def purchase(self, node_to_ask, contract):
        """
        Send an order message to the vendor.

        Args:
            node_to_ask: a `dht.node.Node` object
            contract: a complete `Contract` object containing the buyer's order
        """
        def parse_response(response):
            try:
                address = contract.contract["buyer_order"]["order"]["payment"]["address"]
                chaincode = contract.contract["buyer_order"]["order"]["payment"]["chaincode"]
                masterkey_b = contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"]
                buyer_key = derive_childkey(masterkey_b, chaincode)
                amount = contract.contract["buyer_order"]["order"]["payment"]["amount"]
                listing_hash = contract.contract["buyer_order"]["order"]["ref_hash"]
                verify_key = nacl.signing.VerifyKey(node_to_ask.signed_pubkey[64:])
                verify_key.verify(
                    str(address) + str(amount) + str(listing_hash) + str(buyer_key), response[1][0])
                return response[1][0]
            except Exception:
                return False

        public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
        d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
        self.log.info("purchasing contract %s from %s" % (contract.get_contract_id().encode("hex"), node_to_ask))
        return d.addCallback(parse_response)
Exemple #2
0
 def _checkInitiate(self, clientID, data, host_port):
     cookieNonce, encryptedCookie, nonce = _initiateStruct.unpack_from(data)
     try:
         decryptedCookie = self._secretBox.decrypt(encryptedCookie, 'c' * 8 + cookieNonce)
     except CryptoError:
         return
     clientShortPubkey = PublicKey(decryptedCookie[:32])
     serverShortKey = PrivateKey(decryptedCookie[32:])
     serverShortClientShort = Box(serverShortKey, clientShortPubkey)
     try:
         decrypted = serverShortClientShort.decrypt(data[176:], 'CurveCP-client-I' + nonce)
     except CryptoError:
         return
     clientPubkeyString, vouchNonce, encryptedVouch, serverDomain = _initiateInnerStruct.unpack_from(decrypted)
     clientPubkey = PublicKey(clientPubkeyString)
     serverLongClientLong = Box(self.serverKey.key, clientPubkey)
     try:
         vouchKey = serverLongClientLong.decrypt(encryptedVouch, 'CurveCPV' + vouchNonce)
     except CryptoError:
         return
     if vouchKey != str(clientShortPubkey):
         return
     transport = CurveCPServerTransport(
         self.reactor, self.serverKey, self.factory, clientID,
         clientPubkey, host_port, serverShortClientShort, dnsToName(serverDomain))
     return transport, decrypted[352:]
        def get_node(node_to_ask):
            def parse_response(response):
                if response[0] and response[1][0] == "True":
                    return True
                elif not response[0]:
                    contract_dict = json.loads(json.dumps(contract.contract, indent=4),
                                               object_pairs_hook=OrderedDict)
                    del contract_dict["vendor_order_confirmation"]
                    del contract_dict["buyer_receipt"]
                    order_id = digest(json.dumps(contract_dict, indent=4)).encode("hex")
                    self.send_message(Node(unhexlify(guid)),
                                      contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"],
                                      objects.Plaintext_Message.Type.Value("RECEIPT"),
                                      json.dumps(contract.contract["buyer_receipt"]),
                                      order_id,
                                      store_only=True)
                    return True
                else:
                    return False

            if node_to_ask:
                public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
                skephem = PrivateKey.generate()
                pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
                box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
                nonce = nacl.utils.random(Box.NONCE_SIZE)
                ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
                d = self.protocol.callCompleteOrder(node_to_ask, pkephem, ciphertext)
                return d.addCallback(parse_response)
            else:
                return parse_response([False])
 def rpc_order(self, sender, pubkey, encrypted):
     try:
         box = Box(self.signing_key.to_curve25519_private_key(), PublicKey(pubkey))
         order = box.decrypt(encrypted)
         c = Contract(self.db, contract=json.loads(order, object_pairs_hook=OrderedDict),
                      testnet=self.multiplexer.testnet)
         v = c.verify(sender.pubkey)
         if v is True:
             self.router.addContact(sender)
             self.log.info("received an order from %s, waiting for payment..." % sender)
             payment_address = c.contract["buyer_order"]["order"]["payment"]["address"]
             chaincode = c.contract["buyer_order"]["order"]["payment"]["chaincode"]
             masterkey_b = c.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"]
             buyer_key = derive_childkey(masterkey_b, chaincode)
             amount = c.contract["buyer_order"]["order"]["payment"]["amount"]
             listing_hash = c.contract["vendor_offer"]["listing"]["contract_id"]
             signature = self.signing_key.sign(
                 str(payment_address) + str(amount) + str(listing_hash) + str(buyer_key))[:64]
             c.await_funding(self.get_notification_listener(), self.multiplexer.blockchain, signature, False)
             return [signature]
         else:
             self.log.warning("received invalid order from %s reason %s" % (sender, v))
             return ["False"]
     except Exception, e:
         self.log.error("Exception (%s) occurred processing order from %s" % (e.message, sender))
         return ["False"]
Exemple #5
0
 def parse_messages(messages):
     if messages is not None:
         for message in messages:
             try:
                 value = objects.Value()
                 value.ParseFromString(message)
                 try:
                     box = Box(PrivateKey(self.signing_key.encode()), PublicKey(value.valueKey))
                     ciphertext = value.serializedData
                     plaintext = box.decrypt(ciphertext)
                     p = objects.Plaintext_Message()
                     p.ParseFromString(plaintext)
                     signature = p.signature
                     p.ClearField("signature")
                     verify_key = nacl.signing.VerifyKey(p.signed_pubkey[64:])
                     verify_key.verify(p.SerializeToString(), signature)
                     h = nacl.hash.sha512(p.signed_pubkey)
                     pow_hash = h[64:128]
                     if int(pow_hash[:6], 16) >= 50 or hexlify(p.sender_guid) != h[:40]:
                         raise Exception('Invalid guid')
                     listener.notify(p.sender_guid, p.encryption_pubkey, p.subject,
                                     objects.Plaintext_Message.Type.Name(p.type), p.message)
                 except Exception:
                     pass
                 signature = self.signing_key.sign(value.valueKey)[:64]
                 self.kserver.delete(self.kserver.node.id, value.valueKey, signature)
             except Exception:
                 pass
 def rpc_message(self, sender, pubkey, encrypted):
     try:
         box = Box(PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey))
         plaintext = box.decrypt(encrypted)
         p = PlaintextMessage()
         p.ParseFromString(plaintext)
         signature = p.signature
         p.ClearField("signature")
         verify_key = nacl.signing.VerifyKey(p.signed_pubkey[64:])
         verify_key.verify(p.SerializeToString(), signature)
         h = nacl.hash.sha512(p.signed_pubkey)
         pow_hash = h[64:128]
         if int(pow_hash[:6], 16) >= 50 or p.sender_guid.encode("hex") != h[:40] or p.sender_guid != sender.id:
             raise Exception('Invalid guid')
         self.log.info("received a message from %s" % sender)
         self.router.addContact(sender)
         for listener in self.listeners:
             try:
                 verifyObject(MessageListener, listener)
                 listener.notify(p, signature)
             except DoesNotImplement:
                 pass
         return ["True"]
     except Exception:
         self.log.warning("received invalid message from %s" % sender)
         return ["False"]
 def rpc_order(self, sender, pubkey, encrypted):
     try:
         box = Box(PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey))
         order = box.decrypt(encrypted)
         c = Contract(self.db, contract=json.loads(order, object_pairs_hook=OrderedDict),
                      testnet=self.multiplexer.testnet)
         if c.verify(sender.signed_pubkey[64:]):
             self.router.addContact(sender)
             self.log.info("received an order from %s, waiting for payment..." % sender)
             payment_address = c.contract["buyer_order"]["order"]["payment"]["address"]
             chaincode = c.contract["buyer_order"]["order"]["payment"]["chaincode"]
             masterkey_b = c.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"]
             buyer_key = derive_childkey(masterkey_b, chaincode)
             amount = c.contract["buyer_order"]["order"]["payment"]["amount"]
             listing_hash = c.contract["buyer_order"]["order"]["ref_hash"]
             signature = self.signing_key.sign(
                 str(payment_address) + str(amount) + str(listing_hash) + str(buyer_key))[:64]
             c.await_funding(self.get_notification_listener(), self.multiplexer.blockchain, signature, False)
             return [signature]
         else:
             self.log.warning("received invalid order from %s" % sender)
             return ["False"]
     except Exception:
         self.log.error("unable to decrypt order from %s" % sender)
         return ["False"]
Exemple #8
0
 def vouch(self, public_key):
     """
     given the public key of another user, asymmetrically encrypt the
     master key. this encryption inherently includes authentication so
     we don't need to also sign this block.
     """
     assert self._master_key is not None
     pkey = PublicKey(public_key, encoder=nacl.encoding.HexEncoder)
     box = Box(self.enc_key, pkey)
     encrypted = box.encrypt(self._master_key)
     data = {'version': VERSION, 'key': encrypted.hex()}
     return json.dumps(data).encode('ascii')
Exemple #9
0
def test_box_decryption(skalice, pkalice, skbob, pkbob, nonce, plaintext,
                        ciphertext):
    pkbob = PublicKey(pkbob, encoder=HexEncoder)
    skalice = PrivateKey(skalice, encoder=HexEncoder)

    box = Box(skalice, pkbob)

    nonce = binascii.unhexlify(nonce)
    decrypted = binascii.hexlify(
        box.decrypt(ciphertext, nonce, encoder=HexEncoder), )

    assert decrypted == plaintext
    def handle(self, *args, **options):  # pylint: disable=too-many-locals, too-many-branches, too-many-statements
        supports_json = install_supports_jsonfield()

        bundle = DataBundle.objects.get(pk=options['bundle_pk'][0])

        if supports_json is False:
            bundle.properties = json.loads(bundle.properties)

        if bundle.encrypted:
            if 'nonce' in bundle.properties and 'encrypted' in bundle.properties:
                payload = base64.b64decode(bundle.properties['encrypted'])
                nonce = base64.b64decode(bundle.properties['nonce'])

                private_key = PrivateKey(base64.b64decode(settings.PDK_SERVER_KEY).strip())  # pylint: disable=line-too-long
                public_key = PublicKey(base64.b64decode(settings.PDK_CLIENT_KEY).strip())  # pylint: disable=line-too-long

                box = Box(private_key, public_key)

                decrypted_message = box.decrypt(payload, nonce)

                decrypted = six.text_type(decrypted_message, encoding='utf8')

                if bundle.compression != 'none':
                    compressed = base64.b64decode(decrypted)

                    if bundle.compression == 'gzip':
                        fio = StringIO.StringIO(
                            compressed)  # io.BytesIO for Python 3
                        gzip_file_obj = gzip.GzipFile(fileobj=fio)
                        payload = gzip_file_obj.read()
                        gzip_file_obj.close()

                        decrypted = payload

                bundle.properties = json.loads(decrypted)
            elif 'encrypted' in bundle.properties:
                print 'Missing "nonce" in encrypted bundle. Cannot decrypt bundle ' + str(
                    bundle.pk) + '. Skipping...'
            elif 'nonce' in bundle.properties:
                print 'Missing "encrypted" in encrypted bundle. Cannot decrypt bundle ' + str(
                    bundle.pk) + '. Skipping...'
        elif bundle.compression != 'none':
            compressed = base64.b64decode(bundle.properties['payload'])

            if bundle.compression == 'gzip':
                fio = StringIO.StringIO(compressed)  # io.BytesIO for Python 3
                gzip_file_obj = gzip.GzipFile(fileobj=fio)
                payload = gzip_file_obj.read()
                gzip_file_obj.close()

                bundle.properties = json.loads(payload)

        print json.dumps(bundle.properties, indent=2)
def test_box_decode():
    pub = PublicKey(
        b"ec2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
        encoder=HexEncoder,
    )
    priv = PrivateKey(
        b"5c2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
        encoder=HexEncoder,
    )
    b1 = Box(priv, pub)
    b2 = Box.decode(b1._shared_key)
    assert b1._shared_key == b2._shared_key
def test_box_optional_nonce(privalice, pubalice, privbob, pubbob, nonce,
                            plaintext, ciphertext):
    pubbob = PublicKey(pubbob, encoder=HexEncoder)
    privalice = PrivateKey(privalice, encoder=HexEncoder)

    box = Box(privalice, pubbob)

    encrypted = box.encrypt(binascii.unhexlify(plaintext), encoder=HexEncoder)

    decrypted = binascii.hexlify(box.decrypt(encrypted, encoder=HexEncoder))

    assert decrypted == plaintext
def test_box_decryption_combined(privalice, pubalice, privbob, pubbob, nonce,
                                 plaintext, ciphertext):
    pubbob = PublicKey(pubbob, encoder=HexEncoder)
    privalice = PrivateKey(privalice, encoder=HexEncoder)

    box = Box(privalice, pubbob)

    combined = binascii.hexlify(
        binascii.unhexlify(nonce) + binascii.unhexlify(ciphertext), )
    decrypted = binascii.hexlify(box.decrypt(combined, encoder=HexEncoder))

    assert decrypted == plaintext
Exemple #14
0
    def _update_boxes(self):
        """Create and set the NaCl boxes."""
        if self.election_private_key and self.backend_public_key:
            self._decryption_box = Box(self.election_private_key,
                                       self.backend_public_key)
        else:
            self._decryption_box = None

        if self.election_public_key and self.backend_private_key:
            self._encryption_box = Box(self.backend_private_key,
                                       self.election_public_key)
        else:
            self._encryption_box = None
def check_key(public_doctor, challenge, challenge_answer):
    # Private-key for the system
    private_system = "d9136c8ba792fef21c9ea11ec80cf3a38cc702e36948ece61c340208b0ac596a"
    private_system = PrivateKey(bytes.fromhex(private_system))

    try:
        box = Box(private_system, public_doctor)
        plaintext = box.decrypt(challenge_answer)
        result = plaintext.decode('utf-8')
    except:
        result = None

    return (result == challenge)
 def rpc_dispute_close(self, sender, pubkey, encrypted):
     try:
         box = Box(self.signing_key.to_curve25519_private_key(), PublicKey(pubkey))
         res = box.decrypt(encrypted)
         resolution_json = json.loads(res, object_pairs_hook=OrderedDict)
         close_dispute(resolution_json, self.db, self.get_message_listener(),
                       self.get_notification_listener(), self.multiplexer.testnet)
         self.router.addContact(sender)
         self.log.info("Contract dispute closed by %s" % sender)
         return ["True"]
     except Exception:
         self.log.error("unable to parse disputed close message from %s" % sender)
         return ["False"]
Exemple #17
0
 def writeMessage(self, message, address):
     pubkey = self.getPublicKeyForAddress(address)
     if pubkey is not None:
         log.msg('issuing DNSCurve query to', address, system='dnscurve')
         box = Box(self._key, pubkey)
         nonce = os.urandom(12)
         query = (
             'Q6fnvWj8' + str(self._key.public_key) + nonce +
             box.encrypt(message.toStr(), nonce + '\x00' * 12).ciphertext)
         self._outstandingDNSCurveQueries[nonce] = box
     else:
         query = message.toStr()
     self.transport.write(query, address)
Exemple #18
0
 def handle_N(self, message):
     """
     encryption key negotiation
     """
     pub_key = PublicKey(message[:32])
     auth = message[32:64]
     if blake2b(bytes(pub_key) + get_cas_secret(), encoder=RawEncoder) != auth:
         raise RuntimeError('Bad Client Auth! %s' % auth)
     self.client_box = Box(self.private_key, pub_key)
     if self.debug:
         print('server public_key: %s' % self.public_key.hex())
         print('client public_key: %s' % bytes(pub_key).hex())
     return [b'OK']
Exemple #19
0
def get_message_key_ciphertext(captain_room_participant_privkey,
                               room_message_key, member_pubkey):
    """
    As the captain, encrypt the room_message_key for this particular room member
    with key 'member_pubkey'.
    """
    encryption_box = Box(captain_room_participant_privkey, member_pubkey)
    message = room_message_key
    nonce = get_random_bytes(Box.NONCE_SIZE)

    ciphertext = encryption_box.encrypt(message,
                                        nonce)  # XXX move to crypto.py
    return ciphertext
Exemple #20
0
    def encrypt_entry(self, entry: str, public_key: str) -> str:
        entry = entry.encode('utf-8')
        sk = encode_private_key(self.password)
        pk = encode_public_key(public_key)
        box = Box(sk, pk)
        encrypted = box.encrypt(entry)
        """
        This method will be used to encrypt messages using a 3rd party public key, such as the one that
        the DS server provides.

        returns encrypted_message:bytes 
        """
        return EM_to_hex(encrypted)
Exemple #21
0
def encrypt_for_perma_payments(message, encoder=encoding.Base64Encoder):
    """
    Basic public key encryption ala pynacl.
    """
    box = Box(
        PrivateKey(
            settings.PERMA_PAYMENTS_ENCRYPTION_KEYS['perma_secret_key'], encoder=encoder
        ),
        PublicKey(
            settings.PERMA_PAYMENTS_ENCRYPTION_KEYS['perma_payments_public_key'], encoder=encoder
        )
    )
    return box.encrypt(message, encoder=encoder)
Exemple #22
0
def decrypt_from_perma_payments(ciphertext, encoder=encoding.Base64Encoder):
    """
    Decrypt bytes encrypted by perma-payments.
    """
    box = Box(
        PrivateKey(
            settings.PERMA_PAYMENTS_ENCRYPTION_KEYS['perma_secret_key'], encoder=encoder
        ),
        PublicKey(
            settings.PERMA_PAYMENTS_ENCRYPTION_KEYS['perma_payments_public_key'], encoder=encoder
        )
    )
    return box.decrypt(ciphertext, encoder=encoder)
Exemple #23
0
 def encrypt(self, textfile, encfile, noncefile):
     box = Box(self.sk, self.pk)
     tfile = open(textfile, 'rb')
     text = tfile.read()
     tfile.close()
     nonce = nacl.utils.random(Box.NONCE_SIZE)
     nfile = open(noncefile, 'wb')
     nfile.write(nonce)
     nfile.close()
     etext = box.encrypt(text, nonce)
     efile = open(encfile, 'wb')
     efile.write(etext)
     efile.close()
Exemple #24
0
def createMsgA(trec, msgC):
    MSTID = rrid.randomize(trec["STID"].decode("hex"))
    msgB = netstring(MSTID) + msgC

    privkey1 = PrivateKey.generate()
    pubkey1 = privkey1.public_key.encode()
    assert len(pubkey1) == 32
    transport_pubkey = trec["transport_pubkey"].decode("hex")
    transport_box = Box(privkey1, PublicKey(transport_pubkey))
    boxed = transport_box.encrypt(msgB, os.urandom(Box.NONCE_SIZE))

    msgA = b"".join([b"a0:", pubkey1, boxed])
    return msgA
Exemple #25
0
    def test_login_with_wrong_password(self):
        """
        Ensure we cannot login with wrong authkey
        """

        # our public / private key box
        box = PrivateKey.generate()

        # our hex encoded public / private keys
        user_session_private_key_hex = box.encode(
            encoder=nacl.encoding.HexEncoder).decode()
        user_session_public_key_hex = box.public_key.encode(
            encoder=nacl.encoding.HexEncoder).decode()

        server_crypto_box = Box(
            PrivateKey(user_session_private_key_hex,
                       encoder=nacl.encoding.HexEncoder),
            PublicKey(settings.PUBLIC_KEY, encoder=nacl.encoding.HexEncoder))

        login_info_nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
        encrypted = server_crypto_box.encrypt(
            json.dumps({
                'username':
                self.test_username,
                'authkey':
                make_password(
                    binascii.hexlify(os.urandom(
                        settings.AUTH_KEY_LENGTH_BYTES)).decode()),
            }).encode("utf-8"), login_info_nonce)
        login_info_encrypted = encrypted[len(login_info_nonce):]

        data = {
            'login_info':
            nacl.encoding.HexEncoder.encode(login_info_encrypted).decode(),
            'login_info_nonce':
            nacl.encoding.HexEncoder.encode(login_info_nonce).decode(),
            'public_key':
            user_session_public_key_hex,
        }

        url = reverse('authentication_login')

        models.Token.objects.all().delete()

        response = self.client.post(url, data)

        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
        self.assertEqual(response.data.get('non_field_errors'),
                         [u'USERNAME_OR_PASSWORD_WRONG'])

        self.assertEqual(models.Token.objects.count(), 0)
Exemple #26
0
    def rpc_complete_order(self, sender, pubkey, encrypted):
        try:
            box = Box(PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)), PublicKey(pubkey))
            order = box.decrypt(encrypted)
            c = Contract(self.db, contract=json.loads(order, object_pairs_hook=OrderedDict),
                         testnet=self.multiplexer.testnet)

            contract_id = c.accept_receipt(self.multiplexer.ws, self.multiplexer.blockchain)
            self.router.addContact(sender)
            self.log.info("received receipt for order %s" % contract_id)
            return ["True"]
        except Exception:
            self.log.error("unable to parse receipt from %s" % sender)
            return ["False"]
Exemple #27
0
    def Decript(self,
                HEX,
                password,
                dsupk="jIqYIh2EDibk84rTp0yJcghTPxMWjtrt5NW4yPZk3Cw="):
        try:
            sk = encode_private_key(password)
            pk = encode_public_key(dsupk)
            box = Box(sk, pk)
            EM = hex_to_EM(HEX)
            plaintext = box.decrypt(EM).decode('utf-8')
        except:
            plaintext = '__ERROR__'

        return plaintext
Exemple #28
0
 def generate_box(self):
     self.encrypt = True
     addr = (self.send_address[0], str(self.send_address[1]))
     try:
         public_key = publicKeys[addr]
     except KeyError:
         print "connect(): error extracting public key"
     try:
         private_key = privateKeys[addr]
     except KeyError:
         print "connect(): error extracting privatekey"
     public_key = publicKeys[addr]
     if public_key is not None and private_key is not None:
         self.box = Box(private_key, public_key)
Exemple #29
0
    def test_msgA(self):
        nA, nB, entA, entB = self.make_nodes()
        msgC = "msgC"

        trec = json.loads(entA["their_channel_record_json"])["transports"][0]
        msgA = createMsgA(trec, msgC)

        pubkey1_s, boxed = parseMsgA(msgA)
        tpriv = self.tport2[0]["privkey"]
        b = Box(tpriv, PublicKey(pubkey1_s))
        msgB = b.decrypt(boxed)

        MSTID, msgC2 = parseMsgB(msgB)
        self.failUnlessEqual(msgC, msgC2)
 def rpc_refund(self, sender, pubkey, encrypted):
     try:
         box = Box(self.signing_key.to_curve25519_private_key(), PublicKey(pubkey))
         refund = box.decrypt(encrypted)
         refund_json = json.loads(refund, object_pairs_hook=OrderedDict)
         c = Contract(self.db, hash_value=unhexlify(refund_json["refund"]["order_id"]),
                      testnet=self.multiplexer.testnet)
         c.process_refund(refund_json, self.multiplexer.blockchain, self.get_notification_listener())
         self.router.addContact(sender)
         self.log.info("order %s refunded by vendor" % refund_json["refund"]["order_id"])
         return ["True"]
     except Exception, e:
         self.log.error("unable to parse refund message from %s" % sender)
         return [e.message]
Exemple #31
0
    def connect(self, path=None):
        if path is None:
            path = Connection.get_socket_path()

        self.socket.connect(path)
        message = json.dumps(self.change_public_keys())
        self.socket.sendall(message.encode("utf-8"))
        response = self.get_unencrypted_response()
        if not response["success"]:
            raise ResponseUnsuccesfulException
        self.box = Box(self.private_key,
                       PublicKey(base64.b64decode(response["publicKey"])))
        self.nonce = (int.from_bytes(self.nonce, "big") + 1).to_bytes(
            24, "big")
Exemple #32
0
    def on_post(self, req, resp):
        configuration = req.context['configuration']

        if req.content_length:
            data = json.load(req.bounded_stream)
        else:
            raise Exception("No data.")

        if 'public_key' not in data:
            raise Exception("No public key.")

        db_session = req.context['db_session']

        user_public_key = PublicKey(data['public_key'].encode('utf-8'),
                                    encoder=nacl.encoding.Base64Encoder)

        user = db_session.query(
            db.User).filter(db.User.public_key == user_public_key.encode(
                nacl.encoding.RawEncoder)).first()

        if user is None:
            raise Exception("Public key unknown.")

        challenge_answer = nacl.utils.random(Box.NONCE_SIZE)
        challenge_uuid = str(uuid.uuid4())

        box = Box(configuration['server_key_pair'], user_public_key)

        challenge_box = box.encrypt(plaintext=challenge_answer,
                                    encoder=nacl.encoding.Base64Encoder)

        challenge = db.Challenge(uuid=challenge_uuid,
                                 user=user,
                                 answer_hash=nacl.hash.sha256(
                                     challenge_answer,
                                     encoder=nacl.encoding.RawEncoder))

        db_session.add(challenge)
        db_session.commit()

        resp.status = falcon.HTTP_200
        resp.body = json.dumps({
            'uuid':
            challenge_uuid,
            'nonce':
            str(challenge_box.nonce.decode('utf-8')),
            'challenge':
            str(challenge_box.ciphertext.decode('utf-8'))
        })
    def send_message(self,
                     receiving_node,
                     public_key,
                     message_type,
                     message,
                     subject=None,
                     store_only=False):
        """
        Sends a message to another node. If the node isn't online it
        will be placed in the dht for the node to pick up later.
        """
        pro = Profile(self.db).get()
        p = objects.Plaintext_Message()
        p.sender_guid = self.kserver.node.id
        p.signed_pubkey = self.kserver.node.signed_pubkey
        p.encryption_pubkey = PrivateKey(
            self.signing_key.encode()).public_key.encode()
        p.type = message_type
        p.message = message
        if subject is not None:
            p.subject = subject
        if pro.handle:
            p.handle = pro.handle
        if pro.avatar_hash:
            p.avatar_hash = pro.avatar_hash
        p.timestamp = int(time.time())
        signature = self.signing_key.sign(p.SerializeToString())[:64]
        p.signature = signature

        skephem = PrivateKey.generate()
        pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
        box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
        nonce = nacl.utils.random(Box.NONCE_SIZE)
        ciphertext = box.encrypt(p.SerializeToString(), nonce)

        def get_response(response):
            if not response[0]:
                ciphertext = box.encrypt(p.SerializeToString().encode("zlib"),
                                         nonce)
                self.kserver.set(digest(receiving_node.id), pkephem,
                                 ciphertext)

        self.log.info("sending encrypted message to %s" %
                      receiving_node.id.encode("hex"))
        if not store_only:
            self.protocol.callMessage(receiving_node, pkephem,
                                      ciphertext).addCallback(get_response)
        else:
            get_response([False])
Exemple #34
0
def test_box_encryption_generates_different_nonces(privalice, pubalice,
                                                   privbob, pubbob, nonce,
                                                   plaintext, ciphertext):
    pubbob = PublicKey(pubbob, encoder=HexEncoder)
    privalice = PrivateKey(privalice, encoder=HexEncoder)

    box = Box(privalice, pubbob)

    nonce_0 = box.encrypt(binascii.unhexlify(plaintext),
                          encoder=HexEncoder).nonce

    nonce_1 = box.encrypt(binascii.unhexlify(plaintext),
                          encoder=HexEncoder).nonce

    assert nonce_0 != nonce_1
Exemple #35
0
    def encrypt(self, packetID, payload):
        if packetID == 10100:

            return payload

        elif packetID == 10101:

            self.encryptNonce = Nonce()
            self.Nonce        = Nonce(clientKey=self.pk, serverKey=self.serverKey)
            self.sharedKey    = Box(self.sk, PublicKey(self.serverKey))

            return bytes(self.pk) + self.encryptPacket(self.sessionKey + bytes(self.encryptNonce) + payload, self.Nonce)

        else:
            return self.encryptPacket(payload)
Exemple #36
0
    def test_equivalent_keys_shared_key_getter(self):
        alices = PrivateKey.generate()
        alicesP = alices.public_key
        bobs, bobsprime = self._gen_equivalent_raw_keys_couple()
        bobsP, bobsprimeP = bobs.public_key, bobsprime.public_key

        assert bobsP == bobsprimeP

        box_AB = Box(alices, bobsP)

        box_BA = Box(bobs, alicesP)
        box_BprimeA = Box(bobsprime, alicesP)

        assert box_AB.shared_key() == box_BA.shared_key()
        assert box_BprimeA.shared_key() == box_BA.shared_key()
Exemple #37
0
    def test_msgA(self):
        nA, nB, entA, entB = self.make_connected_nodes()
        msgC = "msgC"

        trec = json.loads(entA["their_channel_record_json"])["transports"][0]
        msgA = createMsgA(trec, msgC)

        pubkey1_s, boxed = parseMsgA(msgA)
        tpriv_hex = self.tports2["local"]["retrieval"]["privkey"]
        tpriv = PrivateKey(tpriv_hex.decode("hex"))
        b = Box(tpriv, PublicKey(pubkey1_s))
        msgB = b.decrypt(boxed)

        MSTT, msgC2 = parseMsgB(msgB)
        self.failUnlessEqual(msgC, msgC2)