def register(team_name): team_name = to_unicode(team_name) log.info('updating subrepo') SubRepo.pull() log.info('registering new team: %s' % team_name) team = Team(name=team_name) if team.exists(): log.fail('team is already registered') return False log.info('generating encryption keypair') crypt_pk, crypt_sk = pysodium.crypto_box_keypair() log.info('generating signature keypair') sign_pk, sign_sk = pysodium.crypto_sign_keypair() team.update({'crypt_pk': crypt_pk, 'sign_pk': sign_pk}) team.validate() team.save() SubRepo.push(commit_message='Register team %s' % team_name) log.success('team %s added successfully' % team_name) write_team_secrets(team.id, crypt_sk, sign_sk) return True
def create(self): self.created = datetime.datetime.utcnow() self.valid = datetime.datetime.utcnow() + datetime.timedelta(days=365) self.mp, self.ms = nacl.crypto_sign_keypair() self.sp, self.ss = nacl.crypto_sign_keypair() self.cp, self.cs = nacl.crypto_box_keypair() self.save()
def test_crypto_box_open(self): m = b"howdy" pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c = pysodium.crypto_box(m, n, pk, sk) plaintext = pysodium.crypto_box_open(c, n, pk, sk) self.assertEqual(m, plaintext)
def initialize(): """ Create a ~/.zkm directory with a config file inside. The config file will hold our public key, secret key, and since value. """ if os.path.exists(ZKMDIR) is False: print('[+] Creating ZKM configuration directory.') os.mkdir(ZKMDIR, 0o750) print('[+] Creating new keypair.') our_public, our_secret = pysodium.crypto_box_keypair() print('[+] Creating configuration file.') config = { b'public': base64.b64encode(our_public), b'secret': base64.b64encode(our_secret), b'since': b'1', b'channel': b'default' } save_data(CONFIG, config) os.chmod(CONFIG, 0o600) print('[+] Creating contacts file.') save_data(CONTACT, {}) os.chmod(CONTACT, 0o600) else: print('[-] ZKM configuration directory already exists.')
def initialize(): """ Create a ~/.zkm directory with a config file inside. The config file will hold our public key, secret key, and since value. """ if os.path.exists(ZKMDIR) is False: print('[+] Creating ZKM configuration directory.') os.mkdir(ZKMDIR, 0o750) print('[+] Creating new keypair.') our_public, our_secret = pysodium.crypto_box_keypair() print('[+] Creating configuration file.') config = {b'public': base64.b64encode(our_public), b'secret': base64.b64encode(our_secret), b'since': b'1', b'channel': b'default'} save_data(CONFIG, config) os.chmod(CONFIG, 0o600) print('[+] Creating contacts file.') save_data(CONTACT, {}) os.chmod(CONTACT, 0o600) else: print('[-] ZKM configuration directory already exists.')
def test_crypto_box_open_detached(self): pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c, mac = pysodium.crypto_box_detached("howdy", n, pk, sk) r = pysodium.crypto_box_open_detached(c, mac, n, pk, sk) self.assertEqual(r, b"howdy") changed = "\0"*len(c) self.assertRaises(ValueError, pysodium.crypto_box_open_detached,changed, mac, n, pk, sk)
def test_crypto_box_open_detached(self): pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c, mac = pysodium.crypto_box_detached(b"howdy", n, pk, sk) r = pysodium.crypto_box_open_detached(c, mac, n, pk, sk) self.assertEqual(r, b"howdy") changed = b"\0"*len(c) self.assertRaises(ValueError, pysodium.crypto_box_open_detached,changed, mac, n, pk, sk)
def test_crypto_box_open_afternm(self): m = b"howdy" pk, sk = pysodium.crypto_box_keypair() k = pysodium.crypto_box_beforenm(pk, sk) n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c = pysodium.crypto_box_afternm(m, n, k) self.assertEqual(c, c) plaintext = pysodium.crypto_box_open_afternm(c, n, k) self.assertEqual(m, plaintext)
def get_key(): s = QtCore.QSettings(SETTINGS_ORG, SETTINGS_APP) pk = s.value(SETTINGS_PK_KEY) sk = s.value(SETTINGS_SK_KEY) ap = s.value(SETTINGS_APP_KEY) if not (pk and sk): pk, sk = pysodium.crypto_box_keypair() s.setValue(SETTINGS_PK_KEY, QtCore.QByteArray(pk)) s.setValue(SETTINGS_SK_KEY, QtCore.QByteArray(sk)) s.sync() return str(pk), str(sk), ap and str(ap)
def connectSocket(): try: global sock, publicKey, secretKey sock.connect(server_address) except socket.error as msg: sock.close() sock = None if sock is not None: keypair = pysodium.crypto_box_keypair() publicKey = base64.b64encode(keypair[0]) secretKey = base64.b64encode(keypair[1])
def test_box(): m = b"passwd" pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) print(n) c = pysodium.crypto_box(m, n, pk, sk) plaintext = pysodium.crypto_box_open(c, n, pk, sk) print(plaintext)
def test0(): if not pysodium.sodium_version_check(1, 0, 9): return pk, sk = pysodium.crypto_box_keypair() #print(pk) #print(sk) p = binascii.hexlify(pk) s = binascii.hexlify(sk) print(p) print(s) c = pysodium.crypto_box_seal(b"passwd", pk) print(binascii.hexlify(c)) print(pysodium.crypto_box_seal_open(c, pk, sk))
def main(self): if sys.argv[1] != '-t': sys.exit(1) self.dest_ip = sys.argv[2].split(':')[0][1:-1] self.dest_port = int(sys.argv[2].split(':')[1]) if sys.argv[3] != '-k': sys.exit(1) self.server_public = self.b64safe_bytes(sys.argv[4].encode('ascii') + b'=') self.their_public = self.server_public (self.client_public, self.client_secret) = pysodium.crypto_box_keypair() self.our_secret = self.client_secret self.mode = 'insecure' self.send()
def open_interface(self, data): print(f"data: {data}") # create keypair import pysodium from base64 import b64encode keys = pysodium.crypto_box_keypair() # TODO: open interface router = Router() #self.gateway.router.interface.create(ifname=data['device_id'], ip='10.0.42.15/16', privatekey=b64encode(keys[1]), # listenport=42001) # new interface/wg control router.interface.create(ifname=data['device_id'], ip='10.0.42.15/16', privatekey=b64encode(keys[1]), listenport=42001) # router.interface.addpeer(ifname=data['device_id'], publickey=data['wgpubkey'], endpointaddr=data['ip'], endpointport=42001, keepalive=10) router.interface.addpeer(ifname=data['device_id'], publickey=data['wgpubkey'], keepalive=10, allowedips={'0.0.0.0/0'}) # iptables for wg-interface chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "FORWARD") rule = iptc.Rule() rule.out_interface = "tf-0815" target = iptc.Target(rule, "ACCEPT") rule.target = target chain.insert_rule(rule) chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING") rule = iptc.Rule() rule.out_interface = "eth0" target = iptc.Target(rule, "MASQUERADE") rule.target = target chain.insert_rule(rule) return b64encode(keys[0])
def generate(statedir): try: os.makedirs(statedir) except Exception: pass print("[+] Generating shapeshifter parameters...") public, private = pysodium.crypto_box_keypair() priv_hex = binascii.b2a_hex(private) pub_hex = binascii.b2a_hex(public) node_id = os.urandom(20) node_id_hex = binascii.b2a_hex(node_id) drbg_seed = os.urandom(24) def tostr(b): return b.decode('utf-8') with open(statedir + '/obfs4_state.json', 'w') as state: state.write( json.dumps({ 'node-id': tostr(node_id_hex), 'private-key': tostr(priv_hex), 'public-key': tostr(pub_hex), 'drbg-seed': tostr(binascii.b2a_hex(drbg_seed)), 'iatMode': 0 })) cert = base64.b64encode(node_id + public) print("CERT:", cert) with open(statedir + '/obfs4_cert.txt', 'w') as certf: certf.write(tostr(cert).rstrip('=')) with open(statedir + '/obfs4_bridgeline.txt', 'w') as bridgef: bridgef.write(BRIDGE_PREAMBLE + tostr(cert) + BRIDGE_END) print("[+] done")
def test_pysodium(): """ Test all the functions needed from pysodium libarary (libsodium) """ # crypto_sign signatures with Ed25519 keys # create keypair without seed verkey, sigkey = pysodium.crypto_sign_keypair() assert len(verkey) == 32 == pysodium.crypto_sign_PUBLICKEYBYTES assert len(sigkey) == 64 == pysodium.crypto_sign_SECRETKEYBYTES assert 32 == pysodium.crypto_sign_SEEDBYTES sigseed = pysodium.randombytes(pysodium.crypto_sign_SEEDBYTES) assert len(sigseed) == 32 # seed = (b'J\xeb\x06\xf2BA\xd6/T\xe1\xe2\xe2\x838\x8a\x99L\xd9\xb5(\\I\xccRb\xc8\xd5\xc7Y\x1b\xb6\xf0') # Ann's seed sigseed = ( b'PTi\x15\xd5\xd3`\xf1u\x15}^r\x9bfH\x02l\xc6\x1b\x1d\x1c\x0b9\xd7{\xc0_\xf2K\x93`' ) assert len(sigseed) == 32 # try key stretching from 16 bytes using pysodium.crypto_pwhash() assert 16 == pysodium.crypto_pwhash_SALTBYTES salt = pysodium.randombytes(pysodium.crypto_pwhash_SALTBYTES) assert len(salt) == 16 # salt = b'\x19?\xfa\xc7\x8f\x8b\x7f\x8b\xdbS"$\xd7[\x85\x87' # algorithm default is argon2id sigseed = pysodium.crypto_pwhash( outlen=32, passwd="", salt=salt, opslimit=pysodium.crypto_pwhash_OPSLIMIT_INTERACTIVE, memlimit=pysodium.crypto_pwhash_MEMLIMIT_INTERACTIVE, alg=pysodium.crypto_pwhash_ALG_DEFAULT) assert len(sigseed) == 32 # seed = (b'\xa9p\x89\x7f+\x0e\xc4\x9c\xf2\x01r\xafTI\xc0\xfa\xac\xd5\x99\xf8O\x8f=\x843\xa2\xb6e\x9fO\xff\xd0') # creates signing/verification key pair from seed verkey, sigkey = pysodium.crypto_sign_seed_keypair(sigseed) assert len(verkey) == 32 assert len(sigkey) == 64 # sigkey is seed and verkey concatenated. Libsodium does this as an optimization # because the signing scheme needs both the private key (seed) and the public key so # instead of recomputing the public key each time from the secret key it requires # the public key as an input of and instead of two separate inputs, one for the # secret key and one for the public key, it uses a concatenated form. # Essentially crypto_sign_seed_keypair and crypto_sign_keypair return redundant # information in the duple (verkey, sigkey) because sigkey includes verkey # so one could just store sigkey and extract verkey or sigseed when needed # or one could just store verkey and sigseed and reconstruct sigkey when needed. # crypto_sign_detached requires sigkey (sigseed + verkey) # crypto_sign_verify_detached reqires verkey only # https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64-bytes-for-signing-but-32-bytes-for-box assert sigseed == sigkey[:32] assert verkey == sigkey[32:] assert sigkey == sigseed + verkey # vk = (b'B\xdd\xbb}8V\xa0\xd6lk\xcf\x15\xad9\x1e\xa7\xa1\xfe\xe0p<\xb6\xbex\xb0s\x8d\xd6\xf5\xa5\xe8Q') # utility function to extract seed from secret sigkey (really just extracting from front half) assert sigseed == pysodium.crypto_sign_sk_to_seed(sigkey) assert 64 == pysodium.crypto_sign_BYTES msg = "The lazy dog jumped over the river" msgb = msg.encode( "utf-8") # must convert unicode string to bytes in order to sign it assert msgb == b'The lazy dog jumped over the river' sig = pysodium.crypto_sign_detached(msgb, sigseed + verkey) # sigkey = seed + verkey assert len(sig) == 64 """ sig = (b"\x99\xd2<9$$0\x9fk\xfb\x18\xa0\x8c@r\x122.k\xb2\xc7\x1fp\x0e'm\x8f@" b'\xaa\xa5\x8c\xc8n\x85\xc8!\xf6q\x91p\xa9\xec\xcf\x92\xaf)\xde\xca' b'\xfc\x7f~\xd7o|\x17\x82\x1d\xd4<o"\x81&\t') """ #siga = pysodium.crypto_sign(msg.encode("utf-8"), sk)[:pysodium.crypto_sign_BYTES] #assert len(siga) == 64 #assert sig == siga try: # verify returns None if valid else raises ValueError result = pysodium.crypto_sign_verify_detached(sig, msgb, verkey) except Exception as ex: assert False assert not result assert result is None sigbad = sig[:-1] sigbad += b'A' try: # verify returns None if valid else raises ValueError result = pysodium.crypto_sign_verify_detached(sigbad, msgb, verkey) except Exception as ex: assert True assert isinstance(ex, ValueError) # crypto_box authentication encryption with X25519 keys apubkey, aprikey = pysodium.crypto_box_keypair() assert len(apubkey) == 32 == pysodium.crypto_box_SECRETKEYBYTES assert len(aprikey) == 32 == pysodium.crypto_box_PUBLICKEYBYTES repubkey = pysodium.crypto_scalarmult_curve25519_base(aprikey) assert repubkey == apubkey assert 32 == pysodium.crypto_box_SEEDBYTES boxseed = pysodium.randombytes(pysodium.crypto_box_SEEDBYTES) assert len(boxseed) == 32 bpubkey, bprikey = pysodium.crypto_box_seed_keypair(boxseed) assert len(bpubkey) == 32 assert len(bprikey) == 32 repubkey = pysodium.crypto_scalarmult_curve25519_base(bprikey) assert repubkey == bpubkey assert 24 == pysodium.crypto_box_NONCEBYTES nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) assert len(nonce) == 24 # nonce = b'\x11\xfbi<\xf2\xb6k\xa05\x0c\xf9\x86t\x07\x8e\xab\x8a\x97nG\xe8\x87,\x94' atob_tx = "Hi Bob I'm Alice" atob_txb = atob_tx.encode("utf-8") # Detached recomputes shared key every time. # A encrypt to B acrypt, amac = pysodium.crypto_box_detached(atob_txb, nonce, bpubkey, aprikey) amacl = pysodium.crypto_box_MACBYTES assert amacl == 16 # amac = b'\xa1]\xc6ML\xe2\xa9:\xc0\xdc\xab\xa5\xc4\xc7\xf4\xdb' # acrypt = (b'D\n\x17\xb6z\xd8+t)\xcc`y\x1d\x10\x0cTC\x02\xb5@\xe2\xf2\xc9-(\xec*O\xb8~\xe2\x1a\xebO') # when transmitting prepend amac to crypt acipher = pysodium.crypto_box(atob_txb, nonce, bpubkey, aprikey) assert acipher == amac + acrypt atob_rxb = pysodium.crypto_box_open_detached(acrypt, amac, nonce, apubkey, bprikey) atob_rx = atob_rxb.decode("utf-8") assert atob_rx == atob_tx assert atob_rxb == atob_txb atob_rxb = pysodium.crypto_box_open(acipher, nonce, apubkey, bprikey) atob_rx = atob_rxb.decode("utf-8") assert atob_rx == atob_tx assert atob_rxb == atob_txb btoa_tx = "Hello Alice I am Bob" btoa_txb = btoa_tx.encode("utf-8") # B encrypt to A bcrypt, bmac = pysodium.crypto_box_detached(btoa_txb, nonce, apubkey, bprikey) # bmac = b'\x90\xe07=\xd22\x8fh2\xff\xdd\x84tC\x053' # bcrypt = (b'8\xb5\xba\xe7\xcc\xae B\xefx\xe6{U\xf7\xefA\x00\xc7|\xdbu\xcfc\x01$\xa9\xa2P\xa7\x84\xa5\xae\x180') # when transmitting prepend amac to crypt bcipher = pysodium.crypto_box(btoa_txb, nonce, apubkey, bprikey) assert bcipher == bmac + bcrypt btoa_rxb = pysodium.crypto_box_open_detached(bcrypt, bmac, nonce, bpubkey, aprikey) btoa_rx = btoa_rxb.decode("utf-8") assert btoa_rx == btoa_tx assert btoa_rxb == btoa_txb btoa_rxb = pysodium.crypto_box_open(bcipher, nonce, bpubkey, aprikey) btoa_rx = btoa_rxb.decode("utf-8") assert btoa_rx == btoa_tx assert btoa_rxb == btoa_txb # compute shared key asymkey = pysodium.crypto_box_beforenm(bpubkey, aprikey) bsymkey = pysodium.crypto_box_beforenm(apubkey, bprikey) assert asymkey == bsymkey acipher = pysodium.crypto_box_afternm(atob_txb, nonce, asymkey) atob_rxb = pysodium.crypto_box_open_afternm(acipher, nonce, bsymkey) assert atob_rxb == atob_txb bcipher = pysodium.crypto_box_afternm(btoa_txb, nonce, bsymkey) btoa_rxb = pysodium.crypto_box_open_afternm(bcipher, nonce, asymkey) assert btoa_rxb == btoa_txb # crypto_box_seal public key encryption with X25519 keys # uses same X25519 type of keys as crypto_box authenticated encryption # so when converting sign key Ed25519 to X25519 can use for both types of encryption pubkey, prikey = pysodium.crypto_box_keypair() assert len(pubkey) == 32 == pysodium.crypto_box_PUBLICKEYBYTES assert len(prikey) == 32 == pysodium.crypto_box_SECRETKEYBYTES assert 48 == pysodium.crypto_box_SEALBYTES msg_txb = "Catch me if you can.".encode("utf-8") assert msg_txb == b'Catch me if you can.' cipher = pysodium.crypto_box_seal(msg_txb, pubkey) assert len(cipher) == 48 + len(msg_txb) msg_rxb = pysodium.crypto_box_seal_open(cipher, pubkey, prikey) assert msg_rxb == msg_txb # convert Ed25519 key pair to X25519 key pair # https://blog.filippo.io/using-ed25519-keys-for-encryption/ # https://libsodium.gitbook.io/doc/advanced/ed25519-curve25519 # crypto_sign_ed25519_pk_to_curve25519 # crypto_sign_ed25519_sk_to_curve25519 pubkey = pysodium.crypto_sign_pk_to_box_pk(verkey) assert len(pubkey) == pysodium.crypto_box_PUBLICKEYBYTES prikey = pysodium.crypto_sign_sk_to_box_sk(sigkey) assert len(prikey) == pysodium.crypto_box_SECRETKEYBYTES repubkey = pysodium.crypto_scalarmult_curve25519_base(prikey) assert repubkey == pubkey msg_txb = "Encoded using X25519 key converted from Ed25519 key".encode( "utf-8") cipher = pysodium.crypto_box_seal(msg_txb, pubkey) assert len(cipher) == 48 + len(msg_txb) msg_rxb = pysodium.crypto_box_seal_open(cipher, pubkey, prikey) assert msg_rxb == msg_txb """
print "%s" % decryptedmessage message = "w" + str(int(decryptedmessage[10:13]) ) + ",0" + "C" * random.randint(10, 3000) except: message = "c7" s.send(encrypt_message(nonce, server_pub, client_priv, message)) size = s.recv(4) size = struct.unpack("<I", size)[0] data = s.recv(size) try: print "%s" % decrypt_message(server_pub, client_priv, data) except: print data client_pub, client_priv = pysodium.crypto_box_keypair() nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((TCP_IP, TCP_PORT)) server_pub = s.recv(BUFFER_SIZE) s.send(str(client_pub)) thread1 = myThread(1, "first", 1000, s) thread2 = myThread(2, "second", 10, s) thread3 = myThread(3, "third", 1, s) thread1.start() #thread2.start() #thread3.start()
def openInterface(data): # POSTFIX = "gw" POSTFIX = "" print(f"data: {data}") # TODO: create wg keys # TODO: replace subprocess !!! # import subprocess # subprocess.call(f"wg genkey | tee privatekey+{data['device_id']} | wg pubkey > publickey+{data['device_id']}", shell=True) # with open(f"privatekey+{data['device_id']}", 'r') as f: # priv = f.read() # print(f"PRIV: {priv}") # f.close() # with open(f"publickey+{data['device_id']}", 'r') as f: # pub = f.read() # print(f"PUB: {pub}") # f.close() # subprocess.call(f"rm privatekey+{data['device_id']} && rm publickey+{data['device_id']}", shell=True) import pysodium from base64 import b64encode keys = pysodium.crypto_box_keypair() priv = b64encode(keys[1]) pub = b64encode(keys[0]) # TODO: open interface router = Router() router.device_id = data['device_id'] + POSTFIX print(f"{data}") router.dev.link('add', ifname=data['device_id'] + POSTFIX, kind='wireguard') idx = router.dev.link_lookup(ifname=data['device_id'] + POSTFIX)[0] print(f"IDX: {idx}") # router.dev.addr('add', index=idx, address='192.168.42.50', mask=24) router.dev.addr('add', index=idx, local='192.168.42.50', mask=32, address='192.168.100.10') print(f"setup config") cfg = { "interface": data['device_id'] + POSTFIX, "listen_port": 42001, "private_key": priv, "peers": [{ "public_key": data["wgpubkey"], "allowed_ips": ["0.0.0.0/0"] }] } router.wg.set_device(ifname=data['device_id'] + POSTFIX, config=cfg) print(f"clientpubkey: {len(data['wgpubkey'])}") print(f"clientpubkey: {data['wgpubkey']}") router.dev.link('set', index=idx, state='up') # iptables for wg-interface chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "FORWARD") rule = iptc.Rule() rule.out_interface = "tf_gateone" target = iptc.Target(rule, "ACCEPT") rule.target = target chain.insert_rule(rule) chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING") rule = iptc.Rule() rule.out_interface = "eth0" target = iptc.Target(rule, "MASQUERADE") rule.target = target chain.insert_rule(rule) return pub
def test_crypto_box_seal(self): if not pysodium.sodium_version_check(1, 0, 3): return pk, sk = pysodium.crypto_box_keypair() c = pysodium.crypto_box_seal(b"howdy", pk) self.assertEqual(pysodium.crypto_box_seal_open(c, pk, sk), b'howdy')
def test_crypto_box_open_detached(self): pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c, mac = pysodium.crypto_box_detached("howdy", n, pk, sk) pysodium.crypto_box_open_detached(c, mac, n, pk, sk)
def test_crypto_box_pk_from_sk(self): pk1, sk = pysodium.crypto_box_keypair() pk2 = pysodium.crypto_scalarmult_curve25519_base(sk) self.assertEqual(pk1, pk2)
encrypted = nonce + "\x00"*16 + encrypted length = struct.pack("<I", len(encrypted)) return length+encrypted def decrypt_message(public_key, secret_key, message): decrypted = pysodium.crypto_box_open(message[40:], message[0:24], public_key, secret_key) return decrypted TCP_IP = '10.0.0.1' TCP_PORT = 20008 BUFFER_SIZE = 1024 client_pub, client_priv = pysodium.crypto_box_keypair() nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((TCP_IP, TCP_PORT)) server_pub = s.recv(BUFFER_SIZE) s.send(str(client_pub)) message = "o0777lib/i386-linux-gnu/libgcc_s.so.1" s.send(encrypt_message(nonce, server_pub, client_priv, message)) size = s.recv(4) size = struct.unpack("<I", size)[0] data = s.recv(size) try: decryptedmessage = decrypt_message(server_pub, client_priv, data)
def _generate_and_store_receiver_key(self, receiver_key_filename): self.receiver_pub_key, sk = pysodium.crypto_box_keypair() #we don't care about the sk self._store_key(self.receiver_pub_key, receiver_key_filename + ".pub") self._store_key(sk, receiver_key_filename)
def test_crypto_box_open(self): pk, sk = pysodium.crypto_box_keypair() n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) c = pysodium.crypto_box(b"howdy", n, pk, sk) pysodium.crypto_box_open(c, n, pk, sk)
def gen_byte_keys(self): k = pysodium.crypto_box_keypair() self.private_wg_key = k[0] self.public_wg_key = k[1]
def gen_b64_keys(self): k = pysodium.crypto_box_keypair() self.private_wg_key = b64encode(k[0]) self.public_wg_key = b64encode(k[1])
import pysodium from base64 import b64encode, b64decode private_key = pysodium.crypto_box_keypair() public_key = pysodium.crypto_box_keypair() print("Private Key:", private_key) print("Public Key:", b64encode(public_key[0]), b64encode(public_key[1]))
def create_keypair(): """Return (public key, private key)""" return pysodium.crypto_box_keypair()
def test_crypto_box_seal(self): pk, sk = pysodium.crypto_box_keypair() c = pysodium.crypto_box_seal(b"howdy", pk) self.assertEqual(pysodium.crypto_box_seal_open(c, pk, sk), b'howdy')
def main(self): if sys.argv[1] != '-d': sys.exit(1) if sys.argv[2] != '-s': sys.exit(1) self.source_ip = sys.argv[3].split(':')[0][1:-1] self.source_port = int(sys.argv[3].split(':')[1]) if sys.argv[4] != '-t': sys.exit(1) self.dest_ip = sys.argv[5].split(':')[0][1:-1] self.dest_port = int(sys.argv[5].split(':')[1]) (self.server_public, self.our_secret) = pysodium.crypto_box_keypair() client_sock = self.bind(self.source_ip, self.source_port) # In future the upload-to-E service will read the certificates # from S's stdout one-per-line, uploading when a new one is # spotted. S will continue to understand the old configuration # during a grace period, for those clients who could not # possibly have known of the new configuration. # This would be some minutes for the cert to be uploaded to E, # plus the cache TTL of E, which might range from a couple of # minutes to a day or more. The rekey period should be chosen # with the TTL in mind. print("Added key: " + self.bytes_b64safe(self.server_public).decode('ascii')[:-1]) print("Added port: " + str(client_sock.getsockname()[1])) sys.stdout.flush() print("Type commands to administer, or \"help\" for more information.", file=sys.stderr) print("> ", end='', file=sys.stderr) sys.stderr.flush() fd = sys.stdin.fileno() fl = fcntl.fcntl(fd, fcntl.F_GETFL) fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK) try: while True: try: backend_socks = [] for tunnel in self.get_tunnels().values(): backend_socks += tunnel.get_opened_connections().values() (rready, wready, xready) = select.select([sys.stdin] + [client_sock] + backend_socks, [], []) if sys.stdin in rready: if not self.handle_command(): break elif client_sock in rready: self.receive_packet(client_sock) else: for r in rready: for tunnel in self.get_tunnels().values(): if r in tunnel.get_opened_connections().values(): tunnel.backend_receive(r) except KeyboardInterrupt: break finally: client_sock.close()