Exemple #1
0
def server_handshake_begin(server_priv, message):
    """
    Receive the handshake
    :param server_priv: server private key
    :param message: message data (decoded)
    :return: secret aes key, client's pubkey, handshake response to send
    """
    assert server_priv.curve.openssl_name == message["keytype"]
    signature = message["signature"]

    client_pub = identity.loadpubstr(message["pub"])  # client long term key
    session_pub = identity.loadpubstr(message["session"])  # client session ecc key

    verify_msg = message["session"] + message["kdf"] + message["keytype"]

    assert identity.verify_string(client_pub, signature, verify_msg) is True

    shared = identity.ecdh(server_priv, session_pub)
    secret = derive_key(message["kdf"], shared)

    challenge_plain = str(uuid.uuid4())

    challenge, iv = aes_encrypt_str(secret, challenge_plain)
    response = {"challenge": challenge, "iv": iv}
    return secret, client_pub, response, challenge_plain
Exemple #2
0
def server_handshake_finish(client_pub, challenge, response):
    """
    Verify the client processed our handshake correctly
    :param client_pub: client's long term public key
    :param challenge: challenge plaintext
    :param response: message containing a signature of the plaintext and hash of the singer pubkey
    :return:
    """
    assert "fingerprint" in response
    pubkeyhash = hashlib.sha512(client_pub.to_der()).hexdigest()
    assert pubkeyhash == response["fingerprint"]
    assert identity.verify_string(client_pub, response["signature"], challenge)
    return {"status": "complete"}
Exemple #3
0
def receive_data(pubkey, sessionkey, data):
    """
    Verify and Decrypt a message
    :param pubkey: the sender's signing key
    :param sessionkey: the encryption key
    :param data: (string)
    :return: the plain text if the message verifies
    """
    pubkeyhash = hashlib.sha512(pubkey.to_der()).hexdigest()
    assert pubkeyhash == data["fingerprint"]
    assert identity.verify_string(pubkey,
                                  data["signature"],
                                  data["ciphertext"])

    return aes_decrypt_str(sessionkey,
                           data["iv"],
                           data["ciphertext"])
def test_generate_sign(tmpdir):
    """
    Test key generation
    :param tmpdir:
    :return:
    """
    datafolder = tmpdir.strpath
    identity.first_run(datafolder)
    keyfile = identity.get_priv_keyfilename(datafolder)

    assert os.path.isfile(keyfile)

    key = identity.load(keyfile)
    signature = identity.sign_string(key, "hello")

    pub = identity.loadpub(identity.get_pub_keyfilename(datafolder))
    assert identity.verify_string(pub, signature, "hello")