示例#1
0
def client_handshake_begin(ecdsa_priv, ecdh_priv, server_pub, curve=identity.DEFAULT_KEYTYPE, kdf=DEFAULT_KDF):
    """
    Start the handshake
    :param ecdsa_priv: long term signing privkey
    :param ecdh_priv: temporary session ecc privkey
    :param server_pub: server long term pub key
    :param curve: EC Curve name
    :param kdf: Key derivation mechanism
    :return: secret aes key, handshake message to send
    """

    session_pub_str = ecdh_priv.get_verifying_key().to_pem()

    # sign our session key
    signature = identity.sign_string(ecdsa_priv, session_pub_str + kdf + curve.openssl_name)

    message = {
        "pub": ecdsa_priv.get_verifying_key().to_pem(),
        "session": session_pub_str,
        "signature": signature,
        "keytype": curve.openssl_name,
        "kdf": kdf,
    }

    shared = identity.ecdh(ecdh_priv, server_pub)
    secret = derive_key(kdf, shared)

    return secret, message
示例#2
0
def client_handshake_finish(client_priv, secret, challenge):
    """
    Sign the challenge from the server's handshake response
    :param client_priv:
    :param secret:
    :param challenge:
    :return:
    """
    pubkeyhash = identity.pubkeyhash(client_priv.get_verifying_key())
    plaintext = aes_decrypt_str(secret, challenge["iv"], challenge["challenge"])
    signature = identity.sign_string(client_priv, plaintext)
    return {"signature": signature,
            "fingerprint": pubkeyhash
            }
示例#3
0
def test_generate_sign(tmpdir):
    """
    Test key generation
    :param tmpdir:
    :return:
    """
    datafolder = tmpdir.strpath
    identity.first_run(datafolder)
    keyfile = identity.get_priv_keyfilename(datafolder)

    assert os.path.isfile(keyfile)

    key = identity.load(keyfile)
    signature = identity.sign_string(key, "hello")

    pub = identity.loadpub(identity.get_pub_keyfilename(datafolder))
    assert identity.verify_string(pub, signature, "hello")
示例#4
0
def send_data(signer, sessionkey, data):
    """
    Encrypt some data and sign it
    :param signer: signing key
    :param sessionkey: encryption key
    :param data: message (expected string)
    :return: dict containing fingerprint, signature, iv and ciphertext
    """
    ctext, iv = aes_encrypt_str(sessionkey, str(data))
    signature = identity.sign_string(signer, ctext)
    pubkeyhash = hashlib.sha512(signer.get_verifying_key().to_der()).hexdigest()

    return {
        "fingerprint": pubkeyhash,
        "signature": signature,
        "iv": iv,
        "ciphertext": ctext
    }