def create_initiator_response(self, nonce_b):
"""
Create the response from the initiator after having the
remote node perform the initial challenge.
"""
assert self.state == self.SEND_INITIATOR_RESPONSE
self.state = self.COMPLETED
assert nonce_b
msg = [CS_INITIATOR_RESPONSE, nonce_b]
# Provide the certificate
if not self.poa:
raise MissingCertificateException()
msg.append(self.torrent_id)
msg.append(self.poa.torrent_pub_key)
msg.append(self.pub_permid)
msg.append(self.poa.serialize())
# Sign it
list = [nonce_b,
self.torrent_id,
self.poa.torrent_pub_key,
self.pub_permid,
self.poa.serialize()]
b_list = bencode(list)
digest = permid.sha(b_list).digest()
sig = self.my_keypair.sign_dsa_asn1(digest)
msg.append(sig)
return msg
def _create_poa_message(self, msg_id, nonce_a, nonce_b):
"""
Create the POA exchange message (messages 3 and 4).
"""
assert msg_id
assert nonce_a
assert nonce_b
assert self.poa
# Provide the certificate
if not self.poa:
raise MissingCertificateException("Missing certificate")
msg = [msg_id] + self.poa.serialize_to_list()
# Add signature
lst = [nonce_a,
nonce_b,
self.poa.serialize()]
b_list = bencode(lst)
digest = permid.sha(b_list).digest()
sig = self.my_keypair.sign_dsa_asn1(digest)
msg.append(sig)
return msg
def sign(self, torrent_key_pair):
list = [self.torrent_id,
self.torrent_pub_key,
self.node_pub_key]
b_list = bencode(list)
digest = permid.sha(b_list).digest()
self.signature = torrent_key_pair.sign_dsa_asn1(digest)
def verify(self):
"""
Throws an exception if the POA does not hold or has expired
"""
if self.expire_time and self.expire_time < time.mktime(time.gmtime()):
raise POAExpiredException("Expired")
try:
lst = [self.torrent_id, self.torrent_pub_key, self.node_pub_key]
b_list = bencode(lst)
digest = permid.sha(b_list).digest()
pub = pub_key_from_der(self.torrent_pub_key)
if not pub.verify_dsa_asn1(digest, self.signature):
raise InvalidPOAException("Proof of access verification failed")
except Exception, e:
raise InvalidPOAException("Bad POA: %s" % e)
def verify(self):
"""
Throws an exception if the POA does not hold or has expired
"""
if self.expire_time and self.expire_time<time.mktime(time.gmtime()):
raise POAExpiredException()
try:
list = [self.torrent_id,
self.torrent_pub_key,
self.node_pub_key]
b_list = bencode(list)
digest = permid.sha(b_list).digest()
pub = permid.EC.pub_key_from_der(self.torrent_pub_key)
if not pub.verify_dsa_asn1(digest, self.signature):
raise InvalidPOAException("Proof of access verification failed")
except Exception,e:
raise InvalidPOAException("Bad POA: %s"%e)
def _validate_poa_message(self, lst, nonce_a, nonce_b):
"""
Validate an incoming POA message - throw exception if bad.
Returns the POA if successful
"""
assert nonce_a
assert nonce_b
if len(lst) != 7:
raise BadMessageException("Require 7 elements, got %d"%len(lst))
poa = POA.deserialize_from_list(lst[1:-1])
sig = lst[-1]
assert poa.node_pub_key
if poa.torrent_id != self.torrent_id:
raise WrongSwarmException("Wrong swarm")
if poa.get_torrent_pub_key() not in self.torrent_pubkeys:
raise InvalidPOAException("Bad POA for this torrent")
# Check the signature
lst = [nonce_a,
nonce_b,
poa.serialize()]
import sys
b_list = bencode(lst)
digest = permid.sha(b_list).digest()
try:
pub = pub_key_from_der(poa.node_pub_key)
except:
print >> sys.stderr, time.asctime(),'-', "The node_pub_key is no good"
print >> sys.stderr, time.asctime(),'-', poa.node_pub_key
raise Exception("Node's public key is no good...")
if not pub.verify_dsa_asn1(digest, sig):
raise InvalidSignatureException("Freshness test failed")
# Passed the freshness test, now check the certificate
poa.verify() # Throws exception if bad
return poa
def _validate_poa_message(self, list, nonce_a, nonce_b):
"""
Validate an incoming POA message - throw exception if bad.
Returns the POA if successful
"""
if len(list) != 7:
raise BadMessageExecption("Require 7 elements, got %d"%len(list))
poa = POA.deserialize_from_list(list[1:-1])
sig = list[-1]
# Debug
self.remote_poa = poa
if poa.torrent_id != self.torrent_id:
raise WrongSwarmException()
if poa.get_torrent_pub_key() not in self.torrent_pubkeys:
import sys
print >>sys.stderr,"Pub key:",poa.get_torrent_pub_key()
print >>sys.stderr,"Torrent keys:",self.torrent_pubkeys
raise InvalidPOAException("Bad POA for this torrent")
# Check the signature
list = [nonce_a,
nonce_b,
poa.serialize()]
b_list = bencode(list)
digest = permid.sha(b_list).digest()
pub = permid.EC.pub_key_from_der(poa.node_pub_key)
if not pub.verify_dsa_asn1(digest, sig):
raise InvalidSignatureException("Freshness test failed")
# Passed the freshness test, now check the certificate
poa.verify() # Throws exception if bad
return poa
def _create_poa_message(self, msg_id, nonce_a, nonce_b):
"""
Create the POA exchange message (messages 3 and 4).
"""
# Provide the certificate
if not self.poa:
raise MissingCertificateException()
msg = [msg_id] + self.poa.serialize_to_list()
# Add signature
list = [nonce_a,
nonce_b,
self.poa.serialize()]
b_list = bencode(list)
digest = permid.sha(b_list).digest()
sig = self.my_keypair.sign_dsa_asn1(digest)
msg.append(sig)
return msg
def check_initiator_response(self, list):
"""
Verify the response from the initiator to our challenge
"""
assert self.state == self.EXPECTING_INITIATOR_RESPONSE
self.state = self.COMPLETED
assert list
if len(list) != 7:
raise BadMessageException("Expected 7 message elements, but got %s"%len(list))
[nonce_b, torrent_id, torrent_pubkey, pub_permid, poa, sig] = list[1:]
if torrent_id != self.torrent_id:
raise WrongSwarmException()
if nonce_b != self.nonce_b:
raise BadMessageException("Got the wrong nonce")
remote_poa = POA.deserialize(poa)
if not remote_poa.get_torrent_pub_key() in self.torrent_pubkeys:
import sys
print >>sys.stderr,"Pub key:",remote_poa.get_torrent_pub_key(),"not in",self.torrent_pubkeys
raise InvalidPOAException("Bad POA for this swarm")
# Check the signature
new_list = [self.nonce_b,
self.torrent_id,
torrent_pubkey,
pub_permid,
poa]
b_list = bencode(new_list)
digest = permid.sha(b_list).digest()
pub = permid.EC.pub_key_from_der(pub_permid)
if not pub.verify_dsa_asn1(digest, sig):
raise InvalidSignatureException("Message freshness failed")
# Passed the freshness test, now check the certificate
remote_poa.verify()
self.remote_node_authorized = True
