# file: runme.py
import cyassl
print ""
print "Trying to connect to the echo server..."
ctx = cyassl.SSL_CTX_new(cyassl.TLSv1_client_method())
ret = cyassl.SSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", None)
ssl = cyassl.SSL_new(ctx)
ret = cyassl.CyaSSL_connect(ssl, "localhost", 11111)
if ret != cyassl.SSL_SUCCESS:
print "Couldn't do SSL connect"
err = cyassl.SSL_get_error(ssl, 0)
print "error string = ", cyassl.CyaSSL_error_string(err)
exit(-1)
print "...Connected"
written = cyassl.SSL_write(ssl, "hello from python\r\n", 19)
if written > 0:
print "Wrote ", written, " bytes"
byteArray = cyassl.byteArray(100)
readBytes = cyassl.SSL_read(ssl, byteArray, 100)
print "server reply: ", cyassl.cdata(byteArray, readBytes)
if ctx == None:
print "Couldn't get SSL CTX for TLSv1"
exit(-1)
ret = cyassl.CyaSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem",
None)
if ret != cyassl.SSL_SUCCESS:
print "Couldn't do SSL_CTX_load_verify_locations "
print "error string = ", ret
exit(-1)
ssl = cyassl.CyaSSL_new(ctx)
ret = cyassl.CyaSSL_swig_connect(ssl, "localhost", 11111)
if ret != cyassl.SSL_SUCCESS:
print "Couldn't do SSL connect"
err = cyassl.CyaSSL_get_error(ssl, 0)
print "error string = ", cyassl.CyaSSL_error_string(err)
exit(-1)
print "...Connected"
written = cyassl.CyaSSL_write(ssl, "hello from python\r\n", 19)
if written > 0:
print "Wrote ", written, " bytes"
byteArray = cyassl.byteArray(100)
readBytes = cyassl.CyaSSL_read(ssl, byteArray, 100)
print "server reply: ", cyassl.cdata(byteArray, readBytes)
# start Random Number Generator
rng = cyassl.GetRng()
if rng == None:
print "Couldn't get an RNG"
exit(-1)
# load RSA private key in DER format
key = cyassl.GetRsaPrivateKey("../certs/client-key.der")
if key == None:
print "Couldn't load DER private key file"
exit(-1)
# Make byte Arrays and fill input
signOutput = cyassl.byteArray(128) # 128 allows 1024 bit private key
signStr = cyassl.byteArray(25) # input can't be larger then key size
# 64 for 512 bit 128 for 1024 bit
cyassl.FillSignStr(signStr, "Everybody gets Friday off", 25)
# Do RSA Sign
signedSize = cyassl.RsaSSL_Sign(signStr, 25, signOutput, 128, key, rng)
# Show output
print "Signed Size = ", signedSize, " signed array = ", cyassl.cdata(signOutput, signedSize)
# let's verify this worked
signVerify = cyassl.byteArray(signedSize)
verifySize = cyassl.RsaSSL_Verify(signOutput, signedSize, signVerify, signedSize, key)
print "Verify Size = ", verifySize, " verify array = ", cyassl.cdata(signVerify, verifySize)
def to_c_byte_array(content):
output = cyassl.byteArray(len(content))
for i, ch in enumerate(content):
output[i] = ord(ch)
return output
password = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(PASSWORD_LENGTH))
salt = os.urandom(SALT_LENGTH)
key = cyassl.byteArray(KEY_LENGTH)
# params:
# key :: bytearray output
# passwd :: bytearray password that is used to derive the key
# pLen :: password length
# salt :: bytearray salt
# sLen :: salt length
# iterations :: number of iterations
# kLen :: key length
# hashType :: int, SHA256 stands for 2
# purpose :: int, not really sure what it does, 1 was used in the tests
cyassl.PKCS12_PBKDF(key, to_c_byte_array(password), PASSWORD_LENGTH, to_c_byte_array(salt), SALT_LENGTH, ITERATIONS, KEY_LENGTH, SHA256, 1)
key = cyassl.cdata(key, KEY_LENGTH)
assert len(key) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (len(key), KEY_LENGTH)
print 'Generated key: %s\nfor password: %s' % (key, password)
print 'Bytes:'
print [b for b in key]
if rng == None:
print "Couldn't get an RNG"
exit(-1)
# load RSA private key in DER format
key = cyassl.GetRsaPrivateKey("../certs/client-key.der")
if key == None:
print "Couldn't load DER private key file"
exit(-1)
# Make byte Arrays and fill input
signOutput = cyassl.byteArray(128) # 128 allows 1024 bit private key
signStr = cyassl.byteArray(25) # input can't be larger then key size
# 64 for 512 bit 128 for 1024 bit
cyassl.FillSignStr(signStr, "Everybody gets Friday off", 25)
# Do RSA Sign
signedSize = cyassl.RsaSSL_Sign(signStr, 25, signOutput, 128, key, rng)
# Show output
print "Signed Size = ", signedSize, " signed array = ", cyassl.cdata(
signOutput, signedSize)
# let's verify this worked
signVerify = cyassl.byteArray(signedSize)
verifySize = cyassl.RsaSSL_Verify(signOutput, signedSize, signVerify,
signedSize, key)
print "Verify Size = ", verifySize, " verify array = ", cyassl.cdata(
signVerify, verifySize)