def sign(self, message):
k = random.SystemRandom().randrange(self.q)
r = pow(self.g, k, self.p)
h = HashWrapper()
h.add(message)
h.add(int2bin(r))
e = h.digest()
s = (k - self.x * bin2int(e)) % self.q
signature = (e, int2bin(s))
return signature
def sign(self, message): k = random.SystemRandom().randrange(self.q) r = pow(self.g, k, self.p) h = HashWrapper() h.add(message) h.add(int2bin(r)) e = h.digest() s = (k - self.x * bin2int(e)) % self.q signature = (e, int2bin(s)) return signature
def splitAdd(user, password, name, value):
splits = getSplits(user, password)
k = int(splits[0])
n = (len(splits) - 1)/2
assert int(n) == n
assert k <= n
splitter = ShamirSplit()
shares = splitter.share(value, k, n)
for s in range(n):
global host, port
host = splits[2*s + 1]
port = splits[2*s + 2]
print "Sending split", s, "to", host + ":" + port
add(user, password, 1, name, concat([int2bin(s + 1), int2bin(shares[s])]))
def splitAdd(user, password, name, value):
splits = getSplits(user, password)
k = int(splits[0])
n = (len(splits) - 1) / 2
assert int(n) == n
assert k <= n
splitter = ShamirSplit()
shares = splitter.share(value, k, n)
for s in range(n):
global host, port
host = splits[2 * s + 1]
port = splits[2 * s + 2]
print "Sending split", s, "to", host + ":" + port
add(user, password, 1, name,
concat([int2bin(s + 1), int2bin(shares[s])]))
def verify(self, message, s, e): r = (pow(self.g, s, self.p) * pow(self.publicKey, e, self.p)) % self.p h = HashWrapper() h.add(message) h.add(int2bin(r)) e1 = h.digest() return bin2int(e1) == e
def test_vectors(self):
tests = [
# Test vectors from
# http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt
[ "password", "salt", 1, 20,
"0c60c80f961f0e71f3a9b524af6012062fe037a6" ],
[ "password", "salt", 2, 20,
"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957" ],
[ "password", "salt", 4096, 20,
"4b007901b765489abead49d926f721d065a429c1" ],
# Skip very slow test vector for now
#[ "password", "salt", 16777216, 20,
# "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984" ],
# Test vectors from RFC 3962
[ "password", "ATHENA.MIT.EDUraeburn", 1, 16,
"cdedb5281bb2f801565a1122b2563515" ],
[ "password", "ATHENA.MIT.EDUraeburn", 2, 16,
"01dbee7f4a9e243e988b62c73cda935d" ],
[ "password", "ATHENA.MIT.EDUraeburn", 1200, 16,
"5c08eb61fdf71e4e4ec3cf6ba1f5512b" ],
[ "password", int2bin(int("1234567878563412", 16)), 5, 16,
"d1daa78615f287e6a1c8b120d7062a49" ],
[ "X" * 64, "pass phrase equals block size", 1200, 16,
"139c30c0966bc32ba55fdbf212530ac9" ],
[ "X" * 65, "pass phrase exceeds block size", 1200, 16,
"9ccad6d468770cd51b10e6a68721be61" ],
[ int2bin(int("f09d849e", 16)), "EXAMPLE.COMpianist", 50, 16,
"6b9cf26d45455a43a5b8bb276a403b39", ],
# Test vectors from
# http://www.cryptosys.net/manapi/api_PBE_Kdf2.html
[ "password", int2bin(int("78578e5a5d63cb06", 16)), 2048, 24,
"bfde6be94df7e11dd409bce20a0255ec327cb936ffe93643" ],
[ "password", int2bin(int("78578e5a5d63cb06", 16)), 2048, 64,
"bfde6be94df7e11dd409bce20a0255ec327cb936ffe93643c4b150def77511224479994567f2e9b4e3bd0df7aeda3022b1f26051d81505c794f8940c04df1144" ],
]
fails = 0
for test in tests:
pbkdf2 = hexdump(PBKDF2(test[0], test[1], test[2], test[3]))
if pbkdf2 != test[4]:
print "PBKDF2(%s, %s, %d, %d) = %s (expecting %s)" % (test[0], test[1],
test[2], test[3],
pbkdf2, test[4])
fails = fails + 1
self.assertEqual(fails, 0)
def getValueList(self, type, name):
params = self.authParams()
params["name"] = self.keys.permute(concat([int2bin(type), name]))
conn = self.connect()
conn.request("GET", "/list-resource?" + urllib.urlencode(params))
response = conn.getresponse()
if response.status != 200:
# FIXME: define a ProtocolError, perhaps?
raise LookupError("HTTP error: %d %s" % (response.status, response.reason))
res = response.read()
return json.loads(res)
def baseGetList(user, password, type, name, use_des = 0):
params = makeAuthParams(user, password)
keys = KeyDeriver(user, servername(), password, use_des)
params['name'] = keys.permute(concat([int2bin(type), name]))
conn = connect()
conn.request("GET", "/list-resource?" + urllib.urlencode(params))
response = conn.getresponse()
if response.status != 200:
# FIXME: define a ProtocolError, perhaps?
raise LookupError("HTTP error: %d %s" % (response.status, response.reason))
res = response.read()
return json.loads(res)
def F(p, s, c, i):
mac = hmac.new(p, digestmod = hashlib.sha1)
m2 = mac.copy()
m2.update(s + pad_int2bin(i, 4))
prev = m2.digest()
u = bin2int(prev)
for i in range(c - 1):
m2 = mac.copy()
m2.update(prev)
prev = m2.digest()
u = u ^ bin2int(prev)
return int2bin(u)
def F(p, s, c, i):
mac = hmac.new(p, digestmod=hashlib.sha1)
m2 = mac.copy()
m2.update(s + pad_int2bin(i, 4))
prev = m2.digest()
u = bin2int(prev)
for i in range(c - 1):
m2 = mac.copy()
m2.update(prev)
prev = m2.digest()
u = u ^ bin2int(prev)
return int2bin(u)
def getValueList(self, type, name):
params = self.authParams()
params['name'] = self.keys.permute(concat([int2bin(type), name]))
conn = self.connect()
conn.request("GET", "/list-resource?" + urllib.urlencode(params))
response = conn.getresponse()
if response.status != 200:
# FIXME: define a ProtocolError, perhaps?
raise LookupError("HTTP error: %d %s" %
(response.status, response.reason))
res = response.read()
return json.loads(res)
def add(user, password, type, name, value, use_des = 0):
params = makeAuthParams(user, password)
keys = KeyDeriver(user, servername(), password, use_des)
params['name'] = keys.permute(concat([int2bin(type), name]))
params['value'] = b64enc(keys.encrypt(value))
params = urllib.urlencode(params)
headers = {"Content-Type": "application/x-www-form-urlencoded",
"Accept": "text/plain" }
conn = connect()
conn.request("POST", "/add-resource", params, headers)
response = conn.getresponse()
print response.status, response.reason
print response.read()
def baseGetList(user, password, type, name, use_des=0):
params = makeAuthParams(user, password)
keys = KeyDeriver(user, servername(), password, use_des)
params['name'] = keys.permute(concat([int2bin(type), name]))
conn = connect()
conn.request("GET", "/list-resource?" + urllib.urlencode(params))
response = conn.getresponse()
if response.status != 200:
# FIXME: define a ProtocolError, perhaps?
raise LookupError("HTTP error: %d %s" %
(response.status, response.reason))
res = response.read()
return json.loads(res)
def add(user, password, type, name, value, use_des=0):
params = makeAuthParams(user, password)
keys = KeyDeriver(user, servername(), password, use_des)
params['name'] = keys.permute(concat([int2bin(type), name]))
params['value'] = b64enc(keys.encrypt(value))
params = urllib.urlencode(params)
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Accept": "text/plain"
}
conn = connect()
conn.request("POST", "/add-resource", params, headers)
response = conn.getresponse()
print response.status, response.reason
print response.read()
def test_vectors(self):
tests = [
# Test vectors from
# http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt
[
"password", "salt", 1, 20,
"0c60c80f961f0e71f3a9b524af6012062fe037a6"
],
[
"password", "salt", 2, 20,
"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
],
[
"password", "salt", 4096, 20,
"4b007901b765489abead49d926f721d065a429c1"
],
# Skip very slow test vector for now
#[ "password", "salt", 16777216, 20,
# "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984" ],
# Test vectors from RFC 3962
[
"password", "ATHENA.MIT.EDUraeburn", 1, 16,
"cdedb5281bb2f801565a1122b2563515"
],
[
"password", "ATHENA.MIT.EDUraeburn", 2, 16,
"01dbee7f4a9e243e988b62c73cda935d"
],
[
"password", "ATHENA.MIT.EDUraeburn", 1200, 16,
"5c08eb61fdf71e4e4ec3cf6ba1f5512b"
],
[
"password",
int2bin(int("1234567878563412", 16)), 5, 16,
"d1daa78615f287e6a1c8b120d7062a49"
],
[
"X" * 64, "pass phrase equals block size", 1200, 16,
"139c30c0966bc32ba55fdbf212530ac9"
],
[
"X" * 65, "pass phrase exceeds block size", 1200, 16,
"9ccad6d468770cd51b10e6a68721be61"
],
[
int2bin(int("f09d849e", 16)),
"EXAMPLE.COMpianist",
50,
16,
"6b9cf26d45455a43a5b8bb276a403b39",
],
# Test vectors from
# http://www.cryptosys.net/manapi/api_PBE_Kdf2.html
[
"password",
int2bin(int("78578e5a5d63cb06", 16)), 2048, 24,
"bfde6be94df7e11dd409bce20a0255ec327cb936ffe93643"
],
[
"password",
int2bin(int("78578e5a5d63cb06", 16)), 2048, 64,
"bfde6be94df7e11dd409bce20a0255ec327cb936ffe93643c4b150def77511224479994567f2e9b4e3bd0df7aeda3022b1f26051d81505c794f8940c04df1144"
],
]
fails = 0
for test in tests:
pbkdf2 = hexdump(PBKDF2(test[0], test[1], test[2], test[3]))
if pbkdf2 != test[4]:
print "PBKDF2(%s, %s, %d, %d) = %s (expecting %s)" % (
test[0], test[1], test[2], test[3], pbkdf2, test[4])
fails = fails + 1
self.assertEqual(fails, 0)
def public(self): return int2bin(pow(self.g, self.x, self.p))
def public(self):
return int2bin(pow(self.g, self.x, self.p))