Table of Contents

Class: cryptsock cryptsock.py

This class provides a transparent layer of security for network transmissions when properly used. In this and other respects, it draws much from the goals of SSL and TLS. However, cryptsock's underlying cryptographic primitives are more efficient and consequently, impose less overhead in terms of memory, cycles and module size.

This class basically wraps the traditional socket, providing a few new methods to be used. The raw socket is accessible as the sock attribute of the class. Zlib compression is used on all bulk data that passes through the socket.

Uses 128 Bit AES in ECB mode, Elliptic curve Diffie-Hellman and Nyberg-Rueppel Signature / Verification. A record protocol based on TLS (rfc 2246) and cPickle is employed to manage message integrity.

Sample usage: Echo program:

                Server:
                -------

                from cryptsock import cryptsock
                s=cryptsock(1)
                s.bind("",12345)
                s.listen(1)
                print 'Listening...'
                c=s.accept()
                print 'Connect from ', c.addr
                data = c.recv()
                c.send(data)
                c.close()

                Client:
                -------

                from cryptsock import cryptsock
                s=cryptsock()
                s.connect('127.0.0.1',12345)
                s.send('Hello World!')
                data = s.recv()
                s.close

As you can see, cryptsock's API is nearly identical to the standard python socket.

This module requires the AES, ECC and CSPRNG classes from cryptkit in order to function properly.

Methods   
__init__
accept
bind
close
connect
listen
reKey
recv
send
  __init__ 
__init__ (
        self,
        server=0,
        sock=None,
        family=socket.AF_INET,
        type=socket.SOCK_STREAM,
        )

Constructor. Instantiates a CSPRNG and keys the ECC. Also instantiates an AES cipher for use afterwards. sock, if provided, constitues the socket to use, otherwise creates a new one.

server, if true, will bypass the creation of crypto primitives for this instance, creating them instead for the socket instances it spawns in its accept() loop.

family and type are the standard socket constructor arguments.

  accept 
accept ( self )

Here is where the server-side of the key exchange takes place. Spawns a brand new instance of cryptsock.

  bind 
bind (
        self,
        host,
        port,
        )

Just a dumb wrapper for the underlying socket.

  close 
close ( self )

Just a dumb wrapper for the underlying socket.

  connect 
connect (
        self,
        host,
        port,
        )

Here is where the client side of the key exchange takes place.

  listen 
listen ( self,  num )

Just a dumb wrapper for the underlying socket.

  reKey 
reKey ( self,  key )

Re-Key the symmetric cipher.

  recv 
recv ( self,  maxBytes=1024 )

Receives up to maxBytes bytes of data from the socket. Defaults to 1024. Method returns the unencrypted, decompressed, unpickled version of the message.

Exceptions   
RuntimeError( "Socket has been remotely closed." )
RuntimeError( "Verification has failed. Socket has been closed." )
  send 
send ( self,  msg )

Sends the arbitrary msg over the encrypted connection. First it places the message in a parcel containing a signature. Then it pickles, compresses, encrypts and sends that parcel over the socket.


Table of Contents

This document was automatically generated on Thu Nov 29 11:25:06 2001 by HappyDoc version r1_6_1