Пример #1
0
def verify(sign, keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    sign=b85decode(sign)
    if(len(keyid)!=STORAGE_ID_LEN or len(sign)!= nacl.crypto_generichash_BYTES):
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile) if outfile else None

    reset()
    written=0

    eps[USB_CRYPTO_EP_CTRL_IN].write("%s%s%s" % (USB_CRYPTO_CMD_VERIFY,sign,keyid))
    tmp=read_ctrl(timeout=50)
    if(tmp and tmp.startswith('err: ')):
       return
    pkt = fd.read(32768)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        written+=eps[USB_CRYPTO_EP_DATA_IN].write(pkt)
        if outfd: outfd.write(pkt)
        pkt = fd.read(32768)
    if(written%64==0):
        eps[USB_CRYPTO_EP_DATA_IN].write(None)
    read_ctrl()
    res = eps[USB_CRYPTO_EP_DATA_OUT].read(1)
    read_ctrl()
    reset()
    if fd != sys.stdin: fd.close()
    if outfd and outfd != sys.stdout: outfd.close()
    return res[0]
Пример #2
0
def end_ecdh(pub, keyid):
    pub=b85decode(pub)
    keyid=b85decode(keyid)
    if DEBUG: start = time.time()
    flush(USB_CRYPTO_EP_DATA_OUT)
    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_ECDH_END+pub+keyid)
    resp=eps[USB_CRYPTO_EP_DATA_OUT].read(64)
    reset()
    return ''.join([chr(x) for x in resp])
Пример #3
0
def end_ecdh(pub, keyid):
    pub=b85decode(pub)
    keyid=b85decode(keyid)
    flush(USB_CRYPTO_EP_DATA_OUT)
    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_ECDH_END+pub+keyid, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    resp=eps[USB_CRYPTO_EP_DATA_OUT].read(64, timeout=0)
    reset()
    return ''.join([chr(x) for x in resp])
Пример #4
0
def decrypt(keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    if(len(keyid)!=STORAGE_ID_LEN):
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile or infile+'.pbp' if infile else '-')

    reset()

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_DECRYPT+keyid)
    tmp = read_ctrl(timeout=50)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)

    pkt = fd.read(32808)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        wrote = eps[USB_CRYPTO_EP_DATA_IN].write(pkt)
        if (wrote<32808 and not (wrote&0x3f)):
            eps[USB_CRYPTO_EP_DATA_IN].write(None)
        tmp = read_ctrl(timeout=50)
        if(tmp and tmp.startswith('err: ')):
            raise ValueError(tmp)
        outfd.write(''.join([chr(x) for x in eps[USB_CRYPTO_EP_DATA_OUT].read(wrote-40)]))
        pkt = fd.read(32808)
    if(len(pkt)==32808):
        eps[USB_CRYPTO_EP_DATA_IN].write(None)

    reset()
    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
Пример #5
0
Файл: pbp.py Проект: fpletz/pbp
def dh2_handler(peer):
    # provides a high level interface to receive a DH key exchange
    # request peer contains the public component generated by the peer
    # when initiating an DH exchange
    exp = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    public = nacl.crypto_scalarmult_curve25519_base(exp)
    secret = nacl.crypto_scalarmult_curve25519(exp, b85decode(peer))
    return (public, secret)
Пример #6
0
def resp_ecdh(pub, name):
    pub=b85decode(pub)
    if DEBUG: start = time.time()
    flush(USB_CRYPTO_EP_DATA_OUT)
    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_ECDH_RESPOND+pub+name)
    resp=eps[USB_CRYPTO_EP_DATA_OUT].read(64)
    reset()
    resp = ''.join([chr(x) for x in resp])
    return (resp[16:], resp[:16])
Пример #7
0
Файл: pbp.py Проект: dnet/pbp
def dh2_handler(peer):
    exp = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    public = nacl.crypto_scalarmult_curve25519_base(exp)
    (sys.stdout.buffer if hasattr(sys.stdout, 'buffer') else
     sys.stdout).write(b"public component " + b85encode(public) + b'\n')
    secret = nacl.crypto_scalarmult_curve25519(exp, b85decode(peer))
    (sys.stdout.buffer if hasattr(sys.stdout, 'buffer') else
     sys.stdout).write(b"shared secret " + b85encode(secret) + b'\n')
    clearmem(secret)
    clearmem(exp)
Пример #8
0
def resp_ecdh(pub, name):
    pub=b85decode(pub)
    flush(USB_CRYPTO_EP_DATA_OUT)
    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_ECDH_RESPOND+pub+name, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    resp=eps[USB_CRYPTO_EP_DATA_OUT].read(64, timeout=0)
    reset()
    resp = ''.join([chr(x) for x in resp])
    return (resp[16:], resp[:16])
Пример #9
0
def verify(sign, keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    sign=b85decode(sign)
    if(len(keyid)!=EKID_SIZE or len(sign)!= nacl.crypto_generichash_BYTES):
        print len(keyid), EKID_SIZE, repr(keyid)
        print len(sign), 32, repr(sign)
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile) if outfile else None

    reset()
    written=0

    eps[USB_CRYPTO_EP_CTRL_IN].write("%s%s%s" % (USB_CRYPTO_CMD_VERIFY,sign,keyid), timeout=0)
    tmp=read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       return
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp!="go"):
       raise ValueError(tmp)
    pkt = fd.read(32768)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        written+=eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        if outfd: outfd.write(pkt)
        pkt = fd.read(32768)
    if(written%64==0):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
    read_ctrl()
    res = eps[USB_CRYPTO_EP_DATA_OUT].read(1, timeout=0)
    read_ctrl()
    reset()
    if fd != sys.stdin: fd.close()
    if outfd and outfd != sys.stdout: outfd.close()
    return res[0]
Пример #10
0
Файл: pbp.py Проект: dnet/pbp
def verify_handler(infile=None, outfile=None, basedir=None):
    if not infile or infile == '-':
        fd = sys.stdin.buffer if hasattr(sys.stdin, 'buffer') else sys.stdin
    else:
        fd = open(infile, 'rb')
    if not outfile or outfile == '-':
        outfd = sys.stdout.buffer if hasattr(sys.stdout,
                                             'buffer') else sys.stdout
    else:
        outfd = open(outfile, 'wb')

    # calculate hash sum of data
    state = nacl.crypto_generichash_init()
    block = fd.read(int(BLOCK_SIZE / 2))
    while block:
        # use two half blocks, to overcome
        # sigs spanning block boundaries
        if len(block) == (BLOCK_SIZE / 2):
            next = fd.read(int(BLOCK_SIZE / 2))
        else:
            next = b''

        fullblock = block + next
        sigoffset = fullblock.rfind(SIGPREFIX)

        if 0 <= sigoffset <= (BLOCK_SIZE / 2):
            sig = b85decode(fullblock[sigoffset + len(SIGPREFIX):])
            block = block[:sigoffset]
            next = b''
        elif len(fullblock) < (BLOCK_SIZE / 2) + nacl.crypto_sign_BYTES:
            sig = fullblock[-nacl.crypto_sign_BYTES:]
            block = fullblock[:-nacl.crypto_sign_BYTES]
            next = b''
        state = nacl.crypto_generichash_update(state, block)
        if outfd: outfd.write(block)
        block = next
    hashsum = nacl.crypto_generichash_final(state)

    sender, hashsum1 = publickey.verify(sig + hashsum,
                                        basedir=basedir) or ([], '')
    if sender and hashsum == hashsum1:
        sys.stderr.write("good message from %s\n" % sender)
    else:
        sys.stderr.write('verification failed\n')

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
Пример #11
0
Файл: pbp.py Проект: fpletz/pbp
def import_handler(infile=None, basedir=None):
    # imports ascii armored key from infile or stdin to basedir
    if not infile:
        b85 = sys.stdin.readline().strip()
    else:
        with file(infile) as fd:
            b85 = fd.readline().strip()
    pkt = b85decode(b85)
    mp = pkt[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES+nacl.crypto_sign_PUBLICKEYBYTES]
    keys = nacl.crypto_sign_open(pkt, mp)
    if not keys:
        return
    name = keys[nacl.crypto_sign_PUBLICKEYBYTES*3:]
    peer = publickey.Identity(name, basedir=basedir)
    peer.mp = mp
    peer.cp = keys[nacl.crypto_sign_PUBLICKEYBYTES:nacl.crypto_sign_PUBLICKEYBYTES*2]
    peer.sp = keys[nacl.crypto_sign_PUBLICKEYBYTES*2:nacl.crypto_sign_PUBLICKEYBYTES*3]
    # TODO check if key exists, then ask for confirmation of pk overwrite
    peer.save()
    return name
Пример #12
0
Файл: pbp.py Проект: fpletz/pbp
def verify_handler(infile=None, outfile=None, basedir=None):
    # provides a high level function to verify signed files
    # infile specifies the filename of the input file,
    #        if '-' or not specified it uses stdin
    # outfile specifies the filename of the output file,
    # basedir provides a root for the keystores
    # this function also handles buffering.
    fd = inputfd(infile)
    outfd = outputfd(outfile)

    # calculate hash sum of data
    state = nacl.crypto_generichash_init()
    block = fd.read(int(BLOCK_SIZE/2))
    while block:
        # use two half blocks, to overcome
        # sigs spanning block boundaries
        if len(block)==(BLOCK_SIZE/2):
            next=fd.read(int(BLOCK_SIZE/2))
        else: next=''

        fullblock = "%s%s" % (block, next)
        sigoffset = fullblock.rfind(SIGPREFIX)

        if 0 <= sigoffset <= (BLOCK_SIZE/2):
            sig = b85decode(fullblock[sigoffset+len(SIGPREFIX):])
            block = block[:sigoffset]
            next = ''
        elif len(fullblock)<(BLOCK_SIZE/2)+nacl.crypto_sign_BYTES:
            sig = fullblock[-nacl.crypto_sign_BYTES:]
            block = fullblock[:-nacl.crypto_sign_BYTES]
            next = ''
        state = nacl.crypto_generichash_update(state, block)
        if outfd: outfd.write(block)
        block = next
    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
    hashsum = nacl.crypto_generichash_final(state)

    sender, hashsum1 = publickey.verify(sig+hashsum, basedir=basedir) or ([], '')
    if sender and hashsum == hashsum1:
        return sender
Пример #13
0
def import_handler(infile=None, basedir=None):
    # imports ascii armored key from infile or stdin to basedir
    if not infile:
        b85 = sys.stdin.readline().strip()
    else:
        with file(infile) as fd:
            b85 = fd.readline().strip()
    pkt = b85decode(b85)
    mp = pkt[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES+nacl.crypto_sign_PUBLICKEYBYTES]
    keys = nacl.crypto_sign_open(pkt, mp)
    if not keys:
        return
    name = keys[(nacl.crypto_sign_PUBLICKEYBYTES*3)+2*32:]
    kfile = publickey.get_pk_filename(basedir, name)
    if os.path.exists(kfile):
        bkp = kfile+'.old'
        print >>sys.stderr, "backing up existing key to %s" % bkp
        os.rename(kfile,bkp)
    with open(kfile, 'w') as fd:
        fd.write(pkt)
    # TODO check if key exists, then ask for confirmation of pk overwrite
    return name
Пример #14
0
def import_handler(infile=None, basedir=None):
    # imports ascii armored key from infile or stdin to basedir
    if not infile:
        b85 = sys.stdin.readline().strip()
    else:
        with file(infile) as fd:
            b85 = fd.readline().strip()
    pkt = b85decode(b85)
    mp = pkt[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES +
             nacl.crypto_sign_PUBLICKEYBYTES]
    keys = nacl.crypto_sign_open(pkt, mp)
    if not keys:
        return
    name = keys[(nacl.crypto_sign_PUBLICKEYBYTES * 3) + 2 * 32:]
    kfile = publickey.get_pk_filename(basedir, name)
    if os.path.exists(kfile):
        bkp = kfile + '.old'
        print >> sys.stderr, "backing up existing key to %s" % bkp
        os.rename(kfile, bkp)
    with open(kfile, 'w') as fd:
        fd.write(pkt)
    # TODO check if key exists, then ask for confirmation of pk overwrite
    return name
Пример #15
0
Файл: pbp.py Проект: dnet/pbp
def import_handler(infile=None, basedir=None):
    if not infile:
        b85 = sys.stdin.readline().strip()
    else:
        with open(infile, 'rb') as fd:
            b85 = fd.readline().strip()
    pkt = b85decode(b85)
    mp = pkt[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES +
             nacl.crypto_sign_PUBLICKEYBYTES]
    keys = nacl.crypto_sign_open(pkt, mp)
    if not keys:
        die("invalid key")
    name = keys[nacl.crypto_sign_PUBLICKEYBYTES * 3:]
    peer = publickey.Identity(name, basedir=basedir)
    peer.mp = mp
    peer.cp = keys[nacl.
                   crypto_sign_PUBLICKEYBYTES:nacl.crypto_sign_PUBLICKEYBYTES *
                   2]
    peer.sp = keys[nacl.crypto_sign_PUBLICKEYBYTES *
                   2:nacl.crypto_sign_PUBLICKEYBYTES * 3]
    # TODO check if key exists, then ask for confirmation of pk overwrite
    peer.save()
    print('Success: imported public keys for', name)
Пример #16
0
def decrypt(keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    if(len(keyid)!=EKID_SIZE):
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile or infile+'.pbp' if infile else '-')

    reset()

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_DECRYPT+keyid, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    tmp = read_ctrl(timeout=0)

    pkt = fd.read(32808)
    if(tmp and tmp!="go"):
       raise ValueError(tmp)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        wrote = eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        if (wrote<32808 and not (wrote&0x3f)):
            eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
        tmp = read_ctrl(timeout=50)
        if(tmp and tmp.startswith('err: ')):
            raise ValueError(tmp)
        outfd.write(''.join([chr(x) for x in eps[USB_CRYPTO_EP_DATA_OUT].read(wrote-40, timeout=0)]))
        pkt = fd.read(32808)
    if(len(pkt)==32808):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)

    reset()
    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
Пример #17
0
def buffered_verify(infd, outfd, basedir, self = None):
    # calculate hash sum of data
    state = nacl.crypto_generichash_init()
    block = infd.read(int(BLOCK_SIZE/2))
    while block:
        # use two half blocks, to overcome
        # sigs spanning block boundaries
        if len(block)==(BLOCK_SIZE/2):
            next=infd.read(int(BLOCK_SIZE/2))
        else: next=''

        fullblock = "%s%s" % (block, next)
        sigoffset = fullblock.rfind(SIGPREFIX)

        if 0 <= sigoffset <= (BLOCK_SIZE/2):
            sig = b85decode(fullblock[sigoffset+len(SIGPREFIX):sigoffset+len(SIGPREFIX)+80])
            block = block[:sigoffset]
            next = ''
        elif len(fullblock)<(BLOCK_SIZE/2)+nacl.crypto_sign_BYTES:
            sig = fullblock[-nacl.crypto_sign_BYTES:]
            block = fullblock[:-nacl.crypto_sign_BYTES]
            next = ''
        state = nacl.crypto_generichash_update(state, block)
        if outfd: outfd.write(block)
        block = next
    hashsum = nacl.crypto_generichash_final(state)

    if self:
        # verify specific key
        sender, hashsum1 = self.verify(sig+hashsum) or ([], '')
    else:
        # find corresponding key
        sender, hashsum1 = verify(sig+hashsum, basedir=basedir) or ([], '')

    if sender and hashsum == hashsum1:
        return sender
Пример #18
0
Файл: pbp.py Проект: fpletz/pbp
def dh3_handler(public, exp):
    # finishes the 3 step DH key exchange by combining the public
    # component of the peer, generated in the 2nd step by the peer,
    # using the exponent generated when the exchange was initiated.
    secret = nacl.crypto_scalarmult_curve25519(b85decode(exp), b85decode(public))
    return secret
Пример #19
0
Файл: pbp.py Проект: dnet/pbp
def dh3_handler(public, exp):
    secret = nacl.crypto_scalarmult_curve25519(b85decode(exp),
                                               b85decode(public))
    (sys.stdout.buffer if hasattr(sys.stdout, 'buffer') else
     sys.stdout).write(b"shared secret " + b85encode(secret) + b'\n')
    clearmem(secret)