def key_get_exchange(self):
nonce = '\0' * self.nonce_bytes
authpkt = nacl.crypto_stream_xor(data, nonce, self.key)
try:
peer_dhpk = nacl.crypto_sign_open(authpkt, self.peer_public_key)
except Exception:
print("Invalid signature from peer \"%s\" from %s" % \
(name, addr[0]))
sys.exit(0)
if self.kex_init:
self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23-self.nonce_bytes]
self.dhsk = None
self.kex_init = False
return
dhpk, dhsk = nacl.crypto_box_keypair()
authpkt = nacl.crypto_sign(dhpk, self.secret_key)
crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
'\x01' + self.nonce_prefix + nonce, self.key)
mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
c_sendto(self.sock, mac + crypted_data, self.addr)
self.key = nacl.crypto_scalarmult(dhsk, peer_dhpk)
print("New key is %s"%repr(self.key))
def __init__(self, sock, addr, peer_name, peer_public_key, peer_dhpk):
global config
self.sock = sock
self.addr = addr
self.peer_name = peer_name
self.peer_public_key = peer_public_key
self.name, self.public_key, self.secret_key = load_identity()
dhpk, self.dhsk = nacl.crypto_box_keypair()
self.kex_init = False
self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
self.dhsk = None
self.mac_bytes = config.getint("netshrink","mac_bytes")
if self.mac_bytes > 32:
self.mac_bytes = 32
self.nonce_bytes = config.getint("netshrink","nonce_bytes")
if self.nonce_bytes > 8:
self.nonce_bytes = 8
if self.nonce_bytes:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23-self.nonce_bytes]
else:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23]
self.nonce = 0
authpkt = b'\0'
authpkt += self.name + b'\0'
authpkt += nacl.crypto_sign(dhpk, self.secret_key)
c_sendto(self.sock, authpkt, self.addr)
def __init__(self, sock, validate_cb=None, pubkey=None, privkey=None, nonce=None): self._sock = socket(_sock=sock) self.pubkey = pubkey self.privkey = privkey self.nonce = nonce self.shortpub, self.shortpriv = nacl.crypto_box_keypair() self.rbuf = '' self.validate_cb = validate_cb self.psk, self.cav = None, None
def key_exchange(self):
self.peer_nonce = 0
self.kex_init = True
nonce_out = '\0' * self.nonce_bytes
dhpk, self.dhsk = nacl.crypto_box_keypair()
authpkt = nacl.crypto_sign(dhpk, self.secret_key)
crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
'\x01' + self.nonce_prefix + nonce_out, self.key)
mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
c_sendto(self.sock, mac + crypted_data, self.addr)
def init_state(path):
pub, priv = nacl.crypto_box_keypair()
nonce = rand48()
state = {
'pubkey': _b(pub),
'privkey': _b(priv),
'nonce': nonce,
}
d = bson.BSON.encode(state)
open(path, 'wb').write(d)
return state
def init_state(path):
pub, priv = nacl.crypto_box_keypair()
nonce = rand48()
state = {
'pubkey':_b(pub),
'privkey':_b(priv),
'nonce':nonce,
}
d = bson.BSON.encode(state)
open(path, 'wb').write(d)
return state
def __init__(self, sock, addr):
self.sock = sock
self.addr = addr
self.name, self.public_key, self.secret_key = load_identity()
dhpk, self.dhsk = nacl.crypto_box_keypair()
self.mac_bytes = config.getint("netshrink","mac_bytes")
if self.mac_bytes > 32:
self.mac_bytes = 32
self.nonce_bytes = config.getint("netshrink","nonce_bytes")
if self.nonce_bytes > 8:
self.nonce_bytes = 8
self.nonce = 0
self.peer_nonce = 0
self.kex_init = False
authpkt = b'\0' + self.name.encode("utf8") + b'\0'
authpkt += nacl.crypto_sign(dhpk, self.secret_key)
c_sendto(self.sock, authpkt, self.addr)
while True:
data, inaddr = c_recvfrom(self.sock, 4096)
if int(data[0]) != 0:
print("Ignoring garbage data from %s" % inaddr[0])
continue
name_end = data.find(b'\0', 1)
self.peer_name = data[1:name_end].encode("utf8")
kexpkt = data[name_end+1:]
if not peer_exists(self.name):
print("Peer \"%s\" is unknown, but you are whitelisted." % \
self.peer_name)
print("Please run addpeer/getpeer to authenticate.")
sys.exit(0)
self.peer_public_key = get_peer_public_key(self.peer_name)
try:
peer_dhpk = nacl.crypto_sign_open(kexpkt, self.peer_public_key)
except Exception:
print("Invalid signature from peer \"%s\" from %s" % \
(self.peer_name, inaddr[0]))
sys.exit(0)
break
print("Accepted connection from peer \"%s\" from %s" % \
(self.peer_name, addr[0]))
self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
self.dhsk = None
if self.nonce_bytes:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23-self.nonce_bytes]
else:
self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
"nonce_prefix"),
self.key)[:23]
print("len of nonce_prefix is %d"%len(self.nonce_prefix))
for i in xrange(260):
self.send("Hello there")
def __init__(self,
sock,
validate_cb=None,
pubkey=None,
privkey=None,
nonce=None):
self._sock = socket(_sock=sock)
self.pubkey = pubkey
self.privkey = privkey
self.nonce = nonce
self.shortpub, self.shortpriv = nacl.crypto_box_keypair()
self.rbuf = ''
self.validate_cb = validate_cb
self.psk, self.cav = None, None
def create_node(so, stdout=sys.stdout, stderr=sys.stderr):
basedir = so["basedir"]
if os.path.exists(basedir):
print >>stderr, "basedir '%s' already exists, refusing to touch it" % basedir
return 1
os.mkdir(basedir)
sqlite, db = database.get_db(os.path.join(basedir, "control.db"), stderr)
c = db.cursor()
pk, sk = nacl.crypto_box_keypair()
pk_s = util.to_ascii(pk, "pk0-", encoding="base32")
sk_s = util.to_ascii(sk, "sk0-", encoding="base32")
c.execute("INSERT INTO node (webport, pubkey, privkey) VALUES (?,?,?)",
(so["webport"], pk_s, sk_s))
db.commit()
f = open(os.path.join(basedir, "vatid"), "w")
f.write(pk_s+"\n")
f.close()
print >>stdout, "node created in %s" % basedir
return 0
def create_node(so, stdout=sys.stdout, stderr=sys.stderr):
basedir = so["basedir"]
if os.path.exists(basedir):
print >> stderr, "basedir '%s' already exists, refusing to touch it" % basedir
return 1
os.mkdir(basedir)
sqlite, db = database.get_db(os.path.join(basedir, "control.db"), stderr)
c = db.cursor()
pk, sk = nacl.crypto_box_keypair()
pk_s = util.to_ascii(pk, "pk0-", encoding="base32")
sk_s = util.to_ascii(sk, "sk0-", encoding="base32")
c.execute("INSERT INTO node (webport, pubkey, privkey) VALUES (?,?,?)",
(so["webport"], pk_s, sk_s))
db.commit()
f = open(os.path.join(basedir, "vatid"), "w")
f.write(pk_s + "\n")
f.close()
print >> stdout, "node created in %s" % basedir
return 0
def setUp(self):
self.pk1, self.sk1 = nacl.crypto_box_keypair()
self.pk2, self.sk2 = nacl.crypto_box_keypair()
def test_sharedkey(self):
dh_a = nacl.crypto_box_keypair()
dh_b = nacl.crypto_box_keypair()
shk_a = nacl.crypto_scalarmult_curve25519(dh_a[1], dh_b[0])
shk_b = nacl.crypto_scalarmult_curve25519(dh_b[1], dh_a[0])
self.assertEqual(shk_a, shk_b)
def create_keypair(self):
pk, sk = nacl.crypto_box_keypair()
pk_s = util.to_ascii(pk, "pk0-", encoding="base32")
sk_s = util.to_ascii(sk, "sk0-", encoding="base32")
return pk_s, sk_s
def setUp(self):
self.dh_a = nacl.crypto_box_keypair()
self.dh_b = nacl.crypto_box_keypair()
def test_sharedkey(self):
dh_a = nacl.crypto_box_keypair()
dh_b = nacl.crypto_box_keypair()
shk_a = nacl.crypto_scalarmult(dh_a[1], dh_b[0])
shk_b = nacl.crypto_scalarmult(dh_b[1], dh_a[0])
self.assertEqual(shk_a, shk_b)
def setUp(self):
self.dh_a = nacl.crypto_box_keypair()
self.dh_b = nacl.crypto_box_keypair()
def setUp(self):
self.pk1, self.sk1 = nacl.crypto_box_keypair()
self.pk2, self.sk2 = nacl.crypto_box_keypair()
def create_keypair(self):
pk, sk = nacl.crypto_box_keypair()
pk_s = util.to_ascii(pk, "pk0-", encoding="base32")
sk_s = util.to_ascii(sk, "sk0-", encoding="base32")
return pk_s, sk_s