Пример #1
0
 def key_get_exchange(self):
     nonce = '\0' * self.nonce_bytes
     authpkt = nacl.crypto_stream_xor(data, nonce, self.key)
     try:
         peer_dhpk = nacl.crypto_sign_open(authpkt, self.peer_public_key)
     except Exception:
         print("Invalid signature from peer \"%s\" from %s" % \
                                                            (name, addr[0]))
         sys.exit(0)
     if self.kex_init:
         self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                     "nonce_prefix"),
                                             self.key)[:23-self.nonce_bytes]
         self.dhsk = None
         self.kex_init = False
         return
     dhpk, dhsk = nacl.crypto_box_keypair()
     authpkt = nacl.crypto_sign(dhpk, self.secret_key)
     crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
                             '\x01' + self.nonce_prefix + nonce, self.key)
     mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
     c_sendto(self.sock, mac + crypted_data, self.addr)
     self.key = nacl.crypto_scalarmult(dhsk, peer_dhpk)
     print("New key is %s"%repr(self.key))
Пример #2
0
 def __init__(self, sock, addr, peer_name, peer_public_key, peer_dhpk):
     global config
     self.sock = sock
     self.addr = addr
     self.peer_name = peer_name
     self.peer_public_key = peer_public_key
     self.name, self.public_key, self.secret_key = load_identity()
     dhpk, self.dhsk = nacl.crypto_box_keypair()
     self.kex_init = False
     self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
     self.dhsk = None
     self.mac_bytes = config.getint("netshrink","mac_bytes")
     if self.mac_bytes > 32:
         self.mac_bytes = 32
     self.nonce_bytes = config.getint("netshrink","nonce_bytes")
     if self.nonce_bytes > 8:
         self.nonce_bytes = 8
     if self.nonce_bytes:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                          self.key)[:23-self.nonce_bytes]
     else:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                              self.key)[:23]
     self.nonce = 0
     authpkt = b'\0'
     authpkt += self.name + b'\0'
     authpkt += nacl.crypto_sign(dhpk, self.secret_key)
     c_sendto(self.sock, authpkt, self.addr)
Пример #3
0
 def key_exchange(self):
     self.peer_nonce = 0
     self.kex_init = True
     nonce_out = '\0' * self.nonce_bytes
     dhpk, self.dhsk = nacl.crypto_box_keypair()
     authpkt = nacl.crypto_sign(dhpk, self.secret_key)
     crypted_data = nonce_out + nacl.crypto_stream_xor(authpkt,
                           '\x01' + self.nonce_prefix + nonce_out, self.key)
     mac = nacl.crypto_auth(crypted_data, self.key)[:self.mac_bytes]
     c_sendto(self.sock, mac + crypted_data, self.addr)
Пример #4
0
 def __init__(self, sock, addr):
     self.sock = sock
     self.addr = addr
     self.name, self.public_key, self.secret_key = load_identity()
     dhpk, self.dhsk = nacl.crypto_box_keypair()
     self.mac_bytes = config.getint("netshrink","mac_bytes")
     if self.mac_bytes > 32:
         self.mac_bytes = 32
     self.nonce_bytes = config.getint("netshrink","nonce_bytes")
     if self.nonce_bytes > 8:
         self.nonce_bytes = 8
     self.nonce = 0
     self.peer_nonce = 0
     self.kex_init = False
     authpkt = b'\0' + self.name.encode("utf8") + b'\0'
     authpkt += nacl.crypto_sign(dhpk, self.secret_key)
     c_sendto(self.sock, authpkt, self.addr)
     while True:
         data, inaddr = c_recvfrom(self.sock, 4096)
         if int(data[0]) != 0:
             print("Ignoring garbage data from %s" % inaddr[0])
             continue
         name_end = data.find(b'\0', 1)
         self.peer_name = data[1:name_end].encode("utf8")
         kexpkt = data[name_end+1:]
         if not peer_exists(self.name):
             print("Peer \"%s\" is unknown, but you are whitelisted." % \
                                                             self.peer_name)
             print("Please run addpeer/getpeer to authenticate.")
             sys.exit(0)
         self.peer_public_key = get_peer_public_key(self.peer_name)
         try:
             peer_dhpk = nacl.crypto_sign_open(kexpkt, self.peer_public_key)
         except Exception:
             print("Invalid signature from peer \"%s\" from %s" % \
                                                (self.peer_name, inaddr[0]))
             sys.exit(0)
         break
     print("Accepted connection from peer \"%s\" from %s" % \
                                                  (self.peer_name, addr[0]))
     self.key = nacl.crypto_scalarmult(self.dhsk, peer_dhpk)
     self.dhsk = None
     if self.nonce_bytes:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                          self.key)[:23-self.nonce_bytes]
     else:
         self.nonce_prefix = nacl.crypto_auth(config.get("netshrink",
                                                         "nonce_prefix"),
                                              self.key)[:23]
     print("len of nonce_prefix is %d"%len(self.nonce_prefix))
     for i in xrange(260):
         self.send("Hello there")
Пример #5
0
 def test_failed_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     self.assertRaises(ValueError, nacl.crypto_sign_open, sm, self.pk1)
Пример #6
0
 def test_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     r = nacl.crypto_sign_open(sm, self.pk)
     self.assertEqual(r, self.msg)
Пример #7
0
 def test_failed_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     self.assertRaises(ValueError, nacl.crypto_sign_open, sm, self.pk1)
Пример #8
0
 def test_signature(self):
     sm = nacl.crypto_sign(self.msg, self.sk)
     r = nacl.crypto_sign_open(sm, self.pk)
     self.assertEqual(r, self.msg)