def verify_and_generate_shared_secret(self, dh_secret, dh_received, auth,
B):
shared_secret = libnacl.crypto_box_beforenm(
dh_received, dh_secret.key.sk) + libnacl.crypto_box_beforenm(
B, dh_secret.key.sk)
libnacl.crypto_auth_verify(auth, dh_received, shared_secret)
return shared_secret
def generate_diffie_shared_secret(self, dh_received, key=None):
if key is None:
key = self.key
tmp_key = self.generate_key("curve25519")
y = tmp_key.key.sk
Y = tmp_key.key.pk
shared_secret = libnacl.crypto_box_beforenm(dh_received, y) + libnacl.crypto_box_beforenm(dh_received, key.key.sk)
AUTH = libnacl.crypto_auth(Y, shared_secret[:32])
return shared_secret, Y, AUTH
def test_boxnm(self):
msg = b'Are you suggesting coconuts migrate?'
# run 1
nonce1 = libnacl.utils.rand_nonce()
pk1, sk1 = libnacl.crypto_box_keypair()
pk2, sk2 = libnacl.crypto_box_keypair()
k1 = libnacl.crypto_box_beforenm(pk2, sk1)
k2 = libnacl.crypto_box_beforenm(pk1, sk2)
enc_msg = libnacl.crypto_box_afternm(msg, nonce1, k1)
self.assertNotEqual(msg, enc_msg)
clear_msg = libnacl.crypto_box_open_afternm(enc_msg, nonce1, k2)
self.assertEqual(clear_msg, msg)
def completeKeyExchange(self, data):
if len(data) < 8:
raise Error('Invalid KeyExchange response')
pos = 0
keyExchangeVersion = int.from_bytes(data[pos:pos + 4], "little")
pos += 4
log.info(keyExchangeVersion)
if keyExchangeVersion != 2:
raise Exception('Unexpected KeyExchange version %',
keyExchangeVersion)
errorCode = int.from_bytes(data[pos:pos + 4], "little")
pos += 4
if errorCode != 0 and errorCode != 25:
raise Exception('received error code % as result of KeyExchange ',
errorCode)
if len(data) < (pos + 16 + 16):
raise Exception(
'Insufficient data length in KeyExchange response, have only % bytes ',
len(data))
fD = data[pos:pos + 16]
pos += 16
fS = data[pos:pos + 16]
pos += 16
sharedKey = self.generateSharedKey()
authenticatorValid = self.validateAuthenticator(
data[pos:], fD, fS, sharedKey)
if authenticatorValid is None:
raise Exception('Failed to authenticate key exchange data')
fK = self.extractData(data, pos)
pos += fK['length']
sessionIdentifier = fK['data']
flags = self.extractData(data, pos)
pos += flags['length']
if len(data) < (pos + 32):
raise Exception(
'KeyExchange response buffer too short, expected 32 bytes for public key at pos'
+ pos + ",have length " + len(data))
publicKey = data[pos:pos + 32]
self.cryptoIntermediateData = libnacl.crypto_box_beforenm(
publicKey, self.secretKey)
return sessionIdentifier
def __init__(self, private_key, public_key):
if private_key and public_key:
self._shared_key = libnacl.crypto_box_beforenm(
public_key.encode(encoder=encoding.RawEncoder),
private_key.encode(encoder=encoding.RawEncoder),
)
else:
self._shared_key = None
def __init__(self, private_key, public_key):
if private_key and public_key:
self._shared_key = libnacl.crypto_box_beforenm(
public_key.encode(encoder=encoding.RawEncoder),
private_key.encode(encoder=encoding.RawEncoder),
)
else:
self._shared_key = None
def __init__(self, sk, pk):
if isinstance(sk, (SecretKey, libnacl.dual.DualSecret)):
sk = sk.sk
if isinstance(pk, (SecretKey, libnacl.dual.DualSecret)):
raise ValueError('Passed in secret key as public key')
if isinstance(pk, PublicKey):
pk = pk.pk
if pk and sk:
self._k = libnacl.crypto_box_beforenm(pk, sk)
def DH(cls, keypair, public_key):
return libnacl.crypto_box_beforenm(public_key, keypair.private_key)
