def decrypt(key_id, inp): """ Decrypt ``inp`` string with given private key. :param key_id: private key id to be used :param inp: input string with encrypted data Return decrypted string or raise exception. """ if key_id == 'master': # master if _Debug: lg.out(_DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) key_id = latest_key_id(key_id) if key_id == my_id.getGlobalID(key_alias='master'): # [email protected] if _Debug: lg.out(_DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) if key_id == my_id.getGlobalID(): # [email protected] if _Debug: lg.out(_DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) if key_id not in known_keys(): raise Exception('key %s is unknown' % key_id) if known_keys()[key_id] is None: if not load_key(key_id): raise Exception('key load failed: %s' % key_id) key_object = known_keys()[key_id] if _Debug: lg.out(_DebugLevel, 'my_keys.decrypt payload of %d bytes with key %s' % (len(inp), key_id, )) result = key_object.decrypt(inp) return result
def decrypt(key_id, inp): """ Decrypt ``inp`` string with given private key. :param key_id: private key id to be used :param inp: input string with encrypted data Return decrypted string or raise exception. """ if key_id == 'master': # master if _Debug: lg.out( _DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) if key_id == 'master$%s' % my_id.getGlobalID(): # [email protected] if _Debug: lg.out( _DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) if key_id == my_id.getGlobalID(): # [email protected] if _Debug: lg.out( _DebugLevel, 'my_keys.decrypt payload of %d bytes using my master key' % len(inp)) return key.DecryptLocalPrivateKey(inp) key_object = known_keys().get(key_id) if not key_object: lg.warn('key %s is unknown' % key_id) return None if _Debug: lg.out( _DebugLevel, 'my_keys.decrypt payload of %d bytes with key %s' % ( len(inp), key_id, )) atuple = (inp, ) padresult = key_object.keyObject.decrypt(atuple) # remove the "1" added in encrypt() method return padresult[1:]
def SessionKey(self): """ Return original SessionKey from ``EncryptedSessionKey`` using ``crypt.key.DecryptLocalPrivateKey()`` method. """ if callable(self.DecryptKey): return self.DecryptKey(self.EncryptedSessionKey) elif isinstance(self.DecryptKey, basestring): return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey) return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def decrypt(self, inp, private_key=None): """ Decrypt `inp` data with private key provided (callable, key_id or openssh format), or by using locally stored "master" key. """ if private_key is None: return key.DecryptLocalPrivateKey(inp) if callable(private_key): return private_key(inp) from crypt import my_keys if my_keys.is_valid_key_id(private_key): return my_keys.decrypt(private_key, inp) return key.DecryptOpenSSHPrivateKey(private_key, inp)
def doProcessInboxPacket(self, arg): """ Action method. """ newpacket, info, _, _ = arg block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'proxy_receiver.doProcessInboxPacket ERROR reading data from %s' % newpacket.CreatorID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData) inpt = cStringIO.StringIO(padded_data[:int(block.Length)]) data = inpt.read() except: lg.out( 2, 'proxy_receiver.doProcessInboxPacket ERROR reading data from %s' % newpacket.CreatorID) lg.exc() try: inpt.close() except: pass return inpt.close() routed_packet = signed.Unserialize(data) if not routed_packet: lg.out( 2, 'proxy_receiver.doProcessInboxPacket ERROR unserialize packet from %s' % newpacket.CreatorID) return if _Debug: lg.out( _DebugLevel, '<<<Relay-IN %s from %s://%s' % ( str(routed_packet), info.proto, info.host, )) packet_in.process(routed_packet, info) del block del data del padded_data del inpt del session_key del routed_packet
def IncomingSupplierBackupIndex(newpacket): """ Called by ``p2p.p2p_service`` when a remote copy of our local index data base ( in the "Data" packet ) is received from one of our suppliers. The index is also stored on suppliers to be able to restore it. """ b = encrypted.Unserialize(newpacket.Payload) if b is None: lg.out(2, 'backup_control.IncomingSupplierBackupIndex ERROR reading data from %s' % newpacket.RemoteID) return try: session_key = key.DecryptLocalPrivateKey(b.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, b.EncryptedData) inpt = cStringIO.StringIO(padded_data[:int(b.Length)]) supplier_revision = inpt.readline().rstrip('\n') if supplier_revision: supplier_revision = int(supplier_revision) else: supplier_revision = -1 # inpt.seek(0) except: lg.out(2, 'backup_control.IncomingSupplierBackupIndex ERROR reading data from %s' % newpacket.RemoteID) lg.out(2, '\n' + padded_data) lg.exc() try: inpt.close() except: pass return if driver.is_on('service_backup_db'): from storage import index_synchronizer index_synchronizer.A('index-file-received', (newpacket, supplier_revision)) if revision() >= supplier_revision: inpt.close() lg.out(4, 'backup_control.IncomingSupplierBackupIndex SKIP, supplier %s revision=%d, local revision=%d' % ( newpacket.RemoteID, supplier_revision, revision(), )) return raw_data = inpt.read() inpt.close() if ReadIndex(raw_data): commit(supplier_revision) backup_fs.Scan() backup_fs.Calculate() WriteIndex() control.request_update() lg.out(4, 'backup_control.IncomingSupplierBackupIndex updated to revision %d from %s' % ( revision(), newpacket.RemoteID)) else: lg.warn('failed to read catalog index from supplier')
def SessionKey(self): """ Return original SessionKey from ``EncryptedSessionKey`` using one of the methods depend on the type of ``DecryptKey`` parameter passed in the __init__() + ``crypt.key.DecryptLocalPrivateKey()`` if DecryptKey is None + ``my_keys.decrypt()`` if DecryptKey is a string with key_id + ``DecryptKey()`` if this is a callback method """ if callable(self.DecryptKey): return self.DecryptKey(self.EncryptedSessionKey) elif isinstance(self.DecryptKey, six.string_types): return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey) return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def decrypt(key_id, inp): """ Decrypt ``inp`` string with given private key. :param key_id: private key id to be used :param inp: input string with encrypted data Return decrypted string or raise exception. """ if key_id == 'master': return key.DecryptLocalPrivateKey(inp) if key_id == 'master$%s' % my_id.getGlobalID(): return key.DecryptLocalPrivateKey(inp) if key_id == my_id.getGlobalID(): return key.DecryptLocalPrivateKey(inp) key_object = known_keys().get(key_id) if not key_object: lg.warn('key %s is unknown' % key_id) return None atuple = (inp, ) padresult = key_object.keyObject.decrypt(atuple) # remove the "1" added in encrypt() method return padresult[1:]
def doProcessInboxPacket(self, arg): """ Action method. """ newpacket, info, _, _ = arg block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out(2, 'proxy_receiver.doProcessInboxPacket ERROR reading data from %s' % newpacket.CreatorID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData) inpt = cStringIO.StringIO(padded_data[:int(block.Length)]) data = inpt.read() except: lg.out(2, 'proxy_receiver.doProcessInboxPacket ERROR reading data from %s' % newpacket.CreatorID) lg.exc() try: inpt.close() except: pass return inpt.close() routed_packet = signed.Unserialize(data) if not routed_packet: lg.out(2, 'proxy_receiver.doProcessInboxPacket ERROR unserialize packet failed from %s' % newpacket.CreatorID) return if routed_packet.Command == commands.Identity(): newidentity = identity.identity(xmlsrc=routed_packet.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.warn('received new identity: %s' % idurl) if not identitycache.UpdateAfterChecking(idurl, routed_packet.Payload): lg.warn("ERROR has non-Valid identity") return if not routed_packet.Valid(): lg.out(2, 'proxy_receiver.doProcessInboxPacket ERROR invalid packet from %s' % newpacket.CreatorID) return self.traffic_in += len(data) if _Debug: lg.out(_DebugLevel, '<<<Relay-IN %s from %s://%s with %d bytes' % ( str(routed_packet), info.proto, info.host, len(data))) packet_in.process(routed_packet, info) del block del data del padded_data del inpt del session_key del routed_packet
def IncomingSupplierBackupIndex(newpacket): """ Called by ``p2p.p2p_service`` when a remote copy of our local index data base ( in the "Data" packet ) is received from one of our suppliers. The index is also stored on suppliers to be able to restore it. """ b = encrypted.Unserialize(newpacket.Payload) if b is None: lg.err('failed reading data from %s' % newpacket.RemoteID) return None try: session_key = key.DecryptLocalPrivateKey(b.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, b.EncryptedData, session_key_type=b.SessionKeyType) inpt = StringIO(strng.to_text(padded_data[:int(b.Length)])) supplier_revision = inpt.readline().rstrip('\n') if supplier_revision: supplier_revision = int(supplier_revision) else: supplier_revision = -1 except: lg.exc() try: inpt.close() except: pass return None if revision() > supplier_revision: inpt.close() if _Debug: lg.out(_DebugLevel, 'backup_control.IncomingSupplierBackupIndex SKIP, supplier %s revision=%d, local revision=%d' % ( newpacket.RemoteID, supplier_revision, revision(), )) return supplier_revision text_data = inpt.read() inpt.close() if ReadIndex(text_data): commit(supplier_revision) backup_fs.Scan() backup_fs.Calculate() WriteIndex() control.request_update() if _Debug: lg.out(_DebugLevel, 'backup_control.IncomingSupplierBackupIndex updated to revision %d from %s' % ( revision(), newpacket.RemoteID)) else: lg.warn('failed to read catalog index from supplier') return supplier_revision
def doForwardOutboxPacket(self, arg): """ Action method. """ # decrypt with my key and send to outside world newpacket, info = arg block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR reading data from %s' % newpacket.RemoteID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData) inpt = cStringIO.StringIO(padded_data[:int(block.Length)]) sender_idurl = inpt.readline().rstrip('\n') receiver_idurl = inpt.readline().rstrip('\n') wide = inpt.readline().rstrip('\n') wide = wide == 'wide' except: lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR reading data from %s' % newpacket.RemoteID) lg.exc() try: inpt.close() except: pass return route = self.routes.get(sender_idurl, None) if not route: inpt.close() lg.warn('route with %s not found' % (sender_idurl)) p2p_service.SendFail(newpacket, 'route not exist', remote_idurl=sender_idurl) return data = inpt.read() inpt.close() routed_packet = signed.Unserialize(data) if not routed_packet: lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR unserialize packet from %s' % newpacket.RemoteID) return # send the packet directly to target user_id # we pass not callbacks because all response packets from this call will be also re-routed pout = packet_out.create( routed_packet, wide=wide, callbacks={}, target=receiver_idurl, ) # gateway.outbox(routed_packet, wide=wide) if _Debug: lg.out( _DebugLevel, '>>>Relay-OUT %d bytes from %s at %s://%s :' % ( len(data), nameurl.GetName(sender_idurl), info.proto, info.host, )) lg.out( _DebugLevel, ' routed to %s : %s' % (nameurl.GetName(receiver_idurl), pout)) del block del data del padded_data del route del inpt del session_key del routed_packet
def _do_forward_outbox_packet(self, outpacket_info_tuple): """ This packet addressed to me but contain routed data to be transferred to another node. I will decrypt with my private key and send to outside world further. """ newpacket, info = outpacket_info_tuple block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR reading data from %s' % newpacket.RemoteID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData) inpt = BytesIO(padded_data[:int(block.Length)]) # see proxy_sender.ProxySender : _on_first_outbox_packet() for sending part json_payload = serialization.BytesToDict(inpt.read(), keys_to_text=True) inpt.close() sender_idurl = json_payload['f'] # from receiver_idurl = json_payload['t'] # to wide = json_payload['w'] # wide routed_data = json_payload['p'] # payload except: lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR reading data from %s' % newpacket.RemoteID) lg.exc() try: inpt.close() except: pass return route = self.routes.get(sender_idurl, None) if not route: inpt.close() lg.warn('route with %s not found' % (sender_idurl)) p2p_service.SendFail(newpacket, 'route not exist', remote_idurl=sender_idurl) return routed_packet = signed.Unserialize(routed_data) if not routed_packet or not routed_packet.Valid(): lg.out( 2, 'proxy_router.doForwardOutboxPacket ERROR unserialize packet from %s' % newpacket.RemoteID) return # send the packet directly to target user_id # we pass not callbacks because all response packets from this call will be also re-routed pout = packet_out.create( routed_packet, wide=wide, callbacks={}, target=receiver_idurl, ) if _Debug: lg.out( _DebugLevel, '>>>Relay-IN-OUT %d bytes from %s at %s://%s :' % ( len(routed_data), nameurl.GetName(sender_idurl), info.proto, info.host, )) lg.out( _DebugLevel, ' routed to %s : %s' % (nameurl.GetName(receiver_idurl), pout)) del block del routed_data del padded_data del route del inpt del session_key del routed_packet
def _do_process_inbox_packet(self, *args, **kwargs): newpacket, info, _, _ = args[0] block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.err('reading data from %s' % newpacket.CreatorID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData, session_key_type=block.SessionKeyType) inpt = BytesIO(padded_data[:int(block.Length)]) data = inpt.read() except: lg.err('reading data from %s' % newpacket.CreatorID) lg.exc() try: inpt.close() except: pass return inpt.close() if newpacket.Command == commands.RelayAck(): try: ack_info = serialization.BytesToDict(data, keys_to_text=True, values_to_text=True) except: lg.exc() return if _Debug: lg.out(_DebugLevel, '<<<Relay-ACK %s:%s from %s://%s with %d bytes %s' % ( ack_info['command'], ack_info['packet_id'], info.proto, info.host, len(data), ack_info['error'], )) if _PacketLogFileEnabled: lg.out(0, ' \033[0;49;33mRELAY ACK %s(%s) with %d bytes from %s to %s TID:%s\033[0m' % ( ack_info['command'], ack_info['packet_id'], info.bytes_received, global_id.UrlToGlobalID(ack_info['from']), global_id.UrlToGlobalID(ack_info['to']), info.transfer_id), log_name='packet', showtime=True) from transport.proxy import proxy_sender if proxy_sender.A(): proxy_sender.A('relay-ack', ack_info, info) return True if newpacket.Command == commands.RelayFail(): try: fail_info = serialization.BytesToDict(data, keys_to_text=True, values_to_text=True) except: lg.exc() return if _Debug: lg.out(_DebugLevel, '<<<Relay-FAIL %s:%s from %s://%s with %d bytes %s' % ( fail_info['command'], fail_info['packet_id'], info.proto, info.host, len(data), fail_info['error'], )) if _PacketLogFileEnabled: lg.out(0, ' \033[0;49;33mRELAY FAIL %s(%s) with %d bytes from %s to %s TID:%s\033[0m' % ( fail_info['command'], fail_info['packet_id'], info.bytes_received, global_id.UrlToGlobalID(fail_info['from']), global_id.UrlToGlobalID(fail_info['to']), info.transfer_id), log_name='packet', showtime=True) from transport.proxy import proxy_sender if proxy_sender.A(): proxy_sender.A('relay-failed', fail_info, info) return True routed_packet = signed.Unserialize(data) if not routed_packet: lg.err('unserialize packet failed from %s' % newpacket.CreatorID) return if _Debug: lg.out(_DebugLevel, '<<<Relay-IN %s from %s://%s with %d bytes' % ( str(routed_packet), info.proto, info.host, len(data))) if _PacketLogFileEnabled: lg.out(0, ' \033[0;49;33mRELAY IN %s(%s) with %d bytes from %s to %s TID:%s\033[0m' % ( routed_packet.Command, routed_packet.PacketID, info.bytes_received, global_id.UrlToGlobalID(info.sender_idurl), global_id.UrlToGlobalID(routed_packet.RemoteID), info.transfer_id), log_name='packet', showtime=True) if routed_packet.Command == commands.Identity(): if _Debug: lg.out(_DebugLevel, ' found identity in relay packet %s' % routed_packet) newidentity = identity.identity(xmlsrc=routed_packet.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.info('received new identity %s rev %r' % (idurl.original(), newidentity.getRevisionValue(), )) if not identitycache.UpdateAfterChecking(idurl, routed_packet.Payload): lg.warn("ERROR has non-Valid identity") return if routed_packet.Command in [commands.Relay(), commands.RelayIn(), ] and routed_packet.PacketID.lower().startswith('identity:'): if _Debug: lg.out(_DebugLevel, ' found routed identity in relay packet %s' % routed_packet) try: routed_identity = signed.Unserialize(routed_packet.Payload) newidentity = identity.identity(xmlsrc=routed_identity.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.warn('received new "routed" identity: %s' % idurl) if not identitycache.UpdateAfterChecking(idurl, routed_identity.Payload): lg.warn("ERROR has non-Valid identity") return except: lg.exc() if newpacket.Command == commands.RelayIn() and routed_packet.Command == commands.Fail(): if routed_packet.Payload == b'route not exist' or routed_packet.Payload == b'route already closed': for pout in packet_out.search_by_packet_id(routed_packet.PacketID): lg.warn('received %r from %r, outgoing packet is failed: %r' % (routed_packet.Payload, newpacket.CreatorID, pout, )) pout.automat('request-failed') return self.traffic_in += len(data) packet_in.process(routed_packet, info) del block del data del padded_data del inpt del session_key del routed_packet
def _do_process_inbox_packet(self, *args, **kwargs): newpacket, info, _, _ = args[0] block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.err('reading data from %s' % newpacket.CreatorID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey(session_key, block.EncryptedData) inpt = BytesIO(padded_data[:int(block.Length)]) data = inpt.read() except: lg.err('reading data from %s' % newpacket.CreatorID) lg.exc() try: inpt.close() except: pass return inpt.close() routed_packet = signed.Unserialize(data) if not routed_packet: lg.err('unserialize packet failed from %s' % newpacket.CreatorID) return if _Debug: lg.out(_DebugLevel, '<<<Relay-IN %s from %s://%s with %d bytes' % ( str(routed_packet), info.proto, info.host, len(data))) if routed_packet.Command == commands.Identity(): if _Debug: lg.out(_DebugLevel, ' found identity in relay packet %s' % routed_packet) newidentity = identity.identity(xmlsrc=routed_packet.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.info('received new identity: %s' % idurl) if not identitycache.UpdateAfterChecking(idurl, routed_packet.Payload): lg.warn("ERROR has non-Valid identity") return if routed_packet.Command == commands.Relay() and routed_packet.PacketID.lower() == 'identity': if _Debug: lg.out(_DebugLevel, ' found routed identity in relay packet %s' % routed_packet) try: routed_identity = signed.Unserialize(routed_packet.Payload) newidentity = identity.identity(xmlsrc=routed_identity.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.warn('received new "routed" identity: %s' % idurl) if not identitycache.UpdateAfterChecking(idurl, routed_identity.Payload): lg.warn("ERROR has non-Valid identity") return except: lg.exc() # if not routed_packet.Valid(): # lg.err('invalid packet %s from %s' % ( # routed_packet, newpacket.CreatorID, )) # return self.traffic_in += len(data) packet_in.process(routed_packet, info) del block del data del padded_data del inpt del session_key del routed_packet
def _do_process_inbox_packet(self, *args, **kwargs): newpacket, info, _, _ = args[0] block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.err('reading data from %s' % newpacket.CreatorID) return try: session_key = key.DecryptLocalPrivateKey(block.EncryptedSessionKey) padded_data = key.DecryptWithSessionKey( session_key, block.EncryptedData, session_key_type=block.SessionKeyType) inpt = BytesIO(padded_data[:int(block.Length)]) data = inpt.read() except: lg.err('reading data from %s' % newpacket.CreatorID) lg.exc() try: inpt.close() except: pass return inpt.close() routed_packet = signed.Unserialize(data) if not routed_packet: lg.err('unserialize packet failed from %s' % newpacket.CreatorID) return if _Debug: lg.out( _DebugLevel, '<<<Relay-IN %s from %s://%s with %d bytes' % (str(routed_packet), info.proto, info.host, len(data))) if _PacketLogFileEnabled: lg.out( 0, ' \033[0;49;33mRELAY IN %s(%s) with %d bytes from %s to %s TID:%s\033[0m' % (routed_packet.Command, routed_packet.PacketID, info.bytes_received, global_id.UrlToGlobalID(info.sender_idurl), global_id.UrlToGlobalID( routed_packet.RemoteID), info.transfer_id), log_name='packet', showtime=True) if routed_packet.Command == commands.Identity(): if _Debug: lg.out(_DebugLevel, ' found identity in relay packet %s' % routed_packet) newidentity = identity.identity(xmlsrc=routed_packet.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.info('received new identity %s rev %r' % ( idurl.original(), newidentity.getRevisionValue(), )) if not identitycache.UpdateAfterChecking(idurl, routed_packet.Payload): lg.warn("ERROR has non-Valid identity") return if routed_packet.Command == commands.Relay( ) and routed_packet.PacketID.lower().startswith('identity:'): if _Debug: lg.out( _DebugLevel, ' found routed identity in relay packet %s' % routed_packet) try: routed_identity = signed.Unserialize(routed_packet.Payload) newidentity = identity.identity(xmlsrc=routed_identity.Payload) idurl = newidentity.getIDURL() if not identitycache.HasKey(idurl): lg.warn('received new "routed" identity: %s' % idurl) if not identitycache.UpdateAfterChecking( idurl, routed_identity.Payload): lg.warn("ERROR has non-Valid identity") return except: lg.exc() # if not routed_packet.Valid(): # lg.err('invalid packet %s from %s' % ( # routed_packet, newpacket.CreatorID, )) # return self.traffic_in += len(data) packet_in.process(routed_packet, info) del block del data del padded_data del inpt del session_key del routed_packet