Esempio n. 1
0
    def verify_and_generate_shared_secret(self, dh_secret, dh_received, auth,
                                          B):
        shared_secret = libnacl.crypto_box_beforenm(
            dh_received, dh_secret.key.sk) + libnacl.crypto_box_beforenm(
                B, dh_secret.key.sk)
        libnacl.crypto_auth_verify(auth, dh_received, shared_secret)

        return shared_secret
Esempio n. 2
0
    def generate_diffie_shared_secret(self, dh_received, key=None):
        if key is None:
            key = self.key

        tmp_key = self.generate_key("curve25519")
        y = tmp_key.key.sk
        Y = tmp_key.key.pk
        shared_secret = libnacl.crypto_box_beforenm(dh_received, y) + libnacl.crypto_box_beforenm(dh_received, key.key.sk)

        AUTH = libnacl.crypto_auth(Y, shared_secret[:32])
        return shared_secret, Y, AUTH
Esempio n. 3
0
 def test_boxnm(self):
     msg = b'Are you suggesting coconuts migrate?'
     # run 1
     nonce1 = libnacl.utils.rand_nonce()
     pk1, sk1 = libnacl.crypto_box_keypair()
     pk2, sk2 = libnacl.crypto_box_keypair()
     k1 = libnacl.crypto_box_beforenm(pk2, sk1)
     k2 = libnacl.crypto_box_beforenm(pk1, sk2)
     enc_msg = libnacl.crypto_box_afternm(msg, nonce1, k1)
     self.assertNotEqual(msg, enc_msg)
     clear_msg = libnacl.crypto_box_open_afternm(enc_msg, nonce1, k2)
     self.assertEqual(clear_msg, msg)
Esempio n. 4
0
    def completeKeyExchange(self, data):

        if len(data) < 8:
            raise Error('Invalid KeyExchange response')

        pos = 0

        keyExchangeVersion = int.from_bytes(data[pos:pos + 4], "little")

        pos += 4
        log.info(keyExchangeVersion)

        if keyExchangeVersion != 2:
            raise Exception('Unexpected KeyExchange version %',
                            keyExchangeVersion)

        errorCode = int.from_bytes(data[pos:pos + 4], "little")
        pos += 4

        if errorCode != 0 and errorCode != 25:
            raise Exception('received error code % as result of KeyExchange ',
                            errorCode)

        if len(data) < (pos + 16 + 16):
            raise Exception(
                'Insufficient data length in KeyExchange response, have only % bytes ',
                len(data))

        fD = data[pos:pos + 16]
        pos += 16
        fS = data[pos:pos + 16]
        pos += 16

        sharedKey = self.generateSharedKey()

        authenticatorValid = self.validateAuthenticator(
            data[pos:], fD, fS, sharedKey)

        if authenticatorValid is None:
            raise Exception('Failed to authenticate key exchange data')

        fK = self.extractData(data, pos)
        pos += fK['length']
        sessionIdentifier = fK['data']

        flags = self.extractData(data, pos)
        pos += flags['length']

        if len(data) < (pos + 32):
            raise Exception(
                'KeyExchange response buffer too short, expected 32 bytes for public key at pos'
                + pos + ",have length " + len(data))

        publicKey = data[pos:pos + 32]

        self.cryptoIntermediateData = libnacl.crypto_box_beforenm(
            publicKey, self.secretKey)

        return sessionIdentifier
Esempio n. 5
0
 def __init__(self, private_key, public_key):
     if private_key and public_key:
         self._shared_key = libnacl.crypto_box_beforenm(
             public_key.encode(encoder=encoding.RawEncoder),
             private_key.encode(encoder=encoding.RawEncoder),
         )
     else:
         self._shared_key = None
Esempio n. 6
0
 def __init__(self, private_key, public_key):
     if private_key and public_key:
         self._shared_key = libnacl.crypto_box_beforenm(
             public_key.encode(encoder=encoding.RawEncoder),
             private_key.encode(encoder=encoding.RawEncoder),
         )
     else:
         self._shared_key = None
Esempio n. 7
0
 def __init__(self, sk, pk):
     if isinstance(sk, (SecretKey, libnacl.dual.DualSecret)):
         sk = sk.sk
     if isinstance(pk, (SecretKey, libnacl.dual.DualSecret)):
         raise ValueError('Passed in secret key as public key')
     if isinstance(pk, PublicKey):
         pk = pk.pk
     if pk and sk:
         self._k = libnacl.crypto_box_beforenm(pk, sk)
Esempio n. 8
0
 def DH(cls, keypair, public_key):
     return libnacl.crypto_box_beforenm(public_key, keypair.private_key)