def generate(cls, basedir): """Create a security context directory from default parameters and a random key; it is an error if that directory already exists. No SecurityContext object is returned immediately, as it is expected that the generated context can't be used immediately but first needs to be copied to another party and then can be opened in either the sender or the recipient role.""" # shorter would probably be OK too (that token might be suitable to # even skip extraction), but for the purpose of generating conformant # example contexts. master_secret = secrets.token_bytes(nbytes=32) os.makedirs(basedir) with open(os.path.join(basedir, 'settings.json'), 'w') as settingsfile: settingsfile.write("{\n" ' "sender-id_hex": "00",\n' ' "recipient-id_hex": "01",\n' ' "algorithm": "AES-CCM-64-64-128",\n' ' "kdf-hashfun": "sha256"\n' '}') # atomicity is not really required as this is a new directory, but the # readable-by-us-only property is easily achieved with mkstemp tmphand, tmpnam = tempfile.mkstemp(dir=basedir, prefix='.secret-', suffix='.json', text=True) with os.fdopen(tmphand, 'w') as secretfile: secretfile.write("{\n" ' "secret_hex": "%s"\n' '}' % binascii.hexlify(master_secret).decode('ascii')) os.rename(tmpnam, os.path.join(basedir, 'secret.json'))
def generate(cls, basedir): """Create a security context directory from default parameters and a random key; it is an error if that directory already exists. No SecurityContext object is returned immediately, as it is expected that the generated context can't be used immediately but first needs to be copied to another party and then can be opened in either the sender or the recipient role.""" # shorter would probably be OK too (that token might be suitable to # even skip extraction), but for the purpose of generating conformant # example contexts. master_secret = secrets.token_bytes(nbytes=32) os.makedirs(basedir) with open(os.path.join(basedir, 'settings.json'), 'w') as settingsfile: settingsfile.write("{\n" ' "server-id_hex": "00",\n' ' "client-id_hex": "01",\n' ' "algorithm": "AES-CCM-16-64-128",\n' ' "kdf-hashfun": "sha256"\n' '}') # atomicity is not really required as this is a new directory, but the # readable-by-us-only property is easily achieved with mkstemp tmphand, tmpnam = tempfile.mkstemp(dir=basedir, prefix='.secret-', suffix='.json', text=True) with os.fdopen(tmphand, 'w') as secretfile: secretfile.write("{\n" ' "secret_hex": "%s"\n' '}'%binascii.hexlify(master_secret).decode('ascii')) os.rename(tmpnam, os.path.join(basedir, 'secret.json'))
def __init__( self, basedir, sequence_number_chunksize_start=10, sequence_number_chunksize_limit=10000, ): self.basedir = basedir self.lockfile = filelock.FileLock(os.path.join(basedir, 'lock')) # 0.001: Just fail if it can't be acquired # See https://github.com/benediktschmitt/py-filelock/issues/57 try: self.lockfile.acquire(timeout=0.001) except: # No lock, no loading, no need to fail in __del__ self.lockfile = None raise # Always enabled as committing to a file for every received request # would be a terrible burden. self.echo_recovery = secrets.token_bytes(8) try: self._load() except KeyError as k: raise self.LoadError("Configuration key missing: %s" % (k.args[0], )) self.sequence_number_chunksize_start = sequence_number_chunksize_start self.sequence_number_chunksize_limit = sequence_number_chunksize_limit self.sequence_number_chunksize = sequence_number_chunksize_start self.sequence_number_persisted = self.sender_sequence_number
def setUp(self): algorithm = aiocoap.oscore.algorithms[aiocoap.oscore.DEFAULT_ALGORITHM] hashfun = aiocoap.oscore.hashfunctions[ aiocoap.oscore.DEFAULT_HASHFUNCTION] alg_countersign = aiocoap.oscore.Ed25519() group_id = b"G" participants = [b"", b"\x01", b"longname"] private_keys = [alg_countersign.generate() for _ in participants] public_keys = [ alg_countersign.public_from_private(k) for k in private_keys ] master_secret = secrets.token_bytes(64) master_salt = b"PoCl4" self.groups = [ aiocoap.oscore.SimpleGroupContext( algorithm, hashfun, alg_countersign, group_id, master_secret, master_salt, participants[i], private_keys[i], { participants[j]: public_keys[j] for j, _ in enumerate(participants) if i != j }) for i, _ in enumerate(participants) ] super().setUp()