def __init__(self, cert, key):
self.native = _ffi.new('struct xtt_server_certificate_context*')
if self.native == _ffi.NULL:
raise MemoryError("Unable to allocate native object")
rc = _lib.xtt_initialize_server_certificate_context_ed25519(
self.native, cert.native, key.native)
if rc != RC.SUCCESS:
error_from_code(rc)
def __init__(self, root_id, root_pubkey):
self.native = _ffi.new('struct xtt_server_root_certificate_context*')
if self.native == _ffi.NULL:
raise MemoryError("Unable to allocate native object")
rc = _lib.xtt_initialize_server_root_certificate_context_ecdsap256(
self.native, root_id.native, root_pubkey.native)
if rc != RC.SUCCESS:
error_from_code(rc)
def version(self):
version = _ffi.new('xtt_version*')
rc = _lib.xtt_get_version(version, self.native)
if rc == RC.SUCCESS:
return version[0]
else:
raise error_from_code(rc)
def client_identity(self):
id = Identity()
rc = _lib.xtt_get_clients_identity(id.native, self.native)
if rc == RC.SUCCESS:
return id
else:
raise error_from_code(rc)
def suite_spec(self):
spec = _ffi.new('suite_spec*')
rc = _lib.xtt_get_suite_spec(spec, self.native)
if rc == RC.SUCCESS:
return spec[0]
else:
raise error_from_code(rc)
def my_identity(self):
ident = Identity()
rc = _lib.xtt_get_my_identity(ident.native, self.native)
if rc == RC.SUCCESS:
return ident
else:
raise error_from_code(rc)
def my_longterm_public_key_ecdsap256(self):
pub = ECDSAP256PublicKey()
rc = _lib.xtt_get_my_longterm_key_ecdsap256(pub.native, self.native)
if rc == RC.SUCCESS:
return pub
else:
raise error_from_code(rc)
def handle_io(self, bytes_sent, bytes_recv):
rc = _lib.xtt_handshake_server_handle_io(bytes_sent, bytes_recv,
self._io.addressof_size,
self._io.addressof_data,
self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def client_longterm_key_ed25519(self):
pub = ED25519PublicKey()
rc = _lib.xtt_get_clients_longterm_key_ed25519(pub.native, self.native)
if rc == RC.SUCCESS:
return pub
else:
raise error_from_code(rc)
def client_pseudonym_lrsw(self):
pseudonym = LRSWPseudonym()
rc = _lib.xtt_get_clients_pseudonym_lrsw(pseudonym.native, self.native)
if rc == RC.SUCCESS:
return pseudonym
else:
raise error_from_code(rc)
def my_longterm_private_key_ed25519(self):
priv = ED25519PrivateKey()
rc = _lib.xtt_get_my_longterm_private_key_ed25519(
priv.native, self.native)
if rc == RC.SUCCESS:
return priv
else:
raise error_from_code(rc)
def build_id_client_attest(self, root_cert, server_id, identity,
group_context):
rc = _lib.xtt_handshake_client_build_idclientattest(
self._io.addressof_size, self._io.addressof_data, root_cert.native,
identity.native, server_id.native, group_context.native,
self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def my_longterm_private_key_ecdsap256(self):
priv = ECDSAP256PrivateKey()
rc = _lib.xtt_get_my_longterm_private_key_ecdsap256(
priv.native, self.native)
if rc == RC.SUCCESS:
return priv
else:
raise error_from_code(rc)
def preparse_id_client_attest(self, server_cert_ctx, server_cookie_ctx):
rc = _lib.xtt_handshake_server_preparse_idclientattest(
self._io.addressof_size, self._io.addressof_data,
self._client_requested_id.native,
self._client_claimed_group.native, server_cookie_ctx.native,
server_cert_ctx.native, self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def __init__(self):
self.native = _ffi.new('struct xtt_server_cookie_context*')
if self.native == _ffi.NULL:
raise MemoryError("Unable to allocate native object")
rc = _lib.xtt_initialize_server_cookie_context(self.native)
if rc != RC.SUCCESS:
raise error_from_code(rc)
def create_ecdsap256_key_pair():
"""
Create a new ECDSAP256 key pair.
:returns: a tuple of the public and private keys
"""
pub = ECDSAP256PublicKey()
priv = ECDSAP256PrivateKey()
rc = _lib.xtt_crypto_create_ecdsap256_key_pair(pub.native, priv.native)
if rc == RC.SUCCESS:
return (pub, priv)
else:
raise error_from_code(rc)
def asn1_from_ed25519_private_key(priv_key):
"""
Returns the ASN.1 encoding of a ED25519 private ket.
:priv_key: an ED25519PrivateKey instance
:returns: the ASN.1 encoding as a byte string
"""
encoded_len = _lib.xtt_asn1_private_key_length()
encoded = _ffi.new('unsigned char[]', encoded_len)
rc = _lib.xtt_asn1_from_ed25519_private_key(priv_key.native, encoded,
len(encoded))
if rc == RC.SUCCESS:
return _ffi.buffer(encoded)[:]
else:
raise error_from_code(rc)
def __init__(self):
self.native = _ffi.new('struct xtt_server_handshake_context*')
if self.native == _ffi.NULL:
raise MemoryError("Unable to allocate native object")
self._in = Buffer(_lib.max_handshake_client_message_length())
self._out = Buffer(_lib.max_handshake_server_message_length())
self._io = BufferView()
self._client_requested_id = Identity()
self._client_claimed_group = GroupId()
rc = _lib.xtt_initialize_server_handshake_context(
self.native, self._in.native, self._in.size, self._out.native,
self._out.size)
if rc != RC.SUCCESS:
raise error_from_code(rc)
def x509_from_ecdsap256_key_pair(pub_key, priv_key, common_name):
"""
Creates a self-signed x509 certificate for a common name and
ECDSAP256 key pair.
:pub_key: an ECDSAP256PublicKey instance
:priv_key: an ECDSAP256PrivateKey instance
:common_name: an XTTIdentity instance
:returns: the certificate as a byte string
"""
cert_len = _lib.xtt_x509_certificate_length()
cert = _ffi.new('unsigned char[]', cert_len)
rc = _lib.xtt_x509_from_ecdsap256_keypair(pub_key.native, priv_key.native,
common_name.native, cert,
len(cert))
if rc == RC.SUCCESS:
return _ffi.buffer(cert)[:]
else:
raise error_from_code(rc)
def generate_ecdsap256_server_certificate(server_id, server_pub_key, expiry,
root_id, root_priv_key):
"""
Creates a new server certificate signed by the provided root.
:param Identity server_id: the identity for the certificate
:param ECDSAP256PublicKey server_pub_key: the public key for the certificate
:param CertificateExpiry expiry: the expiry date for the certificate
:param CertificateRootId root_id: the root identity to sign this certificate
:param ECDSAP256PrivateKey root_priv_key: the root private key to sign this
certificate
"""
cert = ECDSAP256ServerCertificate()
rc = _lib.xtt_generate_server_certificate_ecdsap256(
cert.native, server_id.native, server_pub_key.native, expiry.native,
root_id.native, root_priv_key.native)
if rc == RC.SUCCESS:
return cert
else:
raise error_from_code(rc)
def __init__(self, version, suite_spec):
self.native = _ffi.new('struct xtt_client_handshake_context*')
if self.native == _ffi.NULL:
raise MemoryError("Unable to allocate native object")
self._in = Buffer(_lib.max_handshake_server_message_length())
self._out = Buffer(_lib.max_handshake_client_message_length())
self._io = BufferView()
self._version = version
self._suite_spec = suite_spec
self._server_root_id = CertificateRootId()
rc = _lib.xtt_initialize_client_handshake_context(
self.native, self._in.native, self._in.size, self._out.native,
self._out.size, version, suite_spec)
if rc != RC.SUCCESS:
raise error_from_code(rc)
def start(self):
rc = _lib.xtt_handshake_client_start(self._io.addressof_size,
self._io.addressof_data,
self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def build_id_server_finished(self, client_id):
rc = _lib.xtt_handshake_server_build_idserverfinished(
self._io.addressof_size, self._io.addressof_data, client_id.native,
self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def verify_group_signature(self, gpk_ctx, server_cert_ctx):
rc = _lib.xtt_handshake_server_verify_groupsignature(
self._io.addressof_size, self._io.addressof_data, gpk_ctx.native,
server_cert_ctx.native, self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def build_server_attest(self, server_cert_ctx, server_cookie_ctx):
rc = _lib.xtt_handshake_server_build_serverattest(
self._io.addressof_size, self._io.addressof_data, self.native,
server_cert_ctx.native, server_cookie_ctx.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def handle_connect(self):
rc = _lib.xtt_handshake_server_handle_connect(self._io.addressof_size,
self._io.addressof_data,
self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
def preparse_server_attest(self, server_root_id):
rc = _lib.xtt_handshake_client_preparse_serverattest(
self._server_root_id.native, self._io.addressof_size,
self._io.addressof_data, self.native)
if rc != RC.SUCCESS and rc != RC.HANDSHAKE_FINISHED:
raise error_from_code(rc)
