def audit_private_key(key_id, untrusted_idurl, timeout=10):
"""
Be sure remote user posses given private key.
I need to posses the public key to be able to audit.
I will generate a random string, encrypt it with given key public key and send encrypted string to him.
He will decrypt and send me back original string.
Returns Deferred object.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.audit_private_key testing %s from %s' % (key_id, untrusted_idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(untrusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % untrusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % untrusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
private_test_sample = key.NewSessionKey()
if untrusted_idurl == creator_idurl and key_alias == 'master':
lg.warn('doing audit of master key (private part) of remote user')
private_test_encrypted_sample = recipient_id_obj.encrypt(private_test_sample)
else:
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
private_test_encrypted_sample = my_keys.encrypt(key_id, private_test_sample)
json_payload = {
'key_id': key_id,
'audit': {
'public_sample': '',
'private_sample': base64.b64encode(private_test_encrypted_sample),
}
}
raw_payload = serialization.DictToBytes(json_payload, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=raw_payload,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_payload = block.Serialize()
p2p_service.SendAuditKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_payload=encrypted_payload,
packet_id=key_id,
timeout=timeout,
callbacks={
commands.Ack(): lambda response, info:
_on_audit_private_key_response(response, info, key_id, untrusted_idurl, private_test_sample, result),
commands.Fail(): lambda response, info: result.errback(Exception(response)),
None: lambda pkt_out: result.errback(Exception('timeout')), # timeout
},
)
return result
def audit_public_key(key_id, untrusted_idurl, timeout=10):
"""
Be sure remote user posses given public key.
I also need to posses that public key in order to do such audit.
I will send him a random string, he needs to encrypt it and send me back.
I can compare his encrypted output with mine.
Returns Deferred object.
"""
if _Debug:
lg.out(
_DebugLevel, 'key_ring.audit_public_key testing %s from %s' %
(key_id, untrusted_idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(untrusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % untrusted_idurl)
result.errback(
Exception('not found "%s" in identity cache' % untrusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
if untrusted_idurl == creator_idurl and key_alias == 'master':
lg.warn('doing audit of master key (public part) of remote user')
else:
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
public_test_sample = key.NewSessionKey()
json_payload = {
'key_id': key_id,
'audit': {
'public_sample': base64.b64encode(public_test_sample),
'private_sample': '',
}
}
raw_payload = json.dumps(json_payload)
block = encrypted.Block(
BackupID=key_id,
Data=raw_payload,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_payload = block.Serialize()
p2p_service.SendAuditKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_payload=encrypted_payload,
packet_id=key_id,
timeout=timeout,
callbacks={
commands.Ack():
lambda response, info: _on_audit_public_key_response(
response, info, key_id, untrusted_idurl, public_test_sample,
result),
commands.Fail():
lambda response, info: result.errback(Exception(response)),
None:
lambda pkt_out: result.errback(Exception('timeout')), # timeout
},
)
return result
