def __init__(self, cert, key): self.native = _ffi.new('struct xtt_server_certificate_context*') if self.native == _ffi.NULL: raise MemoryError("Unable to allocate native object") rc = _lib.xtt_initialize_server_certificate_context_ed25519( self.native, cert.native, key.native) if rc != RC.SUCCESS: error_from_code(rc)
def __init__(self, root_id, root_pubkey): self.native = _ffi.new('struct xtt_server_root_certificate_context*') if self.native == _ffi.NULL: raise MemoryError("Unable to allocate native object") rc = _lib.xtt_initialize_server_root_certificate_context_ecdsap256( self.native, root_id.native, root_pubkey.native) if rc != RC.SUCCESS: error_from_code(rc)
def version(self): version = _ffi.new('xtt_version*') rc = _lib.xtt_get_version(version, self.native) if rc == RC.SUCCESS: return version[0] else: raise error_from_code(rc)
def client_identity(self): id = Identity() rc = _lib.xtt_get_clients_identity(id.native, self.native) if rc == RC.SUCCESS: return id else: raise error_from_code(rc)
def suite_spec(self): spec = _ffi.new('suite_spec*') rc = _lib.xtt_get_suite_spec(spec, self.native) if rc == RC.SUCCESS: return spec[0] else: raise error_from_code(rc)
def my_identity(self): ident = Identity() rc = _lib.xtt_get_my_identity(ident.native, self.native) if rc == RC.SUCCESS: return ident else: raise error_from_code(rc)
def my_longterm_public_key_ecdsap256(self): pub = ECDSAP256PublicKey() rc = _lib.xtt_get_my_longterm_key_ecdsap256(pub.native, self.native) if rc == RC.SUCCESS: return pub else: raise error_from_code(rc)
def handle_io(self, bytes_sent, bytes_recv): rc = _lib.xtt_handshake_server_handle_io(bytes_sent, bytes_recv, self._io.addressof_size, self._io.addressof_data, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def client_longterm_key_ed25519(self): pub = ED25519PublicKey() rc = _lib.xtt_get_clients_longterm_key_ed25519(pub.native, self.native) if rc == RC.SUCCESS: return pub else: raise error_from_code(rc)
def client_pseudonym_lrsw(self): pseudonym = LRSWPseudonym() rc = _lib.xtt_get_clients_pseudonym_lrsw(pseudonym.native, self.native) if rc == RC.SUCCESS: return pseudonym else: raise error_from_code(rc)
def my_longterm_private_key_ed25519(self): priv = ED25519PrivateKey() rc = _lib.xtt_get_my_longterm_private_key_ed25519( priv.native, self.native) if rc == RC.SUCCESS: return priv else: raise error_from_code(rc)
def build_id_client_attest(self, root_cert, server_id, identity, group_context): rc = _lib.xtt_handshake_client_build_idclientattest( self._io.addressof_size, self._io.addressof_data, root_cert.native, identity.native, server_id.native, group_context.native, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def my_longterm_private_key_ecdsap256(self): priv = ECDSAP256PrivateKey() rc = _lib.xtt_get_my_longterm_private_key_ecdsap256( priv.native, self.native) if rc == RC.SUCCESS: return priv else: raise error_from_code(rc)
def preparse_id_client_attest(self, server_cert_ctx, server_cookie_ctx): rc = _lib.xtt_handshake_server_preparse_idclientattest( self._io.addressof_size, self._io.addressof_data, self._client_requested_id.native, self._client_claimed_group.native, server_cookie_ctx.native, server_cert_ctx.native, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def __init__(self): self.native = _ffi.new('struct xtt_server_cookie_context*') if self.native == _ffi.NULL: raise MemoryError("Unable to allocate native object") rc = _lib.xtt_initialize_server_cookie_context(self.native) if rc != RC.SUCCESS: raise error_from_code(rc)
def create_ecdsap256_key_pair(): """ Create a new ECDSAP256 key pair. :returns: a tuple of the public and private keys """ pub = ECDSAP256PublicKey() priv = ECDSAP256PrivateKey() rc = _lib.xtt_crypto_create_ecdsap256_key_pair(pub.native, priv.native) if rc == RC.SUCCESS: return (pub, priv) else: raise error_from_code(rc)
def asn1_from_ed25519_private_key(priv_key): """ Returns the ASN.1 encoding of a ED25519 private ket. :priv_key: an ED25519PrivateKey instance :returns: the ASN.1 encoding as a byte string """ encoded_len = _lib.xtt_asn1_private_key_length() encoded = _ffi.new('unsigned char[]', encoded_len) rc = _lib.xtt_asn1_from_ed25519_private_key(priv_key.native, encoded, len(encoded)) if rc == RC.SUCCESS: return _ffi.buffer(encoded)[:] else: raise error_from_code(rc)
def __init__(self): self.native = _ffi.new('struct xtt_server_handshake_context*') if self.native == _ffi.NULL: raise MemoryError("Unable to allocate native object") self._in = Buffer(_lib.max_handshake_client_message_length()) self._out = Buffer(_lib.max_handshake_server_message_length()) self._io = BufferView() self._client_requested_id = Identity() self._client_claimed_group = GroupId() rc = _lib.xtt_initialize_server_handshake_context( self.native, self._in.native, self._in.size, self._out.native, self._out.size) if rc != RC.SUCCESS: raise error_from_code(rc)
def x509_from_ecdsap256_key_pair(pub_key, priv_key, common_name): """ Creates a self-signed x509 certificate for a common name and ECDSAP256 key pair. :pub_key: an ECDSAP256PublicKey instance :priv_key: an ECDSAP256PrivateKey instance :common_name: an XTTIdentity instance :returns: the certificate as a byte string """ cert_len = _lib.xtt_x509_certificate_length() cert = _ffi.new('unsigned char[]', cert_len) rc = _lib.xtt_x509_from_ecdsap256_keypair(pub_key.native, priv_key.native, common_name.native, cert, len(cert)) if rc == RC.SUCCESS: return _ffi.buffer(cert)[:] else: raise error_from_code(rc)
def generate_ecdsap256_server_certificate(server_id, server_pub_key, expiry, root_id, root_priv_key): """ Creates a new server certificate signed by the provided root. :param Identity server_id: the identity for the certificate :param ECDSAP256PublicKey server_pub_key: the public key for the certificate :param CertificateExpiry expiry: the expiry date for the certificate :param CertificateRootId root_id: the root identity to sign this certificate :param ECDSAP256PrivateKey root_priv_key: the root private key to sign this certificate """ cert = ECDSAP256ServerCertificate() rc = _lib.xtt_generate_server_certificate_ecdsap256( cert.native, server_id.native, server_pub_key.native, expiry.native, root_id.native, root_priv_key.native) if rc == RC.SUCCESS: return cert else: raise error_from_code(rc)
def __init__(self, version, suite_spec): self.native = _ffi.new('struct xtt_client_handshake_context*') if self.native == _ffi.NULL: raise MemoryError("Unable to allocate native object") self._in = Buffer(_lib.max_handshake_server_message_length()) self._out = Buffer(_lib.max_handshake_client_message_length()) self._io = BufferView() self._version = version self._suite_spec = suite_spec self._server_root_id = CertificateRootId() rc = _lib.xtt_initialize_client_handshake_context( self.native, self._in.native, self._in.size, self._out.native, self._out.size, version, suite_spec) if rc != RC.SUCCESS: raise error_from_code(rc)
def start(self): rc = _lib.xtt_handshake_client_start(self._io.addressof_size, self._io.addressof_data, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def build_id_server_finished(self, client_id): rc = _lib.xtt_handshake_server_build_idserverfinished( self._io.addressof_size, self._io.addressof_data, client_id.native, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def verify_group_signature(self, gpk_ctx, server_cert_ctx): rc = _lib.xtt_handshake_server_verify_groupsignature( self._io.addressof_size, self._io.addressof_data, gpk_ctx.native, server_cert_ctx.native, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def build_server_attest(self, server_cert_ctx, server_cookie_ctx): rc = _lib.xtt_handshake_server_build_serverattest( self._io.addressof_size, self._io.addressof_data, self.native, server_cert_ctx.native, server_cookie_ctx.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def handle_connect(self): rc = _lib.xtt_handshake_server_handle_connect(self._io.addressof_size, self._io.addressof_data, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)
def preparse_server_attest(self, server_root_id): rc = _lib.xtt_handshake_client_preparse_serverattest( self._server_root_id.native, self._io.addressof_size, self._io.addressof_data, self.native) if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED: raise error_from_code(rc)