Mon, Feb 29, 2016 at 05:16:47PM CET, olichtne(a)redhat.com wrote:
From: Ondrej Lichtner <olichtne(a)redhat.com>
diff --git a/lnst/Controller/CtlSecSocket.py b/lnst/Controller/CtlSecSocket.py
new file mode 100644
index 0000000..db27289
--- /dev/null
+++ b/lnst/Controller/CtlSecSocket.py
@@ -0,0 +1,318 @@
+"""
+The CtlSecSocket implements the controller (client) side of the handshake
+protocols.
+
+Copyright 2016 Red Hat, Inc.
+Licensed under the GNU General Public License, version 2 as
+published by the Free Software Foundation; see COPYING for details.
+"""
+
+__author__ = """
+olichtne(a)redhat.com (Ondrej Lichtner)
+"""
+
+import os
+import hashlib
+import math
+from lnst.Common.SecureSocket import SecureSocket
+from lnst.Common.SecureSocket import DH_GROUP, SRP_GROUP
+from lnst.Common.SecureSocket import SecSocketException
+from lnst.Common.Config import lnst_config
+from cryptography.hazmat.primitives import serialization as ser
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
+from cryptography.hazmat.primitives.serialization import load_pem_public_key
+from cryptography.hazmat.primitives.serialization import load_ssh_public_key
+from cryptography.hazmat.backends import default_backend
+
+backend = default_backend()
+
+class CtlSecSocket(SecureSocket):
+ def __init__(self, soc):
+ super(CtlSecSocket, self).__init__(soc)
+ self._role = "client"
+
+ def handshake(self, sec_params):
+ self._ctl_random = os.urandom(28)
+
+ ctl_hello = {"type": "ctl_hello",
+ "ctl_random": self._ctl_random}
+ self.send_msg(ctl_hello)
+ slave_hello = self.recv_msg()
+
+ if slave_hello["type"] != "slave_hello":
+ raise SecSocketException("Handshake failed.")
+
+ self._slave_random = slave_hello["slave_random"]
+
+ if sec_params["auth_type"] == "none":
+ self._dh_handshake()
+ elif sec_params["auth_type"] == "ssh":
+ self._ssh_handshake()
+ elif sec_params["auth_type"] == "pubkey":
+ ctl_identity = sec_params["identity"]
+ ctl_key_path = sec_params["privkey"]
+ try:
+ with open(ctl_key_path, 'r') as f:
+ ctl_key = load_pem_private_key(f.read(), None, backend)
+ except:
+ ctl_key = None
+
+ srv_key_path = sec_params["srv_pubkey_path"]
The 'srv_pubkey_path' key does not exist. In SM XML this is defined as
'pubkey_path' so it should be renamed in the parser/relaxng or here.