The PSSST Python API

The two parties in communication using PSSST are represented by instances of the PSSSTClient and PSSSTServer classes. Outgoing packets from the client are packed using the client’s pack_request method and unpacked at the server using the unpack_request method. As well as returning the packed or unpacked packts, each of these return a reply handler that can be called to pack and unpack the reply packet. Note that in order to ensure that more than one set of data is ever encrypted with the same key and nonce each reply handler will raise a PSSSTHandlerReused error if it is called more than once.

The PSSSTClient class

class PSSSTClient(server_public_key, client_private_key=None, cipher_suite=<CipherSuite.X25519_AESGCM128: 1>)

PSSST client interface

Parameters:

• server_public_key – Public key of the target server
• client_private_key – Private key for client authentication, defaults to None
• cipher_suite – cipher suite for which to generate asymmetric key pair

Raises:

PSSSTUnsupportedCipher – requested cipher suite is not supported.

pack_request(data)

Pack an outbound request

Parameters:data (bytes) – message bytes to be encrypted Returns:tuple of encrypted packet and reply handler

The PSSSTServer class

class PSSSTServer(server_private_key, cipher_suite=<CipherSuite.X25519_AESGCM128: 1>)

PSSST server interface

Parameters:

• server_private_key – Private key for the server
• cipher_suite – cipher suite for which to generate asymmetric key pair

Raises:

PSSSTUnsupportedCipher – requested cipher suite is not supported.

unpack_request(packet)

Unpack an incoming request

Parameters:

packet (bytes) – Incoming packet to unpack

Raises:

• PSSSTUnsupportedCipher – cipher suite indicated in packet is not supported.
• PSSSTNotRequest – packet is not a request packet.
• PSSSTDecryptFailed – payload did not decrypt to valid and authentic data
• PSSSTClientAuthFailed – client auth was present but did not match request

Returns:

tuple of unpacked data, authenticated client public key and reply handler

Utility functions

generate_key_pair(cipher_suite=<CipherSuite.X25519_AESGCM128: 1>)

A utility function to generate a suitable key pair for the given cipher suite

Parameters:cipher_suite – cipher suite for which to generate asymmetric key pair Raises:PSSSTUnsupportedCipher – requested cipher suite is not supported. Returns:(private_key, public_key) tuple

Constants

class CipherSuite

Identifiers for known cipher suites

X25519_AESGCM128 = 1

Exceptions

class PSSSTException

General PSSST exception

class PSSSTUnsupportedCipher

Cipher suite not supported

class PSSSTClientAuthFailed

Client authentation failed

class PSSSTReplyMismatch

Reply packed does not match request

class PSSSTNotReply

Packet is not a reply

class PSSSTNotRequest

Packet is not a request

class PSSSTDecryptFailed

Authenticated decryption failed

class PSSSTHandlerReused

Reply handlers can not be reused