def sign(self, data): if self.replay.can_replay("k"): k = self.replay.data["k"] else: k = random.SystemRandom().randint(2, self.my_private_key.q - 1) r, s = self.my_private_key.sign(_OT.bytes_to_string(data), k) ra = _OT.zero_pad(_OT.int_to_bytes(r), self.my_q_len) sa = _OT.zero_pad(_OT.int_to_bytes(s), self.my_q_len) return ra + sa
def encrypt_data_message(self, msg): #global memo # encrypt the message counter = _OT.zero_pad(_OT.int_to_bytes(self.ctr), 8) enc_msg = OtrCrypt.aes_ctr_crypt(self.send_aes_key, msg, self.ctr) memo.enc_msg = enc_msg flags = [0x00] #memo.flags = flags # generate T = (my_keyid, their_keyid, next_dh, ctr, AES-CTR_ek,ctr(msg)) T = [0,2,3, flags[0]] # protocol version and msg code # my_keyid sender_keyid = _OT.zero_pad(_OT.int_to_bytes(self.my_sess_keyid), 4) #memo.sender_keyid = sender_keyid T.extend( sender_keyid ) # their_keyid recipient_keyid = _OT.zero_pad(_OT.int_to_bytes(self.their_sess_keyid), 4) #memo.recipient_keyid = recipient_keyid T.extend( recipient_keyid ) # next_dh next_dh = _OT.int_to_mpi(self.next_dh) #memo.next_dh = next_dh T.extend( next_dh ) # ctr #memo.counter = counter T.extend( counter ) # enc_msg T.extend( _OT.bytes_to_data(enc_msg) ) #memo.T = T # compute MAC_mk(T) authenticator = OtrCrypt.get_sha1_hmac(self.send_mac_key, T) #memo.authenticator = authenticator #memo.old_mac_keys = self.old_mac_keys #memo.send_mac_key = self.send_mac_key #memo.recv_mac_key = self.recv_mac_key #memo.send_aes_key = self.send_aes_key #memo.recv_aes_key = self.recv_aes_key #memo.secbytes = self.secbytes #memo.sender_factor = self.my_public_factor_to_mpi(self.my_sess_keyid) #print "SENDER" #for x in sorted(self.my_public_factors.keys()): # print (x, self.my_public_factor_to_mpi(x)) #r = raw_input() #memo.recipient_factor = self.their_public_factor_to_mpi(self.their_sess_keyid) return (flags, sender_keyid, recipient_keyid, next_dh, counter, _OT.bytes_to_data(enc_msg), authenticator, _OT.bytes_to_data(self.old_mac_keys))
def store_their_public_factor(self, their_public_factor): self.their_public_factor_temp = their_public_factor self.their_cur_keyid = None # RCHANGE if self.authing and self.my_cur_keyid==1: our_secret_key = pow(their_public_factor, self.my_private_keys[1], self.dh_mod) self.replay.check('s', _OT.int_to_bytes(our_secret_key))
def receive_data_message(self, msg): #global memo self.my_sess_keyid = _OT.bytes_to_int(msg.recipient_keyid) self.their_sess_keyid = _OT.bytes_to_int(msg.sender_keyid) logging.debug( "KEYIDS %d %d " % (self.my_sess_keyid, self.their_sess_keyid)) if len(msg.next_dh) > 4: logging.debug( "GOT NEXT DH" ) logging.debug( msg.next_dh ) self.associate_their_keyid(self.their_sess_keyid+1, _OT.mpi_to_int(msg.next_dh)) self.update_next_counter(self.my_sess_keyid, self.their_sess_keyid, _OT.bytes_to_int(msg.counter)) logging.debug( (msg.counter, _OT.int_to_bytes(self.ctr)) ) self.compute_c_and_m_factors(self.my_sess_keyid, self.their_sess_keyid) self.compute_ek_and_mk_factors(self.my_sess_keyid, self.their_sess_keyid) #assert memo.sender_keyid == msg.sender_keyid #assert memo.recipient_keyid == msg.recipient_keyid #assert memo.next_dh == msg.next_dh #assert memo.counter == msg.counter #assert memo.enc_msg == _OT.data_to_bytes(msg.enc_msg) T = [0,2,3, msg.flags[0]] # protocol version and type code # my_keyid T.extend( msg.sender_keyid ) # their_keyid T.extend( msg.recipient_keyid ) # next_dh T.extend( msg.next_dh ) # ctr T.extend( msg.counter ) # enc_msg logging.debug(("ENC DATA: ", msg.enc_msg)) T.extend( msg.enc_msg ) #assert memo.T == T #print memo.sender_factor #print "RECVER" #for x in sorted(self.their_public_factors.keys()): # print (x, self.their_public_factor_to_mpi(x)) #r = raw_input() #assert memo.sender_factor == self.their_public_factor_to_mpi(self.their_sess_keyid) #assert memo.recipient_factor == self.my_public_factor_to_mpi(self.my_sess_keyid) #assert memo.secbytes == self.secbytes # compute MAC_mk(T) auth_check = OtrCrypt.get_sha1_hmac(self.recv_mac_key, T) if auth_check != msg.authenticator: logging.debug( ("got: ", auth_check) ) logging.debug( ("exp: ", msg.authenticator) ) #print self.recv_mac_key, self.send_mac_key #print memo.send_mac_key raise Exception("mac fail") return OtrCrypt.aes_ctr_crypt(self.recv_aes_key, _OT.data_to_bytes(msg.enc_msg), msg.counter)
def compute_their_M_factor(self, usePrimes=False): my_dh_keyid = self.dh_keys.get_my_cur_keyid() their_dh_keyid = self.dh_keys.get_their_cur_keyid() if usePrimes: m1PrimeKey = self.dh_keys.m1prime else: m1PrimeKey = self.dh_keys.m1 # Compute the 32-byte value MA to be the SHA256-HMAC of the following data, using the key m1': mbytes = [] # gy (MPI) mbytes.extend( self.dh_keys.their_public_factor_to_mpi(their_dh_keyid) ) # gx (MPI) mbytes.extend( self.dh_keys.my_public_factor_to_mpi(my_dh_keyid) ) # pubA (PUBKEY) mbytes.extend( OtrDSA.format_key(self.dsa_keys.their_public_key) ) # keyidA (INT) keyid = _OT.zero_pad(_OT.int_to_bytes(their_dh_keyid), 4) mbytes.extend( keyid ) self.their_M = OtrCrypt.get_sha256_hmac(m1PrimeKey, mbytes)
def compute_my_M_and_X_values(self, usePrimes=False): my_dh_keyid = self.dh_keys.get_my_cur_keyid() if usePrimes: cKey = self.dh_keys.cprime m1Key = self.dh_keys.m1prime else: cKey = self.dh_keys.c m1Key = self.dh_keys.m1 # Compute the 32-byte value MB to be the SHA256-HMAC of the following data, using the key m1: mbytes = [] # gx (MPI) mbytes.extend( self.dh_keys.my_public_factor_to_mpi(my_dh_keyid) ) # gy (MPI) mbytes.extend( self.dh_keys.their_public_factor_to_mpi() ) # pubB (PUBKEY) mbytes.extend( OtrDSA.format_key(self.dsa_keys.my_public_key) ) # keyidB (INT) keyid = _OT.zero_pad(_OT.int_to_bytes(my_dh_keyid), 4) mbytes.extend( keyid ) self.replay.check('M', mbytes) my_M = OtrCrypt.get_sha256_hmac(m1Key, mbytes) self.replay.check('hash_M', my_M) # Let XB be the following structure: xbytes = [] # pubB (PUBKEY) xbytes.extend( OtrDSA.format_key(self.dsa_keys.my_public_key) ) # keyidB (INT) xbytes.extend( keyid ) # sigB(MB) (SIG) # This is the signature, using the private part of the key pubB, of the 32-byte MB # (which does not need to be hashed again to produce the signature). xbytes.extend( self.dsa_keys.sign( my_M ) ) my_X = xbytes self.replay.check('X', my_X) # Encrypt XB using AES128-CTR with key c and initial counter value 0. self.my_enc_sig = OtrCrypt.aes_zero_ctr_crypt(cKey, my_X) self.replay.check('enc_X', self.my_enc_sig)
def make_new_key(self, add_as_seen=False): # RCHANGE if self.my_cur_keyid==0 and self.replay.can_replay('private_dh_key'): x = _OT.int_to_bytes(self.replay.data['private_dh_key']) else: #r = raw_input("random x") x = _OT.make_random_bytes(320/8) # Byte range? new_keyid = self.my_cur_keyid + 1 logging.debug( "making new key %d" % new_keyid) x_int = _OT.bytes_to_int(x) new_factor = pow(self.dh_g, x_int, self.dh_mod) self.my_private_keys[new_keyid] = x_int self.my_public_factors[new_keyid] = new_factor self.my_key_has_been_used[new_keyid] = False self.my_cur_keyid = new_keyid if add_as_seen: self.my_most_recently_seen.append(new_keyid) #r=raw_input() # RCHANGE if self.authing and self.my_cur_keyid==1: self.replay.check('public_dh_factor', self.my_public_factors[1])
def calc_q_len(key): return len(_OT.int_to_bytes(key.q))
def __call__(self): c = _OT.int_to_bytes(self.count) self.count += 1 return _OT.bytes_to_string(_OT.zero_pad(c, 16))
def __init__(self, start = 0): if type(start) == type(0): # initialize it w/ an int self.count = _OT.bytes_to_int(_OT.int_to_bytes(start)+[0]*8) else: # or initialize it with the top half of the ctr array self.count = _OT.bytes_to_int(start+[0]*8)