def verify_and_generate_shared_secret(self, dh_secret, dh_received, auth, B): shared_secret = libnacl.crypto_box_beforenm( dh_received, dh_secret.key.sk) + libnacl.crypto_box_beforenm( B, dh_secret.key.sk) libnacl.crypto_auth_verify(auth, dh_received, shared_secret) return shared_secret
def generate_diffie_shared_secret(self, dh_received, key=None): if key is None: key = self.key tmp_key = self.generate_key("curve25519") y = tmp_key.key.sk Y = tmp_key.key.pk shared_secret = libnacl.crypto_box_beforenm(dh_received, y) + libnacl.crypto_box_beforenm(dh_received, key.key.sk) AUTH = libnacl.crypto_auth(Y, shared_secret[:32]) return shared_secret, Y, AUTH
def test_boxnm(self): msg = b'Are you suggesting coconuts migrate?' # run 1 nonce1 = libnacl.utils.rand_nonce() pk1, sk1 = libnacl.crypto_box_keypair() pk2, sk2 = libnacl.crypto_box_keypair() k1 = libnacl.crypto_box_beforenm(pk2, sk1) k2 = libnacl.crypto_box_beforenm(pk1, sk2) enc_msg = libnacl.crypto_box_afternm(msg, nonce1, k1) self.assertNotEqual(msg, enc_msg) clear_msg = libnacl.crypto_box_open_afternm(enc_msg, nonce1, k2) self.assertEqual(clear_msg, msg)
def completeKeyExchange(self, data): if len(data) < 8: raise Error('Invalid KeyExchange response') pos = 0 keyExchangeVersion = int.from_bytes(data[pos:pos + 4], "little") pos += 4 log.info(keyExchangeVersion) if keyExchangeVersion != 2: raise Exception('Unexpected KeyExchange version %', keyExchangeVersion) errorCode = int.from_bytes(data[pos:pos + 4], "little") pos += 4 if errorCode != 0 and errorCode != 25: raise Exception('received error code % as result of KeyExchange ', errorCode) if len(data) < (pos + 16 + 16): raise Exception( 'Insufficient data length in KeyExchange response, have only % bytes ', len(data)) fD = data[pos:pos + 16] pos += 16 fS = data[pos:pos + 16] pos += 16 sharedKey = self.generateSharedKey() authenticatorValid = self.validateAuthenticator( data[pos:], fD, fS, sharedKey) if authenticatorValid is None: raise Exception('Failed to authenticate key exchange data') fK = self.extractData(data, pos) pos += fK['length'] sessionIdentifier = fK['data'] flags = self.extractData(data, pos) pos += flags['length'] if len(data) < (pos + 32): raise Exception( 'KeyExchange response buffer too short, expected 32 bytes for public key at pos' + pos + ",have length " + len(data)) publicKey = data[pos:pos + 32] self.cryptoIntermediateData = libnacl.crypto_box_beforenm( publicKey, self.secretKey) return sessionIdentifier
def __init__(self, private_key, public_key): if private_key and public_key: self._shared_key = libnacl.crypto_box_beforenm( public_key.encode(encoder=encoding.RawEncoder), private_key.encode(encoder=encoding.RawEncoder), ) else: self._shared_key = None
def __init__(self, sk, pk): if isinstance(sk, (SecretKey, libnacl.dual.DualSecret)): sk = sk.sk if isinstance(pk, (SecretKey, libnacl.dual.DualSecret)): raise ValueError('Passed in secret key as public key') if isinstance(pk, PublicKey): pk = pk.pk if pk and sk: self._k = libnacl.crypto_box_beforenm(pk, sk)
def DH(cls, keypair, public_key): return libnacl.crypto_box_beforenm(public_key, keypair.private_key)