def test_auth_verify(self): msg = b'Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.' key1 = libnacl.utils.salsa_key() key2 = libnacl.utils.salsa_key() sig1 = libnacl.crypto_auth(msg, key1) sig2 = libnacl.crypto_auth(msg, key2) self.assertTrue(libnacl.crypto_auth_verify(sig1, msg, key1)) self.assertTrue(libnacl.crypto_auth_verify(sig2, msg, key2)) with self.assertRaises(ValueError) as context: libnacl.crypto_auth_verify(sig1, msg, key2) self.assertTrue('Failed to auth msg' in context.exception.args) with self.assertRaises(ValueError) as context: libnacl.crypto_auth_verify(sig2, msg, key1) self.assertTrue('Failed to auth msg' in context.exception.args)
def encode_auth(cls, message, key, footer=b''): prefix = cls.version + b'.auth.' mac = libnacl.crypto_auth(pre_auth_encode([prefix, message, footer]), key) without_footer = prefix + base64.urlsafe_b64encode(message + mac) if footer: return without_footer + b'.' + base64.urlsafe_b64encode(footer) else: return without_footer
def generate_diffie_shared_secret(self, dh_received, key=None): if key is None: key = self.key tmp_key = self.generate_key("curve25519") y = tmp_key.key.sk Y = tmp_key.key.pk shared_secret = libnacl.crypto_box_beforenm(dh_received, y) + libnacl.crypto_box_beforenm(dh_received, key.key.sk) AUTH = libnacl.crypto_auth(Y, shared_secret[:32]) return shared_secret, Y, AUTH
def test_auth_rejects_wrong_lengths(self): msg = b'Time is an illusion. Lunchtime doubly so.' for bad_key in (b'too short', b'too long' * 100): with self.assertRaises(ValueError) as context: libnacl.crypto_auth(msg, bad_key) self.assertEqual(context.exception.args, ('Invalid secret key',))