api consistency

examples/half_handshake.py

@@ -18,7 +18,7 @@
 
 def do_the_shake(alice, bob):
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    bob_shake = bob.generate_secret(alice.pubkey)
+    bob_shake = bob.generate_handshake(alice.pubkey)
 
     # read and verify handshakes
     alice.receive_and_verify(bob_shake)

examples/poor_pake.py

@@ -14,13 +14,13 @@
 
 
 def do_the_shake(alice, bob):
-    alice_shake = alice.send_handshake()
-    bob_shake = bob.send_handshake()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # exchange handshakes (hsubs) over any insecure channel
-    if not alice.receive_handshake(bob_shake):
+    if not alice.receive_and_verify(bob_shake):
         raise KeyError
-    if not bob.receive_handshake(alice_shake):
+    if not bob.receive_and_verify(alice_shake):
         raise KeyError
 
     # a common key was derived from the password

examples/simple_handshake.py

@@ -18,8 +18,8 @@ def do_the_shake(alice, bob):
     alice.load_public(bob.pubkey)
 
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

examples/simple_mitm.py

@@ -18,8 +18,8 @@ def do_the_shake(alice, bob):
     alice.load_public(bob.pubkey)
 
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

examples/static_handshake.py

@@ -19,8 +19,8 @@
 
 def do_the_shake(alice, bob):
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

examples/static_mitm.py

@@ -19,8 +19,8 @@
 
 def do_the_shake(alice, bob):
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

examples/tofu_handshake.py

@@ -31,8 +31,8 @@ def do_the_shake(alice, bob):
         print("Alice now trusts Bob")
 
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

examples/tofu_mitm.py

@@ -32,8 +32,8 @@ def do_the_shake(alice, bob):
         print("Alice now trusts Bob")
 
     # exchange handshakes (encrypted with pubkey) over any insecure channel
-    alice_shake = alice.generate_secret()
-    bob_shake = bob.generate_secret()
+    alice_shake = alice.generate_handshake()
+    bob_shake = bob.generate_handshake()
 
     # read and verify handshakes
     bob.receive_and_verify(alice_shake)

poorman_handshake/asymmetric/__init__.py

@@ -41,7 +41,7 @@ def import_key(key_blob):
         pubkey, _ = pgpy.PGPKey.from_blob(key_blob)
         return pubkey
 
-    def generate_secret(self, pub=None):
+    def generate_handshake(self, pub=None):
         pub = pub or self.target_key
         # read pubkey from client
         pubkey = self.import_key(pub)
@@ -59,34 +59,34 @@ def generate_secret(self, pub=None):
     def load_public(self, pub):
         self.target_key = pub
 
-    def receive_handshake(self, encrypted_message):
-        message_from_blob = pgpy.PGPMessage.from_blob(encrypted_message)
+    def receive_handshake(self, shake):
+        message_from_blob = pgpy.PGPMessage.from_blob(shake)
         decrypted = self.private_key.decrypt(message_from_blob)
         # XOR
         self.secret = bytes(a ^ b for (a, b) in
                             zip(self.secret, decrypted.message))
 
-    def verify(self, encrypted_message, pub):
-        message = pgpy.PGPMessage.from_blob(encrypted_message)
+    def verify(self, shake, pub):
+        message = pgpy.PGPMessage.from_blob(shake)
         pubkey = self.import_key(pub)
         return pubkey.verify(message)
 
-    def receive_and_verify(self, encrypted_message, pub=None):
+    def receive_and_verify(self, shake, pub=None):
         pub = pub or self.target_key
-        verified = self.verify(encrypted_message, pub)
+        verified = self.verify(shake, pub)
         if verified:
-            self.receive_handshake(encrypted_message)
+            self.receive_handshake(shake)
 
 
 class HalfHandShake(HandShake):
 
-    def generate_secret(self, pub=None):
-        enc = super().generate_secret(pub)
+    def generate_handshake(self, pub=None):
+        enc = super().generate_handshake(pub)
         self.secret = bytes(self.secret)
         return enc
 
-    def receive_handshake(self, encrypted_message):
-        message_from_blob = pgpy.PGPMessage.from_blob(encrypted_message)
+    def receive_handshake(self, shake):
+        message_from_blob = pgpy.PGPMessage.from_blob(shake)
         decrypted = self.private_key.decrypt(message_from_blob)
         # XOR
         self.secret = bytes(decrypted.message)

poorman_handshake/symmetric/__init__.py

@@ -8,14 +8,22 @@ def __init__(self, password):
         self.iv = None
         self.salt = None
 
-    def send_handshake(self):
+    def generate_handshake(self):
         self.iv = generate_iv()
         return create_hsub(self.password, self.iv)
 
-    def receive_handshake(self, password):
-        if match_hsub(password, self.password):
-            self.salt = bytes(a ^ b for (a, b) in
-                              zip(self.iv, iv_from_hsub(password)))
+    def receive_handshake(self, shake):
+        self.salt = bytes(a ^ b for (a, b) in
+                          zip(self.iv, iv_from_hsub(shake)))
+
+    def receive_and_verify(self, shake):
+        if self.verify(shake):
+            self.receive_handshake(shake)
+            return True
+        return False
+
+    def verify(self, shake):
+        if match_hsub(shake, self.password):
             return True
         return False
 

readme.md

@@ -7,6 +7,7 @@ securely exchange symmetric encryption keys over insecure channels
 Basic usage below, check [examples](./examples) folder for more advanced usage
 
 A session key can be exchanged if there is a pre shared password
+
 ```python
 from poorman_handshake import PasswordHandShake
 from secrets import compare_digest
@@ -15,8 +16,8 @@ password = "Super Secret Pass Phrase"
 bob = PasswordHandShake(password)
 alice = PasswordHandShake(password)
 
-alice_shake = alice.send_handshake()
-bob_shake = bob.send_handshake()
+alice_shake = alice.generate_handshake()
+bob_shake = bob.generate_handshake()
 
 # exchange handshakes (hsubs) over any insecure channel
 if not alice.receive_handshake(bob_shake):
@@ -42,8 +43,8 @@ bob.load_public(alice.pubkey)
 alice.load_public(bob.pubkey)
 
 # exchange handshakes (encrypted with pubkey) over any insecure channel
-alice_shake = alice.generate_secret()
-bob_shake = bob.generate_secret()
+alice_shake = alice.generate_handshake()
+bob_shake = bob.generate_handshake()
 
 # read and verify handshakes
 bob.receive_and_verify(alice_shake)