Пример #1
0
    def round1_setup_packages_decode(pkgs, crypto, chksum_test=True):
        # Break apart the received setup package packet per the above method
        # and return the unencrypted data along with the cryptographic box
        # to perform this again
        plaintext, hash_pkgs, h_target = None, -1, -2
        box = None
        pkg_data,hash_data = [], []

        chksum = pkgs[0:64]
        
        if chksum_test and (not chksum == sha256(pkgs[64:])):
            raise Exception("Checksum does not match")
        
        cert_hex = pkgs[64:128]
        path_length = int(pkgs[128:130])
        pkg_size = int(pkgs[130:134])
        hash_size = int(pkgs[134:138])
        
        # Create a box
        box = crypto.public_box(PrivateKey(cert_hex, encoder=nacl.encoding.HexEncoder))
        
        # Now get the packages and hashes
        hash_start = 138+(path_length*pkg_size)
        for i in range(path_length):
            pkg_i = pkgs[138+(i*pkg_size):138+((i+1)*pkg_size)]
            hash_i = pkgs[hash_start+(i*hash_size):hash_start+((i+1)*hash_size)]
            pkg_data.append(pkg_i)
            hash_data.append(hash_i)

        # Attempt to decrypt the packages (and calculate the hash on other
        # encrypted packages) and decrypt the hashes one by one
        i = 0
        for pkg in pkg_data:
            try:
                plaintext = box.decrypt(pkg)
                s = None
                if i == path_length - 1:
                    s = ''.join(pkg_data[0:i])
                else:
                    s = ''.join(pkg_data[0:i]+pkg_data[i+1:path_length])
                h_target = sha256(s)
                break
            except:
                pass
            i += 1
                
        for h in hash_data:
            try:
                 hash_pkgs = box.decrypt(h)
                 break
            except:
                pass
        
        if hash_pkgs == h_target:
            return box, plaintext
        else:
            raise Exception("Hashes do not match")
def init(prefs, the_ephemeral_key, has=False):
    encrypted_prefs = []
    for pref in prefs:
        if not has:
            hashed_reciprocal_pref = sha256(reciprocal_map[pref])
            want_pref = c.crypto_scalarmult(the_ephemeral_key, hashed_reciprocal_pref)
            encrypted_prefs.append(want_pref)
        else:
            hashed_pref = sha256(pref)
            have_pref = c.crypto_scalarmult(the_ephemeral_key, hashed_pref)
            encrypted_prefs.append(have_pref)
    return encrypted_prefs
Пример #3
0
def decrypt_message(encrypted_message, keying_material, private_key):
    encrypted_key = keying_material['encrypted_key']
    message_signature = keying_material['message_signature']
    temp_public_key = PublicKey(
        keying_material['temp_public_key'],
        Base64Encoder)

    box = PublicBox(private_key, temp_public_key)

    message_key = box.decrypt(
        encrypted_key,
        encoder=Base64Encoder)

    # We got the key, so let's get the message.
    message_box = nacl.secret.SecretBox(message_key)
    message = message_box.decrypt(
        encrypted_message,
        encoder=Base64Encoder)

    # Check the signature.
    mac_key = sha256(box._shared_key, RawEncoder)
    signing_key = SigningKey(mac_key)
    if signing_key.sign(message, Base64Encoder) != message_signature:
        raise SignatureError("The signature is not valid")

    return message
Пример #4
0
 def create_key(self, key_id=None):
     key = random(SecretBox.KEY_SIZE)
     if not key_id:
         h = sha256(key, HexEncoder)
         key_id = h.decode('utf-8')[:16]
     self.keys[key_id] = key
     log_debug("Key {} was created.".format(key_id))
     self.save_key(key_id)
     return key_id
def key_test( msg='test',
		key_enc='pbb6wrDXlLWOFMXYH4a9YHh7nGGD1VnStVYQBe9MyVU=' ):
	from hashlib import sha256
	key = key_generate()
	assert key_sign_check(key_get_vk(key), msg, key_sign(key, msg))
	key = key_decode_sk(key_enc)
	key_vk = key_get_vk(key)
	sign = key_sign(key, msg)
	assert key_sign_check(key_vk, msg, sign)
	print(sha256(''.join([
		key_encode(key), key_encode(key_vk),
		key_encode(key_decode_vk(key_encode(key_vk))),
		key_get_id(key), key_get_id(key_vk),
		msg, sign ])).hexdigest())
Пример #6
0
 def round1_setup_package(self):
     # To generate an output string we use the struct module that converts
     # the data into a c-style btye str/array
     #   See: http://docs.python.org/2/library/struct.html
     s = pack("<15s15sH64s32s32s64s64sBB", \
         self.prev_ip_addr, \
         self.next_ip_addr, \
         self.next_port, \
         self.path_construction_cert_hex, \
         self.prev_id, \
         self.next_id, \
         self.prev_path_building_cert_hex, \
         self.next_path_building_cert_hex, \
         self.type, \
         self.terminating, \
         )
     
     s += pack("<64s", sha256(s)) # append the hash of the decrypted package
         
     # TODO: Pack seeds and tuples
     return s
Пример #7
0
def encrypt_message(message, identifier):
    """Encrypts a message so that it can be read by all the devices of the
    given identifier.

    :param message: the message itself, in clear text.
    :param identifier: the identifier of the message recipient.
    """
    # Cipher the message with a brand new random key.
    message_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
    message_box = nacl.secret.SecretBox(message_key)
    message_nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
    encrypted_message = message_box.encrypt(message, message_nonce,
                                            Base64Encoder)

    returned = []
    # Encrypt the message key with each recipient's public key.
    for recipient_device_pub_key in get_public_keys(identifier):

        # Generate a new keypair & cipher the key with it.
        temp_private_key, temp_public_key = generate_keypair()
        box = PublicBox(temp_private_key, recipient_device_pub_key)
        nonce = nacl.utils.random(PublicBox.NONCE_SIZE)
        encrypted_key = box.encrypt(message_key, nonce, Base64Encoder)

        # Sign the message.
        mac_key = sha256(box._shared_key, RawEncoder)
        signing_key = SigningKey(mac_key)
        message_sig = signing_key.sign(message, Base64Encoder)

        # Return the public key used to cipher the message key.
        returned.append({
            'encrypted_key': encrypted_key,
            'temp_public_key': temp_public_key.encode(Base64Encoder),
            'message_signature': message_sig
        })

    return {
        'encrypted_message': encrypted_message,
        'recipients': returned
    }
Пример #8
0
def hash_(data):
    return sha256(data).decode('hex')
	def key_get_id(key):
		if isinstance(key, SigningKey): key = key.verify_key
		return '{{:>{}s}}'.format(key_id_len).format(
			sha256(key.encode(), URLSafeBase64Encoder)[:key_id_len] )
Пример #10
0
    def round1_setup_packages(self):
        # Generate a bunch of setup package data (strings)
        pkgs_and_nodes = []
        for node in self.nodes[1:-1]:
            pkg = node.round1_setup_package()
            pkg_encrypted = node.box.encryptn(pkg)
            # pkg_encrypted = node.encrypt_and_sign(pkg, self.path_construction_key)
            pkgs_and_nodes.append( (node, pkg_encrypted)) # append the node so we know the proper crypto keys
            
        # Shuffle the order of the setup packages
        shuffle(pkgs_and_nodes)
        pkgs = [x[1] for x in pkgs_and_nodes] # separate out pkgs
        
        # compute hash on (array - package) for each package (and shuffle)
        hashes = []
        for i in range(len(pkgs_and_nodes)):
            node = pkgs_and_nodes[i][0]
            s = None
            if i == len(pkgs) - 1:
                s = ''.join(pkgs[0:i])
            else:
                s = ''.join(pkgs[0:i]+pkgs[i+1:])
            
            h = node.box.encryptn(sha256(s))
            hashes.append(h)

        shuffle(hashes)
        
        # Format:
        # 0) 64 byte transmission checksum
        # 1) 64 byte cert (hex)
        # 2) 2 byte path length (N) 
        # 3) 4 byte package length (X)
        # 4) 4 byte hash length (Y)
        # 5) N packages of length X
        # 6) N packages of length Y
        
        # 1)
        pkg_str = self.my_node.path_building_cert_hex 
        
        # 2)
        s = str(self.length)
        while len(s) < 2: s = '0' + s
        pkg_str += s
        
        # 3)
        s = str(len(pkgs[0]))
        while len(s) < 4: s = '0' + s
        pkg_str += s
        
        # 4)
        s = str(len(hashes[0]))
        while len(s) < 4: s = '0' + s
        pkg_str += s
        
        # 5 and 6)
        for pkg in pkgs: pkg_str += pkg
        for h in hashes: pkg_str += h
        
        # 0)
        out = sha256(pkg_str) + pkg_str
        return out