def create_initiator_response(self, nonce_b): """ Create the response from the initiator after having the remote node perform the initial challenge. """ assert self.state == self.SEND_INITIATOR_RESPONSE self.state = self.COMPLETED assert nonce_b msg = [CS_INITIATOR_RESPONSE, nonce_b] # Provide the certificate if not self.poa: raise MissingCertificateException() msg.append(self.torrent_id) msg.append(self.poa.torrent_pub_key) msg.append(self.pub_permid) msg.append(self.poa.serialize()) # Sign it list = [nonce_b, self.torrent_id, self.poa.torrent_pub_key, self.pub_permid, self.poa.serialize()] b_list = bencode(list) digest = permid.sha(b_list).digest() sig = self.my_keypair.sign_dsa_asn1(digest) msg.append(sig) return msg
def _create_poa_message(self, msg_id, nonce_a, nonce_b): """ Create the POA exchange message (messages 3 and 4). """ assert msg_id assert nonce_a assert nonce_b assert self.poa # Provide the certificate if not self.poa: raise MissingCertificateException("Missing certificate") msg = [msg_id] + self.poa.serialize_to_list() # Add signature lst = [nonce_a, nonce_b, self.poa.serialize()] b_list = bencode(lst) digest = permid.sha(b_list).digest() sig = self.my_keypair.sign_dsa_asn1(digest) msg.append(sig) return msg
def sign(self, torrent_key_pair): list = [self.torrent_id, self.torrent_pub_key, self.node_pub_key] b_list = bencode(list) digest = permid.sha(b_list).digest() self.signature = torrent_key_pair.sign_dsa_asn1(digest)
def verify(self): """ Throws an exception if the POA does not hold or has expired """ if self.expire_time and self.expire_time < time.mktime(time.gmtime()): raise POAExpiredException("Expired") try: lst = [self.torrent_id, self.torrent_pub_key, self.node_pub_key] b_list = bencode(lst) digest = permid.sha(b_list).digest() pub = pub_key_from_der(self.torrent_pub_key) if not pub.verify_dsa_asn1(digest, self.signature): raise InvalidPOAException("Proof of access verification failed") except Exception, e: raise InvalidPOAException("Bad POA: %s" % e)
def verify(self): """ Throws an exception if the POA does not hold or has expired """ if self.expire_time and self.expire_time<time.mktime(time.gmtime()): raise POAExpiredException() try: list = [self.torrent_id, self.torrent_pub_key, self.node_pub_key] b_list = bencode(list) digest = permid.sha(b_list).digest() pub = permid.EC.pub_key_from_der(self.torrent_pub_key) if not pub.verify_dsa_asn1(digest, self.signature): raise InvalidPOAException("Proof of access verification failed") except Exception,e: raise InvalidPOAException("Bad POA: %s"%e)
def _validate_poa_message(self, lst, nonce_a, nonce_b): """ Validate an incoming POA message - throw exception if bad. Returns the POA if successful """ assert nonce_a assert nonce_b if len(lst) != 7: raise BadMessageException("Require 7 elements, got %d"%len(lst)) poa = POA.deserialize_from_list(lst[1:-1]) sig = lst[-1] assert poa.node_pub_key if poa.torrent_id != self.torrent_id: raise WrongSwarmException("Wrong swarm") if poa.get_torrent_pub_key() not in self.torrent_pubkeys: raise InvalidPOAException("Bad POA for this torrent") # Check the signature lst = [nonce_a, nonce_b, poa.serialize()] import sys b_list = bencode(lst) digest = permid.sha(b_list).digest() try: pub = pub_key_from_der(poa.node_pub_key) except: print >> sys.stderr, time.asctime(),'-', "The node_pub_key is no good" print >> sys.stderr, time.asctime(),'-', poa.node_pub_key raise Exception("Node's public key is no good...") if not pub.verify_dsa_asn1(digest, sig): raise InvalidSignatureException("Freshness test failed") # Passed the freshness test, now check the certificate poa.verify() # Throws exception if bad return poa
def _validate_poa_message(self, list, nonce_a, nonce_b): """ Validate an incoming POA message - throw exception if bad. Returns the POA if successful """ if len(list) != 7: raise BadMessageExecption("Require 7 elements, got %d"%len(list)) poa = POA.deserialize_from_list(list[1:-1]) sig = list[-1] # Debug self.remote_poa = poa if poa.torrent_id != self.torrent_id: raise WrongSwarmException() if poa.get_torrent_pub_key() not in self.torrent_pubkeys: import sys print >>sys.stderr,"Pub key:",poa.get_torrent_pub_key() print >>sys.stderr,"Torrent keys:",self.torrent_pubkeys raise InvalidPOAException("Bad POA for this torrent") # Check the signature list = [nonce_a, nonce_b, poa.serialize()] b_list = bencode(list) digest = permid.sha(b_list).digest() pub = permid.EC.pub_key_from_der(poa.node_pub_key) if not pub.verify_dsa_asn1(digest, sig): raise InvalidSignatureException("Freshness test failed") # Passed the freshness test, now check the certificate poa.verify() # Throws exception if bad return poa
def _create_poa_message(self, msg_id, nonce_a, nonce_b): """ Create the POA exchange message (messages 3 and 4). """ # Provide the certificate if not self.poa: raise MissingCertificateException() msg = [msg_id] + self.poa.serialize_to_list() # Add signature list = [nonce_a, nonce_b, self.poa.serialize()] b_list = bencode(list) digest = permid.sha(b_list).digest() sig = self.my_keypair.sign_dsa_asn1(digest) msg.append(sig) return msg
def check_initiator_response(self, list): """ Verify the response from the initiator to our challenge """ assert self.state == self.EXPECTING_INITIATOR_RESPONSE self.state = self.COMPLETED assert list if len(list) != 7: raise BadMessageException("Expected 7 message elements, but got %s"%len(list)) [nonce_b, torrent_id, torrent_pubkey, pub_permid, poa, sig] = list[1:] if torrent_id != self.torrent_id: raise WrongSwarmException() if nonce_b != self.nonce_b: raise BadMessageException("Got the wrong nonce") remote_poa = POA.deserialize(poa) if not remote_poa.get_torrent_pub_key() in self.torrent_pubkeys: import sys print >>sys.stderr,"Pub key:",remote_poa.get_torrent_pub_key(),"not in",self.torrent_pubkeys raise InvalidPOAException("Bad POA for this swarm") # Check the signature new_list = [self.nonce_b, self.torrent_id, torrent_pubkey, pub_permid, poa] b_list = bencode(new_list) digest = permid.sha(b_list).digest() pub = permid.EC.pub_key_from_der(pub_permid) if not pub.verify_dsa_asn1(digest, sig): raise InvalidSignatureException("Message freshness failed") # Passed the freshness test, now check the certificate remote_poa.verify() self.remote_node_authorized = True