def clientverify(self):
self.nonce += 1
vn = lnonce(self.nonce)
verifybox = nacl.crypto_box(self.shortpub, vn, self.remote_longpub, self.privkey)
m = _b(nacl.crypto_box(
str(bson.BSON.encode({
'lpub': _b(self.pubkey),
'v': _b(verifybox),
'vn': _b(vn),
})),
snonce(3), self.remote_shortpub, self.shortpriv
))
return m
def clientverify(self):
self.nonce += 1
vn = lnonce(self.nonce)
verifybox = nacl.crypto_box(self.shortpub, vn, self.remote_longpub,
self.privkey)
m = _b(
nacl.crypto_box(
str(
bson.BSON.encode({
'lpub': _b(self.pubkey),
'v': _b(verifybox),
'vn': _b(vn),
})), snonce(3), self.remote_shortpub, self.shortpriv))
return m
def serverhello(self):
m = {
'box': _b(nacl.crypto_box(
str(bson.BSON.encode({
'spub': _b(self.shortpub),
})),
snonce(2), self.remote_shortpub, self.privkey)),
'lpub': _b(self.pubkey),
}
enc = bson.BSON.encode(m)
return enc
def serverhello(self):
m = {
'box':
_b(
nacl.crypto_box(
str(bson.BSON.encode({
'spub': _b(self.shortpub),
})), snonce(2), self.remote_shortpub, self.privkey)),
'lpub':
_b(self.pubkey),
}
enc = bson.BSON.encode(m)
return enc
def inbound_message(self, body):
their_vatid, their_pubkey, nonce, encbody = self.parse_message(body)
# their_vatid is "pk0-base32..", while their_pubkey is binary
assert their_vatid != self.vatid, "go away mirror"
nonce_number = int(hexlify(nonce), 16)
if their_vatid < self.vatid:
offset = 2 # they are First, I am Second, msg is First->Second
else:
offset = 0 # I am First, they are Second, msg is Second->First
assert nonce_number % 4 == offset, "wrong nonce type %d %d" % (nonce_number, offset)
msg = crypto_box_open(encbody, nonce, their_pubkey, self.privkey)
resp = self.process_message(their_vatid, nonce_number, offset, msg)
r_nonce = self.number_to_nonce(nonce_number+1)
return ",".join(["v0",
util.to_ascii(self.pubkey, "pk0-", encoding="base32"),
util.to_ascii(r_nonce, encoding="base32"),
crypto_box(resp, r_nonce, their_pubkey, self.privkey)])
def send_message(self, their_vatid, msg):
assert isinstance(msg, (str, unicode)), "should be a json object, not %s" % type(msg)
assert msg.startswith("{")
if their_vatid == self.vatid:
self.send_loopback(msg)
return
c = self.db.cursor()
c.execute("SELECT `next_msgnum` FROM `outbound_msgnums`"
" WHERE `to_vatid`=? LIMIT 1", (their_vatid,))
data = c.fetchall()
if data:
next_msgnum = data[0][0]
else:
c.execute("INSERT INTO outbound_msgnums VALUES (?,?)",
(their_vatid, 0))
self.db.commit()
next_msgnum = 0
# add the boxed message to the outbound queue
if their_vatid < self.vatid:
offset = 0 # they are First, I am Second, msg is Second->First
else:
offset = 2 # I am First, they are Second, msg is First->Second
nonce = self.number_to_nonce(4*next_msgnum+offset)
their_pubkey = util.from_ascii(their_vatid, "pk0-", encoding="base32")
boxed = ",".join(["v0",
util.to_ascii(self.pubkey, "pk0-", encoding="base32"),
util.to_ascii(nonce, encoding="base32"),
crypto_box(msg, nonce, their_pubkey, self.privkey)])
c.execute("INSERT INTO `outbound_messages` VALUES (?,?,?,?)",
(their_vatid, 0, next_msgnum, base64.b64encode(boxed)))
c.execute("UPDATE `outbound_msgnums`"
" SET `next_msgnum`=?"
" WHERE `to_vatid`=?",
(next_msgnum+1, their_vatid))
self.db.commit()
self.trigger_outbound()
def test_box_badskey(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, self.pk2, perturb(self.sk1))
self.assertRaises(ValueError, nacl.crypto_box_open, c, nonce, self.pk1,
self.sk2)
def test_box_badsig(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, self.pk1, self.sk2)
c1 = perturb(c)
self.assertRaises(ValueError, nacl.crypto_box_open, c1, nonce,
self.pk2, self.sk1)
def test_box(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, self.pk2, self.sk1)
m = nacl.crypto_box_open(c, nonce, self.pk1, self.sk2)
self.assertEqual(m, self.msg)
def test_box_badpkey(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, perturb(self.pk1), self.sk2)
self.assertRaises(ValueError, nacl.crypto_box_open, c, nonce, self.pk2,
self.sk1)
def test_box_badsig(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, self.pk1, self.sk2)
c1 = perturb(c)
self.assertRaises(ValueError, nacl.crypto_box_open, c1, nonce, self.pk2,
self.sk1)
def test_box(self):
nonce = self.nonce()
c = nacl.crypto_box(self.msg, nonce, self.pk2, self.sk1)
m = nacl.crypto_box_open(c, nonce, self.pk1, self.sk2)
self.assertEqual(m, self.msg)
def _message(self, data):
m = nacl.crypto_box(data, snonce(self.shortnonce),
self.remote_shortpub, self.shortpriv)
self.shortnonce += 2
return m