Ejemplo n.º 1
0
 def test_shared_2(self):
     for _ in range(1024):
         pri1 = curve25519.genkey()
         pri2 = curve25519.genkey()
         pub1 = curve25519.public(pri1)
         pub2 = curve25519.public(pri2)
         shared1 = curve25519.shared(pri1, pub2)
         shared2 = curve25519.shared(pri2, pub1)
         self.assertEqual(shared1, shared2)
Ejemplo n.º 2
0
 def test_shared_2(self):
     for _ in range(1024):
         pri1 = curve25519.genkey()
         pri2 = curve25519.genkey()
         pub1 = curve25519.public(pri1)
         pub2 = curve25519.public(pri2)
         shared1 = curve25519.shared(pri1, pub2)
         shared2 = curve25519.shared(pri2, pub1)
         self.assertEqual(shared1, shared2)
Ejemplo n.º 3
0
def generate_new_seed():
    # deserialize master ECDH public key embedded in program
    master_pub = curve25519.public(unhexlify(MASTER_PUB_HEX))
    # generate a random (yes, actually random) ECDH private key
    ephem = curve25519.genkey()
    # derive the corresponding public key for later embedding
    ephem_pub = curve25519.public(ephem)
    # combine the ECDH keys to generate the seed
    seed = curve25519.shared(ephem, master_pub)

    return seed, ephem_pub
Ejemplo n.º 4
0
def _write_operation_start(algorithm, operation):
    """Writes a fresh Operation Start message to tmp/operation_start.bin.

  Generates an ECDHE key specified by <algorithm> and writes an Operation
  Start message for executing <operation> on the device.

  Args:
    algorithm: Integer specifying the curve to use for the session key.
        1: P256, 2: X25519
    operation: Specifies the operation. 1: Certify, 2: Issue, 3: Issue Encrypted

  Raises:
    ValueError: algorithm or operation is is invalid.
  """

    global _session_params

    if algorithm > 2 or algorithm < 1:
        raise ValueError('Invalid algorithm value.')

    if operation > 3 or operation < 1:
        raise ValueError('Invalid operation value.')

    # Generate new key for each provisioning session
    if algorithm == _ALGORITHMS['x25519']:
        private_key = curve25519.genkey()
        # Make 33 bytes to match P256
        public_key = curve25519.public(private_key) + '\0'
    elif algorithm == _ALGORITHMS['p256']:
        [private_key, public_key] = ec_helper.generate_p256_key()

    _session_params = _ATAPSessionParameters(algorithm, operation, private_key,
                                             public_key)

    # "Operation Start" Header
    # +2 for algo and operation bytes
    header = (_MESSAGE_VERSION, 0, 0, 0, _ECDH_KEY_LEN + 2)
    operation_start = bytearray(struct.pack('<4B I', *header))

    # "Operation Start" Message
    op_start = (algorithm, operation, public_key)
    operation_start.extend(struct.pack('<2B 33s', *op_start))

    with open('tmp/operation_start.bin', 'wb') as f:
        f.write(operation_start)
Ejemplo n.º 5
0
 def __generate_key(self):
     self.client_private_key = curve25519.genkey()
     self.client_public_key = curve25519.public(self.client_private_key)
Ejemplo n.º 6
0
    return (curve25519.shared(master,ephem_pub), ephem_pub)

if __name__ == "__main__":
    # passphrase and filename as arguments
    if len(sys.argv) == 3:
        # Load an x.509 certificate from a file
        x509 = X509.load_cert(sys.argv[2])
        # Pull the modulus out of the certificate
        orig_modulus = unhexlify(x509.get_pubkey().get_modulus())
        (seed, ephem_pub) = recover_seed(key=sys.argv[1], modulus=orig_modulus, pos=80)
    # no arguments, just generate a private key
    else:
        # deserialize master ECDH public key embedded in program
        master_pub = curve25519.public(unhexlify(MASTER_PUB_HEX))
        # generate a random (yes, actually random) ECDH private key
        ephem = curve25519.genkey()
        # derive the corresponding public key for later embedding
        ephem_pub = curve25519.public(ephem)
        # combine the ECDH keys to generate the seed
        seed = curve25519.shared(ephem,master_pub)

    prng = AESPRNG(seed)
    ephem_pub = bytes(ephem_pub)

    # deterministic key generation from seed
    rsa = build_key(embed=ephem_pub, pos=80, randfunc=prng.randbytes)

    if 'orig_modulus' in locals():
        if long(hexlify(orig_modulus), 16) != long(rsa.n):
            raise Exception("key recovery failed")
Ejemplo n.º 7
0
 def test_genkey(self):
     for _ in range(1024):
         private = bytearray(curve25519.genkey())
         self.assertEqual(private[0] & (~248), 0)  # &= 248 (xxxxx000)
         self.assertEqual(private[31] & (~127), 0)  # &= 127 (0xxxxxxx)
         self.assertNotEqual(private[31] & 64, 0)  # |=  64 (x1xxxxxx)
Ejemplo n.º 8
0
 def test_genkey(self):
     for _ in range(1024):
         private = bytearray(curve25519.genkey())
         self.assertEqual(private[ 0] & (~248), 0)   # &= 248 (xxxxx000)
         self.assertEqual(private[31] & (~127), 0)   # &= 127 (0xxxxxxx)
         self.assertNotEqual(private[31] & 64 , 0)   # |=  64 (x1xxxxxx)