def check_equal_logs(self, logs, v): (r, c, d) = logs temp1 = pow(self.g1, d, DH_MODULUS) * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.qab, d, DH_MODULUS) * pow(r, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def check_equal_coords(self, coords, v): (p, q, c, d1, d2) = coords temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.g1, d1, DH_MODULUS) * pow(self.g2, d2, DH_MODULUS) * pow(q, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def check_equal_logs(self, logs, v): (r, c, d) = logs temp1 = pow(self.g1, d, DH_MODULUS) \ * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.qab, d, DH_MODULUS) \ * pow(r, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def proof_equal_logs(self, v): r = bytes_to_long(RNG.read(192)) temp1 = pow(self.g1, r, DH1536_MODULUS) temp2 = pow(self.qab, r, DH1536_MODULUS) cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = self.x3 * c % SM_ORDER d = (r - temp1) % SM_ORDER return c, d
def proof_equal_logs(self, v): r = random.randrange(2, DH_MAX) temp1 = pow(self.g1, r, DH_MODULUS) temp2 = pow(self.qab, r, DH_MODULUS) cb = HASH(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = self.x3 * c % SM_ORDER d = (r - temp1) % SM_ORDER return c, d
def proof_equal_logs(self, v): r = randrange(2, DH_MAX) temp1 = pow(self.g1, r, DH_MODULUS) temp2 = pow(self.qab, r, DH_MODULUS) cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = self.x3 * c % SM_ORDER d = (r - temp1) % SM_ORDER return c, d
def calculatePubkeyAuth(self, key, mackey): pubkey = self.privkey.serializePublicKey() buf = pack_mpi(self.dh.pub) buf += pack_mpi(self.gy) buf += pubkey buf += struct.pack(b'!I', self.ourKeyid) MB = self.privkey.sign(SHA256HMAC(mackey, buf)) buf = pubkey buf += struct.pack(b'!I', self.ourKeyid) buf += MB return AESCTR(key).encrypt(buf)
def check_equal_coords(self, coords, v): (p, q, c, d1, d2) = coords temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) \ % DH_MODULUS temp2 = pow(self.g1, d1, DH_MODULUS) \ * pow(self.g2, d2, DH_MODULUS) \ * pow(q, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def calculatePubkeyAuth(self, key, mackey): pubkey = self.privkey.serializePublicKey() # Changer cette méthode pour notre clé buf = pack_mpi(self.dh.pub) buf += pack_mpi(self.gy) buf += pubkey buf += struct.pack(b'!I', self.ourKeyid) MBsigned = self.privkey.sign(SHA256HMAC(mackey, buf)) buf = pubkey buf += struct.pack(b'!I', self.ourKeyid) buf += MBsigned return AESCTR(key).encrypt(buf)
def proof_equal_coords(self, r, v): r1 = random.randrange(2, DH_MAX) r2 = random.randrange(2, DH_MAX) temp2 = pow(self.g1, r1, DH_MODULUS) * pow(self.g2, r2, DH_MODULUS) % DH_MODULUS temp1 = pow(self.g3, r1, DH_MODULUS) cb = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = r * c % SM_ORDER d1 = (r1 - temp1) % SM_ORDER temp1 = self.secret * c % SM_ORDER d2 = (r2 - temp1) % SM_ORDER return c, d1, d2
def calculatePubkeyAuth(self, key, mackey): pubkey = self.privkey.serializePublicKey() # Clé d'authentification # Création de MAC(g^x, g^y, pubKey, IdPubKey) buf = pack_mpi(self.dh.pub) buf += pack_mpi(self.gy) buf += pubkey buf += struct.pack(b'!I', self.ourKeyid) MB = self.privkey.sign(SHA256HMAC(mackey, buf)) # Création de Xb puis chiffrement xb = pubkey xb += struct.pack(b'!I', self.ourKeyid) xb += MB return AESCTR(key).encrypt(buf)
def checkPubkeyAuth(self, key, mackey, encsig): auth = AESCTR(key).decrypt(encsig) self.theirPubkey, auth = PK.parsePublicKey(auth) receivedKeyid, auth = proto.unpack(b'!I', auth) if receivedKeyid == 0: raise InvalidParameterError authbuf = pack_mpi(self.gy) authbuf += pack_mpi(self.dh.pub) authbuf += self.theirPubkey.serializePublicKey() authbuf += struct.pack(b'!I', receivedKeyid) if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False: raise InvalidParameterError self.theirKeyid = receivedKeyid
def proof_equal_coords(self, r, v): r1 = randrange(2, DH_MAX) r2 = randrange(2, DH_MAX) temp2 = pow(self.g1, r1, DH_MODULUS) \ * pow(self.g2, r2, DH_MODULUS) % DH_MODULUS temp1 = pow(self.g3, r1, DH_MODULUS) cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = r * c % SM_ORDER d1 = (r1-temp1) % SM_ORDER temp1 = self.secret * c % SM_ORDER d2 = (r2 - temp1) % SM_ORDER return c, d1, d2
def proof_equal_coords(self, r, v): r1 = bytes_to_long(RNG.read(192)) r2 = bytes_to_long(RNG.read(192)) temp2 = pow(self.g1, r1, DH1536_MODULUS) \ * pow(self.g2, r2, DH1536_MODULUS) % DH1536_MODULUS temp1 = pow(self.g3, r1, DH1536_MODULUS) cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) c = bytes_to_long(cb) temp1 = r * c % SM_ORDER d1 = (r1-temp1) % SM_ORDER temp1 = self.secret * c % SM_ORDER d2 = (r2 - temp1) % SM_ORDER return c, d1, d2
def checkPubkeyAuth(self, key, mackey, encsig): auth = AESCTR(key).decrypt(encsig) self.theirPubkey, auth = PK.parsePublicKey(auth) # Création d'une clé publique à partir de sa version serialisée (auth contient le reste des données) receivedKeyid, auth = proto.unpack(b'!I', auth) if receivedKeyid == 0: raise InvalidParameterError authbuf = pack_mpi(self.gy) authbuf += pack_mpi(self.dh.pub) authbuf += self.theirPubkey.serializePublicKey() authbuf += struct.pack(b'!I', receivedKeyid) if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False: raise InvalidParameterError self.theirKeyid = receivedKeyid
def calculatePubkeyAuth(self, key, mackey): pubkey = self.privkey.serializePublicKey() buf = pack_mpi(self.dh.pub) buf += pack_mpi(self.gy) buf += pubkey buf += struct.pack(b'!I', self.ourKeyid) MBsigned = self.privkey.sign(SHA256HMAC(mackey, buf)) logging.debug("Signature : {}".format( ':'.join(x.encode('hex') for x in MBsigned) )) buf = pubkey buf += struct.pack(b'!I', self.ourKeyid) buf += MBsigned logging.debug("Données envoyées : {}".format( ':'.join(x.encode('hex') for x in buf) )) return AESCTR(key).encrypt(buf)
def createAuthKeys(self): s = pow(self.gy, self.dh.priv, DH1536_MODULUS) sbyte = pack_mpi(s) self.sessionId = SHA256(b'\0' + sbyte)[:8] enc = SHA256(b'\1' + sbyte) self.enc_c, self.enc_cp = enc[:16], enc[16:] self.mac_m1 = SHA256(b'\2' + sbyte) self.mac_m2 = SHA256(b'\3' + sbyte) self.mac_m1p = SHA256(b'\4' + sbyte) self.mac_m2p = SHA256(b'\5' + sbyte)
def getSerializedPublicPayload(self): # Clé ECDSA if self.keyType == 0x01: return pack_data(self.getPublicPayload()) else: buf = b'' for x in self.getPublicPayload(): buf += pack_mpi(x) return buf
def startAKE(self): self.r = long_to_bytes(getrandbits(128), 16) gxmpi = pack_mpi(self.dh.pub) self.hashgx = SHA256(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY return proto.DHCommit(self.encgx, self.hashgx)
def startAKE(self): self.r = RNG.read(16) gxmpi = pack_mpi(self.dh.pub) self.hashgx = SHA256(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY return proto.DHCommit(self.encgx, self.hashgx)
def createAuthKeys(self): s = pow(self.gy, self.dh.priv, DH_MODULUS) sbyte = pack_mpi(s) self.sessionId = SHA256(b'\x00' + sbyte)[:8] enc = SHA256(b'\x01' + sbyte) self.enc_c = enc[:16] self.enc_cp = enc[16:] self.mac_m1 = SHA256(b'\x02' + sbyte) self.mac_m2 = SHA256(b'\x03' + sbyte) self.mac_m1p = SHA256(b'\x04' + sbyte) self.mac_m2p = SHA256(b'\x05' + sbyte) self.extraKey = SHA256(b'\xff' + sbyte)
def createAuthKeys(self): s = self.dh.get_shared_secret(self.gy) sbyte = pack_mpi(s) self.sessionId = HASH(b'\x00' + sbyte)[:8] enc = HASH(b'\x01' + sbyte) self.enc_c = enc[:16] self.enc_cp = enc[16:] self.mac_m1 = HASH(b'\x02' + sbyte) self.mac_m2 = HASH(b'\x03' + sbyte) self.mac_m1p = HASH(b'\x04' + sbyte) self.mac_m2p = HASH(b'\x05' + sbyte) self.extraKey = HASH(b'\xff' + sbyte)
def startAKE(self): # Nombre aléatoire r self.r = long_to_bytes(random.getrandbits(128), 16) gxmpi = pack_mpi(self.dh.pub) self.hashgx = SHA256(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY # Retourne AESr(g^x), SHA256(g^x) return proto.DHCommit(self.encgx, self.hashgx)
def checkPubkeyAuth(self, key, mackey, encsig): auth = AESCTR(key).decrypt(encsig) logging.debug("Données reçues : {}".format( ':'.join(x.encode('hex') for x in auth) )) self.theirPubkey, auth = PK.parsePublicKey(auth) logging.debug("Clé parsée {}".format( ':'.join(x.encode('hex') for x in self.theirPubkey.serializePublicKey()) )) receivedKeyid, auth = proto.unpack(b'!I', auth) if receivedKeyid == 0: raise InvalidParameterError logging.debug("Signature reçue {}".format( ':'.join(x.encode('hex') for x in auth) )) authbuf = pack_mpi(self.gy) authbuf += pack_mpi(self.dh.pub) authbuf += self.theirPubkey.serializePublicKey() authbuf += struct.pack(b'!I', receivedKeyid) if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False: raise InvalidParameterError self.theirKeyid = receivedKeyid
def create(cls, dh, y): s = pow(y, dh.priv, DH_MODULUS) sb = pack_mpi(s) if dh.pub > y: sendbyte = b'\1' rcvbyte = b'\2' else: sendbyte = b'\2' rcvbyte = b'\1' sendenc = SHA1(sendbyte + sb)[:16] sendmac = SHA1(sendenc) rcvenc = SHA1(rcvbyte + sb)[:16] rcvmac = SHA1(rcvenc) return cls(sendenc, sendmac, rcvenc, rcvmac)
def create(cls, dh, y): s = dh.get_shared_secret(y) sb = pack_mpi(s) if dh.pub[0] > y[0]: sendbyte = b'\1' rcvbyte = b'\2' else: sendbyte = b'\2' rcvbyte = b'\1' sendenc = HASH(sendbyte + sb)[:16] sendmac = HASH(sendenc) rcvenc = HASH(rcvbyte + sb)[:16] rcvmac = HASH(rcvenc) return cls(sendenc, sendmac, rcvenc, rcvmac)
def proof_known_log(g, x, v): r = randrange(2, DH_MAX) c = bytes_to_long(SHA256(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH_MODULUS)))) temp = x * c % SM_ORDER return c, (r-temp) % SM_ORDER
def check_known_log(c, d, g, x, v): gd = pow(g, d, DH_MODULUS) xc = pow(x, c, DH_MODULUS) gdxc = gd * xc % DH_MODULUS return SHA256(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
def check_known_log(c, d, g, x, v): gd = pow(g, d, DH_MODULUS) xc = pow(x, c, DH_MODULUS) gdxc = gd * xc % DH_MODULUS return HASH(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
def serialize_pubKey(cls, pubKey): return pack_mpi(pubKey[0])+pack_mpi(pubKey[1])
def proof_known_log(g, x, v): r = bytes_to_long(RNG.read(192)) c = bytes_to_long(SHA256(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH1536_MODULUS)))) temp = x * c % SM_ORDER return c, (r-temp) % SM_ORDER
def getPayload(self): d = struct.pack(b'!I', len(self.mpis)) for n in self.mpis: d += pack_mpi(n) return d
def getSerializedPrivatePayload(self): buf = b'' for x in self.getPrivatePayload(): buf += pack_mpi(x) return buf
def proof_known_log(g, x, v): r = random.randrange(2, DH_MAX) c = bytes_to_long(HASH(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH_MODULUS)))) temp = x * c % SM_ORDER return c, (r-temp) % SM_ORDER
def getPayload(self): d = struct.pack(b"!I", len(self.mpis)) for n in self.mpis: d += pack_mpi(n) return d
def get_serialized_privKey(self): return pack_mpi(self.priv)