. They should be saved to file using Association.save() unless we want to reassociate again next time.""" public_key, private_key = pysodium.crypto_kx_keypair() id_key = pysodium.randombytes(pysodium.crypto_box_PUBLICKEYBYTES) return public_key, private_key, id_key
def session_prepare_phase_1 () : log ("[dcf6b145]", "[crypto][session]", "generating session public-private keys...") _local_sess_pub_key, _local_sess_priv_key = pysodium.crypto_kx_keypair () log ("[3029ae13]", "[crypto][session]", "generated session private key `%s`;", _local_sess_priv_key.encode ("b64")) log ("[4b75829d]", "[crypto][session]", "generated session public key `%s`;", _local_sess_pub_key.encode ("b64")) return _local_sess_pub_key, _local_sess_priv_key
def sendBlake2bResp(self, data, addr, cSuite): addrStr = sts_utility.addrToString(addr) # myCert, myCertStatus = sts_utility.decodeMyCertificate(self.sock, self.endpoint_address) # myEncrypKey, mySignKey = sts_utility.decodeSecretKey() if cSuite in [1, 2]: # print('sending ECDH') myECDHPK, myECDHSK = pysodium.crypto_kx_keypair() propose = self.generateProposeECDH(cSuite, myECDHPK, self.mySignKey, self.myCert, self.myCertStatus) # STS.STSConnectionStates[addrStr] = {'session_key': None, 'phase': 0, 'init': True, # 'keys': (myECDHPK, myECDHSK), # 'cSuite': cSuite, 'time': int(time.time())} STS.STSConnectionStates[addrStr]['keys'] = (myECDHPK, myECDHSK) self.blake2b(data, addr, server=True) self.sock.sendto(propose, addr) elif cSuite == 0: myECDHPK, myECDHSK = pysodium.crypto_kx_keypair() STS.STSConnectionStates[addrStr]['keys'] = (myECDHPK, myECDHSK) propose = self.generateProposeECDH(1, myECDHPK, self.mySignKey, self.myCert, self.myCertStatus) self.sock.sendto(propose, addr)
def send(self, addr, cSuite, nodeData): try: addrStr = sts_utility.addrToString(addr) if addrStr in STS.STSConnectionStates.keys(): if STS.STSConnectionStates[addrStr]['phase'] == 2: print('send data with the existing session') ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData) self.sock.sendto(ECDH_DATA_EX, addr) # self.receive() else: self.terminate(addr) else: print('send data with the new session') if cSuite in [1, 2]: myECDHPK, myECDHSK = pysodium.crypto_kx_keypair() propose = self.generateProposeECDH(cSuite, myECDHPK, self.mySignKey, self.myCert, self.myCertStatus) STS.STSConnectionStates[addrStr] = { 'session_key': None, 'phase': 0, 'init': True, 'data': nodeData, 'keys': (myECDHPK, myECDHSK), 'cSuite': cSuite, 'time': int(time.time()) } self.sock.sendto(propose, addr) elif cSuite in [3, 4, 5]: propose = self.generateProposeECDH(3, (0).to_bytes( 32, byteorder='big'), self.mySignKey, self.myCert, self.myCertStatus) STS.STSConnectionStates[addrStr] = { 'session_key': None, 'phase': 0, 'init': True, 'data': nodeData, 'keys': None, 'cSuite': cSuite, 'time': int(time.time()) } self.sock.sendto(propose, addr) except: return None