def test_add_block():
mb = Blocks(((13, MyBlock), (37, Singleton)))
b1 = MyBlock(13, rng.randombytes(214))
mb.add_block(b1.bt, b1)
s1 = Singleton(37, rng.randombytes(88))
mb.add_block(s1.bt, s1)
s2 = Singleton(37, rng.randombytes(88))
mb.add_block(s2.bt, s2)
b2 = MyBlock(13, rng.randombytes(214))
mb.add_block(b2.bt, b2)
assert s1.deleted
assert not s2.deleted
assert not b1.deleted
assert not b2.deleted
assert len(mb) == 4
fo = io.BytesIO()
mb.dump(fo)
fo.seek(0, 0)
rb = Blocks(((13, MyBlock), (37, Singleton)))
rb.load(fo)
s3 = rb.get_block(37)
assert s3.bdata == s2.bdata
b3, b4 = rb.get_blocks(13)
assert b3.bdata == b1.bdata
assert b4.bdata == b2.bdata
assert len(rb) == 3
def test_s4():
ilk, iuk = crypto_sign_seed_keypair(rng.randombytes(KEY_BYTES))
piuk = [gen_iuk(), gen_iuk(), gen_iuk()]
iuk = iuk[:KEY_BYTES]
rb = Rescue.seal(iuk, rc, 9, 1, .6)
imk = enhash(iuk)
ab = Access().seal(imk + ilk, pw)
pb = Previous.seal(imk, piuk)
sitepw = genpasswd()
sb = Secret.make(b'shop', b'amazon', b'*****@*****.**').seal(imk, sitepw)
s = SQRLdata([ab, rb, pb, sb])
sa = s.ascii()
print(sa)
source = io.BytesIO(sa.encode('ascii'))
ab1, rb1, pb1, sb1 = SQRLdata.load(source, tm)
print(ab1)
print(rb1)
print(pb1)
print(sb1)
iuk1 = rb1.open(rc)
assert iuk == iuk1
imk1, ilk1 = ab1.open(pw)
assert ilk == ilk1
assert imk == imk1
piuk1 = pb1.open(imk)
assert piuk == piuk1
def next_nonce(self):
iv = self.gcmiv
ivl = self.IV_BYTES
if iv:
# XXX is this safe?
nn = sha256sum(iv, ivl * 2)
d0 = int.from_bytes(nn[:ivl], 'little')
d1 = int.from_bytes(nn[ivl:], 'little')
return (d0 ^ d1).to_bytes(ivl, 'little')
return rng.randombytes(ivl)
def __init__(self, previous=None, timeout=300):
'''create a nut generator
previous: a previous instance that may have issued outstanding nuts
start: the starting nonce
timeout: maximum number of seconds a nut is valid for
This instance generates a random key. Nuts sealed by other instances
will not validate with this instance. (A server restart will invalidate
all outstanding nuts unless this instance is pickled and restored.
(Take care to not leak the key))
'''
self.old = previous
self.start_now = int(time.time())
self.start_up = int(time.monotonic())
self.timeout = timeout
self.__key = rng.randombytes(KEY_BYTES)
self.nonce = Nonce()
def createid(fname):
'''create a new SQRL identity, storing it to `fname`'''
click.echo('creating new id in "{}"'.format(fname))
pw = getnewpassword('access password')
print(type(pw), pw)
rc = rescue_code()
click.echo(
'Here is your emergency rescue code (write it in a secure place or memorize it):'
)
urc = rc.decode('ascii')
click.echo(' '.join(urc[i:i + 4] for i in range(0, len(urc), 4)))
ilk, iuk = crypto_sign_seed_keypair(rng.randombytes(KEY_BYTES))
iuk = iuk[:KEY_BYTES]
imk = enhash(iuk)
click.echo(
'Encrypting your new identity. (This should take about 60 seconds.)')
ab = Access().seal(imk + ilk, pw)
rb = Rescue.seal(iuk, rc)
sd = SQRLdata([ab, rb])
with open(fname, 'wb') as fo:
sd.dump(fo)
click.echo('Your new identity is now stored in "{}"'.format(
os.path.abspath(fname)))
def gen_iuk():
return crypto_sign_seed_keypair(rng.randombytes(KEY_BYTES))[1][:KEY_BYTES]
def randomsalt(cls):
return rng.randombytes(cls.SALT_BYTES)
def genpasswd(len=16):
return encode(rng.randombytes(len))
def __init__(self, bytes=na.crypto_secretbox_NONCEBYTES, start=1, prefix=None):
self._bytes = bytes
self._count = start
self._prefix = rng.randombytes(16) if prefix is None else prefix