diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json new file mode 100644 index 0000000000000000000000000000000000000000..e44c4d011aecd4c8fa2f8d43d18dbd33dd22bac5 --- /dev/null +++ b/.vscode/c_cpp_properties.json @@ -0,0 +1,21 @@ +{ + "configurations": [ + { + "name": "Win32", + "includePath": [ + "${workspaceFolder}/**" + ], + "defines": [ + "_DEBUG", + "UNICODE", + "_UNICODE" + ], + "windowsSdkVersion": "10.0.19041.0", + "compilerPath": "E:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\VC\\Tools\\MSVC\\14.29.30133\\bin\\Hostx64\\x64\\cl.exe", + "cStandard": "c17", + "cppStandard": "c++17", + "intelliSenseMode": "windows-msvc-x64" + } + ], + "version": 4 +} \ No newline at end of file diff --git "a/\345\233\275\346\260\221\345\267\245\344\275\234\350\277\233\345\261\225\345\221\250\346\212\245/Log_yjc.md" "b/\345\233\275\346\260\221\345\267\245\344\275\234\350\277\233\345\261\225\345\221\250\346\212\245/Log_yjc.md" index 056396cc7b4ca32a9c627cad2a0451df921c5664..d0157bee6b30126f9a7f3fee52810db21c38504d 100644 --- "a/\345\233\275\346\260\221\345\267\245\344\275\234\350\277\233\345\261\225\345\221\250\346\212\245/Log_yjc.md" +++ "b/\345\233\275\346\260\221\345\267\245\344\275\234\350\277\233\345\261\225\345\221\250\346\212\245/Log_yjc.md" @@ -1,6 +1,7 @@ [1月14日] 1. 解决了之前提到的一次性发送多条消息但是其中有一条消息报错无法定位哪一条信息的问题,解决方法是设备每次向服务器请求时,请求体多加一个MessageID的字段,返回的callback也会多带一个这样的字段,来定位那一条信息 +2. 解决了多线程处理网关脚本,防止线程阻塞的问题 [1月13日] @@ -10,7 +11,6 @@ MQTT的TLS加密分为单向认证和双向认证:那么我们这个应用需要用到双向加密吗 ``` - SSL/TLS单向认证:客户端会认证服务器端身份,服务器端不对客户端进行认证 SSL/TLS双向认证:客户端和服务端都会互相认证,即双发之间要证书交换 diff --git "a/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa.md" "b/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa.md" index f726f60d45e1f4ac2005e3ef190d3554a3094fa4..0423a1004dc02197e3bbaf63ac5f418c76380d85 100644 --- "a/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa.md" +++ "b/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa.md" @@ -163,7 +163,7 @@ PEM: signkey=278, verifykey=162, (no support for PEM signatures) In 2006, Peter Pearson announced his pure-python implementation of ECDSA in a [message to sci.crypt](http://www.derkeiler.com/Newsgroups/sci.crypt/2006-01/msg00651.html), available from his [download site](http://webpages.charter.net/curryfans/peter/downloads.html). In 2010, Brian Warner wrote a wrapper around this code, to make it a bit easier and safer to use. In 2020, Hubert Kario included an implementation of elliptic curve cryptography that uses Jacobian coordinates internally, improving performance about 20-fold. You are looking at the README for this wrapper. -## Testing +## Testing -- 测试 To run the full test suite, do this: @@ -175,7 +175,7 @@ On an Intel Core i7 4790K @ 4.0GHz, the tests take about 18 seconds to execute. One part of `test_pyecdsa.py` and `test_ecdh.py` checks compatibility with OpenSSL, by running the "openssl" CLI tool, make sure it `s in your `PATH ` if you want to test compatibility with it (if OpenSSL is missing, too old, or doesn`t support all the curves supported in upstream releases you will see skipped tests in the above `coverage` run). -## Security +## Security -- 安全 这个库的设计没有考虑到安全性。如果您正在处理需要保护的数据,我们建议您使用围绕OpenSSL的高质量包装器。[pyca/cryptography](https://cryptography.io/)就是这样一个包装器的例子。这个库的主要用例是作为互操作性测试的可移植库和教学工具。 @@ -187,7 +187,7 @@ One part of `test_pyecdsa.py` and `test_ecdh.py` checks compatibility with OpenS 这个库依赖于一个强大的随机数来源。不要在 `os.urandom()`不提供加密安全随机数的系统上使用它。 -## Usage +## Usage -- 用法 首先创建一个 `SigningKey`。通过以字节字符串的形式传递数据并返回签名(也是字节字符串),您可以使用它对数据进行签名。你也可以要求 `SigningKey`给你相应的 `verifingkey`。`verifingkey`可以用来验证签名,通过传递数据字符串和签名字节字符串:它要么返回True,要么引发 `BadSignatureError`。 @@ -251,13 +251,13 @@ vk2 = VerifyingKey.from_pem(vk_pem) # vk and vk2 are the same key ``` -有几种不同的方法来计算一个签名。基本上,ECDSA接受一个表示正在签名的数据的数字,并返回一对表示签名的数字。`sk.sign()`和 `vk.verify()`的 `hashfunc=`参数用于将任意字符串转换为固定长度的摘要,然后将其转换为ECDSA可以签名的数字,并且签名和验证必须使用相同的方法。默认值为 `hashlib.sha1`,但如果你使用NIST256p或较长的曲线,你可以使用 ` hashlib. sha256`代替。 +有几种不同的方法来计算一个签名。基本上,ECDSA接受一个表示正在签名的数据的数字,并返回一对表示签名的数字。` sk.sign() `和` vk.verify() `的` hashfunc= `参数用于将任意字符串转换为固定长度的摘要,然后将其转换为ECDSA可以签名的数字,并且签名和验证必须使用相同的方法。默认值为` hashlib.sha1 `,但如果你使用NIST256p或较长的曲线,你可以使用` hashlib. sha256`代替。 -还有多种方式来表示签名。默认的 `sk.sign()`和 `vk.verify()`方法将其表示为一个短字符串,以简化和最小化开销。要使用不同的方案,请使用 `sk.sign(sigencode=)`和 `vk.verify(sigdecode=)`参数。有一些辅助函数 `ecdsa.util`模块在这里可能很有用。 +还有多种方式来表示签名。默认的` sk.sign() `和` vk.verify() `方法将其表示为一个短字符串,以简化和最小化开销。要使用不同的方案,请使用`sk.sign(sigencode=)`和`vk.verify(sigdecode=)`参数。有一些辅助函数`ecdsa.util`模块在这里可能很有用。 -也可以从 `seed`创建一个 `SigningKey`,这是确定的。在协议中,如果您想从其他密文中获得一致的签名密钥,例如当您想要三个单独a的密钥,并且只想存储一个主秘密时,可以使用这种方法。你应该从一个均匀分布的不可猜测的种子开始。Baselen `字节的熵,a然后使用` ecdsa中的一个辅助函数。util `将其转换为正确范围内的整数,然后最后将其传递到` SigningKey.from_secret_exponent() `,像这样: +也可以从`seed`创建一个`SigningKey`,这是确定的。在协议中,如果您想从其他密文中获得一致的签名密钥,例如当您想要三个单独a的密钥,并且只想存储一个主秘密时,可以使用这种方法。你应该从一个均匀分布的不可猜测的种子开始。`curve.baselen`字节的熵,然后使用辅助函数`edcdsa.util `将其转换为正确范围内的整数,然后最后将其传递到` SigningKey.from_secret_exponent() `,像这样: -``` +```python import os from ecdsa import NIST384p, SigningKey from ecdsa.util import randrange_from_seed__trytryagain @@ -275,11 +275,11 @@ sk2 = make_key(b"2-"+seed) # different key assert sk1a.to_string() != sk2.to_string() ``` -In case the application will verify a lot of signatures made with a single key, it`s possible to precompute some of the internal values to make signature verification significantly faster. The break-even point occurs at about 100 signatures verified. +如果应用程序将验证许多由一个键生成的签名,可以预先计算一些内部值,使签名验证的速度大大加快。在验证了大约100个签名时,收支平衡点出现。 -To perform precomputation, you can call the `precompute()` method on `VerifyingKey` instance: +要执行预计算,你可以调用` verifingkey `实例上的` precompute() `方法: -``` +```python from ecdsa import SigningKey, NIST384p sk = SigningKey.generate(curve=NIST384p) vk = sk.verifying_key @@ -288,13 +288,13 @@ signature = sk.sign(b"message") assert vk.verify(signature, b"message") ``` -Once `precompute()` was called, all signature verifications with this key will be faster to execute. +一旦` precompute() `被调用,所有使用该key的签名验证都会执行得更快。 -## OpenSSL Compatibility +## OpenSSL Compatibility -- OpenSSL兼容性 -To produce signatures that can be verified by OpenSSL tools, or to verify signatures that were produced by those tools, use: +要生成可以由OpenSSL工具验证的签名,或验证这些工具生成的签名,请使用: -``` +```python # openssl ecparam -name prime256v1 -genkey -out sk.pem # openssl ec -in sk.pem -pubout -out vk.pem # echo "data for signing" > data @@ -328,11 +328,11 @@ with open("data.sig2", "wb") as f: # openssl dgst -sha256 -verify vk.pem -signature data.sig2 data ``` -Note: if compatibility with OpenSSL 1.0.0 or earlier is necessary, the `sigencode_string` and `sigdecode_string` from `ecdsa.util` can be used for respectively writing and reading the signatures. +注意:如果需要兼容OpenSSL 1.0.0或更早版本的OpenSSL,`sigencode_string`和``sigdecode_string`来自`ecdsa.util `可分别用于签名的写入和读取。 -The keys also can be written in format that openssl can handle: +密钥也可以写成openssl可以处理的格式: -``` +```python from ecdsa import SigningKey, VerifyingKey with open("sk.pem") as f: @@ -346,11 +346,11 @@ with open("vk.pem", "wb") as f: f.write(vk.to_pem()) ``` -## Entropy +## Entropy -- 熵 -Creating a signing key with `SigningKey.generate()` requires some form of entropy (as opposed to `from_secret_exponent`/`from_string`/`from_der`/`from_pem`, which are deterministic and do not require an entropy source). The default source is `os.urandom()`, but you can pass any other function that behaves like `os.urandom` as the `entropy=` argument to do something different. This may be useful in unit tests, where you want to achieve repeatable results. The `ecdsa.util.PRNG` utility is handy here: it takes a seed and produces a strong pseudo-random stream from it: +使用` SigningKey.generate() `创建签名密钥需要某种形式的熵(与` from_secret_exponent ` / ` from_string ` / ` from_der ` / ` from_pem `相反,后者是确定性的,不需要熵源)。默认的源是` os.urandom() `,但你可以传递任何其他行为类似于` os.urandom() `的函数,作为`entropy=`的参数来做一些不同的事情。这在单元测试中可能很有用,在单元测试中,您希望获得可重复的结果。`ecdsa.util.PRNG`实用程序在这里很方便:它获取一个种子并从中生成一个强的伪随机流: -``` +```python from ecdsa.util import PRNG from ecdsa import SigningKey rng1 = PRNG(b"seed") @@ -360,20 +360,19 @@ sk2 = SigningKey.generate(entropy=rng2) # sk1 and sk2 are the same key ``` -Likewise, ECDSA signature generation requires a random number, and each signature must use a different one (using the same number twice will immediately reveal the private signing key). The `sk.sign()` method takes an `entropy=` argument which behaves the same as `SigningKey.generate(entropy=)`. +同样地,ECDSA签名生成也需要一个随机数,而且每个签名都必须使用一个不同的随机数(使用相同的数字两次将立即显示私有签名密钥)。 ` sk.sign() `方法接受` entropy= `参数,其行为与` SigningKey.generate(entropy=) `相同。 -## Deterministic Signatures +## Deterministic Signatures -- 确定签名 -If you call `SigningKey.sign_deterministic(data)` instead of `.sign(data)`, the code will generate a deterministic signature instead of a random one. This uses the algorithm from RFC6979 to safely generate a unique `k` value, derived from the private key and the message being signed. Each time you sign the same message with the same key, you will get the same signature (using the same `k`). +如果你调用` SigningKey.sign_deterministic(data) `而不是` .sign(data) `,代码将生成确定性签名而不是随机签名。它使用RFC6979的算法安全地生成一个唯一的`k`值,该值来自私钥和正在签名的消息。每次用相同的密钥对相同的消息签名时,您将得到相同的签名(使用相同的`k`)。 -This may become the default in a future version, as it is not vulnerable to failures of the entropy source. +在未来的版本中,这可能会成为默认值,因为它不会受到熵源故障的影响。 -## Examples +## Examples -- 例子 -Create a NIST192p keypair and immediately save both to disk: - -``` +创建一个NIST192p密钥对,并立即将它们保存到磁盘: +```python from ecdsa import SigningKey sk = SigningKey.generate() vk = sk.verifying_key @@ -383,9 +382,9 @@ with open("public.pem", "wb") as f: f.write(vk.to_pem()) ``` -Load a signing key from disk, use it to sign a message (using SHA-1), and write the signature to disk: +从磁盘中加载签名密钥,使用该密钥对消息进行签名(使用SHA-1),并将签名写入磁盘: -``` +```python from ecdsa import SigningKey with open("private.pem") as f: sk = SigningKey.from_pem(f.read()) @@ -396,9 +395,9 @@ with open("signature", "wb") as f: f.write(sig) ``` -Load the verifying key, message, and signature from disk, and verify the signature (assume SHA-1 hash): +从磁盘加载验证密钥、消息和签名,并验证签名(假设是SHA-1哈希): -``` +```python from ecdsa import VerifyingKey, BadSignatureError vk = VerifyingKey.from_pem(open("public.pem").read()) with open("message", "rb") as f: @@ -412,17 +411,17 @@ except BadSignatureError: print "BAD SIGNATURE" ``` -Create a NIST521p keypair: +创建NIST521p密钥对: -``` +```python from ecdsa import SigningKey, NIST521p sk = SigningKey.generate(curve=NIST521p) vk = sk.verifying_key ``` -Create three independent signing keys from a master seed: +从一个主种子创建三个独立的签名密钥: -``` +```python from ecdsa import NIST192p, SigningKey from ecdsa.util import randrange_from_seed__trytryagain @@ -435,9 +434,9 @@ sk2 = make_key_from_seed("2:%s" % seed) sk3 = make_key_from_seed("3:%s" % seed) ``` -Load a verifying key from disk and print it using hex encoding in uncompressed and compressed format (defined in X9.62 and SEC1 standards): +从磁盘加载验证密钥,并以未压缩和压缩格式(在X9.62和SEC1标准中定义)使用十六进制编码打印它: -``` +```python from ecdsa import VerifyingKey with open("public.pem") as f: @@ -447,9 +446,9 @@ print("uncompressed: {0}".format(vk.to_string("uncompressed").hex())) print("compressed: {0}".format(vk.to_string("compressed").hex())) ``` -Load a verifying key from a hex string from compressed format, output uncompressed: +从压缩格式的十六进制字符串中加载验证密钥,输出未压缩: -``` +```python from ecdsa import VerifyingKey, NIST256p comp_str = `022799c0d0ee09772fdd337d4f28dc155581951d07082fb19a38aa396b67e77759` @@ -457,9 +456,9 @@ vk = VerifyingKey.from_string(bytearray.fromhex(comp_str), curve=NIST256p) print(vk.to_string("uncompressed").hex()) ``` -ECDH key exchange with remote party: +与远程方的ECDH密钥交换: -``` +```python from ecdsa import ECDH, NIST256p ecdh = ECDH(curve=NIST256p) diff --git "a/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa_demo.py" "b/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa_demo.py" new file mode 100644 index 0000000000000000000000000000000000000000..69e87fb76504ecd78d0e0076f53b8cf42c5c425c --- /dev/null +++ "b/\345\274\200\345\217\221\346\211\213\345\206\214/python\347\233\270\345\205\263\345\272\223\347\232\204\346\211\213\345\206\214/ecdsa_demo.py" @@ -0,0 +1,16 @@ +from ecdsa import SigningKey, NIST384p, NIST192p +from ecdsa.util import randrange_from_seed__trytryagain +import os + +def make_key(seed): + secexp = randrange_from_seed__trytryagain(seed, NIST384p.order) + return SigningKey.from_secret_exponent(secexp, curve=NIST384p) + +seed = os.urandom(NIST384p.baselen) +sk1a = make_key(seed) +sk1b = make_key(seed) + +print(sk1a.to_string().hex()) +print(sk1b.to_string().hex()) + +print(seed.hex()) \ No newline at end of file diff --git "a/\346\240\221\350\216\223\346\264\276\344\270\255\350\275\254\350\204\232\346\234\254/index.py" "b/\346\240\221\350\216\223\346\264\276\344\270\255\350\275\254\350\204\232\346\234\254/index.py" index 37705ad7bb8c05bd9be77fc8692b7d94de8efc98..eeb4c77d76b2129a2fad26dcdedda48752a25a91 100644 --- "a/\346\240\221\350\216\223\346\264\276\344\270\255\350\275\254\350\204\232\346\234\254/index.py" +++ "b/\346\240\221\350\216\223\346\264\276\344\270\255\350\275\254\350\204\232\346\234\254/index.py" @@ -5,7 +5,8 @@ import asyncio from threading import Thread # HOST = '192.168.238.131' -HOST = '10.70.107.212' # Office 桌面 +HOST = '192.168.1.106' +# HOST = '10.70.107.212' # Office 桌面 # HOST = '192.168.31.240' # IoT 树莓派的地址 PORT = 1883