This class provides a transparent layer of security
for network transmissions when properly used. In this
and other respects, it draws much from the goals of
SSL and TLS. However, cryptsock's underlying cryptographic
primitives are more efficient and consequently, impose
less overhead in terms of memory, cycles and module size. This class basically wraps the traditional socket, providing
a few new methods to be used. The raw socket is accessible as
the sock attribute of the class. Zlib compression
is used on all bulk data that passes through the socket.
Uses 128 Bit AES in ECB mode, Elliptic curve Diffie-Hellman
and Nyberg-Rueppel Signature / Verification. A record
protocol based on TLS (rfc 2246) and cPickle is employed
to manage message integrity.
Sample usage: Echo program:
Server:
-------
from cryptsock import cryptsock
s=cryptsock(1)
s.bind("",12345)
s.listen(1)
print 'Listening...'
c=s.accept()
print 'Connect from ', c.addr
data = c.recv()
c.send(data)
c.close()
Client:
-------
from cryptsock import cryptsock
s=cryptsock()
s.connect('127.0.0.1',12345)
s.send('Hello World!')
data = s.recv()
s.close
As you can see, cryptsock's API is nearly identical to
the standard python socket.
This module requires the AES, ECC and CSPRNG classes
from cryptkit in order to function properly.
Methods
|
|
__init__
accept
bind
close
connect
listen
reKey
recv
send
|
|
__init__
|
__init__ (
self,
server=0,
sock=None,
family=socket.AF_INET,
type=socket.SOCK_STREAM,
)
Constructor.
Instantiates a CSPRNG and keys the ECC.
Also instantiates an AES cipher for use
afterwards.
sock, if provided, constitues the socket to use,
otherwise creates a new one. server, if true, will bypass the creation of
crypto primitives for this instance, creating them instead
for the socket instances it spawns in its accept() loop.
family and type are the standard
socket constructor arguments.
|
|
accept
|
accept ( self )
Here is where the server-side of the key exchange
takes place.
Spawns a brand new instance of cryptsock.
|
|
bind
|
bind (
self,
host,
port,
)
Just a dumb wrapper for the underlying socket.
|
|
close
|
close ( self )
Just a dumb wrapper for the underlying socket.
|
|
connect
|
connect (
self,
host,
port,
)
Here is where the client side of the key exchange takes
place.
|
|
listen
|
listen ( self, num )
Just a dumb wrapper for the underlying socket.
|
|
reKey
|
reKey ( self, key )
Re-Key the symmetric cipher.
|
|
recv
|
recv ( self, maxBytes=1024 )
Receives up to maxBytes bytes of data from the
socket. Defaults to 1024. Method returns the unencrypted,
decompressed, unpickled version of the message.
Exceptions
|
|
RuntimeError( "Socket has been remotely closed." )
RuntimeError( "Verification has failed. Socket has been closed." )
|
|
|
send
|
send ( self, msg )
Sends the arbitrary msg over the encrypted
connection. First it places the message in a parcel
containing a signature. Then it pickles, compresses,
encrypts and sends that parcel over the socket.
|
|