def test_crypto_kx(self):
if not pysodium.sodium_version_check(1, 0, 12): return
client_pk, client_sk = pysodium.crypto_kx_keypair()
server_pk, server_sk = pysodium.crypto_kx_keypair()
crx, ctx = pysodium.crypto_kx_client_session_keys(client_pk, client_sk, server_pk)
srx, stx = pysodium.crypto_kx_server_session_keys(server_pk, server_sk, client_pk)
self.assertEqual(crx, stx)
self.assertEqual(ctx, srx)
def test_crypto_kx(self):
if not pysodium.sodium_version_check(1, 0, 12): return
client_pk, client_sk = pysodium.crypto_kx_keypair()
server_pk, server_sk = pysodium.crypto_kx_keypair()
crx, ctx = pysodium.crypto_kx_client_session_keys(client_pk, client_sk, server_pk)
srx, stx = pysodium.crypto_kx_server_session_keys(server_pk, server_sk, client_pk)
self.assertEqual(crx, stx)
self.assertEqual(ctx, srx)
def as_bytes(self):
# magic signature
datagram = bytearray("GARLICKYCLIENT", "ascii")
# protocol version number
datagram.extend(struct.pack(">H", 0))
# generate ephemeral key
self.eph_pk, self.eph_sk = pysodium.crypto_kx_keypair()
assert len(self.eph_pk) == 32
datagram.extend(self.eph_pk)
# generate keypair for signature
self.sign_pk, self.sign_sk = pysodium.crypto_sign_keypair()
assert len(self.sign_pk) == 32
datagram.extend(self.sign_pk)
# sign the ephemeral key cus untrusted apparently :/
# print(pysodium.sodium.crypto_sign_ed25519_detached)
sig = ctypes.create_string_buffer(pysodium.crypto_sign_BYTES)
check(pysodium.sodium.crypto_sign_ed25519_detached(
sig,
ctypes.c_void_p(0),
self.eph_pk,
ctypes.c_ulonglong(len(self.eph_pk)),
self.sign_sk,
))
assert len(sig) == 64
# pysodium.crypto_sign_detached(eph_pk, sign_sk)
datagram.extend(sig)
assert len(datagram) == 144
return datagram
def send(self, addr, cSuite, nodeData):
try:
addrStr = sts_utility.addrToString(addr)
if addrStr in STS.STSConnectionStates.keys():
if STS.STSConnectionStates[addrStr]['phase'] == 2:
print('send data with the existing session')
ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData)
self.sock.sendto(ECDH_DATA_EX, addr)
# self.receive()
else:
self.terminate(addr)
else:
print('send data with the new session')
# myCert, myCertStatus = sts_utility.decodeMyCertificate(self.sock, self.endpoint_address)
# myEncrypKey, mySignKey = sts_utility.decodeSecretKey()
if cSuite in [1, 2, 6]:
# print('sending ECDH')
myECDHPK, myECDHSK = pysodium.crypto_kx_keypair()
propose = self.generateProposeECDH(cSuite, myECDHPK,
self.mySignKey,
self.myCert,
self.myCertStatus)
STS.STSConnectionStates[addrStr] = {
'session_key': None,
'phase': 0,
'init': True,
'data': nodeData,
'keys': (myECDHPK, myECDHSK),
'cSuite': cSuite,
'time': int(time.time())
}
print('sending PROPOSE')
sts_utility.decodeSTSMessage(propose)
self.sock.sendto(propose, addr)
elif cSuite in [3, 4, 5]:
propose = self.generateProposeECDH(cSuite, (0).to_bytes(
32, byteorder='big'), self.mySignKey, self.myCert,
self.myCertStatus)
STS.STSConnectionStates[addrStr] = {
'session_key': None,
'phase': 0,
'init': True,
'data': nodeData,
'keys': None,
'cSuite': cSuite,
'time': int(time.time())
}
print('sending PROPOSE')
sts_utility.decodeSTSMessage(propose)
self.sock.sendto(propose, addr)
# while not STS.STSConnectionStates[addrStr]['phase'] == 2:
# self.receive()
# ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData)
# self.sock.sendto(ECDH_DATA_EX, addr)
# self.receive()
except:
return None
def generate(cls) -> (bytes, bytes, bytes):
"""Generate new keypair and ID key.
They should be saved to file using Association.save()
unless we want to reassociate again next time."""
public_key, private_key = pysodium.crypto_kx_keypair()
id_key = pysodium.randombytes(pysodium.crypto_box_PUBLICKEYBYTES)
return public_key, private_key, id_key
def session_prepare_phase_1 () :
log ("[dcf6b145]", "[crypto][session]", "generating session public-private keys...")
_local_sess_pub_key, _local_sess_priv_key = pysodium.crypto_kx_keypair ()
log ("[3029ae13]", "[crypto][session]", "generated session private key `%s`;", _local_sess_priv_key.encode ("b64"))
log ("[4b75829d]", "[crypto][session]", "generated session public key `%s`;", _local_sess_pub_key.encode ("b64"))
return _local_sess_pub_key, _local_sess_priv_key
def sendBlake2bResp(self, data, addr, cSuite):
addrStr = sts_utility.addrToString(addr)
# myCert, myCertStatus = sts_utility.decodeMyCertificate(self.sock, self.endpoint_address)
# myEncrypKey, mySignKey = sts_utility.decodeSecretKey()
if cSuite in [1, 2]:
# print('sending ECDH')
myECDHPK, myECDHSK = pysodium.crypto_kx_keypair()
propose = self.generateProposeECDH(cSuite, myECDHPK,
self.mySignKey, self.myCert,
self.myCertStatus)
# STS.STSConnectionStates[addrStr] = {'session_key': None, 'phase': 0, 'init': True,
# 'keys': (myECDHPK, myECDHSK),
# 'cSuite': cSuite, 'time': int(time.time())}
STS.STSConnectionStates[addrStr]['keys'] = (myECDHPK, myECDHSK)
self.blake2b(data, addr, server=True)
self.sock.sendto(propose, addr)
elif cSuite == 0:
myECDHPK, myECDHSK = pysodium.crypto_kx_keypair()
STS.STSConnectionStates[addrStr]['keys'] = (myECDHPK, myECDHSK)
propose = self.generateProposeECDH(1, myECDHPK, self.mySignKey,
self.myCert, self.myCertStatus)
self.sock.sendto(propose, addr)
def send(self, addr, cSuite, nodeData):
try:
addrStr = sts_utility.addrToString(addr)
if addrStr in STS.STSConnectionStates.keys():
if STS.STSConnectionStates[addrStr]['phase'] == 2:
print('send data with the existing session')
ECDH_DATA_EX = self.constructSTSResponse(2, addr, nodeData)
self.sock.sendto(ECDH_DATA_EX, addr)
# self.receive()
else:
self.terminate(addr)
else:
print('send data with the new session')
if cSuite in [1, 2]:
myECDHPK, myECDHSK = pysodium.crypto_kx_keypair()
propose = self.generateProposeECDH(cSuite, myECDHPK,
self.mySignKey,
self.myCert,
self.myCertStatus)
STS.STSConnectionStates[addrStr] = {
'session_key': None,
'phase': 0,
'init': True,
'data': nodeData,
'keys': (myECDHPK, myECDHSK),
'cSuite': cSuite,
'time': int(time.time())
}
self.sock.sendto(propose, addr)
elif cSuite in [3, 4, 5]:
propose = self.generateProposeECDH(3, (0).to_bytes(
32, byteorder='big'), self.mySignKey, self.myCert,
self.myCertStatus)
STS.STSConnectionStates[addrStr] = {
'session_key': None,
'phase': 0,
'init': True,
'data': nodeData,
'keys': None,
'cSuite': cSuite,
'time': int(time.time())
}
self.sock.sendto(propose, addr)
except:
return None
