Exemplo n.º 1
0
def serve_cb(watcher, revents):
    global connection_map, conn_sock
    data, addr = c_recvfrom(conn_sock, 4096)
    if addr not in connection_map:
        print("data0 is %d" % data[0])
        if int(data[0]) != 0: # DH Key Exchange Packet
            print("Ignoring garbage data from %s" % addr[0])
            return # Ignore this connection
        name_end = data.find(b'\0', 1)
        name = data[1:name_end]
        kexpkt = data[name_end+1:]
        if not peer_exists(name, pfile=WHITELIST_FILE):
            print("Ignoring unknown peer \"%s\" from %s" % (name, addr[0]))
            return # Ignore this connection
        peer_public_key = get_peer_public_key(name, pfile=WHITELIST_FILE)
        try:
            result = nacl.crypto_sign_open(kexpkt, peer_public_key)
        except Exception:
            print("Invalid signature from peer \"%s\" from %s" % \
                                                               (name, addr[0]))
            return # Ignore this connection
        print("Accepted connection from peer \"%s\" from %s" % (name, addr[0]))
        connection_map[addr] = ServeConnection(conn_sock, addr, name,
                                          peer_public_key, result)
    else:
        print("packet from %s" % addr[0])
        connection_map[addr].raw_recv(data)
Exemplo n.º 2
0
 def key_get_exchange(self):
     nonce = '\0' * self.nonce_bytes
     authpkt = nacl.crypto_stream_xor(data, nonce, self.key)
     try:
         peer_dhpk = nacl.crypto_sign_open(authpkt, self.peer_public_key)
     except Exception:
         print("Invalid signature from peer \"%s\" from %s" % \
                                                            (name, addr[0]))
         sys.exit(0)
     if self.kex_init:
         self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                     "nonce_prefix"),
                                             self.key)[:23-self.nonce_bytes]
         self.dhsk = None
         self.kex_init = False
         return
     dhpk, dhsk = nacl.crypto_box_keypair()
     authpkt = nacl.crypto_sign(dhpk, self.secret_key)
     crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
                             '\x01' + self.nonce_prefix + nonce, self.key)
     mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
     c_sendto(self.sock, mac + crypted_data, self.addr)
     self.key = nacl.crypto_scalarmult(dhsk, peer_dhpk)
     print("New key is %s"%repr(self.key))
Exemplo n.º 3
0
 def __init__(self, sock, addr):
     self.sock = sock
     self.addr = addr
     self.name, self.public_key, self.secret_key = load_identity()
     dhpk, self.dhsk = nacl.crypto_box_keypair()
     self.mac_bytes = config.getint("netshrink","mac_bytes")
     if self.mac_bytes > 32:
         self.mac_bytes = 32
     self.nonce_bytes = config.getint("netshrink","nonce_bytes")
     if self.nonce_bytes > 8:
         self.nonce_bytes = 8
     self.nonce = 0
     self.peer_nonce = 0
     self.kex_init = False
     authpkt = b'\0' + self.name.encode("utf8") + b'\0'
     authpkt += nacl.crypto_sign(dhpk, self.secret_key)
     c_sendto(self.sock, authpkt, self.addr)
     while True:
         data, inaddr = c_recvfrom(self.sock, 4096)
         if int(data[0]) != 0:
             print("Ignoring garbage data from %s" % inaddr[0])
             continue
         name_end = data.find(b'\0', 1)
         self.peer_name = data[1:name_end].encode("utf8")
         kexpkt = data[name_end+1:]
         if not peer_exists(self.name):
             print("Peer \"%s\" is unknown, but you are whitelisted." % \
                                                             self.peer_name)
             print("Please run addpeer/getpeer to authenticate.")
             sys.exit(0)
         self.peer_public_key = get_peer_public_key(self.peer_name)
         try:
             peer_dhpk = nacl.crypto_sign_open(kexpkt, self.peer_public_key)
         except Exception:
             print("Invalid signature from peer \"%s\" from %s" % \
                                                (self.peer_name, inaddr[0]))
             sys.exit(0)
         break
     print("Accepted connection from peer \"%s\" from %s" % \
                                                  (self.peer_name, addr[0]))
     self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
     self.dhsk = None
     if self.nonce_bytes:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                          self.key)[:23-self.nonce_bytes]
     else:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                              self.key)[:23]
     print("len of nonce_prefix is %d"%len(self.nonce_prefix))
     for i in xrange(260):
         self.send("Hello there")
Exemplo n.º 4
0
	def verify(self, item):
		msg, auth = item[:4], item[4]
		if not self.pubkey: return True
		hashed, should = "1", "2"
		try:
			data = self.p.pack(msg)
			should = nacl.crypto_sign_open(auth, self.pubkey)
			hashed = nacl.crypto_hash_sha256(data)
		except:
			#pass
			import traceback
			traceback.print_exc()

		if hashed == should or DEBUG:
			return True
		return False
Exemplo n.º 5
0
 def test_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     r = nacl.crypto_sign_open(sm, self.pk)
     self.assertEqual(r, self.msg)
Exemplo n.º 6
0
 def test_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     r = nacl.crypto_sign_open(sm, self.pk)
     self.assertEqual(r, self.msg)